[ { "cve": "CVE-2026-41265", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the Airtable_Agents class. The issue res...", "detail_json": "/data/advisories/ZDI-26-307/advisory.json", "detail_path": "advisories/ZDI-26-307", "id": "ZDI-26-307", "kind": "published", "published_date": "2026-05-01", "status": "published", "title": "FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability", "updated_date": "2026-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-307/", "vendor": "Flowise", "vendor_url": null, "zdi_can": "ZDI-CAN-29412", "zdi_id": "ZDI-26-307" }, { "cve": "CVE-2026-35230", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-306/advisory.json", "detail_path": "advisories/ZDI-26-306", "id": "ZDI-26-306", "kind": "published", "published_date": "2026-04-28", "status": "published", "title": "Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2026-04-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-306/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-28806", "zdi_id": "ZDI-26-306" }, { "cve": null, "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the sandbox on affected installations of OpenAI Codex. User interaction is required to exploit this vulnerability in that the target must use Codex to process a repository containing malicious JavaScript. T...", "detail_json": "/data/advisories/ZDI-26-305/advisory.json", "detail_path": "advisories/ZDI-26-305", "id": "ZDI-26-305", "kind": "published", "published_date": "2026-04-28", "status": "published", "title": "(0Day) OpenAI Codex Sandbox Escape Vulnerability", "updated_date": "2026-04-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-305/", "vendor": "OpenAI", "vendor_url": null, "zdi_can": "ZDI-CAN-29475", "zdi_id": "ZDI-26-305" }, { "cve": "CVE-2026-5943", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-304/advisory.json", "detail_path": "advisories/ZDI-26-304", "id": "ZDI-26-304", "kind": "published", "published_date": "2026-04-27", "status": "published", "title": "Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-304/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-29495", "zdi_id": "ZDI-26-304" }, { "cve": "CVE-2026-5942", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-26-303/advisory.json", "detail_path": "advisories/ZDI-26-303", "id": "ZDI-26-303", "kind": "published", "published_date": "2026-04-27", "status": "published", "title": "Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability", "updated_date": "2026-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-303/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-29494", "zdi_id": "ZDI-26-303" }, { "cve": "CVE-2026-5941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-302/advisory.json", "detail_path": "advisories/ZDI-26-302", "id": "ZDI-26-302", "kind": "published", "published_date": "2026-04-27", "status": "published", "title": "Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-302/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-29492", "zdi_id": "ZDI-26-302" }, { "cve": "CVE-2026-5940", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-301/advisory.json", "detail_path": "advisories/ZDI-26-301", "id": "ZDI-26-301", "kind": "published", "published_date": "2026-04-27", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-301/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-29491", "zdi_id": "ZDI-26-301" }, { "cve": "CVE-2026-41276", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. The i...", "detail_json": "/data/advisories/ZDI-26-300/advisory.json", "detail_path": "advisories/ZDI-26-300", "id": "ZDI-26-300", "kind": "published", "published_date": "2026-04-27", "status": "published", "title": "Flowise AccountService resetPassword Authentication Bypass Vulnerability", "updated_date": "2026-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-300/", "vendor": "Flowise", "vendor_url": null, "zdi_can": "ZDI-CAN-28762", "zdi_id": "ZDI-26-300" }, { "cve": "CVE-2026-6406", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-299/advisory.json", "detail_path": "advisories/ZDI-26-299", "id": "ZDI-26-299", "kind": "published", "published_date": "2026-04-23", "status": "published", "title": "Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2026-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28822", "zdi_id": "ZDI-26-299" }, { "cve": "CVE-2026-24032", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd authentication handler. The issue resul...", "detail_json": "/data/advisories/ZDI-26-298/advisory.json", "detail_path": "advisories/ZDI-26-298", "id": "ZDI-26-298", "kind": "published", "published_date": "2026-04-23", "status": "published", "title": "Siemens SINEC NMS Authentication Bypass Vulnerability", "updated_date": "2026-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-298/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-27564", "zdi_id": "ZDI-26-298" }, { "cve": "CVE-2026-25654", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by defau...", "detail_json": "/data/advisories/ZDI-26-297/advisory.json", "detail_path": "advisories/ZDI-26-297", "id": "ZDI-26-297", "kind": "published", "published_date": "2026-04-23", "status": "published", "title": "Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability", "updated_date": "2026-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-297/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-28759", "zdi_id": "ZDI-26-297" }, { "cve": "CVE-2026-5726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-26-296/advisory.json", "detail_path": "advisories/ZDI-26-296", "id": "ZDI-26-296", "kind": "published", "published_date": "2026-04-23", "status": "published", "title": "Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-296/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-28692", "zdi_id": "ZDI-26-296" }, { "cve": null, "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getXml method. The issue results from the la...", "detail_json": "/data/advisories/ZDI-26-295/advisory.json", "detail_path": "advisories/ZDI-26-295", "id": "ZDI-26-295", "kind": "published", "published_date": "2026-04-21", "status": "published", "title": "(0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-295/", "vendor": "PublicCMS", "vendor_url": null, "zdi_can": "ZDI-CAN-23734", "zdi_id": "ZDI-26-295" }, { "cve": null, "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must view a folder containing malicious conten...", "detail_json": "/data/advisories/ZDI-26-294/advisory.json", "detail_path": "advisories/ZDI-26-294", "id": "ZDI-26-294", "kind": "published", "published_date": "2026-04-21", "status": "published", "title": "(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-294/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28157", "zdi_id": "ZDI-26-294" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-26-293/advisory.json", "detail_path": "advisories/ZDI-26-293", "id": "ZDI-26-293", "kind": "published", "published_date": "2026-04-21", "status": "published", "title": "(0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-293/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28651", "zdi_id": "ZDI-26-293" }, { "cve": "CVE-2026-22898", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QVRPro Plugin. The issue result...", "detail_json": "/data/advisories/ZDI-26-292/advisory.json", "detail_path": "advisories/ZDI-26-292", "id": "ZDI-26-292", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-292/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28327", "zdi_id": "ZDI-26-292" }, { "cve": "CVE-2026-32861", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-291/advisory.json", "detail_path": "advisories/ZDI-26-291", "id": "ZDI-26-291", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-291/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-28516", "zdi_id": "ZDI-26-291" }, { "cve": "CVE-2026-32860", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-290/advisory.json", "detail_path": "advisories/ZDI-26-290", "id": "ZDI-26-290", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-290/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-28463", "zdi_id": "ZDI-26-290" }, { "cve": "CVE-2025-71066", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-26-289/advisory.json", "detail_path": "advisories/ZDI-26-289", "id": "ZDI-26-289", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-289/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-28490", "zdi_id": "ZDI-26-289" }, { "cve": "CVE-2026-5492", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 4568 by d...", "detail_json": "/data/advisories/ZDI-26-288/advisory.json", "detail_path": "advisories/ZDI-26-288", "id": "ZDI-26-288", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "DriveLock Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-288/", "vendor": "DriveLock", "vendor_url": null, "zdi_can": "ZDI-CAN-28713", "zdi_id": "ZDI-26-288" }, { "cve": "CVE-2026-5491", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 6067...", "detail_json": "/data/advisories/ZDI-26-287/advisory.json", "detail_path": "advisories/ZDI-26-287", "id": "ZDI-26-287", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "DriveLock Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-287/", "vendor": "DriveLock", "vendor_url": null, "zdi_can": "ZDI-CAN-28722", "zdi_id": "ZDI-26-287" }, { "cve": "CVE-2026-5490", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 4568 by default. The...", "detail_json": "/data/advisories/ZDI-26-286/advisory.json", "detail_path": "advisories/ZDI-26-286", "id": "ZDI-26-286", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "DriveLock SQL Injection Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-286/", "vendor": "DriveLock", "vendor_url": null, "zdi_can": "ZDI-CAN-28726", "zdi_id": "ZDI-26-286" }, { "cve": "CVE-2026-5489", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 4568...", "detail_json": "/data/advisories/ZDI-26-285/advisory.json", "detail_path": "advisories/ZDI-26-285", "id": "ZDI-26-285", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "DriveLock Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-285/", "vendor": "DriveLock", "vendor_url": null, "zdi_can": "ZDI-CAN-28719", "zdi_id": "ZDI-26-285" }, { "cve": "CVE-2026-5487", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 4568...", "detail_json": "/data/advisories/ZDI-26-284/advisory.json", "detail_path": "advisories/ZDI-26-284", "id": "ZDI-26-284", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "DriveLock Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-284/", "vendor": "DriveLock", "vendor_url": null, "zdi_can": "ZDI-CAN-28746", "zdi_id": "ZDI-26-284" }, { "cve": "CVE-2026-5056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-283/advisory.json", "detail_path": "advisories/ZDI-26-283", "id": "ZDI-26-283", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-283/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-29392", "zdi_id": "ZDI-26-283" }, { "cve": "CVE-2026-2050", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-282/advisory.json", "detail_path": "advisories/ZDI-26-282", "id": "ZDI-26-282", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-282/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28266", "zdi_id": "ZDI-26-282" }, { "cve": "CVE-2026-34054", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on applications built using the Microsoft vcpkg port of OpenSSL. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-26-281/advisory.json", "detail_path": "advisories/ZDI-26-281", "id": "ZDI-26-281", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-281/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-29616", "zdi_id": "ZDI-26-281" }, { "cve": "CVE-2026-4682", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP DeskJet 2855e printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests....", "detail_json": "/data/advisories/ZDI-26-280/advisory.json", "detail_path": "advisories/ZDI-26-280", "id": "ZDI-26-280", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "(Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-280/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-28366", "zdi_id": "ZDI-26-280" }, { "cve": "CVE-2026-32183", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-26-279/advisory.json", "detail_path": "advisories/ZDI-26-279", "id": "ZDI-26-279", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-279/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28793", "zdi_id": "ZDI-26-279" }, { "cve": "CVE-2026-33104", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-278/advisory.json", "detail_path": "advisories/ZDI-26-278", "id": "ZDI-26-278", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-278/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28267", "zdi_id": "ZDI-26-278" }, { "cve": "CVE-2026-32073", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-277/advisory.json", "detail_path": "advisories/ZDI-26-277", "id": "ZDI-26-277", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-277/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28540", "zdi_id": "ZDI-26-277" }, { "cve": "CVE-2026-26179", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-26-276/advisory.json", "detail_path": "advisories/ZDI-26-276", "id": "ZDI-26-276", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-276/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28189", "zdi_id": "ZDI-26-276" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to exploit this vulnerability. The specific flaw exists within the _mount_nfs_uri function. The issue re...", "detail_json": "/data/advisories/ZDI-26-275/advisory.json", "detail_path": "advisories/ZDI-26-275", "id": "ZDI-26-275", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-275/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27212", "zdi_id": "ZDI-26-275" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-26-274/advisory.json", "detail_path": "advisories/ZDI-26-274", "id": "ZDI-26-274", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-274/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27211", "zdi_id": "ZDI-26-274" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-26-273/advisory.json", "detail_path": "advisories/ZDI-26-273", "id": "ZDI-26-273", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-273/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28054", "zdi_id": "ZDI-26-273" }, { "cve": "CVE-2026-5057", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RpcProvider class. The issue results...", "detail_json": "/data/advisories/ZDI-26-272/advisory.json", "detail_path": "advisories/ZDI-26-272", "id": "ZDI-26-272", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-272/", "vendor": "ATEN", "vendor_url": null, "zdi_can": "ZDI-CAN-29041", "zdi_id": "ZDI-26-272" }, { "cve": "CVE-2026-5424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-26-271/advisory.json", "detail_path": "advisories/ZDI-26-271", "id": "ZDI-26-271", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-271/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-29388", "zdi_id": "ZDI-26-271" }, { "cve": "CVE-2025-54987", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-26-270/advisory.json", "detail_path": "advisories/ZDI-26-270", "id": "ZDI-26-270", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-270/", "vendor": "TrendAI", "vendor_url": null, "zdi_can": "ZDI-CAN-27976", "zdi_id": "ZDI-26-270" }, { "cve": "CVE-2025-54948", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-26-269/advisory.json", "detail_path": "advisories/ZDI-26-269", "id": "ZDI-26-269", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-269/", "vendor": "TrendAI", "vendor_url": null, "zdi_can": "ZDI-CAN-27975", "zdi_id": "ZDI-26-269" }, { "cve": "CVE-2026-25203", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-268/advisory.json", "detail_path": "advisories/ZDI-26-268", "id": "ZDI-26-268", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-268/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28705", "zdi_id": "ZDI-26-268" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-267/advisory.json", "detail_path": "advisories/ZDI-26-267", "id": "ZDI-26-267", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-267/", "vendor": "Malwarebytes", "vendor_url": null, "zdi_can": "ZDI-CAN-22936", "zdi_id": "ZDI-26-267" }, { "cve": "CVE-2026-40688", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results fro...", "detail_json": "/data/advisories/ZDI-26-266/advisory.json", "detail_path": "advisories/ZDI-26-266", "id": "ZDI-26-266", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-266/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-28661", "zdi_id": "ZDI-26-266" }, { "cve": "CVE-2026-39811", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. Crafted...", "detail_json": "/data/advisories/ZDI-26-265/advisory.json", "detail_path": "advisories/ZDI-26-265", "id": "ZDI-26-265", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-265/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-28660", "zdi_id": "ZDI-26-265" }, { "cve": "CVE-2026-27305", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fetchCFSettingFile method. The issue...", "detail_json": "/data/advisories/ZDI-26-264/advisory.json", "detail_path": "advisories/ZDI-26-264", "id": "ZDI-26-264", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-264/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-29550", "zdi_id": "ZDI-26-264" }, { "cve": "CVE-2026-27282", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the subscribeToEndpoints method. The issue results...", "detail_json": "/data/advisories/ZDI-26-263/advisory.json", "detail_path": "advisories/ZDI-26-263", "id": "ZDI-26-263", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-263/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-30200", "zdi_id": "ZDI-26-263" }, { "cve": "CVE-2026-34619", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Adobe ColdFusion. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-26-262/advisory.json", "detail_path": "advisories/ZDI-26-262", "id": "ZDI-26-262", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2026-04-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-262/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-29549", "zdi_id": "ZDI-26-262" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit t...", "detail_json": "/data/advisories/ZDI-26-261/advisory.json", "detail_path": "advisories/ZDI-26-261", "id": "ZDI-26-261", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "(0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-261/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-27431", "zdi_id": "ZDI-26-261" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit t...", "detail_json": "/data/advisories/ZDI-26-260/advisory.json", "detail_path": "advisories/ZDI-26-260", "id": "ZDI-26-260", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-260/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-27571", "zdi_id": "ZDI-26-260" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to escape the container and execute low-privileged code within the Docker Hyper-V VM in order t...", "detail_json": "/data/advisories/ZDI-26-259/advisory.json", "detail_path": "advisories/ZDI-26-259", "id": "ZDI-26-259", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "(0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-259/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-27430", "zdi_id": "ZDI-26-259" }, { "cve": null, "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-26-258/advisory.json", "detail_path": "advisories/ZDI-26-258", "id": "ZDI-26-258", "kind": "published", "published_date": "2026-04-15", "status": "published", "title": "(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-258/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-27229", "zdi_id": "ZDI-26-258" }, { "cve": "CVE-2026-5495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-26-257/advisory.json", "detail_path": "advisories/ZDI-26-257", "id": "ZDI-26-257", "kind": "published", "published_date": "2026-04-06", "status": "published", "title": "(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-257/", "vendor": "Labcenter Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25720", "zdi_id": "ZDI-26-257" }, { "cve": "CVE-2026-5494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-26-256/advisory.json", "detail_path": "advisories/ZDI-26-256", "id": "ZDI-26-256", "kind": "published", "published_date": "2026-04-06", "status": "published", "title": "(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-256/", "vendor": "Labcenter Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25719", "zdi_id": "ZDI-26-256" }, { "cve": "CVE-2026-5493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-26-255/advisory.json", "detail_path": "advisories/ZDI-26-255", "id": "ZDI-26-255", "kind": "published", "published_date": "2026-04-06", "status": "published", "title": "(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-255/", "vendor": "Labcenter Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25718", "zdi_id": "ZDI-26-255" }, { "cve": "CVE-2026-5496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-26-254/advisory.json", "detail_path": "advisories/ZDI-26-254", "id": "ZDI-26-254", "kind": "published", "published_date": "2026-04-06", "status": "published", "title": "(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-254/", "vendor": "Labcenter Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25717", "zdi_id": "ZDI-26-254" }, { "cve": "CVE-2026-21518", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-26-253/advisory.json", "detail_path": "advisories/ZDI-26-253", "id": "ZDI-26-253", "kind": "published", "published_date": "2026-04-02", "status": "published", "title": "Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-04-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-253/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-29184", "zdi_id": "ZDI-26-253" }, { "cve": "CVE-2026-4698", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-26-252/advisory.json", "detail_path": "advisories/ZDI-26-252", "id": "ZDI-26-252", "kind": "published", "published_date": "2026-04-02", "status": "published", "title": "Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": "2026-04-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-252/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-29301", "zdi_id": "ZDI-26-252" }, { "cve": "CVE-2026-3775", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-251/advisory.json", "detail_path": "advisories/ZDI-26-251", "id": "ZDI-26-251", "kind": "published", "published_date": "2026-04-02", "status": "published", "title": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-04-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-251/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28595", "zdi_id": "ZDI-26-251" }, { "cve": "CVE-2026-23092", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-26-250/advisory.json", "detail_path": "advisories/ZDI-26-250", "id": "ZDI-26-250", "kind": "published", "published_date": "2026-03-31", "status": "published", "title": "Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": "2026-03-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-250/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-28893", "zdi_id": "ZDI-26-250" }, { "cve": "CVE-2026-5055", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-26-249/advisory.json", "detail_path": "advisories/ZDI-26-249", "id": "ZDI-26-249", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-249/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-28494", "zdi_id": "ZDI-26-249" }, { "cve": "CVE-2026-5054", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-26-248/advisory.json", "detail_path": "advisories/ZDI-26-248", "id": "ZDI-26-248", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "NoMachine External Control of File Path Local Privilege Escalation Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-248/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-28630", "zdi_id": "ZDI-26-248" }, { "cve": "CVE-2026-5053", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-247/advisory.json", "detail_path": "advisories/ZDI-26-247", "id": "ZDI-26-247", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "NoMachine External Control of File Path Arbitrary File Deletion Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-247/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-28644", "zdi_id": "ZDI-26-247" }, { "cve": "CVE-2026-5058", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issu...", "detail_json": "/data/advisories/ZDI-26-246/advisory.json", "detail_path": "advisories/ZDI-26-246", "id": "ZDI-26-246", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-246/", "vendor": "aws-mcp-server", "vendor_url": null, "zdi_can": "ZDI-CAN-27968", "zdi_id": "ZDI-26-246" }, { "cve": "CVE-2026-5059", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issu...", "detail_json": "/data/advisories/ZDI-26-245/advisory.json", "detail_path": "advisories/ZDI-26-245", "id": "ZDI-26-245", "kind": "published", "published_date": "2026-04-21", "status": "published", "title": "(0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-245/", "vendor": "aws-mcp-server", "vendor_url": null, "zdi_can": "ZDI-CAN-27969", "zdi_id": "ZDI-26-245" }, { "cve": "CVE-2024-13088", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miro_webserver_controllers_api...", "detail_json": "/data/advisories/ZDI-26-244/advisory.json", "detail_path": "advisories/ZDI-26-244", "id": "ZDI-26-244", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-244/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25846", "zdi_id": "ZDI-26-244" }, { "cve": "CVE-2025-62842", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-26-243/advisory.json", "detail_path": "advisories/ZDI-26-243", "id": "ZDI-26-243", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-243/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28428", "zdi_id": "ZDI-26-243" }, { "cve": "CVE-2025-62840", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-26-242/advisory.json", "detail_path": "advisories/ZDI-26-242", "id": "ZDI-26-242", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-242/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28426", "zdi_id": "ZDI-26-242" }, { "cve": "CVE-2025-62846", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fl...", "detail_json": "/data/advisories/ZDI-26-241/advisory.json", "detail_path": "advisories/ZDI-26-241", "id": "ZDI-26-241", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-241/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28424", "zdi_id": "ZDI-26-241" }, { "cve": "CVE-2025-62845", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-26-240/advisory.json", "detail_path": "advisories/ZDI-26-240", "id": "ZDI-26-240", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-240/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28423", "zdi_id": "ZDI-26-240" }, { "cve": "CVE-2025-62844", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the qurouter_token parameter...", "detail_json": "/data/advisories/ZDI-26-239/advisory.json", "detail_path": "advisories/ZDI-26-239", "id": "ZDI-26-239", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-239/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28422", "zdi_id": "ZDI-26-239" }, { "cve": "CVE-2023-6270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-238/advisory.json", "detail_path": "advisories/ZDI-26-238", "id": "ZDI-26-238", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-238/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22236", "zdi_id": "ZDI-26-238" }, { "cve": "CVE-2025-62843", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rul...", "detail_json": "/data/advisories/ZDI-26-237/advisory.json", "detail_path": "advisories/ZDI-26-237", "id": "ZDI-26-237", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-237/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28371", "zdi_id": "ZDI-26-237" }, { "cve": "CVE-2026-0954", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-236/advisory.json", "detail_path": "advisories/ZDI-26-236", "id": "ZDI-26-236", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-236/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-28152", "zdi_id": "ZDI-26-236" }, { "cve": "CVE-2026-0957", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-235/advisory.json", "detail_path": "advisories/ZDI-26-235", "id": "ZDI-26-235", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-235/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-28446", "zdi_id": "ZDI-26-235" }, { "cve": "CVE-2026-0956", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-234/advisory.json", "detail_path": "advisories/ZDI-26-234", "id": "ZDI-26-234", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-234/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-28445", "zdi_id": "ZDI-26-234" }, { "cve": "CVE-2026-0955", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-233/advisory.json", "detail_path": "advisories/ZDI-26-233", "id": "ZDI-26-233", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-233/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-28444", "zdi_id": "ZDI-26-233" }, { "cve": "CVE-2025-40277", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-232/advisory.json", "detail_path": "advisories/ZDI-26-232", "id": "ZDI-26-232", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "(Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-232/", "vendor": "Red Hat", "vendor_url": null, "zdi_can": "ZDI-CAN-27173", "zdi_id": "ZDI-26-232" }, { "cve": "CVE-2026-20695", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-26-231/advisory.json", "detail_path": "advisories/ZDI-26-231", "id": "ZDI-26-231", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-231/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28499", "zdi_id": "ZDI-26-231" }, { "cve": "CVE-2026-20690", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-26-230/advisory.json", "detail_path": "advisories/ZDI-26-230", "id": "ZDI-26-230", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-230/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28894", "zdi_id": "ZDI-26-230" }, { "cve": "CVE-2026-3691", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-26-229/advisory.json", "detail_path": "advisories/ZDI-26-229", "id": "ZDI-26-229", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "OpenClaw Client PKCE Verifier Information Disclosure Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-229/", "vendor": "OpenClaw", "vendor_url": null, "zdi_can": "ZDI-CAN-29381", "zdi_id": "ZDI-26-229" }, { "cve": "CVE-2026-3690", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for...", "detail_json": "/data/advisories/ZDI-26-228/advisory.json", "detail_path": "advisories/ZDI-26-228", "id": "ZDI-26-228", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "OpenClaw Canvas Authentication Bypass Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-228/", "vendor": "OpenClaw", "vendor_url": null, "zdi_can": "ZDI-CAN-29311", "zdi_id": "ZDI-26-228" }, { "cve": "CVE-2026-3689", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path parameters provided to the c...", "detail_json": "/data/advisories/ZDI-26-227/advisory.json", "detail_path": "advisories/ZDI-26-227", "id": "ZDI-26-227", "kind": "published", "published_date": "2026-03-30", "status": "published", "title": "OpenClaw Canvas Path Traversal Information Disclosure Vulnerability", "updated_date": "2026-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-227/", "vendor": "OpenClaw", "vendor_url": null, "zdi_can": "ZDI-CAN-29312", "zdi_id": "ZDI-26-227" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the azure-cli-mcp component. The issue results fro...", "detail_json": "/data/advisories/ZDI-26-226/advisory.json", "detail_path": "advisories/ZDI-26-226", "id": "ZDI-26-226", "kind": "published", "published_date": "2026-03-24", "status": "published", "title": "(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-04-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-226/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28042", "zdi_id": "ZDI-26-226" }, { "cve": "CVE-2025-58487", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Samsung Account application. An attacker can force...", "detail_json": "/data/advisories/ZDI-26-225/advisory.json", "detail_path": "advisories/ZDI-26-225", "id": "ZDI-26-225", "kind": "published", "published_date": "2026-03-23", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability", "updated_date": "2026-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-225/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28457", "zdi_id": "ZDI-26-225" }, { "cve": "CVE-2025-58486", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary script on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Samsung Account application. The issue re...", "detail_json": "/data/advisories/ZDI-26-224/advisory.json", "detail_path": "advisories/ZDI-26-224", "id": "ZDI-26-224", "kind": "published", "published_date": "2026-03-23", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2026-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-224/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28456", "zdi_id": "ZDI-26-224" }, { "cve": "CVE-2025-58488", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S25. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-26-223/advisory.json", "detail_path": "advisories/ZDI-26-223", "id": "ZDI-26-223", "kind": "published", "published_date": "2026-03-23", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability", "updated_date": "2026-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-223/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28331", "zdi_id": "ZDI-26-223" }, { "cve": "CVE-2025-14233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The...", "detail_json": "/data/advisories/ZDI-26-222/advisory.json", "detail_path": "advisories/ZDI-26-222", "id": "ZDI-26-222", "kind": "published", "published_date": "2026-03-23", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-222/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28369", "zdi_id": "ZDI-26-222" }, { "cve": "CVE-2026-4154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-221/advisory.json", "detail_path": "advisories/ZDI-26-221", "id": "ZDI-26-221", "kind": "published", "published_date": "2026-03-19", "status": "published", "title": "GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-221/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28901", "zdi_id": "ZDI-26-221" }, { "cve": "CVE-2026-4153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-220/advisory.json", "detail_path": "advisories/ZDI-26-220", "id": "ZDI-26-220", "kind": "published", "published_date": "2026-03-19", "status": "published", "title": "GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28874", "zdi_id": "ZDI-26-220" }, { "cve": "CVE-2026-4152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-219/advisory.json", "detail_path": "advisories/ZDI-26-219", "id": "ZDI-26-219", "kind": "published", "published_date": "2026-03-19", "status": "published", "title": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28863", "zdi_id": "ZDI-26-219" }, { "cve": "CVE-2026-4151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-218/advisory.json", "detail_path": "advisories/ZDI-26-218", "id": "ZDI-26-218", "kind": "published", "published_date": "2026-03-19", "status": "published", "title": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28813", "zdi_id": "ZDI-26-218" }, { "cve": "CVE-2026-4150", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-217/advisory.json", "detail_path": "advisories/ZDI-26-217", "id": "ZDI-26-217", "kind": "published", "published_date": "2026-03-19", "status": "published", "title": "GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28807", "zdi_id": "ZDI-26-217" }, { "cve": "CVE-2025-62847", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of of the domain_name p...", "detail_json": "/data/advisories/ZDI-26-216/advisory.json", "detail_path": "advisories/ZDI-26-216", "id": "ZDI-26-216", "kind": "published", "published_date": "2026-03-17", "status": "published", "title": "(Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability", "updated_date": "2026-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-216/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28353", "zdi_id": "ZDI-26-216" }, { "cve": "CVE-2026-4158", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-26-215/advisory.json", "detail_path": "advisories/ZDI-26-215", "id": "ZDI-26-215", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-215/", "vendor": "KeePassXC", "vendor_url": null, "zdi_can": "ZDI-CAN-29156", "zdi_id": "ZDI-26-215" }, { "cve": "CVE-2026-2049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-214/advisory.json", "detail_path": "advisories/ZDI-26-214", "id": "ZDI-26-214", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-214/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28618", "zdi_id": "ZDI-26-214" }, { "cve": "CVE-2026-2046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-213/advisory.json", "detail_path": "advisories/ZDI-26-213", "id": "ZDI-26-213", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-213/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28405", "zdi_id": "ZDI-26-213" }, { "cve": "CVE-2025-13957", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the postgres service...", "detail_json": "/data/advisories/ZDI-26-212/advisory.json", "detail_path": "advisories/ZDI-26-212", "id": "ZDI-26-212", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-212/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-28034", "zdi_id": "ZDI-26-212" }, { "cve": "CVE-2026-1361", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-26-211/advisory.json", "detail_path": "advisories/ZDI-26-211", "id": "ZDI-26-211", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-211/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-28685", "zdi_id": "ZDI-26-211" }, { "cve": "CVE-2025-21079", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass a security feature on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Samsung Members application. The issue r...", "detail_json": "/data/advisories/ZDI-26-210/advisory.json", "detail_path": "advisories/ZDI-26-210", "id": "ZDI-26-210", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-210/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28233", "zdi_id": "ZDI-26-210" }, { "cve": "CVE-2025-21079", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Samsung Members application. An attacker can force...", "detail_json": "/data/advisories/ZDI-26-209/advisory.json", "detail_path": "advisories/ZDI-26-209", "id": "ZDI-26-209", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-209/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-28455", "zdi_id": "ZDI-26-209" }, { "cve": "CVE-2025-14237", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of TrueTy...", "detail_json": "/data/advisories/ZDI-26-208/advisory.json", "detail_path": "advisories/ZDI-26-208", "id": "ZDI-26-208", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-208/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28363", "zdi_id": "ZDI-26-208" }, { "cve": "CVE-2025-14236", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dtdc_addr_importS...", "detail_json": "/data/advisories/ZDI-26-207/advisory.json", "detail_path": "advisories/ZDI-26-207", "id": "ZDI-26-207", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-207/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28373", "zdi_id": "ZDI-26-207" }, { "cve": "CVE-2025-14235", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within parsing of TrueType f...", "detail_json": "/data/advisories/ZDI-26-206/advisory.json", "detail_path": "advisories/ZDI-26-206", "id": "ZDI-26-206", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-206/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28349", "zdi_id": "ZDI-26-206" }, { "cve": "CVE-2025-14234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service, whi...", "detail_json": "/data/advisories/ZDI-26-205/advisory.json", "detail_path": "advisories/ZDI-26-205", "id": "ZDI-26-205", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-205/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28334", "zdi_id": "ZDI-26-205" }, { "cve": "CVE-2025-14232", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of XPS fi...", "detail_json": "/data/advisories/ZDI-26-204/advisory.json", "detail_path": "advisories/ZDI-26-204", "id": "ZDI-26-204", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-204/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28268", "zdi_id": "ZDI-26-204" }, { "cve": "CVE-2025-14231", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SOAP r...", "detail_json": "/data/advisories/ZDI-26-203/advisory.json", "detail_path": "advisories/ZDI-26-203", "id": "ZDI-26-203", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-203/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-28346", "zdi_id": "ZDI-26-203" }, { "cve": "CVE-2025-59389", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fl...", "detail_json": "/data/advisories/ZDI-26-202/advisory.json", "detail_path": "advisories/ZDI-26-202", "id": "ZDI-26-202", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-202/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28475", "zdi_id": "ZDI-26-202" }, { "cve": "CVE-2025-59388", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Bareos by the H...", "detail_json": "/data/advisories/ZDI-26-201/advisory.json", "detail_path": "advisories/ZDI-26-201", "id": "ZDI-26-201", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-201/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28358", "zdi_id": "ZDI-26-201" }, { "cve": "CVE-2025-62849", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-26-200/advisory.json", "detail_path": "advisories/ZDI-26-200", "id": "ZDI-26-200", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability", "updated_date": "2026-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-200/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28436", "zdi_id": "ZDI-26-200" }, { "cve": "CVE-2025-62848", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-26-199/advisory.json", "detail_path": "advisories/ZDI-26-199", "id": "ZDI-26-199", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-199/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28435", "zdi_id": "ZDI-26-199" }, { "cve": "CVE-2025-11837", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the malware_remover.cgi endpoint. T...", "detail_json": "/data/advisories/ZDI-26-198/advisory.json", "detail_path": "advisories/ZDI-26-198", "id": "ZDI-26-198", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-198/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28324", "zdi_id": "ZDI-26-198" }, { "cve": "CVE-2026-4157", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messa...", "detail_json": "/data/advisories/ZDI-26-197/advisory.json", "detail_path": "advisories/ZDI-26-197", "id": "ZDI-26-197", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-197/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-26338", "zdi_id": "ZDI-26-197" }, { "cve": "CVE-2026-4156", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP m...", "detail_json": "/data/advisories/ZDI-26-196/advisory.json", "detail_path": "advisories/ZDI-26-196", "id": "ZDI-26-196", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-196/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-26339", "zdi_id": "ZDI-26-196" }, { "cve": "CVE-2026-4155", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script....", "detail_json": "/data/advisories/ZDI-26-195/advisory.json", "detail_path": "advisories/ZDI-26-195", "id": "ZDI-26-195", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-195/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-26340", "zdi_id": "ZDI-26-195" }, { "cve": "CVE-2026-21527", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InterceptorSmtpAgent class. The issue re...", "detail_json": "/data/advisories/ZDI-26-194/advisory.json", "detail_path": "advisories/ZDI-26-194", "id": "ZDI-26-194", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28462", "zdi_id": "ZDI-26-194" }, { "cve": "CVE-2022-1972", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-26-193/advisory.json", "detail_path": "advisories/ZDI-26-193", "id": "ZDI-26-193", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-193/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17464", "zdi_id": "ZDI-26-193" }, { "cve": "CVE-2026-4149", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB resp...", "detail_json": "/data/advisories/ZDI-26-192/advisory.json", "detail_path": "advisories/ZDI-26-192", "id": "ZDI-26-192", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-192/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-28345", "zdi_id": "ZDI-26-192" }, { "cve": "CVE-2022-32250", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-191/advisory.json", "detail_path": "advisories/ZDI-26-191", "id": "ZDI-26-191", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-191/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17443", "zdi_id": "ZDI-26-191" }, { "cve": "CVE-2025-41238", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-190/advisory.json", "detail_path": "advisories/ZDI-26-190", "id": "ZDI-26-190", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-190/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-27175", "zdi_id": "ZDI-26-190" }, { "cve": "CVE-2025-41236", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-26-189/advisory.json", "detail_path": "advisories/ZDI-26-189", "id": "ZDI-26-189", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-189/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-27157", "zdi_id": "ZDI-26-189" }, { "cve": "CVE-2025-41237", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-26-188/advisory.json", "detail_path": "advisories/ZDI-26-188", "id": "ZDI-26-188", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-188/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-27176", "zdi_id": "ZDI-26-188" }, { "cve": "CVE-2022-45188", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the afp_getappl function. The issue r...", "detail_json": "/data/advisories/ZDI-26-187/advisory.json", "detail_path": "advisories/ZDI-26-187", "id": "ZDI-26-187", "kind": "published", "published_date": "2026-03-16", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-187/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19674", "zdi_id": "ZDI-26-187" }, { "cve": "CVE-2026-24018", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-26-186/advisory.json", "detail_path": "advisories/ZDI-26-186", "id": "ZDI-26-186", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-186/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27581", "zdi_id": "ZDI-26-186" }, { "cve": "CVE-2026-25181", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-26-185/advisory.json", "detail_path": "advisories/ZDI-26-185", "id": "ZDI-26-185", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28271", "zdi_id": "ZDI-26-185" }, { "cve": "CVE-2026-24289", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-184/advisory.json", "detail_path": "advisories/ZDI-26-184", "id": "ZDI-26-184", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28381", "zdi_id": "ZDI-26-184" }, { "cve": "CVE-2026-24285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-183/advisory.json", "detail_path": "advisories/ZDI-26-183", "id": "ZDI-26-183", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28498", "zdi_id": "ZDI-26-183" }, { "cve": "CVE-2026-24285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-182/advisory.json", "detail_path": "advisories/ZDI-26-182", "id": "ZDI-26-182", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28488", "zdi_id": "ZDI-26-182" }, { "cve": "CVE-2026-24285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-181/advisory.json", "detail_path": "advisories/ZDI-26-181", "id": "ZDI-26-181", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28487", "zdi_id": "ZDI-26-181" }, { "cve": "CVE-2026-23668", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-180/advisory.json", "detail_path": "advisories/ZDI-26-180", "id": "ZDI-26-180", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28247", "zdi_id": "ZDI-26-180" }, { "cve": "CVE-2026-23668", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-179/advisory.json", "detail_path": "advisories/ZDI-26-179", "id": "ZDI-26-179", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28557", "zdi_id": "ZDI-26-179" }, { "cve": "CVE-2026-23668", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-178/advisory.json", "detail_path": "advisories/ZDI-26-178", "id": "ZDI-26-178", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-178/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28159", "zdi_id": "ZDI-26-178" }, { "cve": "CVE-2026-26364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Array Networks MotionPro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-177/advisory.json", "detail_path": "advisories/ZDI-26-177", "id": "ZDI-26-177", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-177/", "vendor": "Array Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-26850", "zdi_id": "ZDI-26-177" }, { "cve": "CVE-2026-20616", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must receive a malicious file that is written to the local filesystem....", "detail_json": "/data/advisories/ZDI-26-176/advisory.json", "detail_path": "advisories/ZDI-26-176", "id": "ZDI-26-176", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-176/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28552", "zdi_id": "ZDI-26-176" }, { "cve": "CVE-2026-20634", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-26-175/advisory.json", "detail_path": "advisories/ZDI-26-175", "id": "ZDI-26-175", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-175/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28081", "zdi_id": "ZDI-26-175" }, { "cve": "CVE-2026-20675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-26-174/advisory.json", "detail_path": "advisories/ZDI-26-174", "id": "ZDI-26-174", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-174/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28176", "zdi_id": "ZDI-26-174" }, { "cve": "CVE-2026-20611", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-26-173/advisory.json", "detail_path": "advisories/ZDI-26-173", "id": "ZDI-26-173", "kind": "published", "published_date": "2026-03-10", "status": "published", "title": "Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-173/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28497", "zdi_id": "ZDI-26-173" }, { "cve": "CVE-2026-3839", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-26-172/advisory.json", "detail_path": "advisories/ZDI-26-172", "id": "ZDI-26-172", "kind": "published", "published_date": "2026-03-09", "status": "published", "title": "Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability", "updated_date": "2026-03-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-172/", "vendor": "Unraid", "vendor_url": null, "zdi_can": "ZDI-CAN-28912", "zdi_id": "ZDI-26-172" }, { "cve": "CVE-2026-3838", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper...", "detail_json": "/data/advisories/ZDI-26-171/advisory.json", "detail_path": "advisories/ZDI-26-171", "id": "ZDI-26-171", "kind": "published", "published_date": "2026-03-09", "status": "published", "title": "Unraid Update Request Path Traversal Remote Code Execution Vulnerability", "updated_date": "2026-03-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-171/", "vendor": "Unraid", "vendor_url": null, "zdi_can": "ZDI-CAN-28951", "zdi_id": "ZDI-26-171" }, { "cve": "CVE-2026-3086", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-170/advisory.json", "detail_path": "advisories/ZDI-26-170", "id": "ZDI-26-170", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-170/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28911", "zdi_id": "ZDI-26-170" }, { "cve": "CVE-2026-3084", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-169/advisory.json", "detail_path": "advisories/ZDI-26-169", "id": "ZDI-26-169", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-169/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28910", "zdi_id": "ZDI-26-169" }, { "cve": "CVE-2026-2921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-168/advisory.json", "detail_path": "advisories/ZDI-26-168", "id": "ZDI-26-168", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-168/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28854", "zdi_id": "ZDI-26-168" }, { "cve": "CVE-2026-3085", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-167/advisory.json", "detail_path": "advisories/ZDI-26-167", "id": "ZDI-26-167", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-167/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28851", "zdi_id": "ZDI-26-167" }, { "cve": "CVE-2026-3083", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-166/advisory.json", "detail_path": "advisories/ZDI-26-166", "id": "ZDI-26-166", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-166/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28850", "zdi_id": "ZDI-26-166" }, { "cve": "CVE-2026-2922", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-165/advisory.json", "detail_path": "advisories/ZDI-26-165", "id": "ZDI-26-165", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-165/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28845", "zdi_id": "ZDI-26-165" }, { "cve": "CVE-2026-2920", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-164/advisory.json", "detail_path": "advisories/ZDI-26-164", "id": "ZDI-26-164", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-164/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28843", "zdi_id": "ZDI-26-164" }, { "cve": "CVE-2026-3082", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-163/advisory.json", "detail_path": "advisories/ZDI-26-163", "id": "ZDI-26-163", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-163/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28840", "zdi_id": "ZDI-26-163" }, { "cve": "CVE-2026-3081", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-162/advisory.json", "detail_path": "advisories/ZDI-26-162", "id": "ZDI-26-162", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-162/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28839", "zdi_id": "ZDI-26-162" }, { "cve": "CVE-2026-2923", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-161/advisory.json", "detail_path": "advisories/ZDI-26-161", "id": "ZDI-26-161", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-161/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-28838", "zdi_id": "ZDI-26-161" }, { "cve": "CVE-2026-3562", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The i...", "detail_json": "/data/advisories/ZDI-26-160/advisory.json", "detail_path": "advisories/ZDI-26-160", "id": "ZDI-26-160", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-160/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28480", "zdi_id": "ZDI-26-160" }, { "cve": "CVE-2026-3561", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-26-159/advisory.json", "detail_path": "advisories/ZDI-26-159", "id": "ZDI-26-159", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-159/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28479", "zdi_id": "ZDI-26-159" }, { "cve": "CVE-2026-3560", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function...", "detail_json": "/data/advisories/ZDI-26-158/advisory.json", "detail_path": "advisories/ZDI-26-158", "id": "ZDI-26-158", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-158/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28469", "zdi_id": "ZDI-26-158" }, { "cve": "CVE-2026-3559", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentic...", "detail_json": "/data/advisories/ZDI-26-157/advisory.json", "detail_path": "advisories/ZDI-26-157", "id": "ZDI-26-157", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-157/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28451", "zdi_id": "ZDI-26-157" }, { "cve": "CVE-2026-3558", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Acces...", "detail_json": "/data/advisories/ZDI-26-156/advisory.json", "detail_path": "advisories/ZDI-26-156", "id": "ZDI-26-156", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-156/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28374", "zdi_id": "ZDI-26-156" }, { "cve": "CVE-2026-3557", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-26-155/advisory.json", "detail_path": "advisories/ZDI-26-155", "id": "ZDI-26-155", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-155/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28337", "zdi_id": "ZDI-26-155" }, { "cve": "CVE-2026-3556", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function....", "detail_json": "/data/advisories/ZDI-26-154/advisory.json", "detail_path": "advisories/ZDI-26-154", "id": "ZDI-26-154", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-154/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28326", "zdi_id": "ZDI-26-154" }, { "cve": "CVE-2026-3555", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific...", "detail_json": "/data/advisories/ZDI-26-153/advisory.json", "detail_path": "advisories/ZDI-26-153", "id": "ZDI-26-153", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-153/", "vendor": "Philips", "vendor_url": null, "zdi_can": "ZDI-CAN-28276", "zdi_id": "ZDI-26-153" }, { "cve": "CVE-2025-15558", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-26-152/advisory.json", "detail_path": "advisories/ZDI-26-152", "id": "ZDI-26-152", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-152/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28304", "zdi_id": "ZDI-26-152" }, { "cve": "CVE-2026-3094", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-26-151/advisory.json", "detail_path": "advisories/ZDI-26-151", "id": "ZDI-26-151", "kind": "published", "published_date": "2026-03-06", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-151/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-28415", "zdi_id": "ZDI-26-151" }, { "cve": "CVE-2026-28400", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-26-150/advisory.json", "detail_path": "advisories/ZDI-26-150", "id": "ZDI-26-150", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-150/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28379", "zdi_id": "ZDI-26-150" }, { "cve": "CVE-2025-71218", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-26-149/advisory.json", "detail_path": "advisories/ZDI-26-149", "id": "ZDI-26-149", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-149/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-28218", "zdi_id": "ZDI-26-149" }, { "cve": "CVE-2025-71209", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from i...", "detail_json": "/data/advisories/ZDI-26-148/advisory.json", "detail_path": "advisories/ZDI-26-148", "id": "ZDI-26-148", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-148/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26039", "zdi_id": "ZDI-26-148" }, { "cve": "CVE-2025-71208", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from i...", "detail_json": "/data/advisories/ZDI-26-147/advisory.json", "detail_path": "advisories/ZDI-26-147", "id": "ZDI-26-147", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-147/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26037", "zdi_id": "ZDI-26-147" }, { "cve": "CVE-2025-71207", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Manual Up...", "detail_json": "/data/advisories/ZDI-26-146/advisory.json", "detail_path": "advisories/ZDI-26-146", "id": "ZDI-26-146", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-146/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26597", "zdi_id": "ZDI-26-146" }, { "cve": "CVE-2025-71206", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Scheduled...", "detail_json": "/data/advisories/ZDI-26-145/advisory.json", "detail_path": "advisories/ZDI-26-145", "id": "ZDI-26-145", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-145/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26598", "zdi_id": "ZDI-26-145" }, { "cve": "CVE-2025-71205", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of hub server URLs. By p...", "detail_json": "/data/advisories/ZDI-26-144/advisory.json", "detail_path": "advisories/ZDI-26-144", "id": "ZDI-26-144", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-144/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26618", "zdi_id": "ZDI-26-144" }, { "cve": "CVE-2025-71217", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-143/advisory.json", "detail_path": "advisories/ZDI-26-143", "id": "ZDI-26-143", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-143/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26594", "zdi_id": "ZDI-26-143" }, { "cve": "CVE-2025-71216", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-142/advisory.json", "detail_path": "advisories/ZDI-26-142", "id": "ZDI-26-142", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-142/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26605", "zdi_id": "ZDI-26-142" }, { "cve": "CVE-2025-71215", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-141/advisory.json", "detail_path": "advisories/ZDI-26-141", "id": "ZDI-26-141", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-141/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26609", "zdi_id": "ZDI-26-141" }, { "cve": "CVE-2025-71213", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-140/advisory.json", "detail_path": "advisories/ZDI-26-140", "id": "ZDI-26-140", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-140/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26771", "zdi_id": "ZDI-26-140" }, { "cve": "CVE-2025-71214", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-139/advisory.json", "detail_path": "advisories/ZDI-26-139", "id": "ZDI-26-139", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-139/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26282", "zdi_id": "ZDI-26-139" }, { "cve": "CVE-2025-71212", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-138/advisory.json", "detail_path": "advisories/ZDI-26-138", "id": "ZDI-26-138", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-138/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24972", "zdi_id": "ZDI-26-138" }, { "cve": "CVE-2025-71211", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-26-137/advisory.json", "detail_path": "advisories/ZDI-26-137", "id": "ZDI-26-137", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-137/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-28002", "zdi_id": "ZDI-26-137" }, { "cve": "CVE-2025-71210", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-26-136/advisory.json", "detail_path": "advisories/ZDI-26-136", "id": "ZDI-26-136", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-136/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-28001", "zdi_id": "ZDI-26-136" }, { "cve": "CVE-2026-27794", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LangChain LangGraph. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BaseCache class. The issue results from th...", "detail_json": "/data/advisories/ZDI-26-135/advisory.json", "detail_path": "advisories/ZDI-26-135", "id": "ZDI-26-135", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-135/", "vendor": "LangChain", "vendor_url": null, "zdi_can": "ZDI-CAN-28385", "zdi_id": "ZDI-26-135" }, { "cve": "CVE-2026-23600", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service,...", "detail_json": "/data/advisories/ZDI-26-134/advisory.json", "detail_path": "advisories/ZDI-26-134", "id": "ZDI-26-134", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-134/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-27634", "zdi_id": "ZDI-26-134" }, { "cve": "CVE-2026-26975", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Music Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the _update_library_item method. The iss...", "detail_json": "/data/advisories/ZDI-26-133/advisory.json", "detail_path": "advisories/ZDI-26-133", "id": "ZDI-26-133", "kind": "published", "published_date": "2026-03-03", "status": "published", "title": "(Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability", "updated_date": "2026-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-133/", "vendor": "Music Assistant", "vendor_url": null, "zdi_can": "ZDI-CAN-28235", "zdi_id": "ZDI-26-133" }, { "cve": "CVE-2026-25656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-132/advisory.json", "detail_path": "advisories/ZDI-26-132", "id": "ZDI-26-132", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-132/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-28108", "zdi_id": "ZDI-26-132" }, { "cve": "CVE-2026-25655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-131/advisory.json", "detail_path": "advisories/ZDI-26-131", "id": "ZDI-26-131", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-131/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-28107", "zdi_id": "ZDI-26-131" }, { "cve": "CVE-2026-2493", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of the ticket parameter provided to the c...", "detail_json": "/data/advisories/ZDI-26-130/advisory.json", "detail_path": "advisories/ZDI-26-130", "id": "ZDI-26-130", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "IceWarp collaboration Directory Traversal Information Disclosure Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-130/", "vendor": "IceWarp", "vendor_url": null, "zdi_can": "ZDI-CAN-25440", "zdi_id": "ZDI-26-130" }, { "cve": "CVE-2026-2491", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API i...", "detail_json": "/data/advisories/ZDI-26-129/advisory.json", "detail_path": "advisories/ZDI-26-129", "id": "ZDI-26-129", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-129/", "vendor": "Socomec", "vendor_url": null, "zdi_can": "ZDI-CAN-23993", "zdi_id": "ZDI-26-129" }, { "cve": "CVE-2026-21634", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of We...", "detail_json": "/data/advisories/ZDI-26-128/advisory.json", "detail_path": "advisories/ZDI-26-128", "id": "ZDI-26-128", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-128/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-28824", "zdi_id": "ZDI-26-128" }, { "cve": "CVE-2026-21633", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within device authentication....", "detail_json": "/data/advisories/ZDI-26-127/advisory.json", "detail_path": "advisories/ZDI-26-127", "id": "ZDI-26-127", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-127/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-28474", "zdi_id": "ZDI-26-127" }, { "cve": "CVE-2026-21633", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to downgrade the communication protocol on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discovery pro...", "detail_json": "/data/advisories/ZDI-26-126/advisory.json", "detail_path": "advisories/ZDI-26-126", "id": "ZDI-26-126", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-126/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-28274", "zdi_id": "ZDI-26-126" }, { "cve": "CVE-2026-2664", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-125/advisory.json", "detail_path": "advisories/ZDI-26-125", "id": "ZDI-26-125", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-125/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28631", "zdi_id": "ZDI-26-125" }, { "cve": "CVE-2025-15060", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeClaudeCode meth...", "detail_json": "/data/advisories/ZDI-26-124/advisory.json", "detail_path": "advisories/ZDI-26-124", "id": "ZDI-26-124", "kind": "published", "published_date": "2026-02-25", "status": "published", "title": "claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-124/", "vendor": "claude-hovercraft", "vendor_url": null, "zdi_can": "ZDI-CAN-27785", "zdi_id": "ZDI-26-124" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-123/advisory.json", "detail_path": "advisories/ZDI-26-123", "id": "ZDI-26-123", "kind": "published", "published_date": "2026-02-23", "status": "published", "title": "Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability", "updated_date": "2026-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-123/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-27562", "zdi_id": "ZDI-26-123" }, { "cve": "CVE-2026-2040", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-26-122/advisory.json", "detail_path": "advisories/ZDI-26-122", "id": "ZDI-26-122", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-122/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-27788", "zdi_id": "ZDI-26-122" }, { "cve": "CVE-2026-2048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-121/advisory.json", "detail_path": "advisories/ZDI-26-121", "id": "ZDI-26-121", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28591", "zdi_id": "ZDI-26-121" }, { "cve": "CVE-2026-2047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-120/advisory.json", "detail_path": "advisories/ZDI-26-120", "id": "ZDI-26-120", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-120/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28530", "zdi_id": "ZDI-26-120" }, { "cve": "CVE-2026-2045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-119/advisory.json", "detail_path": "advisories/ZDI-26-119", "id": "ZDI-26-119", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28265", "zdi_id": "ZDI-26-119" }, { "cve": "CVE-2026-2044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-118/advisory.json", "detail_path": "advisories/ZDI-26-118", "id": "ZDI-26-118", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28158", "zdi_id": "ZDI-26-118" }, { "cve": "CVE-2026-2490", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-26-117/advisory.json", "detail_path": "advisories/ZDI-26-117", "id": "ZDI-26-117", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-117/", "vendor": "RustDesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27909", "zdi_id": "ZDI-26-117" }, { "cve": "CVE-2026-2492", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-26-116/advisory.json", "detail_path": "advisories/ZDI-26-116", "id": "ZDI-26-116", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-116/", "vendor": "TensorFlow", "vendor_url": null, "zdi_can": "ZDI-CAN-25480", "zdi_id": "ZDI-26-116" }, { "cve": "CVE-2025-62676", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-115/advisory.json", "detail_path": "advisories/ZDI-26-115", "id": "ZDI-26-115", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-115/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-25710", "zdi_id": "ZDI-26-115" }, { "cve": "CVE-2026-1335", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-26-114/advisory.json", "detail_path": "advisories/ZDI-26-114", "id": "ZDI-26-114", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-114/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-28404", "zdi_id": "ZDI-26-114" }, { "cve": "CVE-2026-1334", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-26-113/advisory.json", "detail_path": "advisories/ZDI-26-113", "id": "ZDI-26-113", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-113/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-28378", "zdi_id": "ZDI-26-113" }, { "cve": "CVE-2026-1333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-26-112/advisory.json", "detail_path": "advisories/ZDI-26-112", "id": "ZDI-26-112", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-112/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-28315", "zdi_id": "ZDI-26-112" }, { "cve": "CVE-2026-2635", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains hard-coded defaul...", "detail_json": "/data/advisories/ZDI-26-111/advisory.json", "detail_path": "advisories/ZDI-26-111", "id": "ZDI-26-111", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "MLflow Use of Default Password Authentication Bypass Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-111/", "vendor": "MLflow", "vendor_url": null, "zdi_can": "ZDI-CAN-28256", "zdi_id": "ZDI-26-111" }, { "cve": "CVE-2025-60037, CVE-2025-60038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-26-110/advisory.json", "detail_path": "advisories/ZDI-26-110", "id": "ZDI-26-110", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-110/", "vendor": "Bosch Rexroth", "vendor_url": null, "zdi_can": "ZDI-CAN-28112", "zdi_id": "ZDI-26-110" }, { "cve": "CVE-2025-60035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-26-109/advisory.json", "detail_path": "advisories/ZDI-26-109", "id": "ZDI-26-109", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-109/", "vendor": "Bosch Rexroth", "vendor_url": null, "zdi_can": "ZDI-CAN-27994", "zdi_id": "ZDI-26-109" }, { "cve": "CVE-2025-60036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-26-108/advisory.json", "detail_path": "advisories/ZDI-26-108", "id": "ZDI-26-108", "kind": "published", "published_date": "2026-02-19", "status": "published", "title": "Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-108/", "vendor": "Bosch Rexroth", "vendor_url": null, "zdi_can": "ZDI-CAN-27996", "zdi_id": "ZDI-26-108" }, { "cve": "CVE-2026-0875", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-107/advisory.json", "detail_path": "advisories/ZDI-26-107", "id": "ZDI-26-107", "kind": "published", "published_date": "2026-02-18", "status": "published", "title": "Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-107/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28581", "zdi_id": "ZDI-26-107" }, { "cve": "CVE-2026-0874", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-26-106/advisory.json", "detail_path": "advisories/ZDI-26-106", "id": "ZDI-26-106", "kind": "published", "published_date": "2026-02-18", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-106/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28417", "zdi_id": "ZDI-26-106" }, { "cve": "CVE-2026-2033", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The is...", "detail_json": "/data/advisories/ZDI-26-105/advisory.json", "detail_path": "advisories/ZDI-26-105", "id": "ZDI-26-105", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-105/", "vendor": "MLflow", "vendor_url": null, "zdi_can": "ZDI-CAN-26649", "zdi_id": "ZDI-26-105" }, { "cve": "CVE-2026-2034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-26-104/advisory.json", "detail_path": "advisories/ZDI-26-104", "id": "ZDI-26-104", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-104/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-28129", "zdi_id": "ZDI-26-104" }, { "cve": "CVE-2026-21956", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-103/advisory.json", "detail_path": "advisories/ZDI-26-103", "id": "ZDI-26-103", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-103/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27923", "zdi_id": "ZDI-26-103" }, { "cve": "CVE-2026-21957", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-102/advisory.json", "detail_path": "advisories/ZDI-26-102", "id": "ZDI-26-102", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-102/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27938", "zdi_id": "ZDI-26-102" }, { "cve": "CVE-2026-21963", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-101/advisory.json", "detail_path": "advisories/ZDI-26-101", "id": "ZDI-26-101", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-101/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-28080", "zdi_id": "ZDI-26-101" }, { "cve": "CVE-2026-21985", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-26-100/advisory.json", "detail_path": "advisories/ZDI-26-100", "id": "ZDI-26-100", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-100/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-28079", "zdi_id": "ZDI-26-100" }, { "cve": "CVE-2026-21984", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-099/advisory.json", "detail_path": "advisories/ZDI-26-099", "id": "ZDI-26-099", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-099/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27925", "zdi_id": "ZDI-26-099" }, { "cve": "CVE-2026-21955", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-098/advisory.json", "detail_path": "advisories/ZDI-26-098", "id": "ZDI-26-098", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-098/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27870", "zdi_id": "ZDI-26-098" }, { "cve": "CVE-2026-21983", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-26-097/advisory.json", "detail_path": "advisories/ZDI-26-097", "id": "ZDI-26-097", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-097/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-28045", "zdi_id": "ZDI-26-097" }, { "cve": "CVE-2026-1283", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-26-096/advisory.json", "detail_path": "advisories/ZDI-26-096", "id": "ZDI-26-096", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-096/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-28186", "zdi_id": "ZDI-26-096" }, { "cve": "CVE-2026-1284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-26-095/advisory.json", "detail_path": "advisories/ZDI-26-095", "id": "ZDI-26-095", "kind": "published", "published_date": "2026-02-13", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-095/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-28188", "zdi_id": "ZDI-26-095" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-094/advisory.json", "detail_path": "advisories/ZDI-26-094", "id": "ZDI-26-094", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-094/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27478", "zdi_id": "ZDI-26-094" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-093/advisory.json", "detail_path": "advisories/ZDI-26-093", "id": "ZDI-26-093", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-093/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27480", "zdi_id": "ZDI-26-093" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-092/advisory.json", "detail_path": "advisories/ZDI-26-092", "id": "ZDI-26-092", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-092/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27455", "zdi_id": "ZDI-26-092" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-091/advisory.json", "detail_path": "advisories/ZDI-26-091", "id": "ZDI-26-091", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-091/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27362", "zdi_id": "ZDI-26-091" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-090/advisory.json", "detail_path": "advisories/ZDI-26-090", "id": "ZDI-26-090", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-090/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27364", "zdi_id": "ZDI-26-090" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-089/advisory.json", "detail_path": "advisories/ZDI-26-089", "id": "ZDI-26-089", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-089/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27374", "zdi_id": "ZDI-26-089" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-088/advisory.json", "detail_path": "advisories/ZDI-26-088", "id": "ZDI-26-088", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-088/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27390", "zdi_id": "ZDI-26-088" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-087/advisory.json", "detail_path": "advisories/ZDI-26-087", "id": "ZDI-26-087", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-087/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27363", "zdi_id": "ZDI-26-087" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-086/advisory.json", "detail_path": "advisories/ZDI-26-086", "id": "ZDI-26-086", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-086/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27370", "zdi_id": "ZDI-26-086" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-085/advisory.json", "detail_path": "advisories/ZDI-26-085", "id": "ZDI-26-085", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-085/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27368", "zdi_id": "ZDI-26-085" }, { "cve": "CVE-2025-13845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-26-084/advisory.json", "detail_path": "advisories/ZDI-26-084", "id": "ZDI-26-084", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-084/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27371", "zdi_id": "ZDI-26-084" }, { "cve": "CVE-2026-21249", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-26-083/advisory.json", "detail_path": "advisories/ZDI-26-083", "id": "ZDI-26-083", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28491", "zdi_id": "ZDI-26-083" }, { "cve": "CVE-2026-21527", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InterceptorSmtpAgent class. The issue re...", "detail_json": "/data/advisories/ZDI-26-082/advisory.json", "detail_path": "advisories/ZDI-26-082", "id": "ZDI-26-082", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-082/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28410", "zdi_id": "ZDI-26-082" }, { "cve": "CVE-2026-21235", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-081/advisory.json", "detail_path": "advisories/ZDI-26-081", "id": "ZDI-26-081", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-081/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28066", "zdi_id": "ZDI-26-081" }, { "cve": "CVE-2026-1603", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthHelper class. The issue results fro...", "detail_json": "/data/advisories/ZDI-26-080/advisory.json", "detail_path": "advisories/ZDI-26-080", "id": "ZDI-26-080", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-080/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26885", "zdi_id": "ZDI-26-080" }, { "cve": "CVE-2026-1602", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ROI class. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-26-079/advisory.json", "detail_path": "advisories/ZDI-26-079", "id": "ZDI-26-079", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-079/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26863", "zdi_id": "ZDI-26-079" }, { "cve": "CVE-2026-2035", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files....", "detail_json": "/data/advisories/ZDI-26-078/advisory.json", "detail_path": "advisories/ZDI-26-078", "id": "ZDI-26-078", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-078/", "vendor": "Deciso", "vendor_url": null, "zdi_can": "ZDI-CAN-28131", "zdi_id": "ZDI-26-078" }, { "cve": "CVE-2026-2039", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe proce...", "detail_json": "/data/advisories/ZDI-26-077/advisory.json", "detail_path": "advisories/ZDI-26-077", "id": "ZDI-26-077", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-077/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-28597", "zdi_id": "ZDI-26-077" }, { "cve": "CVE-2026-2036", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-26-076/advisory.json", "detail_path": "advisories/ZDI-26-076", "id": "ZDI-26-076", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-076/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-27936", "zdi_id": "ZDI-26-076" }, { "cve": "CVE-2026-2038", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe proces...", "detail_json": "/data/advisories/ZDI-26-075/advisory.json", "detail_path": "advisories/ZDI-26-075", "id": "ZDI-26-075", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-075/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-27934", "zdi_id": "ZDI-26-075" }, { "cve": "CVE-2026-2037", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-26-074/advisory.json", "detail_path": "advisories/ZDI-26-074", "id": "ZDI-26-074", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-074/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-27935", "zdi_id": "ZDI-26-074" }, { "cve": "CVE-2026-2041", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the zabbixagent_configwizard_func method. The issue result...", "detail_json": "/data/advisories/ZDI-26-073/advisory.json", "detail_path": "advisories/ZDI-26-073", "id": "ZDI-26-073", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-073/", "vendor": "Nagios", "vendor_url": null, "zdi_can": "ZDI-CAN-28250", "zdi_id": "ZDI-26-073" }, { "cve": "CVE-2026-2043", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue...", "detail_json": "/data/advisories/ZDI-26-072/advisory.json", "detail_path": "advisories/ZDI-26-072", "id": "ZDI-26-072", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-072/", "vendor": "Nagios", "vendor_url": null, "zdi_can": "ZDI-CAN-28249", "zdi_id": "ZDI-26-072" }, { "cve": "CVE-2026-2042", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the la...", "detail_json": "/data/advisories/ZDI-26-071/advisory.json", "detail_path": "advisories/ZDI-26-071", "id": "ZDI-26-071", "kind": "published", "published_date": "2026-02-12", "status": "published", "title": "Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-071/", "vendor": "Nagios", "vendor_url": null, "zdi_can": "ZDI-CAN-28245", "zdi_id": "ZDI-26-071" }, { "cve": "CVE-2025-61808", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of CAR files. The issue results from the...", "detail_json": "/data/advisories/ZDI-26-070/advisory.json", "detail_path": "advisories/ZDI-26-070", "id": "ZDI-26-070", "kind": "published", "published_date": "2026-02-06", "status": "published", "title": "Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-02-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-27940", "zdi_id": "ZDI-26-070" }, { "cve": "CVE-2026-0777", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-26-069/advisory.json", "detail_path": "advisories/ZDI-26-069", "id": "ZDI-26-069", "kind": "published", "published_date": "2026-02-06", "status": "published", "title": "(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2026-02-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-069/", "vendor": "Xmind", "vendor_url": null, "zdi_can": "ZDI-CAN-26034", "zdi_id": "ZDI-26-069" }, { "cve": "CVE-2025-14740", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the product i...", "detail_json": "/data/advisories/ZDI-26-068/advisory.json", "detail_path": "advisories/ZDI-26-068", "id": "ZDI-26-068", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2026-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-068/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28542", "zdi_id": "ZDI-26-068" }, { "cve": "CVE-2025-14740", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the product i...", "detail_json": "/data/advisories/ZDI-26-067/advisory.json", "detail_path": "advisories/ZDI-26-067", "id": "ZDI-26-067", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2026-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-067/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-28190", "zdi_id": "ZDI-26-067" }, { "cve": "CVE-2025-65079", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getCFFNames function. The...", "detail_json": "/data/advisories/ZDI-26-066/advisory.json", "detail_path": "advisories/ZDI-26-066", "id": "ZDI-26-066", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-066/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-28333", "zdi_id": "ZDI-26-066" }, { "cve": "CVE-2025-65080", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the usecmap method. The issue...", "detail_json": "/data/advisories/ZDI-26-065/advisory.json", "detail_path": "advisories/ZDI-26-065", "id": "ZDI-26-065", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "(Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability", "updated_date": "2026-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-065/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-28328", "zdi_id": "ZDI-26-065" }, { "cve": "CVE-2025-65081", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the execuserobject function....", "detail_json": "/data/advisories/ZDI-26-064/advisory.json", "detail_path": "advisories/ZDI-26-064", "id": "ZDI-26-064", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "(Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-064/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-28341", "zdi_id": "ZDI-26-064" }, { "cve": "CVE-2025-65077", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libesffls binary. The iss...", "detail_json": "/data/advisories/ZDI-26-063/advisory.json", "detail_path": "advisories/ZDI-26-063", "id": "ZDI-26-063", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "(Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-02-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-063/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-28261", "zdi_id": "ZDI-26-063" }, { "cve": "CVE-2025-65078", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX532adwe printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-062/advisory.json", "detail_path": "advisories/ZDI-26-062", "id": "ZDI-26-062", "kind": "published", "published_date": "2026-02-05", "status": "published", "title": "(Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability", "updated_date": "2026-02-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-062/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-28477", "zdi_id": "ZDI-26-062" }, { "cve": "CVE-2025-33201", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EVBufferToJson me...", "detail_json": "/data/advisories/ZDI-26-061/advisory.json", "detail_path": "advisories/ZDI-26-061", "id": "ZDI-26-061", "kind": "published", "published_date": "2026-02-04", "status": "published", "title": "NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability", "updated_date": "2026-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-061/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-26889", "zdi_id": "ZDI-26-061" }, { "cve": "CVE-2026-24149", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron-LM. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-26-060/advisory.json", "detail_path": "advisories/ZDI-26-060", "id": "ZDI-26-060", "kind": "published", "published_date": "2026-02-04", "status": "published", "title": "NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-060/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27989", "zdi_id": "ZDI-26-060" }, { "cve": "CVE-2025-66374", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of CyberArk Endpoint Privilege Management. An attacker must first obtain a low-privileged interactive user session on the target system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-26-059/advisory.json", "detail_path": "advisories/ZDI-26-059", "id": "ZDI-26-059", "kind": "published", "published_date": "2026-02-03", "status": "published", "title": "CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability", "updated_date": "2026-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-059/", "vendor": "CyberArk", "vendor_url": null, "zdi_can": "ZDI-CAN-26000", "zdi_id": "ZDI-26-059" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-26-058/advisory.json", "detail_path": "advisories/ZDI-26-058", "id": "ZDI-26-058", "kind": "published", "published_date": "2026-02-03", "status": "published", "title": "AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2026-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-058/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-27641", "zdi_id": "ZDI-26-058" }, { "cve": "CVE-2025-46298", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-26-057/advisory.json", "detail_path": "advisories/ZDI-26-057", "id": "ZDI-26-057", "kind": "published", "published_date": "2026-02-03", "status": "published", "title": "Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability", "updated_date": "2026-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-057/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28285", "zdi_id": "ZDI-26-057" }, { "cve": "CVE-2025-43283", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-26-056/advisory.json", "detail_path": "advisories/ZDI-26-056", "id": "ZDI-26-056", "kind": "published", "published_date": "2026-02-03", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2026-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-056/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28035", "zdi_id": "ZDI-26-056" }, { "cve": "CVE-2025-13447", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data...", "detail_json": "/data/advisories/ZDI-26-055/advisory.json", "detail_path": "advisories/ZDI-26-055", "id": "ZDI-26-055", "kind": "published", "published_date": "2026-02-02", "status": "published", "title": "Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-055/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-27596", "zdi_id": "ZDI-26-055" }, { "cve": "CVE-2025-13447", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to...", "detail_json": "/data/advisories/ZDI-26-054/advisory.json", "detail_path": "advisories/ZDI-26-054", "id": "ZDI-26-054", "kind": "published", "published_date": "2026-02-02", "status": "published", "title": "Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-054/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-27595", "zdi_id": "ZDI-26-054" }, { "cve": "CVE-2025-13447", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data...", "detail_json": "/data/advisories/ZDI-26-053/advisory.json", "detail_path": "advisories/ZDI-26-053", "id": "ZDI-26-053", "kind": "published", "published_date": "2026-02-02", "status": "published", "title": "Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-053/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-27591", "zdi_id": "ZDI-26-053" }, { "cve": "CVE-2025-13444", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data...", "detail_json": "/data/advisories/ZDI-26-052/advisory.json", "detail_path": "advisories/ZDI-26-052", "id": "ZDI-26-052", "kind": "published", "published_date": "2026-02-02", "status": "published", "title": "Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-052/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-27593", "zdi_id": "ZDI-26-052" }, { "cve": "CVE-2025-13447", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data...", "detail_json": "/data/advisories/ZDI-26-051/advisory.json", "detail_path": "advisories/ZDI-26-051", "id": "ZDI-26-051", "kind": "published", "published_date": "2026-02-02", "status": "published", "title": "Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-051/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-27594", "zdi_id": "ZDI-26-051" }, { "cve": "CVE-2026-0797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-26-050/advisory.json", "detail_path": "advisories/ZDI-26-050", "id": "ZDI-26-050", "kind": "published", "published_date": "2026-01-30", "status": "published", "title": "GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28599", "zdi_id": "ZDI-26-050" }, { "cve": "CVE-2026-0975", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. User interaction is required to exploit this vulnerability in that the target must open and run a malicious project. The specific flaw...", "detail_json": "/data/advisories/ZDI-26-049/advisory.json", "detail_path": "advisories/ZDI-26-049", "id": "ZDI-26-049", "kind": "published", "published_date": "2026-01-28", "status": "published", "title": "Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2026-01-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-049/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-27093", "zdi_id": "ZDI-26-049" }, { "cve": "CVE-2025-67685", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of web sockets. The issue r...", "detail_json": "/data/advisories/ZDI-26-048/advisory.json", "detail_path": "advisories/ZDI-26-048", "id": "ZDI-26-048", "kind": "published", "published_date": "2026-01-28", "status": "published", "title": "Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability", "updated_date": "2026-01-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-048/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27307", "zdi_id": "ZDI-26-048" }, { "cve": "CVE-2025-29867", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-26-047/advisory.json", "detail_path": "advisories/ZDI-26-047", "id": "ZDI-26-047", "kind": "published", "published_date": "2026-01-28", "status": "published", "title": "Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2026-01-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-047/", "vendor": "Hancom", "vendor_url": null, "zdi_can": "ZDI-CAN-26620", "zdi_id": "ZDI-26-047" }, { "cve": "CVE-2026-20026", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The specific flaw exists within the _bnfa_search_csparse_nfa method. The issue results...", "detail_json": "/data/advisories/ZDI-26-046/advisory.json", "detail_path": "advisories/ZDI-26-046", "id": "ZDI-26-046", "kind": "published", "published_date": "2026-01-28", "status": "published", "title": "Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-01-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-046/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-27892", "zdi_id": "ZDI-26-046" }, { "cve": "CVE-2026-20027", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The specific flaw exists within the _bnfa_search_csparse_nfa method. The issue...", "detail_json": "/data/advisories/ZDI-26-045/advisory.json", "detail_path": "advisories/ZDI-26-045", "id": "ZDI-26-045", "kind": "published", "published_date": "2026-01-28", "status": "published", "title": "Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2026-01-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-045/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-27893", "zdi_id": "ZDI-26-045" }, { "cve": "CVE-2026-20871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-26-044/advisory.json", "detail_path": "advisories/ZDI-26-044", "id": "ZDI-26-044", "kind": "published", "published_date": "2026-01-13", "status": "published", "title": "Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2026-01-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28082", "zdi_id": "ZDI-26-044" }, { "cve": "CVE-2026-0775", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-26-043/advisory.json", "detail_path": "advisories/ZDI-26-043", "id": "ZDI-26-043", "kind": "published", "published_date": "2026-01-12", "status": "published", "title": "(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-043/", "vendor": "npm", "vendor_url": null, "zdi_can": "ZDI-CAN-25430", "zdi_id": "ZDI-26-043" }, { "cve": "CVE-2026-0773", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the add_tool endpoint, which listens on TCP port 7541 by d...", "detail_json": "/data/advisories/ZDI-26-042/advisory.json", "detail_path": "advisories/ZDI-26-042", "id": "ZDI-26-042", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-042/", "vendor": "Upsonic", "vendor_url": null, "zdi_can": "ZDI-CAN-26845", "zdi_id": "ZDI-26-042" }, { "cve": "CVE-2026-0778", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service,...", "detail_json": "/data/advisories/ZDI-26-041/advisory.json", "detail_path": "advisories/ZDI-26-041", "id": "ZDI-26-041", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-041/", "vendor": "Enel X", "vendor_url": null, "zdi_can": "ZDI-CAN-23285", "zdi_id": "ZDI-26-041" }, { "cve": "CVE-2026-0776", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-26-040/advisory.json", "detail_path": "advisories/ZDI-26-040", "id": "ZDI-26-040", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-040/", "vendor": "Discord", "vendor_url": null, "zdi_can": "ZDI-CAN-27057", "zdi_id": "ZDI-26-040" }, { "cve": "CVE-2026-0774", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The...", "detail_json": "/data/advisories/ZDI-26-039/advisory.json", "detail_path": "advisories/ZDI-26-039", "id": "ZDI-26-039", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-039/", "vendor": "WatchYourLAN", "vendor_url": null, "zdi_can": "ZDI-CAN-26708", "zdi_id": "ZDI-26-039" }, { "cve": "CVE-2026-0772", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk cache service. The issue results from the lack of pr...", "detail_json": "/data/advisories/ZDI-26-038/advisory.json", "detail_path": "advisories/ZDI-26-038", "id": "ZDI-26-038", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-038/", "vendor": "Langflow", "vendor_url": null, "zdi_can": "ZDI-CAN-27919", "zdi_id": "ZDI-26-038" }, { "cve": "CVE-2026-0771", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python funct...", "detail_json": "/data/advisories/ZDI-26-037/advisory.json", "detail_path": "advisories/ZDI-26-037", "id": "ZDI-26-037", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-037/", "vendor": "Langflow", "vendor_url": null, "zdi_can": "ZDI-CAN-27497", "zdi_id": "ZDI-26-037" }, { "cve": "CVE-2026-0770", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to th...", "detail_json": "/data/advisories/ZDI-26-036/advisory.json", "detail_path": "advisories/ZDI-26-036", "id": "ZDI-26-036", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-036/", "vendor": "Langflow", "vendor_url": null, "zdi_can": "ZDI-CAN-27325", "zdi_id": "ZDI-26-036" }, { "cve": "CVE-2026-0769", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of eval_custom_component_code function...", "detail_json": "/data/advisories/ZDI-26-035/advisory.json", "detail_path": "advisories/ZDI-26-035", "id": "ZDI-26-035", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-035/", "vendor": "Langflow", "vendor_url": null, "zdi_can": "ZDI-CAN-26972", "zdi_id": "ZDI-26-035" }, { "cve": "CVE-2026-0768", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the valida...", "detail_json": "/data/advisories/ZDI-26-034/advisory.json", "detail_path": "advisories/ZDI-26-034", "id": "ZDI-26-034", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Langflow code Code Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-034/", "vendor": "Langflow", "vendor_url": null, "zdi_can": "ZDI-CAN-27322", "zdi_id": "ZDI-26-034" }, { "cve": "CVE-2026-0767", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided...", "detail_json": "/data/advisories/ZDI-26-033/advisory.json", "detail_path": "advisories/ZDI-26-033", "id": "ZDI-26-033", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-033/", "vendor": "Open WebUI", "vendor_url": null, "zdi_can": "ZDI-CAN-28259", "zdi_id": "ZDI-26-033" }, { "cve": "CVE-2026-0766", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the load_tool_module_by_id function. The issue results from...", "detail_json": "/data/advisories/ZDI-26-032/advisory.json", "detail_path": "advisories/ZDI-26-032", "id": "ZDI-26-032", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-032/", "vendor": "Open WebUI", "vendor_url": null, "zdi_can": "ZDI-CAN-28257", "zdi_id": "ZDI-26-032" }, { "cve": "CVE-2026-0765", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the install_frontmatter_requirements function.The issue res...", "detail_json": "/data/advisories/ZDI-26-031/advisory.json", "detail_path": "advisories/ZDI-26-031", "id": "ZDI-26-031", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-031/", "vendor": "Open WebUI", "vendor_url": null, "zdi_can": "ZDI-CAN-28258", "zdi_id": "ZDI-26-031" }, { "cve": "CVE-2026-0764", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upload endpoint. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-26-030/advisory.json", "detail_path": "advisories/ZDI-26-030", "id": "ZDI-26-030", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-030/", "vendor": "GPT Academic", "vendor_url": null, "zdi_can": "ZDI-CAN-27957", "zdi_id": "ZDI-26-030" }, { "cve": "CVE-2026-0763", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_in_subprocess_wrapper_func function. The issu...", "detail_json": "/data/advisories/ZDI-26-029/advisory.json", "detail_path": "advisories/ZDI-26-029", "id": "ZDI-26-029", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-029/", "vendor": "GPT Academic", "vendor_url": null, "zdi_can": "ZDI-CAN-27958", "zdi_id": "ZDI-26-029" }, { "cve": "CVE-2026-0762", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-26-028/advisory.json", "detail_path": "advisories/ZDI-26-028", "id": "ZDI-26-028", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-028/", "vendor": "GPT Academic", "vendor_url": null, "zdi_can": "ZDI-CAN-27956", "zdi_id": "ZDI-26-028" }, { "cve": "CVE-2026-0761", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the actionoutput_str_to_mapping function...", "detail_json": "/data/advisories/ZDI-26-027/advisory.json", "detail_path": "advisories/ZDI-26-027", "id": "ZDI-26-027", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-027/", "vendor": "Foundation Agents", "vendor_url": null, "zdi_can": "ZDI-CAN-28124", "zdi_id": "ZDI-26-027" }, { "cve": "CVE-2026-0760", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deserialize_message function. The is...", "detail_json": "/data/advisories/ZDI-26-026/advisory.json", "detail_path": "advisories/ZDI-26-026", "id": "ZDI-26-026", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-026/", "vendor": "Foundation Agents", "vendor_url": null, "zdi_can": "ZDI-CAN-28121", "zdi_id": "ZDI-26-026" }, { "cve": "CVE-2026-0759", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the e...", "detail_json": "/data/advisories/ZDI-26-025/advisory.json", "detail_path": "advisories/ZDI-26-025", "id": "ZDI-26-025", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-025/", "vendor": "Katana Network", "vendor_url": null, "zdi_can": "ZDI-CAN-27786", "zdi_id": "ZDI-26-025" }, { "cve": "CVE-2026-0758", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-26-024/advisory.json", "detail_path": "advisories/ZDI-26-024", "id": "ZDI-26-024", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-024/", "vendor": "mcp-server-siri-shortcuts", "vendor_url": null, "zdi_can": "ZDI-CAN-27910", "zdi_id": "ZDI-26-024" }, { "cve": "CVE-2026-0757", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-26-023/advisory.json", "detail_path": "advisories/ZDI-26-023", "id": "ZDI-26-023", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-023/", "vendor": "MCP Manager for Claude Desktop", "vendor_url": null, "zdi_can": "ZDI-CAN-27810", "zdi_id": "ZDI-26-023" }, { "cve": "CVE-2026-0756", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_issue paramete...", "detail_json": "/data/advisories/ZDI-26-022/advisory.json", "detail_path": "advisories/ZDI-26-022", "id": "ZDI-26-022", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-022/", "vendor": "github-kanban-mcp-server", "vendor_url": null, "zdi_can": "ZDI-CAN-27784", "zdi_id": "ZDI-26-022" }, { "cve": "CVE-2026-0755", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The is...", "detail_json": "/data/advisories/ZDI-26-021/advisory.json", "detail_path": "advisories/ZDI-26-021", "id": "ZDI-26-021", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-021/", "vendor": "Gemini MCP Tool", "vendor_url": null, "zdi_can": "ZDI-CAN-27783", "zdi_id": "ZDI-26-021" }, { "cve": "CVE-2025-15063", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The...", "detail_json": "/data/advisories/ZDI-26-020/advisory.json", "detail_path": "advisories/ZDI-26-020", "id": "ZDI-26-020", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-020/", "vendor": "Ollama MCP Server", "vendor_url": null, "zdi_can": "ZDI-CAN-27683", "zdi_id": "ZDI-26-020" }, { "cve": "CVE-2026-20029", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getSp...", "detail_json": "/data/advisories/ZDI-26-019/advisory.json", "detail_path": "advisories/ZDI-26-019", "id": "ZDI-26-019", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-019/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-27889", "zdi_id": "ZDI-26-019" }, { "cve": "CVE-2026-0796", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-018/advisory.json", "detail_path": "advisories/ZDI-26-018", "id": "ZDI-26-018", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-018/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28322", "zdi_id": "ZDI-26-018" }, { "cve": "CVE-2026-0795", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-017/advisory.json", "detail_path": "advisories/ZDI-26-017", "id": "ZDI-26-017", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-017/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28321", "zdi_id": "ZDI-26-017" }, { "cve": "CVE-2026-0794", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SIP calls. The...", "detail_json": "/data/advisories/ZDI-26-016/advisory.json", "detail_path": "advisories/ZDI-26-016", "id": "ZDI-26-016", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-016/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28303", "zdi_id": "ZDI-26-016" }, { "cve": "CVE-2026-0793", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality....", "detail_json": "/data/advisories/ZDI-26-015/advisory.json", "detail_path": "advisories/ZDI-26-015", "id": "ZDI-26-015", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-015/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28302", "zdi_id": "ZDI-26-015" }, { "cve": "CVE-2026-0792", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Alert-Info...", "detail_json": "/data/advisories/ZDI-26-014/advisory.json", "detail_path": "advisories/ZDI-26-014", "id": "ZDI-26-014", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-014/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28301", "zdi_id": "ZDI-26-014" }, { "cve": "CVE-2026-0791", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Replaces he...", "detail_json": "/data/advisories/ZDI-26-013/advisory.json", "detail_path": "advisories/ZDI-26-013", "id": "ZDI-26-013", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-013/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28300", "zdi_id": "ZDI-26-013" }, { "cve": "CVE-2026-0790", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user inte...", "detail_json": "/data/advisories/ZDI-26-012/advisory.json", "detail_path": "advisories/ZDI-26-012", "id": "ZDI-26-012", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-012/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28299", "zdi_id": "ZDI-26-012" }, { "cve": "CVE-2026-0789", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user inte...", "detail_json": "/data/advisories/ZDI-26-011/advisory.json", "detail_path": "advisories/ZDI-26-011", "id": "ZDI-26-011", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-011/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28297", "zdi_id": "ZDI-26-011" }, { "cve": "CVE-2026-0788", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-26-010/advisory.json", "detail_path": "advisories/ZDI-26-010", "id": "ZDI-26-010", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-010/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28298", "zdi_id": "ZDI-26-010" }, { "cve": "CVE-2026-0787", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SAC module. The issue resul...", "detail_json": "/data/advisories/ZDI-26-009/advisory.json", "detail_path": "advisories/ZDI-26-009", "id": "ZDI-26-009", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-009/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28296", "zdi_id": "ZDI-26-009" }, { "cve": "CVE-2026-0786", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the SCI module. The issue results f...", "detail_json": "/data/advisories/ZDI-26-008/advisory.json", "detail_path": "advisories/ZDI-26-008", "id": "ZDI-26-008", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-008/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28295", "zdi_id": "ZDI-26-008" }, { "cve": "CVE-2026-0785", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the API interface. The issue result...", "detail_json": "/data/advisories/ZDI-26-007/advisory.json", "detail_path": "advisories/ZDI-26-007", "id": "ZDI-26-007", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-007/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28294", "zdi_id": "ZDI-26-007" }, { "cve": "CVE-2026-0784", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-006/advisory.json", "detail_path": "advisories/ZDI-26-006", "id": "ZDI-26-006", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-006/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28293", "zdi_id": "ZDI-26-006" }, { "cve": "CVE-2026-0783", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-005/advisory.json", "detail_path": "advisories/ZDI-26-005", "id": "ZDI-26-005", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-005/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28292", "zdi_id": "ZDI-26-005" }, { "cve": "CVE-2026-0782", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-004/advisory.json", "detail_path": "advisories/ZDI-26-004", "id": "ZDI-26-004", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-004/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28291", "zdi_id": "ZDI-26-004" }, { "cve": "CVE-2026-0781", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-003/advisory.json", "detail_path": "advisories/ZDI-26-003", "id": "ZDI-26-003", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-003/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28290", "zdi_id": "ZDI-26-003" }, { "cve": "CVE-2026-0780", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-002/advisory.json", "detail_path": "advisories/ZDI-26-002", "id": "ZDI-26-002", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-002/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-28289", "zdi_id": "ZDI-26-002" }, { "cve": "CVE-2026-0779", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The i...", "detail_json": "/data/advisories/ZDI-26-001/advisory.json", "detail_path": "advisories/ZDI-26-001", "id": "ZDI-26-001", "kind": "published", "published_date": "2026-01-09", "status": "published", "title": "(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability", "updated_date": "2026-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-001/", "vendor": "ALGO", "vendor_url": null, "zdi_can": "ZDI-CAN-25568", "zdi_id": "ZDI-26-001" }, { "cve": "CVE-2025-15351", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-1202/advisory.json", "detail_path": "advisories/ZDI-25-1202", "id": "ZDI-25-1202", "kind": "published", "published_date": "2025-12-30", "status": "published", "title": "(0Day) Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1202/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-27040", "zdi_id": "ZDI-25-1202" }, { "cve": "CVE-2025-15350", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-1201/advisory.json", "detail_path": "advisories/ZDI-25-1201", "id": "ZDI-25-1201", "kind": "published", "published_date": "2025-12-30", "status": "published", "title": "(0Day) Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1201/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-27039", "zdi_id": "ZDI-25-1201" }, { "cve": "CVE-2025-15349", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SCPI component. The issue results...", "detail_json": "/data/advisories/ZDI-25-1200/advisory.json", "detail_path": "advisories/ZDI-25-1200", "id": "ZDI-25-1200", "kind": "published", "published_date": "2025-12-30", "status": "published", "title": "(0Day) Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability", "updated_date": "2025-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1200/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-27315", "zdi_id": "ZDI-25-1200" }, { "cve": "CVE-2025-15348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-1199/advisory.json", "detail_path": "advisories/ZDI-25-1199", "id": "ZDI-25-1199", "kind": "published", "published_date": "2025-12-30", "status": "published", "title": "(0Day) Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1199/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-27833", "zdi_id": "ZDI-25-1199" }, { "cve": "CVE-2025-15062", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1198/advisory.json", "detail_path": "advisories/ZDI-25-1198", "id": "ZDI-25-1198", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1198/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-27769", "zdi_id": "ZDI-25-1198" }, { "cve": "CVE-2025-15061", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fetchWithRetr...", "detail_json": "/data/advisories/ZDI-25-1197/advisory.json", "detail_path": "advisories/ZDI-25-1197", "id": "ZDI-25-1197", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1197/", "vendor": "Framelink", "vendor_url": null, "zdi_can": "ZDI-CAN-27877", "zdi_id": "ZDI-25-1197" }, { "cve": "CVE-2025-15059", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-1196/advisory.json", "detail_path": "advisories/ZDI-25-1196", "id": "ZDI-25-1196", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1196/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28232", "zdi_id": "ZDI-25-1196" }, { "cve": "CVE-2025-15269", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1195/advisory.json", "detail_path": "advisories/ZDI-25-1195", "id": "ZDI-25-1195", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1195/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28564", "zdi_id": "ZDI-25-1195" }, { "cve": "CVE-2025-15270", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1194/advisory.json", "detail_path": "advisories/ZDI-25-1194", "id": "ZDI-25-1194", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1194/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28563", "zdi_id": "ZDI-25-1194" }, { "cve": "CVE-2025-15271", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1193/advisory.json", "detail_path": "advisories/ZDI-25-1193", "id": "ZDI-25-1193", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1193/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28562", "zdi_id": "ZDI-25-1193" }, { "cve": "CVE-2025-15272", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1192/advisory.json", "detail_path": "advisories/ZDI-25-1192", "id": "ZDI-25-1192", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1192/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28547", "zdi_id": "ZDI-25-1192" }, { "cve": "CVE-2025-15273", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1191/advisory.json", "detail_path": "advisories/ZDI-25-1191", "id": "ZDI-25-1191", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1191/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28546", "zdi_id": "ZDI-25-1191" }, { "cve": "CVE-2025-15274", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1190/advisory.json", "detail_path": "advisories/ZDI-25-1190", "id": "ZDI-25-1190", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1190/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28544", "zdi_id": "ZDI-25-1190" }, { "cve": "CVE-2025-15275", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1189/advisory.json", "detail_path": "advisories/ZDI-25-1189", "id": "ZDI-25-1189", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1189/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28543", "zdi_id": "ZDI-25-1189" }, { "cve": "CVE-2025-15280", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1188/advisory.json", "detail_path": "advisories/ZDI-25-1188", "id": "ZDI-25-1188", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1188/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28525", "zdi_id": "ZDI-25-1188" }, { "cve": "CVE-2025-15276", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1187/advisory.json", "detail_path": "advisories/ZDI-25-1187", "id": "ZDI-25-1187", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1187/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-28198", "zdi_id": "ZDI-25-1187" }, { "cve": "CVE-2025-15277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1186/advisory.json", "detail_path": "advisories/ZDI-25-1186", "id": "ZDI-25-1186", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1186/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-27920", "zdi_id": "ZDI-25-1186" }, { "cve": "CVE-2025-15278", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1185/advisory.json", "detail_path": "advisories/ZDI-25-1185", "id": "ZDI-25-1185", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1185/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-27865", "zdi_id": "ZDI-25-1185" }, { "cve": "CVE-2025-15279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1184/advisory.json", "detail_path": "advisories/ZDI-25-1184", "id": "ZDI-25-1184", "kind": "published", "published_date": "2025-12-29", "status": "published", "title": "(0Day) FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2026-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1184/", "vendor": "FontForge", "vendor_url": null, "zdi_can": "ZDI-CAN-27517", "zdi_id": "ZDI-25-1184" }, { "cve": "CVE-2025-13715", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-1183/advisory.json", "detail_path": "advisories/ZDI-25-1183", "id": "ZDI-25-1183", "kind": "published", "published_date": "2025-12-23", "status": "published", "title": "Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1183/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27197", "zdi_id": "ZDI-25-1183" }, { "cve": "CVE-2025-68614", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary script on affected installations of LibreNMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter provided to the rules en...", "detail_json": "/data/advisories/ZDI-25-1182/advisory.json", "detail_path": "advisories/ZDI-25-1182", "id": "ZDI-25-1182", "kind": "published", "published_date": "2025-12-23", "status": "published", "title": "LibreNMS Alert Rule API Cross-Site Scripting Vulnerability", "updated_date": "2025-12-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1182/", "vendor": "LibreNMS", "vendor_url": null, "zdi_can": "ZDI-CAN-28575", "zdi_id": "ZDI-25-1182" }, { "cve": "CVE-2025-68615", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Net-SNMP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SnmpTrapd service, which listens on UDP port 162 by d...", "detail_json": "/data/advisories/ZDI-25-1181/advisory.json", "detail_path": "advisories/ZDI-25-1181", "id": "ZDI-25-1181", "kind": "published", "published_date": "2025-12-23", "status": "published", "title": "Net-SNMP SnmpTrapd Agent Message Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1181/", "vendor": "Net-SNMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27507", "zdi_id": "ZDI-25-1181" }, { "cve": "CVE-2025-66499", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1180/advisory.json", "detail_path": "advisories/ZDI-25-1180", "id": "ZDI-25-1180", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1180/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28558", "zdi_id": "ZDI-25-1180" }, { "cve": "CVE-2025-66498", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1179/advisory.json", "detail_path": "advisories/ZDI-25-1179", "id": "ZDI-25-1179", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1179/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28532", "zdi_id": "ZDI-25-1179" }, { "cve": "CVE-2025-66497", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1178/advisory.json", "detail_path": "advisories/ZDI-25-1178", "id": "ZDI-25-1178", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1178/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28531", "zdi_id": "ZDI-25-1178" }, { "cve": "CVE-2025-66496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1177/advisory.json", "detail_path": "advisories/ZDI-25-1177", "id": "ZDI-25-1177", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1177/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28523", "zdi_id": "ZDI-25-1177" }, { "cve": "CVE-2025-66495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1176/advisory.json", "detail_path": "advisories/ZDI-25-1176", "id": "ZDI-25-1176", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1176/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28403", "zdi_id": "ZDI-25-1176" }, { "cve": "CVE-2025-66494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1175/advisory.json", "detail_path": "advisories/ZDI-25-1175", "id": "ZDI-25-1175", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1175/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28306", "zdi_id": "ZDI-25-1175" }, { "cve": "CVE-2025-66493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1174/advisory.json", "detail_path": "advisories/ZDI-25-1174", "id": "ZDI-25-1174", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1174/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28210", "zdi_id": "ZDI-25-1174" }, { "cve": "CVE-2025-13941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1173/advisory.json", "detail_path": "advisories/ZDI-25-1173", "id": "ZDI-25-1173", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1173/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-28053", "zdi_id": "ZDI-25-1173" }, { "cve": "CVE-2025-14492", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1172/advisory.json", "detail_path": "advisories/ZDI-25-1172", "id": "ZDI-25-1172", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1172/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27668", "zdi_id": "ZDI-25-1172" }, { "cve": "CVE-2025-14496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1171/advisory.json", "detail_path": "advisories/ZDI-25-1171", "id": "ZDI-25-1171", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1171/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27678", "zdi_id": "ZDI-25-1171" }, { "cve": "CVE-2025-14493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1170/advisory.json", "detail_path": "advisories/ZDI-25-1170", "id": "ZDI-25-1170", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1170/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27675", "zdi_id": "ZDI-25-1170" }, { "cve": "CVE-2025-14495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1169/advisory.json", "detail_path": "advisories/ZDI-25-1169", "id": "ZDI-25-1169", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1169/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27677", "zdi_id": "ZDI-25-1169" }, { "cve": "CVE-2025-14497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1168/advisory.json", "detail_path": "advisories/ZDI-25-1168", "id": "ZDI-25-1168", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1168/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27680", "zdi_id": "ZDI-25-1168" }, { "cve": "CVE-2025-14488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1167/advisory.json", "detail_path": "advisories/ZDI-25-1167", "id": "ZDI-25-1167", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1167/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27657", "zdi_id": "ZDI-25-1167" }, { "cve": "CVE-2025-14490", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1166/advisory.json", "detail_path": "advisories/ZDI-25-1166", "id": "ZDI-25-1166", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1166/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27659", "zdi_id": "ZDI-25-1166" }, { "cve": "CVE-2025-14489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1165/advisory.json", "detail_path": "advisories/ZDI-25-1165", "id": "ZDI-25-1165", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1165/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27658", "zdi_id": "ZDI-25-1165" }, { "cve": "CVE-2025-14491", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1164/advisory.json", "detail_path": "advisories/ZDI-25-1164", "id": "ZDI-25-1164", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1164/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27660", "zdi_id": "ZDI-25-1164" }, { "cve": "CVE-2025-14494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1163/advisory.json", "detail_path": "advisories/ZDI-25-1163", "id": "ZDI-25-1163", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1163/", "vendor": "RealDefense", "vendor_url": null, "zdi_can": "ZDI-CAN-27676", "zdi_id": "ZDI-25-1163" }, { "cve": "CVE-2025-66590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1162/advisory.json", "detail_path": "advisories/ZDI-25-1162", "id": "ZDI-25-1162", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1162/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-26837", "zdi_id": "ZDI-25-1162" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1161/advisory.json", "detail_path": "advisories/ZDI-25-1161", "id": "ZDI-25-1161", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1161/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-26840", "zdi_id": "ZDI-25-1161" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1160/advisory.json", "detail_path": "advisories/ZDI-25-1160", "id": "ZDI-25-1160", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1160/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-26836", "zdi_id": "ZDI-25-1160" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1159/advisory.json", "detail_path": "advisories/ZDI-25-1159", "id": "ZDI-25-1159", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1159/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-26835", "zdi_id": "ZDI-25-1159" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1158/advisory.json", "detail_path": "advisories/ZDI-25-1158", "id": "ZDI-25-1158", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1158/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25521", "zdi_id": "ZDI-25-1158" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1157/advisory.json", "detail_path": "advisories/ZDI-25-1157", "id": "ZDI-25-1157", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1157/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25511", "zdi_id": "ZDI-25-1157" }, { "cve": "CVE-2025-66589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1156/advisory.json", "detail_path": "advisories/ZDI-25-1156", "id": "ZDI-25-1156", "kind": "published", "published_date": "2025-12-19", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1156/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25510", "zdi_id": "ZDI-25-1156" }, { "cve": "CVE-2025-14936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1155/advisory.json", "detail_path": "advisories/ZDI-25-1155", "id": "ZDI-25-1155", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1155/", "vendor": "NSF Unidata", "vendor_url": null, "zdi_can": "ZDI-CAN-27269", "zdi_id": "ZDI-25-1155" }, { "cve": "CVE-2025-14935", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1154/advisory.json", "detail_path": "advisories/ZDI-25-1154", "id": "ZDI-25-1154", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1154/", "vendor": "NSF Unidata", "vendor_url": null, "zdi_can": "ZDI-CAN-27168", "zdi_id": "ZDI-25-1154" }, { "cve": "CVE-2025-14932", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1153/advisory.json", "detail_path": "advisories/ZDI-25-1153", "id": "ZDI-25-1153", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1153/", "vendor": "NSF Unidata", "vendor_url": null, "zdi_can": "ZDI-CAN-27273", "zdi_id": "ZDI-25-1153" }, { "cve": "CVE-2025-14934", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1152/advisory.json", "detail_path": "advisories/ZDI-25-1152", "id": "ZDI-25-1152", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1152/", "vendor": "NSF Unidata", "vendor_url": null, "zdi_can": "ZDI-CAN-27267", "zdi_id": "ZDI-25-1152" }, { "cve": "CVE-2025-14933", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1151/advisory.json", "detail_path": "advisories/ZDI-25-1151", "id": "ZDI-25-1151", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1151/", "vendor": "NSF Unidata", "vendor_url": null, "zdi_can": "ZDI-CAN-27266", "zdi_id": "ZDI-25-1151" }, { "cve": "CVE-2025-14920", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-1150/advisory.json", "detail_path": "advisories/ZDI-25-1150", "id": "ZDI-25-1150", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1150/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-25423", "zdi_id": "ZDI-25-1150" }, { "cve": "CVE-2025-14921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-1149/advisory.json", "detail_path": "advisories/ZDI-25-1149", "id": "ZDI-25-1149", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1149/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-25424", "zdi_id": "ZDI-25-1149" }, { "cve": "CVE-2025-14927", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-1148/advisory.json", "detail_path": "advisories/ZDI-25-1148", "id": "ZDI-25-1148", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1148/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28252", "zdi_id": "ZDI-25-1148" }, { "cve": "CVE-2025-14926", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-1147/advisory.json", "detail_path": "advisories/ZDI-25-1147", "id": "ZDI-25-1147", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1147/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28251", "zdi_id": "ZDI-25-1147" }, { "cve": "CVE-2025-14928", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-1146/advisory.json", "detail_path": "advisories/ZDI-25-1146", "id": "ZDI-25-1146", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1146/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28253", "zdi_id": "ZDI-25-1146" }, { "cve": "CVE-2025-14930", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-1145/advisory.json", "detail_path": "advisories/ZDI-25-1145", "id": "ZDI-25-1145", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1145/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28309", "zdi_id": "ZDI-25-1145" }, { "cve": "CVE-2025-14929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-1144/advisory.json", "detail_path": "advisories/ZDI-25-1144", "id": "ZDI-25-1144", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1144/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28308", "zdi_id": "ZDI-25-1144" }, { "cve": "CVE-2025-14931", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of pickle data. The issue resu...", "detail_json": "/data/advisories/ZDI-25-1143/advisory.json", "detail_path": "advisories/ZDI-25-1143", "id": "ZDI-25-1143", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1143/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-28312", "zdi_id": "ZDI-25-1143" }, { "cve": "CVE-2025-14922", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1142/advisory.json", "detail_path": "advisories/ZDI-25-1142", "id": "ZDI-25-1142", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1142/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-27424", "zdi_id": "ZDI-25-1142" }, { "cve": "CVE-2025-14924", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-1141/advisory.json", "detail_path": "advisories/ZDI-25-1141", "id": "ZDI-25-1141", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1141/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-27984", "zdi_id": "ZDI-25-1141" }, { "cve": "CVE-2025-14925", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1140/advisory.json", "detail_path": "advisories/ZDI-25-1140", "id": "ZDI-25-1140", "kind": "published", "published_date": "2025-12-18", "status": "published", "title": "(0Day) Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1140/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-27985", "zdi_id": "ZDI-25-1140" }, { "cve": "CVE-2025-14425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-1139/advisory.json", "detail_path": "advisories/ZDI-25-1139", "id": "ZDI-25-1139", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1139/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28248", "zdi_id": "ZDI-25-1139" }, { "cve": "CVE-2025-14424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-1138/advisory.json", "detail_path": "advisories/ZDI-25-1138", "id": "ZDI-25-1138", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1138/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28376", "zdi_id": "ZDI-25-1138" }, { "cve": "CVE-2025-14423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-1137/advisory.json", "detail_path": "advisories/ZDI-25-1137", "id": "ZDI-25-1137", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1137/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28311", "zdi_id": "ZDI-25-1137" }, { "cve": "CVE-2025-14422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-1136/advisory.json", "detail_path": "advisories/ZDI-25-1136", "id": "ZDI-25-1136", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-28273", "zdi_id": "ZDI-25-1136" }, { "cve": "CVE-2025-10881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1135/advisory.json", "detail_path": "advisories/ZDI-25-1135", "id": "ZDI-25-1135", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPRODUCT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1135/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27960", "zdi_id": "ZDI-25-1135" }, { "cve": "CVE-2025-66586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1134/advisory.json", "detail_path": "advisories/ZDI-25-1134", "id": "ZDI-25-1134", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1134/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-26883", "zdi_id": "ZDI-25-1134" }, { "cve": "CVE-2025-66586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1133/advisory.json", "detail_path": "advisories/ZDI-25-1133", "id": "ZDI-25-1133", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1133/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25515", "zdi_id": "ZDI-25-1133" }, { "cve": "CVE-2025-66586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1132/advisory.json", "detail_path": "advisories/ZDI-25-1132", "id": "ZDI-25-1132", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1132/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25513", "zdi_id": "ZDI-25-1132" }, { "cve": "CVE-2025-66586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1131/advisory.json", "detail_path": "advisories/ZDI-25-1131", "id": "ZDI-25-1131", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1131/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-27523", "zdi_id": "ZDI-25-1131" }, { "cve": "CVE-2025-66590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1130/advisory.json", "detail_path": "advisories/ZDI-25-1130", "id": "ZDI-25-1130", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1130/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25512", "zdi_id": "ZDI-25-1130" }, { "cve": "CVE-2025-66590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1129/advisory.json", "detail_path": "advisories/ZDI-25-1129", "id": "ZDI-25-1129", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1129/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-27811", "zdi_id": "ZDI-25-1129" }, { "cve": "CVE-2025-66585", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1128/advisory.json", "detail_path": "advisories/ZDI-25-1128", "id": "ZDI-25-1128", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "AzeoTech DAQFactory CTL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1128/", "vendor": "AzeoTech", "vendor_url": null, "zdi_can": "ZDI-CAN-25514", "zdi_id": "ZDI-25-1128" }, { "cve": "CVE-2025-43541", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-1127/advisory.json", "detail_path": "advisories/ZDI-25-1127", "id": "ZDI-25-1127", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1127/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28038", "zdi_id": "ZDI-25-1127" }, { "cve": "CVE-2025-43501", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-1126/advisory.json", "detail_path": "advisories/ZDI-25-1126", "id": "ZDI-25-1126", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Apple Safari JavaScriptCore HashTable Expansion Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1126/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28284", "zdi_id": "ZDI-25-1126" }, { "cve": "CVE-2025-53503", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-25-1125/advisory.json", "detail_path": "advisories/ZDI-25-1125", "id": "ZDI-25-1125", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1125/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-27644", "zdi_id": "ZDI-25-1125" }, { "cve": "CVE-2025-40829", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1124/advisory.json", "detail_path": "advisories/ZDI-25-1124", "id": "ZDI-25-1124", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Siemens Simcenter Femap SLDPRT File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1124/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-27146", "zdi_id": "ZDI-25-1124" }, { "cve": "CVE-2025-14593", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1123/advisory.json", "detail_path": "advisories/ZDI-25-1123", "id": "ZDI-25-1123", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1123/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28421", "zdi_id": "ZDI-25-1123" }, { "cve": "CVE-2025-10900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1122/advisory.json", "detail_path": "advisories/ZDI-25-1122", "id": "ZDI-25-1122", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1122/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28179", "zdi_id": "ZDI-25-1122" }, { "cve": "CVE-2025-10899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1121/advisory.json", "detail_path": "advisories/ZDI-25-1121", "id": "ZDI-25-1121", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1121/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28180", "zdi_id": "ZDI-25-1121" }, { "cve": "CVE-2025-9452", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1120/advisory.json", "detail_path": "advisories/ZDI-25-1120", "id": "ZDI-25-1120", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1120/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27970", "zdi_id": "ZDI-25-1120" }, { "cve": "CVE-2025-9453", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1119/advisory.json", "detail_path": "advisories/ZDI-25-1119", "id": "ZDI-25-1119", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1119/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27971", "zdi_id": "ZDI-25-1119" }, { "cve": "CVE-2025-9454", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1118/advisory.json", "detail_path": "advisories/ZDI-25-1118", "id": "ZDI-25-1118", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1118/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27972", "zdi_id": "ZDI-25-1118" }, { "cve": "CVE-2025-9455", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1117/advisory.json", "detail_path": "advisories/ZDI-25-1117", "id": "ZDI-25-1117", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPRODUCT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1117/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27963", "zdi_id": "ZDI-25-1117" }, { "cve": "CVE-2025-9456", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1116/advisory.json", "detail_path": "advisories/ZDI-25-1116", "id": "ZDI-25-1116", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1116/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27964", "zdi_id": "ZDI-25-1116" }, { "cve": "CVE-2025-9457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1115/advisory.json", "detail_path": "advisories/ZDI-25-1115", "id": "ZDI-25-1115", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2026-01-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1115/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27961", "zdi_id": "ZDI-25-1115" }, { "cve": "CVE-2025-9459", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1114/advisory.json", "detail_path": "advisories/ZDI-25-1114", "id": "ZDI-25-1114", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1114/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27966", "zdi_id": "ZDI-25-1114" }, { "cve": "CVE-2025-9460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1113/advisory.json", "detail_path": "advisories/ZDI-25-1113", "id": "ZDI-25-1113", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1113/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27967", "zdi_id": "ZDI-25-1113" }, { "cve": "CVE-2025-10882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1112/advisory.json", "detail_path": "advisories/ZDI-25-1112", "id": "ZDI-25-1112", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1112/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27973", "zdi_id": "ZDI-25-1112" }, { "cve": "CVE-2025-10883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1111/advisory.json", "detail_path": "advisories/ZDI-25-1111", "id": "ZDI-25-1111", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPRODUCT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1111/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27974", "zdi_id": "ZDI-25-1111" }, { "cve": "CVE-2025-10884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1110/advisory.json", "detail_path": "advisories/ZDI-25-1110", "id": "ZDI-25-1110", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1110/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27998", "zdi_id": "ZDI-25-1110" }, { "cve": "CVE-2025-10886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1109/advisory.json", "detail_path": "advisories/ZDI-25-1109", "id": "ZDI-25-1109", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1109/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28120", "zdi_id": "ZDI-25-1109" }, { "cve": "CVE-2025-10886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1108/advisory.json", "detail_path": "advisories/ZDI-25-1108", "id": "ZDI-25-1108", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1108/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28126", "zdi_id": "ZDI-25-1108" }, { "cve": "CVE-2025-10888", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1107/advisory.json", "detail_path": "advisories/ZDI-25-1107", "id": "ZDI-25-1107", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1107/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28127", "zdi_id": "ZDI-25-1107" }, { "cve": "CVE-2025-10889", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1106/advisory.json", "detail_path": "advisories/ZDI-25-1106", "id": "ZDI-25-1106", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1106/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28128", "zdi_id": "ZDI-25-1106" }, { "cve": "CVE-2025-10898", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1105/advisory.json", "detail_path": "advisories/ZDI-25-1105", "id": "ZDI-25-1105", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1105/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-28181", "zdi_id": "ZDI-25-1105" }, { "cve": "CVE-2025-14501", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP Content-Lengt...", "detail_json": "/data/advisories/ZDI-25-1104/advisory.json", "detail_path": "advisories/ZDI-25-1104", "id": "ZDI-25-1104", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1104/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-26770", "zdi_id": "ZDI-25-1104" }, { "cve": "CVE-2025-53524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1103/advisory.json", "detail_path": "advisories/ZDI-25-1103", "id": "ZDI-25-1103", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1103/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27360", "zdi_id": "ZDI-25-1103" }, { "cve": "CVE-2025-53524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1102/advisory.json", "detail_path": "advisories/ZDI-25-1102", "id": "ZDI-25-1102", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1102/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27436", "zdi_id": "ZDI-25-1102" }, { "cve": "CVE-2025-53524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1101/advisory.json", "detail_path": "advisories/ZDI-25-1101", "id": "ZDI-25-1101", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1101/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27438", "zdi_id": "ZDI-25-1101" }, { "cve": "CVE-2025-53524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1100/advisory.json", "detail_path": "advisories/ZDI-25-1100", "id": "ZDI-25-1100", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1100/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27440", "zdi_id": "ZDI-25-1100" }, { "cve": "CVE-2025-60711", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1099/advisory.json", "detail_path": "advisories/ZDI-25-1099", "id": "ZDI-25-1099", "kind": "published", "published_date": "2025-12-17", "status": "published", "title": "Microsoft Edge Mark-Of-The-Web Removal Remote Code Execution Vulnerability", "updated_date": "2025-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1099/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27795", "zdi_id": "ZDI-25-1099" }, { "cve": "CVE-2025-54353", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of HA cluster paths. The...", "detail_json": "/data/advisories/ZDI-25-1098/advisory.json", "detail_path": "advisories/ZDI-25-1098", "id": "ZDI-25-1098", "kind": "published", "published_date": "2025-12-16", "status": "published", "title": "Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2025-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1098/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27306", "zdi_id": "ZDI-25-1098" }, { "cve": "CVE-2025-53949", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter provided to t...", "detail_json": "/data/advisories/ZDI-25-1097/advisory.json", "detail_path": "advisories/ZDI-25-1097", "id": "ZDI-25-1097", "kind": "published", "published_date": "2025-12-16", "status": "published", "title": "Fortinet FortiSandbox name Parameter Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1097/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27309", "zdi_id": "ZDI-25-1097" }, { "cve": "CVE-2025-53949", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The specific flaw exists within the upload_vdi_file endpoint. The issue results...", "detail_json": "/data/advisories/ZDI-25-1096/advisory.json", "detail_path": "advisories/ZDI-25-1096", "id": "ZDI-25-1096", "kind": "published", "published_date": "2025-12-16", "status": "published", "title": "Fortinet FortiSandbox upload_vdi_file Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1096/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27308", "zdi_id": "ZDI-25-1096" }, { "cve": "CVE-2025-53949", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the names parameter provided to...", "detail_json": "/data/advisories/ZDI-25-1095/advisory.json", "detail_path": "advisories/ZDI-25-1095", "id": "ZDI-25-1095", "kind": "published", "published_date": "2025-12-16", "status": "published", "title": "Fortinet FortiSandbox names admindel_confirm Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1095/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27305", "zdi_id": "ZDI-25-1095" }, { "cve": "CVE-2025-64447", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Fortinet FortiWeb. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ApacheCookie_parse method. The issue results...", "detail_json": "/data/advisories/ZDI-25-1094/advisory.json", "detail_path": "advisories/ZDI-25-1094", "id": "ZDI-25-1094", "kind": "published", "published_date": "2025-12-16", "status": "published", "title": "Fortinet FortiWeb ApacheCookie_parse Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability", "updated_date": "2025-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1094/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-28211", "zdi_id": "ZDI-25-1094" }, { "cve": "CVE-2025-14405", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-25-1093/advisory.json", "detail_path": "advisories/ZDI-25-1093", "id": "ZDI-25-1093", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1093/", "vendor": "PDFsam", "vendor_url": null, "zdi_can": "ZDI-CAN-27867", "zdi_id": "ZDI-25-1093" }, { "cve": "CVE-2025-14404", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1092/advisory.json", "detail_path": "advisories/ZDI-25-1092", "id": "ZDI-25-1092", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1092/", "vendor": "PDFsam", "vendor_url": null, "zdi_can": "ZDI-CAN-27498", "zdi_id": "ZDI-25-1092" }, { "cve": "CVE-2025-14403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1091/advisory.json", "detail_path": "advisories/ZDI-25-1091", "id": "ZDI-25-1091", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1091/", "vendor": "PDFsam", "vendor_url": null, "zdi_can": "ZDI-CAN-27500", "zdi_id": "ZDI-25-1091" }, { "cve": "CVE-2025-14402", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1090/advisory.json", "detail_path": "advisories/ZDI-25-1090", "id": "ZDI-25-1090", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1090/", "vendor": "PDFsam", "vendor_url": null, "zdi_can": "ZDI-CAN-27499", "zdi_id": "ZDI-25-1090" }, { "cve": "CVE-2025-14401", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1089/advisory.json", "detail_path": "advisories/ZDI-25-1089", "id": "ZDI-25-1089", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1089/", "vendor": "PDFsam", "vendor_url": null, "zdi_can": "ZDI-CAN-27260", "zdi_id": "ZDI-25-1089" }, { "cve": "CVE-2025-14415", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1088/advisory.json", "detail_path": "advisories/ZDI-25-1088", "id": "ZDI-25-1088", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1088/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27494", "zdi_id": "ZDI-25-1088" }, { "cve": "CVE-2025-14414", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1087/advisory.json", "detail_path": "advisories/ZDI-25-1087", "id": "ZDI-25-1087", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1087/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27496", "zdi_id": "ZDI-25-1087" }, { "cve": "CVE-2025-14413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1086/advisory.json", "detail_path": "advisories/ZDI-25-1086", "id": "ZDI-25-1086", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1086/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27509", "zdi_id": "ZDI-25-1086" }, { "cve": "CVE-2025-14412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1085/advisory.json", "detail_path": "advisories/ZDI-25-1085", "id": "ZDI-25-1085", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1085/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27495", "zdi_id": "ZDI-25-1085" }, { "cve": "CVE-2025-14411", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1084/advisory.json", "detail_path": "advisories/ZDI-25-1084", "id": "ZDI-25-1084", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1084/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27140", "zdi_id": "ZDI-25-1084" }, { "cve": "CVE-2025-14410", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1083/advisory.json", "detail_path": "advisories/ZDI-25-1083", "id": "ZDI-25-1083", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1083/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27142", "zdi_id": "ZDI-25-1083" }, { "cve": "CVE-2025-14409", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-1082/advisory.json", "detail_path": "advisories/ZDI-25-1082", "id": "ZDI-25-1082", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1082/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27120", "zdi_id": "ZDI-25-1082" }, { "cve": "CVE-2025-14408", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1081/advisory.json", "detail_path": "advisories/ZDI-25-1081", "id": "ZDI-25-1081", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1081/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27143", "zdi_id": "ZDI-25-1081" }, { "cve": "CVE-2025-14407", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1080/advisory.json", "detail_path": "advisories/ZDI-25-1080", "id": "ZDI-25-1080", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1080/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-27141", "zdi_id": "ZDI-25-1080" }, { "cve": "CVE-2025-14406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1079/advisory.json", "detail_path": "advisories/ZDI-25-1079", "id": "ZDI-25-1079", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1079/", "vendor": "Soda PDF", "vendor_url": null, "zdi_can": "ZDI-CAN-25793", "zdi_id": "ZDI-25-1079" }, { "cve": "CVE-2025-14421", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-25-1078/advisory.json", "detail_path": "advisories/ZDI-25-1078", "id": "ZDI-25-1078", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1078/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27915", "zdi_id": "ZDI-25-1078" }, { "cve": "CVE-2025-14420", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1077/advisory.json", "detail_path": "advisories/ZDI-25-1077", "id": "ZDI-25-1077", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1077/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27514", "zdi_id": "ZDI-25-1077" }, { "cve": "CVE-2025-14419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1076/advisory.json", "detail_path": "advisories/ZDI-25-1076", "id": "ZDI-25-1076", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1076/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27902", "zdi_id": "ZDI-25-1076" }, { "cve": "CVE-2025-14418", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1075/advisory.json", "detail_path": "advisories/ZDI-25-1075", "id": "ZDI-25-1075", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1075/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27502", "zdi_id": "ZDI-25-1075" }, { "cve": "CVE-2025-14417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1074/advisory.json", "detail_path": "advisories/ZDI-25-1074", "id": "ZDI-25-1074", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1074/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27501", "zdi_id": "ZDI-25-1074" }, { "cve": "CVE-2025-14416", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-1073/advisory.json", "detail_path": "advisories/ZDI-25-1073", "id": "ZDI-25-1073", "kind": "published", "published_date": "2025-12-11", "status": "published", "title": "(0Day) pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1073/", "vendor": "pdfforge", "vendor_url": null, "zdi_can": "ZDI-CAN-27503", "zdi_id": "ZDI-25-1073" }, { "cve": "CVE-2025-14500", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue res...", "detail_json": "/data/advisories/ZDI-25-1072/advisory.json", "detail_path": "advisories/ZDI-25-1072", "id": "ZDI-25-1072", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1072/", "vendor": "IceWarp", "vendor_url": null, "zdi_can": "ZDI-CAN-27394", "zdi_id": "ZDI-25-1072" }, { "cve": "CVE-2025-14499", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-1071/advisory.json", "detail_path": "advisories/ZDI-25-1071", "id": "ZDI-25-1071", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability", "updated_date": "2025-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1071/", "vendor": "IceWarp", "vendor_url": null, "zdi_can": "ZDI-CAN-25441", "zdi_id": "ZDI-25-1071" }, { "cve": "CVE-2025-14498", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-25-1070/advisory.json", "detail_path": "advisories/ZDI-25-1070", "id": "ZDI-25-1070", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1070/", "vendor": "TradingView", "vendor_url": null, "zdi_can": "ZDI-CAN-27395", "zdi_id": "ZDI-25-1070" }, { "cve": "CVE-2024-7539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-25-1069/advisory.json", "detail_path": "advisories/ZDI-25-1069", "id": "ZDI-25-1069", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1069/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23193", "zdi_id": "ZDI-25-1069" }, { "cve": "CVE-2025-54496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1068/advisory.json", "detail_path": "advisories/ZDI-25-1068", "id": "ZDI-25-1068", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1068/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27353", "zdi_id": "ZDI-25-1068" }, { "cve": "CVE-2025-54526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1067/advisory.json", "detail_path": "advisories/ZDI-25-1067", "id": "ZDI-25-1067", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1067/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27358", "zdi_id": "ZDI-25-1067" }, { "cve": "CVE-2025-54526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1066/advisory.json", "detail_path": "advisories/ZDI-25-1066", "id": "ZDI-25-1066", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1066/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27352", "zdi_id": "ZDI-25-1066" }, { "cve": "CVE-2025-54496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1065/advisory.json", "detail_path": "advisories/ZDI-25-1065", "id": "ZDI-25-1065", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1065/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27350", "zdi_id": "ZDI-25-1065" }, { "cve": "CVE-2025-54526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1064/advisory.json", "detail_path": "advisories/ZDI-25-1064", "id": "ZDI-25-1064", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1064/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27527", "zdi_id": "ZDI-25-1064" }, { "cve": "CVE-2025-54526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1063/advisory.json", "detail_path": "advisories/ZDI-25-1063", "id": "ZDI-25-1063", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1063/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27399", "zdi_id": "ZDI-25-1063" }, { "cve": "CVE-2025-54496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1062/advisory.json", "detail_path": "advisories/ZDI-25-1062", "id": "ZDI-25-1062", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1062/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27351", "zdi_id": "ZDI-25-1062" }, { "cve": "CVE-2025-14400", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-1061/advisory.json", "detail_path": "advisories/ZDI-25-1061", "id": "ZDI-25-1061", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Windscribe Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1061/", "vendor": "Windscribe", "vendor_url": null, "zdi_can": "ZDI-CAN-27873", "zdi_id": "ZDI-25-1061" }, { "cve": "CVE-2025-12491", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of FetchStoredLicense...", "detail_json": "/data/advisories/ZDI-25-1060/advisory.json", "detail_path": "advisories/ZDI-25-1060", "id": "ZDI-25-1060", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1060/", "vendor": "Senstar", "vendor_url": null, "zdi_can": "ZDI-CAN-26908", "zdi_id": "ZDI-25-1060" }, { "cve": "CVE-2025-66476", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vim for Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious file and perform one of a set of specific ac...", "detail_json": "/data/advisories/ZDI-25-1059/advisory.json", "detail_path": "advisories/ZDI-25-1059", "id": "ZDI-25-1059", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1059/", "vendor": "Vim", "vendor_url": null, "zdi_can": "ZDI-CAN-28569", "zdi_id": "ZDI-25-1059" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disguise hard links on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1058/advisory.json", "detail_path": "advisories/ZDI-25-1058", "id": "ZDI-25-1058", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft Windows TAR File UI Misrepresentation Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1058/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27311", "zdi_id": "ZDI-25-1058" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1057/advisory.json", "detail_path": "advisories/ZDI-25-1057", "id": "ZDI-25-1057", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft Visual Studio VsDevCmd Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1057/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26574", "zdi_id": "ZDI-25-1057" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft ASP.NET. Authentication may be required to exploit this vulnerability depending upon configuration. Additionally, specific configuration is required. T...", "detail_json": "/data/advisories/ZDI-25-1056/advisory.json", "detail_path": "advisories/ZDI-25-1056", "id": "ZDI-25-1056", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft ASP.NET SOAP Execution Restriction Bypass Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1056/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27220", "zdi_id": "ZDI-25-1056" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-25-1055/advisory.json", "detail_path": "advisories/ZDI-25-1055", "id": "ZDI-25-1055", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft Windows MP4 File Parsing Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1055/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27835", "zdi_id": "ZDI-25-1055" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to display misleading terminal output on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-1054/advisory.json", "detail_path": "advisories/ZDI-25-1054", "id": "ZDI-25-1054", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft Windows dir Command Improper Character Neutralization Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1054/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26750", "zdi_id": "ZDI-25-1054" }, { "cve": null, "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject unexpected hyperlinks on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-1053/advisory.json", "detail_path": "advisories/ZDI-25-1053", "id": "ZDI-25-1053", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) Microsoft SharePoint Calendar Overlay Hyperlink Injection Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1053/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27955", "zdi_id": "ZDI-25-1053" }, { "cve": "CVE-2025-13661", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of CAB files. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-1052/advisory.json", "detail_path": "advisories/ZDI-25-1052", "id": "ZDI-25-1052", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Ivanti Endpoint Manager CAB File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1052/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-28116", "zdi_id": "ZDI-25-1052" }, { "cve": "CVE-2025-13662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-1051/advisory.json", "detail_path": "advisories/ZDI-25-1051", "id": "ZDI-25-1051", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1051/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26897", "zdi_id": "ZDI-25-1051" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Virtual Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-25-1050/advisory.json", "detail_path": "advisories/ZDI-25-1050", "id": "ZDI-25-1050", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Microsoft Azure Virtual Desktop Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1050/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26573", "zdi_id": "ZDI-25-1050" }, { "cve": "CVE-2025-62458", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1049/advisory.json", "detail_path": "advisories/ZDI-25-1049", "id": "ZDI-25-1049", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1049/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27759", "zdi_id": "ZDI-25-1049" }, { "cve": "CVE-2025-62458", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1048/advisory.json", "detail_path": "advisories/ZDI-25-1048", "id": "ZDI-25-1048", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27760", "zdi_id": "ZDI-25-1048" }, { "cve": "CVE-2025-62458", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1047/advisory.json", "detail_path": "advisories/ZDI-25-1047", "id": "ZDI-25-1047", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27761", "zdi_id": "ZDI-25-1047" }, { "cve": "CVE-2025-62458", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-1046/advisory.json", "detail_path": "advisories/ZDI-25-1046", "id": "ZDI-25-1046", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Microsoft Windows win32kfull Type Confusion Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1046/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27832", "zdi_id": "ZDI-25-1046" }, { "cve": "CVE-2025-11565, CVE-2025-11566, CVE-2025-11567", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric PowerChute Serial Shutdown. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-25-1045/advisory.json", "detail_path": "advisories/ZDI-25-1045", "id": "ZDI-25-1045", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Schneider Electric PowerChute Serial Shutdown Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1045/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-27376", "zdi_id": "ZDI-25-1045" }, { "cve": "CVE-2025-33184", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the secure_server method. The issue results from...", "detail_json": "/data/advisories/ZDI-25-1044/advisory.json", "detail_path": "advisories/ZDI-25-1044", "id": "ZDI-25-1044", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1044/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27954", "zdi_id": "ZDI-25-1044" }, { "cve": "CVE-2025-64899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1043/advisory.json", "detail_path": "advisories/ZDI-25-1043", "id": "ZDI-25-1043", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1043/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-27425", "zdi_id": "ZDI-25-1043" }, { "cve": "CVE-2025-40936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-1042/advisory.json", "detail_path": "advisories/ZDI-25-1042", "id": "ZDI-25-1042", "kind": "published", "published_date": "2025-12-09", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1042/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26755", "zdi_id": "ZDI-25-1042" }, { "cve": "CVE-2025-33183", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TorchSerializer class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-1041/advisory.json", "detail_path": "advisories/ZDI-25-1041", "id": "ZDI-25-1041", "kind": "published", "published_date": "2025-12-04", "status": "published", "title": "NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1041/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27950", "zdi_id": "ZDI-25-1041" }, { "cve": "CVE-2025-13392", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SYNOPAMSSO::samlA...", "detail_json": "/data/advisories/ZDI-25-1040/advisory.json", "detail_path": "advisories/ZDI-25-1040", "id": "ZDI-25-1040", "kind": "published", "published_date": "2025-12-03", "status": "published", "title": "(Pwn2Own) Synology DiskStation DS925+ samlAuth Authentication Bypass Vulnerability", "updated_date": "2025-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1040/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-28409", "zdi_id": "ZDI-25-1040" }, { "cve": "CVE-2025-12686", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology BeeStation Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the auth_info parameter. T...", "detail_json": "/data/advisories/ZDI-25-1039/advisory.json", "detail_path": "advisories/ZDI-25-1039", "id": "ZDI-25-1039", "kind": "published", "published_date": "2025-12-03", "status": "published", "title": "(Pwn2Own) Synology BeeStation Plus auth_info Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1039/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-28275", "zdi_id": "ZDI-25-1039" }, { "cve": "CVE-2025-23357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1038/advisory.json", "detail_path": "advisories/ZDI-25-1038", "id": "ZDI-25-1038", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "NVIDIA Megatron load_common Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1038/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27201", "zdi_id": "ZDI-25-1038" }, { "cve": "CVE-2024-3871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Emerson Movicon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-1037/advisory.json", "detail_path": "advisories/ZDI-25-1037", "id": "ZDI-25-1037", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Emerson Movicon RTUSERS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1037/", "vendor": "Emerson", "vendor_url": null, "zdi_can": "ZDI-CAN-27649", "zdi_id": "ZDI-25-1037" }, { "cve": "CVE-2025-13709", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-1036/advisory.json", "detail_path": "advisories/ZDI-25-1036", "id": "ZDI-25-1036", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1036/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27185", "zdi_id": "ZDI-25-1036" }, { "cve": "CVE-2025-13711", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-1035/advisory.json", "detail_path": "advisories/ZDI-25-1035", "id": "ZDI-25-1035", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1035/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27187", "zdi_id": "ZDI-25-1035" }, { "cve": "CVE-2025-13706", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1034/advisory.json", "detail_path": "advisories/ZDI-25-1034", "id": "ZDI-25-1034", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1034/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27182", "zdi_id": "ZDI-25-1034" }, { "cve": "CVE-2025-13708", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-1033/advisory.json", "detail_path": "advisories/ZDI-25-1033", "id": "ZDI-25-1033", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1033/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27184", "zdi_id": "ZDI-25-1033" }, { "cve": "CVE-2025-13716", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1032/advisory.json", "detail_path": "advisories/ZDI-25-1032", "id": "ZDI-25-1032", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1032/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27208", "zdi_id": "ZDI-25-1032" }, { "cve": "CVE-2025-13714", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-1031/advisory.json", "detail_path": "advisories/ZDI-25-1031", "id": "ZDI-25-1031", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1031/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27192", "zdi_id": "ZDI-25-1031" }, { "cve": "CVE-2025-13710", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1030/advisory.json", "detail_path": "advisories/ZDI-25-1030", "id": "ZDI-25-1030", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1030/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27186", "zdi_id": "ZDI-25-1030" }, { "cve": "CVE-2025-13707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-1029/advisory.json", "detail_path": "advisories/ZDI-25-1029", "id": "ZDI-25-1029", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1029/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27183", "zdi_id": "ZDI-25-1029" }, { "cve": "CVE-2025-13712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-1028/advisory.json", "detail_path": "advisories/ZDI-25-1028", "id": "ZDI-25-1028", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1028/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27190", "zdi_id": "ZDI-25-1028" }, { "cve": "CVE-2025-13713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-1027/advisory.json", "detail_path": "advisories/ZDI-25-1027", "id": "ZDI-25-1027", "kind": "published", "published_date": "2025-12-01", "status": "published", "title": "Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1027/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-27191", "zdi_id": "ZDI-25-1027" }, { "cve": "CVE-2024-3871", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPSMONProService service, which listens on...", "detail_json": "/data/advisories/ZDI-25-1026/advisory.json", "detail_path": "advisories/ZDI-25-1026", "id": "ZDI-25-1026", "kind": "published", "published_date": "2025-11-27", "status": "published", "title": "Appleton UPSMON-PRO UPSMONProService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1026/", "vendor": "Appleton", "vendor_url": null, "zdi_can": "ZDI-CAN-24122", "zdi_id": "ZDI-25-1026" }, { "cve": "CVE-2025-13699", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-25-1025/advisory.json", "detail_path": "advisories/ZDI-25-1025", "id": "ZDI-25-1025", "kind": "published", "published_date": "2025-11-27", "status": "published", "title": "MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1025/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-27000", "zdi_id": "ZDI-25-1025" }, { "cve": "CVE-2025-13700", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the saveZipFile method. The issue r...", "detail_json": "/data/advisories/ZDI-25-1024/advisory.json", "detail_path": "advisories/ZDI-25-1024", "id": "ZDI-25-1024", "kind": "published", "published_date": "2025-11-26", "status": "published", "title": "DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-11-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1024/", "vendor": "DreamFactory", "vendor_url": null, "zdi_can": "ZDI-CAN-26589", "zdi_id": "ZDI-25-1024" }, { "cve": "CVE-2025-13703", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-25-1023/advisory.json", "detail_path": "advisories/ZDI-25-1023", "id": "ZDI-25-1023", "kind": "published", "published_date": "2025-11-26", "status": "published", "title": "VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-11-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1023/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-27147", "zdi_id": "ZDI-25-1023" }, { "cve": "CVE-2025-13698", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files....", "detail_json": "/data/advisories/ZDI-25-1022/advisory.json", "detail_path": "advisories/ZDI-25-1022", "id": "ZDI-25-1022", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Deciso OPNsense diag_backup.php filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2026-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1022/", "vendor": "Deciso", "vendor_url": null, "zdi_can": "ZDI-CAN-28133", "zdi_id": "ZDI-25-1022" }, { "cve": "CVE-2025-40755", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getTotalAndFilterCounts metho...", "detail_json": "/data/advisories/ZDI-25-1021/advisory.json", "detail_path": "advisories/ZDI-25-1021", "id": "ZDI-25-1021", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Siemens SINEC NMS getTotalAndFilterCounts SQL Injection Privilege Escalation Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1021/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26570", "zdi_id": "ZDI-25-1021" }, { "cve": "CVE-2025-6978", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-1020/advisory.json", "detail_path": "advisories/ZDI-25-1020", "id": "ZDI-25-1020", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Arista NG Firewall runTroubleshooting Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1020/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-27310", "zdi_id": "ZDI-25-1020" }, { "cve": "CVE-2025-6979", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to to bypass authentication on affected installations of Arista NG Firewall. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1019/advisory.json", "detail_path": "advisories/ZDI-25-1019", "id": "ZDI-25-1019", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Arista NG Firewall replace_marker Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1019/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-27007", "zdi_id": "ZDI-25-1019" }, { "cve": "CVE-2025-6980", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logout.py module. The issue results...", "detail_json": "/data/advisories/ZDI-25-1018/advisory.json", "detail_path": "advisories/ZDI-25-1018", "id": "ZDI-25-1018", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Arista NG Firewall load_capture_settings Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1018/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-27006", "zdi_id": "ZDI-25-1018" }, { "cve": "CVE-2025-59373", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-1017/advisory.json", "detail_path": "advisories/ZDI-25-1017", "id": "ZDI-25-1017", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1017/", "vendor": "ASUS", "vendor_url": null, "zdi_can": "ZDI-CAN-27794", "zdi_id": "ZDI-25-1017" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wibu-Systems WibuKey Runtime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1016/advisory.json", "detail_path": "advisories/ZDI-25-1016", "id": "ZDI-25-1016", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Wibu-Systems WibuKey Runtime Untrusted Pointer Dereference Local Privilege Escalation Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1016/", "vendor": "Wibu-Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-27540", "zdi_id": "ZDI-25-1016" }, { "cve": "CVE-2025-66288", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Toolbox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. Additio...", "detail_json": "/data/advisories/ZDI-25-1015/advisory.json", "detail_path": "advisories/ZDI-25-1015", "id": "ZDI-25-1015", "kind": "published", "published_date": "2025-11-25", "status": "published", "title": "Parallels Toolbox CleanDrive Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1015/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-26516", "zdi_id": "ZDI-25-1015" }, { "cve": "CVE-2025-58034", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the policy_scripting_post_hand...", "detail_json": "/data/advisories/ZDI-25-1014/advisory.json", "detail_path": "advisories/ZDI-25-1014", "id": "ZDI-25-1014", "kind": "published", "published_date": "2025-11-19", "status": "published", "title": "Fortinet FortiWeb policy_scripting_post_handler Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1014/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27383", "zdi_id": "ZDI-25-1014" }, { "cve": "CVE-2025-33186", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA AIStore. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthN authentication mechanism. The issue result...", "detail_json": "/data/advisories/ZDI-25-1013/advisory.json", "detail_path": "advisories/ZDI-25-1013", "id": "ZDI-25-1013", "kind": "published", "published_date": "2025-11-14", "status": "published", "title": "NVIDIA AIStore AuthN Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": "2025-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1013/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27858", "zdi_id": "ZDI-25-1013" }, { "cve": "CVE-2025-33185", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA AIStore. Authentication is not required to exploit this vulnerability. The specific flaw exists within the users endpoint. The issue results from...", "detail_json": "/data/advisories/ZDI-25-1012/advisory.json", "detail_path": "advisories/ZDI-25-1012", "id": "ZDI-25-1012", "kind": "published", "published_date": "2025-11-14", "status": "published", "title": "NVIDIA AIStore AuthN users Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": "2025-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1012/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27857", "zdi_id": "ZDI-25-1012" }, { "cve": "CVE-2025-43432", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-1011/advisory.json", "detail_path": "advisories/ZDI-25-1011", "id": "ZDI-25-1011", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple Safari JavaScriptCore Wasm Function Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1011/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-28039", "zdi_id": "ZDI-25-1011" }, { "cve": "CVE-2025-43457", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-1010/advisory.json", "detail_path": "advisories/ZDI-25-1010", "id": "ZDI-25-1010", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple Safari JavaScriptCore DFG CSE Phase Graph Node Substitution Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1010/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27991", "zdi_id": "ZDI-25-1010" }, { "cve": "CVE-2025-43384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-1009/advisory.json", "detail_path": "advisories/ZDI-25-1009", "id": "ZDI-25-1009", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS USD readAccessorData Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1009/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27849", "zdi_id": "ZDI-25-1009" }, { "cve": "CVE-2025-43380", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-1008/advisory.json", "detail_path": "advisories/ZDI-25-1008", "id": "ZDI-25-1008", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1008/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27894", "zdi_id": "ZDI-25-1008" }, { "cve": "CVE-2025-43438", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-1007/advisory.json", "detail_path": "advisories/ZDI-25-1007", "id": "ZDI-25-1007", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple Safari JavaScriptCore operationMapIteratorNext Type Confusion Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1007/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27825", "zdi_id": "ZDI-25-1007" }, { "cve": "CVE-2025-43445", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-1006/advisory.json", "detail_path": "advisories/ZDI-25-1006", "id": "ZDI-25-1006", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS CoreText Font Glyph Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1006/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27796", "zdi_id": "ZDI-25-1006" }, { "cve": "CVE-2025-43401", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WindowServer component. The issue re...", "detail_json": "/data/advisories/ZDI-25-1005/advisory.json", "detail_path": "advisories/ZDI-25-1005", "id": "ZDI-25-1005", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS WindowServer Excessive Iteration Denial-of-Service Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1005/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27348", "zdi_id": "ZDI-25-1005" }, { "cve": "CVE-2025-43386", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-1004/advisory.json", "detail_path": "advisories/ZDI-25-1004", "id": "ZDI-25-1004", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS USD importMeshJointWeights Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1004/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27854", "zdi_id": "ZDI-25-1004" }, { "cve": "CVE-2025-43383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-1003/advisory.json", "detail_path": "advisories/ZDI-25-1003", "id": "ZDI-25-1003", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS USD importNodeAnimations Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1003/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27853", "zdi_id": "ZDI-25-1003" }, { "cve": "CVE-2025-43385", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-1002/advisory.json", "detail_path": "advisories/ZDI-25-1002", "id": "ZDI-25-1002", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Apple macOS USD importMeshes Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1002/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27848", "zdi_id": "ZDI-25-1002" }, { "cve": "CVE-2025-60709", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-1001/advisory.json", "detail_path": "advisories/ZDI-25-1001", "id": "ZDI-25-1001", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Microsoft Windows Common Log File System Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1001/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27263", "zdi_id": "ZDI-25-1001" }, { "cve": "CVE-2025-61844", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-1000/advisory.json", "detail_path": "advisories/ZDI-25-1000", "id": "ZDI-25-1000", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1000/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28025", "zdi_id": "ZDI-25-1000" }, { "cve": "CVE-2025-61845", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-999/advisory.json", "detail_path": "advisories/ZDI-25-999", "id": "ZDI-25-999", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-999/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28023", "zdi_id": "ZDI-25-999" }, { "cve": "CVE-2025-61843", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-998/advisory.json", "detail_path": "advisories/ZDI-25-998", "id": "ZDI-25-998", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-998/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28024", "zdi_id": "ZDI-25-998" }, { "cve": "CVE-2025-61842", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-997/advisory.json", "detail_path": "advisories/ZDI-25-997", "id": "ZDI-25-997", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Use-After-Free Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-997/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28027", "zdi_id": "ZDI-25-997" }, { "cve": "CVE-2025-61841", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-996/advisory.json", "detail_path": "advisories/ZDI-25-996", "id": "ZDI-25-996", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-996/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28022", "zdi_id": "ZDI-25-996" }, { "cve": "CVE-2025-61840", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the imp...", "detail_json": "/data/advisories/ZDI-25-995/advisory.json", "detail_path": "advisories/ZDI-25-995", "id": "ZDI-25-995", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-995/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28026", "zdi_id": "ZDI-25-995" }, { "cve": "CVE-2025-61839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementat...", "detail_json": "/data/advisories/ZDI-25-994/advisory.json", "detail_path": "advisories/ZDI-25-994", "id": "ZDI-25-994", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-994/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28072", "zdi_id": "ZDI-25-994" }, { "cve": "CVE-2025-61838", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementat...", "detail_json": "/data/advisories/ZDI-25-993/advisory.json", "detail_path": "advisories/ZDI-25-993", "id": "ZDI-25-993", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-993/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28071", "zdi_id": "ZDI-25-993" }, { "cve": "CVE-2025-61837", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementat...", "detail_json": "/data/advisories/ZDI-25-992/advisory.json", "detail_path": "advisories/ZDI-25-992", "id": "ZDI-25-992", "kind": "published", "published_date": "2025-11-13", "status": "published", "title": "Adobe USD-Fileformat-plugins usdGltf Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-992/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-28021", "zdi_id": "ZDI-25-992" }, { "cve": "CVE-2025-12840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-991/advisory.json", "detail_path": "advisories/ZDI-25-991", "id": "ZDI-25-991", "kind": "published", "published_date": "2025-11-11", "status": "published", "title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-991/", "vendor": "Academy Software Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-27948", "zdi_id": "ZDI-25-991" }, { "cve": "CVE-2025-12839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-990/advisory.json", "detail_path": "advisories/ZDI-25-990", "id": "ZDI-25-990", "kind": "published", "published_date": "2025-11-11", "status": "published", "title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-990/", "vendor": "Academy Software Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-27947", "zdi_id": "ZDI-25-990" }, { "cve": "CVE-2025-12495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-989/advisory.json", "detail_path": "advisories/ZDI-25-989", "id": "ZDI-25-989", "kind": "published", "published_date": "2025-11-11", "status": "published", "title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-989/", "vendor": "Academy Software Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-27946", "zdi_id": "ZDI-25-989" }, { "cve": "CVE-2025-12838", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User intera...", "detail_json": "/data/advisories/ZDI-25-988/advisory.json", "detail_path": "advisories/ZDI-25-988", "id": "ZDI-25-988", "kind": "published", "published_date": "2025-11-11", "status": "published", "title": "MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-11-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-988/", "vendor": "MSP360", "vendor_url": null, "zdi_can": "ZDI-CAN-27245", "zdi_id": "ZDI-25-988" }, { "cve": "CVE-2025-9458", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-987/advisory.json", "detail_path": "advisories/ZDI-25-987", "id": "ZDI-25-987", "kind": "published", "published_date": "2025-11-10", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-11-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-987/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27965", "zdi_id": "ZDI-25-987" }, { "cve": "CVE-2025-10885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-986/advisory.json", "detail_path": "advisories/ZDI-25-986", "id": "ZDI-25-986", "kind": "published", "published_date": "2025-11-10", "status": "published", "title": "Autodesk On-Demand Install Services adsk_IPCUpdaterChannel Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2025-11-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-986/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27900", "zdi_id": "ZDI-25-986" }, { "cve": "CVE-2025-47728", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-985/advisory.json", "detail_path": "advisories/ZDI-25-985", "id": "ZDI-25-985", "kind": "published", "published_date": "2025-11-10", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-985/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-27323", "zdi_id": "ZDI-25-985" }, { "cve": null, "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-25-984/advisory.json", "detail_path": "advisories/ZDI-25-984", "id": "ZDI-25-984", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-984/", "vendor": "Alibaba", "vendor_url": null, "zdi_can": "ZDI-CAN-26635", "zdi_id": "ZDI-25-984" }, { "cve": "CVE-2025-12489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-25-983/advisory.json", "detail_path": "advisories/ZDI-25-983", "id": "ZDI-25-983", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-983/", "vendor": "evernote-mcp-server", "vendor_url": null, "zdi_can": "ZDI-CAN-27913", "zdi_id": "ZDI-25-983" }, { "cve": "CVE-2025-12487", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trust_remote_c...", "detail_json": "/data/advisories/ZDI-25-982/advisory.json", "detail_path": "advisories/ZDI-25-982", "id": "ZDI-25-982", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-982/", "vendor": "oobabooga", "vendor_url": null, "zdi_can": "ZDI-CAN-26681", "zdi_id": "ZDI-25-982" }, { "cve": "CVE-2025-12488", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trust_remote_c...", "detail_json": "/data/advisories/ZDI-25-981/advisory.json", "detail_path": "advisories/ZDI-25-981", "id": "ZDI-25-981", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-981/", "vendor": "oobabooga", "vendor_url": null, "zdi_can": "ZDI-CAN-26680", "zdi_id": "ZDI-25-981" }, { "cve": "CVE-2025-12486", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of the database ev...", "detail_json": "/data/advisories/ZDI-25-980/advisory.json", "detail_path": "advisories/ZDI-25-980", "id": "ZDI-25-980", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-980/", "vendor": "Heimdall Data", "vendor_url": null, "zdi_can": "ZDI-CAN-24755", "zdi_id": "ZDI-25-980" }, { "cve": "CVE-2025-12490", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata package. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-25-979/advisory.json", "detail_path": "advisories/ZDI-25-979", "id": "ZDI-25-979", "kind": "published", "published_date": "2025-10-30", "status": "published", "title": "Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-979/", "vendor": "Netgate", "vendor_url": null, "zdi_can": "ZDI-CAN-28085", "zdi_id": "ZDI-25-979" }, { "cve": "CVE-2025-10934", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-978/advisory.json", "detail_path": "advisories/ZDI-25-978", "id": "ZDI-25-978", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27823", "zdi_id": "ZDI-25-978" }, { "cve": "CVE-2025-62579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-977/advisory.json", "detail_path": "advisories/ZDI-25-977", "id": "ZDI-25-977", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-977/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-27086", "zdi_id": "ZDI-25-977" }, { "cve": "CVE-2025-62580", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-976/advisory.json", "detail_path": "advisories/ZDI-25-976", "id": "ZDI-25-976", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-976/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-27128", "zdi_id": "ZDI-25-976" }, { "cve": "CVE-2025-62231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-975/advisory.json", "detail_path": "advisories/ZDI-25-975", "id": "ZDI-25-975", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "X.Org Server XkbSetCompatMap Numeric Truncation Error Privilege Escalation Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-975/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-27560", "zdi_id": "ZDI-25-975" }, { "cve": "CVE-2025-62230", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-974/advisory.json", "detail_path": "advisories/ZDI-25-974", "id": "ZDI-25-974", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "X.Org Server XkbRemoveResourceClient Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-974/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-27545", "zdi_id": "ZDI-25-974" }, { "cve": "CVE-2025-62229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-973/advisory.json", "detail_path": "advisories/ZDI-25-973", "id": "ZDI-25-973", "kind": "published", "published_date": "2025-10-29", "status": "published", "title": "X.Org Server present_create_notifies Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2025-10-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-973/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-27238", "zdi_id": "ZDI-25-973" }, { "cve": "CVE-2025-59820", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Krita. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-25-972/advisory.json", "detail_path": "advisories/ZDI-25-972", "id": "ZDI-25-972", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Krita TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-972/", "vendor": "Krita", "vendor_url": null, "zdi_can": "ZDI-CAN-27830", "zdi_id": "ZDI-25-972" }, { "cve": "CVE-2025-59298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-971/advisory.json", "detail_path": "advisories/ZDI-25-971", "id": "ZDI-25-971", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-971/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26677", "zdi_id": "ZDI-25-971" }, { "cve": "CVE-2025-59299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-970/advisory.json", "detail_path": "advisories/ZDI-25-970", "id": "ZDI-25-970", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-970/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26683", "zdi_id": "ZDI-25-970" }, { "cve": "CVE-2025-59297", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-969/advisory.json", "detail_path": "advisories/ZDI-25-969", "id": "ZDI-25-969", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-969/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26672", "zdi_id": "ZDI-25-969" }, { "cve": "CVE-2025-59300", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-968/advisory.json", "detail_path": "advisories/ZDI-25-968", "id": "ZDI-25-968", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-968/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26687", "zdi_id": "ZDI-25-968" }, { "cve": "CVE-2025-58319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-967/advisory.json", "detail_path": "advisories/ZDI-25-967", "id": "ZDI-25-967", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-967/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25407", "zdi_id": "ZDI-25-967" }, { "cve": "CVE-2025-20359", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the process_mime_body me...", "detail_json": "/data/advisories/ZDI-25-966/advisory.json", "detail_path": "advisories/ZDI-25-966", "id": "ZDI-25-966", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Cisco Snort process_mime_body Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-966/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-27536", "zdi_id": "ZDI-25-966" }, { "cve": "CVE-2025-61677", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DataChain. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-965/advisory.json", "detail_path": "advisories/ZDI-25-965", "id": "ZDI-25-965", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "DataChain data_storage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-965/", "vendor": "DataChain", "vendor_url": null, "zdi_can": "ZDI-CAN-27165", "zdi_id": "ZDI-25-965" }, { "cve": "CVE-2025-50154", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-964/advisory.json", "detail_path": "advisories/ZDI-25-964", "id": "ZDI-25-964", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Microsoft Windows LNK File Parsing Improper Input Validation NTLM Relay Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-964/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-28057", "zdi_id": "ZDI-25-964" }, { "cve": "CVE-2025-48982", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili...", "detail_json": "/data/advisories/ZDI-25-963/advisory.json", "detail_path": "advisories/ZDI-25-963", "id": "ZDI-25-963", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-963/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-27061", "zdi_id": "ZDI-25-963" }, { "cve": "CVE-2025-62589", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-962/advisory.json", "detail_path": "advisories/ZDI-25-962", "id": "ZDI-25-962", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-962/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27895", "zdi_id": "ZDI-25-962" }, { "cve": "CVE-2025-62641", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-961/advisory.json", "detail_path": "advisories/ZDI-25-961", "id": "ZDI-25-961", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox USB Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-961/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27933", "zdi_id": "ZDI-25-961" }, { "cve": "CVE-2025-62590", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-960/advisory.json", "detail_path": "advisories/ZDI-25-960", "id": "ZDI-25-960", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-960/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27924", "zdi_id": "ZDI-25-960" }, { "cve": "CVE-2025-62588", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-959/advisory.json", "detail_path": "advisories/ZDI-25-959", "id": "ZDI-25-959", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox VMSVGA Integer Underflow Local Privilege Escalation Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-959/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27890", "zdi_id": "ZDI-25-959" }, { "cve": "CVE-2025-62591", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-958/advisory.json", "detail_path": "advisories/ZDI-25-958", "id": "ZDI-25-958", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-958/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27871", "zdi_id": "ZDI-25-958" }, { "cve": "CVE-2025-61759", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-25-957/advisory.json", "detail_path": "advisories/ZDI-25-957", "id": "ZDI-25-957", "kind": "published", "published_date": "2025-10-27", "status": "published", "title": "Oracle VirtualBox Virtio-net Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-957/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27241", "zdi_id": "ZDI-25-957" }, { "cve": "CVE-2025-11465", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-956/advisory.json", "detail_path": "advisories/ZDI-25-956", "id": "ZDI-25-956", "kind": "published", "published_date": "2025-10-16", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-956/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26631", "zdi_id": "ZDI-25-956" }, { "cve": "CVE-2025-11464", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-955/advisory.json", "detail_path": "advisories/ZDI-25-955", "id": "ZDI-25-955", "kind": "published", "published_date": "2025-10-16", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-955/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26628", "zdi_id": "ZDI-25-955" }, { "cve": "CVE-2025-11463", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-954/advisory.json", "detail_path": "advisories/ZDI-25-954", "id": "ZDI-25-954", "kind": "published", "published_date": "2025-10-16", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-954/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26626", "zdi_id": "ZDI-25-954" }, { "cve": "CVE-2025-59284", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-953/advisory.json", "detail_path": "advisories/ZDI-25-953", "id": "ZDI-25-953", "kind": "published", "published_date": "2025-10-14", "status": "published", "title": "Microsoft Windows TAR File Parsing NTLM Relay Vulnerability", "updated_date": "2025-10-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-953/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27289", "zdi_id": "ZDI-25-953" }, { "cve": "CVE-2025-9872", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-952/advisory.json", "detail_path": "advisories/ZDI-25-952", "id": "ZDI-25-952", "kind": "published", "published_date": "2025-10-10", "status": "published", "title": "Ivanti Endpoint Manager UniqueFilename Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-952/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26912", "zdi_id": "ZDI-25-952" }, { "cve": "CVE-2025-11466", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the DatabaseBackupBL class. The issue results from the...", "detail_json": "/data/advisories/ZDI-25-951/advisory.json", "detail_path": "advisories/ZDI-25-951", "id": "ZDI-25-951", "kind": "published", "published_date": "2025-10-08", "status": "published", "title": "Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-951/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-27136", "zdi_id": "ZDI-25-951" }, { "cve": "CVE-2025-11002", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-950/advisory.json", "detail_path": "advisories/ZDI-25-950", "id": "ZDI-25-950", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-10-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-950/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-26743", "zdi_id": "ZDI-25-950" }, { "cve": "CVE-2025-11001", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-949/advisory.json", "detail_path": "advisories/ZDI-25-949", "id": "ZDI-25-949", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-10-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-949/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-26753", "zdi_id": "ZDI-25-949" }, { "cve": "CVE-2025-10492", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Jaspersoft Jasper Reports. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-25-948/advisory.json", "detail_path": "advisories/ZDI-25-948", "id": "ZDI-25-948", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-10-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-948/", "vendor": "Jaspersoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27130", "zdi_id": "ZDI-25-948" }, { "cve": "CVE-2025-11622", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Endpoint Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-25-947/advisory.json", "detail_path": "advisories/ZDI-25-947", "id": "ZDI-25-947", "kind": "published", "published_date": "2025-10-16", "status": "published", "title": "(0Day) Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": "2025-11-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-947/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25369", "zdi_id": "ZDI-25-947" }, { "cve": "CVE-2025-62386", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_RunPatch class. The issue results f...", "detail_json": "/data/advisories/ZDI-25-946/advisory.json", "detail_path": "advisories/ZDI-25-946", "id": "ZDI-25-946", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-946/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26859", "zdi_id": "ZDI-25-946" }, { "cve": "CVE-2025-62384", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_Report_Run2 class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-945/advisory.json", "detail_path": "advisories/ZDI-25-945", "id": "ZDI-25-945", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager MP_Report_Run2 SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-945/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26857", "zdi_id": "ZDI-25-945" }, { "cve": "CVE-2025-62392", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the DBDR class. The issu...", "detail_json": "/data/advisories/ZDI-25-944/advisory.json", "detail_path": "advisories/ZDI-25-944", "id": "ZDI-25-944", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-944/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26866", "zdi_id": "ZDI-25-944" }, { "cve": "CVE-2025-62391", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from...", "detail_json": "/data/advisories/ZDI-25-943/advisory.json", "detail_path": "advisories/ZDI-25-943", "id": "ZDI-25-943", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-943/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26865", "zdi_id": "ZDI-25-943" }, { "cve": "CVE-2025-62390", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_QueryDetail2 class. The issue results f...", "detail_json": "/data/advisories/ZDI-25-942/advisory.json", "detail_path": "advisories/ZDI-25-942", "id": "ZDI-25-942", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-942/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26864", "zdi_id": "ZDI-25-942" }, { "cve": "CVE-2025-62389", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetCountForQuery met...", "detail_json": "/data/advisories/ZDI-25-941/advisory.json", "detail_path": "advisories/ZDI-25-941", "id": "ZDI-25-941", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-941/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26862", "zdi_id": "ZDI-25-941" }, { "cve": "CVE-2025-62388", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_QueryDetail class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-940/advisory.json", "detail_path": "advisories/ZDI-25-940", "id": "ZDI-25-940", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-940/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26861", "zdi_id": "ZDI-25-940" }, { "cve": "CVE-2025-62387", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_VistaReport class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-939/advisory.json", "detail_path": "advisories/ZDI-25-939", "id": "ZDI-25-939", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-939/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26860", "zdi_id": "ZDI-25-939" }, { "cve": "CVE-2025-62385", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_RunPatch class. The issue results f...", "detail_json": "/data/advisories/ZDI-25-938/advisory.json", "detail_path": "advisories/ZDI-25-938", "id": "ZDI-25-938", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-938/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26858", "zdi_id": "ZDI-25-938" }, { "cve": "CVE-2025-62383", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_Run class. The issue results from t...", "detail_json": "/data/advisories/ZDI-25-937/advisory.json", "detail_path": "advisories/ZDI-25-937", "id": "ZDI-25-937", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-937/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26856", "zdi_id": "ZDI-25-937" }, { "cve": "CVE-2025-11623", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_Run2 class. The issue results from...", "detail_json": "/data/advisories/ZDI-25-936/advisory.json", "detail_path": "advisories/ZDI-25-936", "id": "ZDI-25-936", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "(0Day) Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-936/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26855", "zdi_id": "ZDI-25-936" }, { "cve": "CVE-2025-9713", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-935/advisory.json", "detail_path": "advisories/ZDI-25-935", "id": "ZDI-25-935", "kind": "published", "published_date": "2025-10-16", "status": "published", "title": "(0Day) Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-11-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-935/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26834", "zdi_id": "ZDI-25-935" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MindManager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-934/advisory.json", "detail_path": "advisories/ZDI-25-934", "id": "ZDI-25-934", "kind": "published", "published_date": "2025-10-07", "status": "published", "title": "MindManager Attachment Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-10-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-934/", "vendor": "MindManager", "vendor_url": null, "zdi_can": "ZDI-CAN-26144", "zdi_id": "ZDI-25-934" }, { "cve": "CVE-2025-49844", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certain string values by the embedded Lua in...", "detail_json": "/data/advisories/ZDI-25-933/advisory.json", "detail_path": "advisories/ZDI-25-933", "id": "ZDI-25-933", "kind": "published", "published_date": "2025-10-06", "status": "published", "title": "(Pwn2Own) Redis Lua Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-10-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-933/", "vendor": "Redis", "vendor_url": null, "zdi_can": "ZDI-CAN-27195", "zdi_id": "ZDI-25-933" }, { "cve": "CVE-2025-11200", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak passw...", "detail_json": "/data/advisories/ZDI-25-932/advisory.json", "detail_path": "advisories/ZDI-25-932", "id": "ZDI-25-932", "kind": "published", "published_date": "2025-10-03", "status": "published", "title": "MLflow Weak Password Requirements Authentication Bypass Vulnerability", "updated_date": "2025-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-932/", "vendor": "MLflow", "vendor_url": null, "zdi_can": "ZDI-CAN-26916", "zdi_id": "ZDI-25-932" }, { "cve": "CVE-2025-11201", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The issue...", "detail_json": "/data/advisories/ZDI-25-931/advisory.json", "detail_path": "advisories/ZDI-25-931", "id": "ZDI-25-931", "kind": "published", "published_date": "2025-10-03", "status": "published", "title": "MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-931/", "vendor": "MLflow", "vendor_url": null, "zdi_can": "ZDI-CAN-26921", "zdi_id": "ZDI-25-931" }, { "cve": "CVE-2025-11202", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveCommandPath me...", "detail_json": "/data/advisories/ZDI-25-930/advisory.json", "detail_path": "advisories/ZDI-25-930", "id": "ZDI-25-930", "kind": "published", "published_date": "2025-10-03", "status": "published", "title": "win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-930/", "vendor": "win-cli-mcp-server", "vendor_url": null, "zdi_can": "ZDI-CAN-27787", "zdi_id": "ZDI-25-930" }, { "cve": "CVE-2025-11203", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the API_KEY parameter provided to the...", "detail_json": "/data/advisories/ZDI-25-929/advisory.json", "detail_path": "advisories/ZDI-25-929", "id": "ZDI-25-929", "kind": "published", "published_date": "2025-10-03", "status": "published", "title": "LiteLLM Information health API_KEY Information Disclosure Vulnerability", "updated_date": "2025-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-929/", "vendor": "LiteLLM", "vendor_url": null, "zdi_can": "ZDI-CAN-26585", "zdi_id": "ZDI-25-929" }, { "cve": "CVE-2025-57704", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics EIP Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-25-928/advisory.json", "detail_path": "advisories/ZDI-25-928", "id": "ZDI-25-928", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Delta Electronics EIP Builder EIP File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-928/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26824", "zdi_id": "ZDI-25-928" }, { "cve": "CVE-2025-58320", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite configuration files on affected installations of Delta Electronics DIALink. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on...", "detail_json": "/data/advisories/ZDI-25-927/advisory.json", "detail_path": "advisories/ZDI-25-927", "id": "ZDI-25-927", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Delta Electronics DIALink Directory Traversal Authentication Bypass Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-927/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26843", "zdi_id": "ZDI-25-927" }, { "cve": "CVE-2025-58321", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIALink. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DataCenter service, which listens on...", "detail_json": "/data/advisories/ZDI-25-926/advisory.json", "detail_path": "advisories/ZDI-25-926", "id": "ZDI-25-926", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Delta Electronics DIALink Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-926/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26827", "zdi_id": "ZDI-25-926" }, { "cve": "CVE-2025-9494", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Viessmann Vitogate 300 BN/MB devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON pa...", "detail_json": "/data/advisories/ZDI-25-925/advisory.json", "detail_path": "advisories/ZDI-25-925", "id": "ZDI-25-925", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-925/", "vendor": "Viessmann", "vendor_url": null, "zdi_can": "ZDI-CAN-23861", "zdi_id": "ZDI-25-925" }, { "cve": "CVE-2025-9365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric FRENIC-Loader 4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-924/advisory.json", "detail_path": "advisories/ZDI-25-924", "id": "ZDI-25-924", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Fuji Electric FRENIC-Loader 4 EXTBM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-924/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26504", "zdi_id": "ZDI-25-924" }, { "cve": "CVE-2025-9365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric FRENIC-Loader 4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-25-923/advisory.json", "detail_path": "advisories/ZDI-25-923", "id": "ZDI-25-923", "kind": "published", "published_date": "2025-10-01", "status": "published", "title": "Fuji Electric FRENIC-Loader 4 EXRTM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-923/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26503", "zdi_id": "ZDI-25-923" }, { "cve": "CVE-2025-9712", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-922/advisory.json", "detail_path": "advisories/ZDI-25-922", "id": "ZDI-25-922", "kind": "published", "published_date": "2025-09-30", "status": "published", "title": "Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-09-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-922/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-26833", "zdi_id": "ZDI-25-922" }, { "cve": "CVE-2025-9870", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-921/advisory.json", "detail_path": "advisories/ZDI-25-921", "id": "ZDI-25-921", "kind": "published", "published_date": "2025-09-30", "status": "published", "title": "Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-09-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-921/", "vendor": "Razer", "vendor_url": null, "zdi_can": "ZDI-CAN-26375", "zdi_id": "ZDI-25-921" }, { "cve": "CVE-2025-9871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-920/advisory.json", "detail_path": "advisories/ZDI-25-920", "id": "ZDI-25-920", "kind": "published", "published_date": "2025-09-30", "status": "published", "title": "Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-09-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-920/", "vendor": "Razer", "vendor_url": null, "zdi_can": "ZDI-CAN-26373", "zdi_id": "ZDI-25-920" }, { "cve": "CVE-2025-9869", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-919/advisory.json", "detail_path": "advisories/ZDI-25-919", "id": "ZDI-25-919", "kind": "published", "published_date": "2025-09-30", "status": "published", "title": "Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-09-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-919/", "vendor": "Razer", "vendor_url": null, "zdi_can": "ZDI-CAN-26374", "zdi_id": "ZDI-25-919" }, { "cve": "CVE-2025-53609", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the _cmf_get_config_fi...", "detail_json": "/data/advisories/ZDI-25-918/advisory.json", "detail_path": "advisories/ZDI-25-918", "id": "ZDI-25-918", "kind": "published", "published_date": "2025-09-26", "status": "published", "title": "Fortinet FortiWeb _cmf_get_config_file_path Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-10-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-918/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-27382", "zdi_id": "ZDI-25-918" }, { "cve": "CVE-2025-38562", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of a context value when up...", "detail_json": "/data/advisories/ZDI-25-917/advisory.json", "detail_path": "advisories/ZDI-25-917", "id": "ZDI-25-917", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "Linux Kernel ksmbd generate_key context.iov_base Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-917/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-27654", "zdi_id": "ZDI-25-917" }, { "cve": "CVE-2025-38561", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the Preauth_HashValue field. The issue re...", "detail_json": "/data/advisories/ZDI-25-916/advisory.json", "detail_path": "advisories/ZDI-25-916", "id": "ZDI-25-916", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "Linux Kernel ksmbd smb2_sess_setup Preauth_HashValue Race Condition Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-916/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-27661", "zdi_id": "ZDI-25-916" }, { "cve": "CVE-2025-39698", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-915/advisory.json", "detail_path": "advisories/ZDI-25-915", "id": "ZDI-25-915", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "Linux Kernel io_uring Futex Request Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-915/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-27561", "zdi_id": "ZDI-25-915" }, { "cve": "CVE-2025-10925", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-914/advisory.json", "detail_path": "advisories/ZDI-25-914", "id": "ZDI-25-914", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-914/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27793", "zdi_id": "ZDI-25-914" }, { "cve": "CVE-2025-10924", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-913/advisory.json", "detail_path": "advisories/ZDI-25-913", "id": "ZDI-25-913", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-913/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27836", "zdi_id": "ZDI-25-913" }, { "cve": "CVE-2025-10923", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-912/advisory.json", "detail_path": "advisories/ZDI-25-912", "id": "ZDI-25-912", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-912/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27878", "zdi_id": "ZDI-25-912" }, { "cve": "CVE-2025-10922", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-911/advisory.json", "detail_path": "advisories/ZDI-25-911", "id": "ZDI-25-911", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27863", "zdi_id": "ZDI-25-911" }, { "cve": "CVE-2025-10921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-910/advisory.json", "detail_path": "advisories/ZDI-25-910", "id": "ZDI-25-910", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-910/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27803", "zdi_id": "ZDI-25-910" }, { "cve": "CVE-2025-10920", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-909/advisory.json", "detail_path": "advisories/ZDI-25-909", "id": "ZDI-25-909", "kind": "published", "published_date": "2025-09-24", "status": "published", "title": "GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-909/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-27684", "zdi_id": "ZDI-25-909" }, { "cve": "CVE-2025-8892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-908/advisory.json", "detail_path": "advisories/ZDI-25-908", "id": "ZDI-25-908", "kind": "published", "published_date": "2025-09-23", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-908/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27224", "zdi_id": "ZDI-25-908" }, { "cve": "CVE-2025-8354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-907/advisory.json", "detail_path": "advisories/ZDI-25-907", "id": "ZDI-25-907", "kind": "published", "published_date": "2025-09-23", "status": "published", "title": "Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-907/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27557", "zdi_id": "ZDI-25-907" }, { "cve": "CVE-2025-26399", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-906/advisory.json", "detail_path": "advisories/ZDI-25-906", "id": "ZDI-25-906", "kind": "published", "published_date": "2025-09-23", "status": "published", "title": "SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-906/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-26042", "zdi_id": "ZDI-25-906" }, { "cve": "CVE-2025-3025", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Gen Digital CCleaner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Some inte...", "detail_json": "/data/advisories/ZDI-25-905/advisory.json", "detail_path": "advisories/ZDI-25-905", "id": "ZDI-25-905", "kind": "published", "published_date": "2025-09-23", "status": "published", "title": "Gen Digital CCleaner Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-905/", "vendor": "Gen Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-26474", "zdi_id": "ZDI-25-905" }, { "cve": "CVE-2025-9447", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-904/advisory.json", "detail_path": "advisories/ZDI-25-904", "id": "ZDI-25-904", "kind": "published", "published_date": "2025-09-22", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-09-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-904/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-27283", "zdi_id": "ZDI-25-904" }, { "cve": "CVE-2025-9449", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-903/advisory.json", "detail_path": "advisories/ZDI-25-903", "id": "ZDI-25-903", "kind": "published", "published_date": "2025-09-22", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer PAR File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-09-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-903/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-27332", "zdi_id": "ZDI-25-903" }, { "cve": "CVE-2025-9450", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-902/advisory.json", "detail_path": "advisories/ZDI-25-902", "id": "ZDI-25-902", "kind": "published", "published_date": "2025-09-22", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-09-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-902/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-27467", "zdi_id": "ZDI-25-902" }, { "cve": "CVE-2025-43368", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-901/advisory.json", "detail_path": "advisories/ZDI-25-901", "id": "ZDI-25-901", "kind": "published", "published_date": "2025-09-18", "status": "published", "title": "Apple Safari IPC Connection Invalidation Use-After-Free Information Disclosure Vulnerability", "updated_date": "2025-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-901/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27586", "zdi_id": "ZDI-25-901" }, { "cve": "CVE-2025-43346", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-900/advisory.json", "detail_path": "advisories/ZDI-25-900", "id": "ZDI-25-900", "kind": "published", "published_date": "2025-09-18", "status": "published", "title": "Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-900/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27407", "zdi_id": "ZDI-25-900" }, { "cve": "CVE-2025-43349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-899/advisory.json", "detail_path": "advisories/ZDI-25-899", "id": "ZDI-25-899", "kind": "published", "published_date": "2025-09-18", "status": "published", "title": "Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-899/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27286", "zdi_id": "ZDI-25-899" }, { "cve": "CVE-2025-53418", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics COMMGR. An attacker must first obtain the ability to compromise a PLC in order to exploit this vulnerability. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-25-898/advisory.json", "detail_path": "advisories/ZDI-25-898", "id": "ZDI-25-898", "kind": "published", "published_date": "2025-09-18", "status": "published", "title": "Delta Electronics COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-898/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25289", "zdi_id": "ZDI-25-898" }, { "cve": "CVE-2024-13759", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-897/advisory.json", "detail_path": "advisories/ZDI-25-897", "id": "ZDI-25-897", "kind": "published", "published_date": "2025-09-18", "status": "published", "title": "Avira Prime Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-897/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-22241", "zdi_id": "ZDI-25-897" }, { "cve": "CVE-2025-10644", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this v...", "detail_json": "/data/advisories/ZDI-25-896/advisory.json", "detail_path": "advisories/ZDI-25-896", "id": "ZDI-25-896", "kind": "published", "published_date": "2025-10-08", "status": "published", "title": "(0Day) Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": "2025-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-896/", "vendor": "Wondershare", "vendor_url": null, "zdi_can": "ZDI-CAN-26892", "zdi_id": "ZDI-25-896" }, { "cve": "CVE-2025-10643", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to a storage account t...", "detail_json": "/data/advisories/ZDI-25-895/advisory.json", "detail_path": "advisories/ZDI-25-895", "id": "ZDI-25-895", "kind": "published", "published_date": "2025-10-08", "status": "published", "title": "(0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": "2025-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-895/", "vendor": "Wondershare", "vendor_url": null, "zdi_can": "ZDI-CAN-26902", "zdi_id": "ZDI-25-895" }, { "cve": "CVE-2025-10203", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent WaveForms. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-894/advisory.json", "detail_path": "advisories/ZDI-25-894", "id": "ZDI-25-894", "kind": "published", "published_date": "2025-09-16", "status": "published", "title": "Digilent WaveForms DWF3WORK File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-09-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-894/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26583", "zdi_id": "ZDI-25-894" }, { "cve": "CVE-2025-40762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-893/advisory.json", "detail_path": "advisories/ZDI-25-893", "id": "ZDI-25-893", "kind": "published", "published_date": "2025-09-12", "status": "published", "title": "Siemens Simcenter Femap STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-893/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26692", "zdi_id": "ZDI-25-893" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft .NET. Interaction with the .NET framework is required to exploit this vulnerability but attack vectors may vary depending on the implemen...", "detail_json": "/data/advisories/ZDI-25-892/advisory.json", "detail_path": "advisories/ZDI-25-892", "id": "ZDI-25-892", "kind": "published", "published_date": "2025-09-09", "status": "published", "title": "Microsoft .NET IsTypeAuthorized Deserialization of Untrusted Data Denial-of-Service Vulnerability", "updated_date": "2025-09-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-892/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24739", "zdi_id": "ZDI-25-892" }, { "cve": "CVE-2025-57778", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-891/advisory.json", "detail_path": "advisories/ZDI-25-891", "id": "ZDI-25-891", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-891/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26640", "zdi_id": "ZDI-25-891" }, { "cve": "CVE-2025-57777", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-890/advisory.json", "detail_path": "advisories/ZDI-25-890", "id": "ZDI-25-890", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-890/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26615", "zdi_id": "ZDI-25-890" }, { "cve": "CVE-2025-57776", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-889/advisory.json", "detail_path": "advisories/ZDI-25-889", "id": "ZDI-25-889", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-889/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26614", "zdi_id": "ZDI-25-889" }, { "cve": "CVE-2025-57775", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-888/advisory.json", "detail_path": "advisories/ZDI-25-888", "id": "ZDI-25-888", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-888/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26613", "zdi_id": "ZDI-25-888" }, { "cve": "CVE-2025-57774", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-887/advisory.json", "detail_path": "advisories/ZDI-25-887", "id": "ZDI-25-887", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-887/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26612", "zdi_id": "ZDI-25-887" }, { "cve": "CVE-2025-9189", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-886/advisory.json", "detail_path": "advisories/ZDI-25-886", "id": "ZDI-25-886", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-886/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26582", "zdi_id": "ZDI-25-886" }, { "cve": "CVE-2025-9188", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-885/advisory.json", "detail_path": "advisories/ZDI-25-885", "id": "ZDI-25-885", "kind": "published", "published_date": "2025-11-20", "status": "published", "title": "(0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-885/", "vendor": "Digilent", "vendor_url": null, "zdi_can": "ZDI-CAN-26581", "zdi_id": "ZDI-25-885" }, { "cve": "CVE-2025-8860", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-884/advisory.json", "detail_path": "advisories/ZDI-25-884", "id": "ZDI-25-884", "kind": "published", "published_date": "2025-09-04", "status": "published", "title": "QEMU uefi-vars Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-09-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-884/", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-27261", "zdi_id": "ZDI-25-884" }, { "cve": "CVE-2025-8300", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-25-883/advisory.json", "detail_path": "advisories/ZDI-25-883", "id": "ZDI-25-883", "kind": "published", "published_date": "2025-09-02", "status": "published", "title": "Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-883/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-26552", "zdi_id": "ZDI-25-883" }, { "cve": "CVE-2025-8299", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-25-882/advisory.json", "detail_path": "advisories/ZDI-25-882", "id": "ZDI-25-882", "kind": "published", "published_date": "2025-09-02", "status": "published", "title": "Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-882/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-25857", "zdi_id": "ZDI-25-882" }, { "cve": "CVE-2025-8298", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-25-881/advisory.json", "detail_path": "advisories/ZDI-25-881", "id": "ZDI-25-881", "kind": "published", "published_date": "2025-09-02", "status": "published", "title": "Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-881/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-25864", "zdi_id": "ZDI-25-881" }, { "cve": "CVE-2025-8301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-25-880/advisory.json", "detail_path": "advisories/ZDI-25-880", "id": "ZDI-25-880", "kind": "published", "published_date": "2025-09-02", "status": "published", "title": "Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-880/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-24786", "zdi_id": "ZDI-25-880" }, { "cve": "CVE-2025-8302", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-25-879/advisory.json", "detail_path": "advisories/ZDI-25-879", "id": "ZDI-25-879", "kind": "published", "published_date": "2025-09-02", "status": "published", "title": "Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-879/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-26553", "zdi_id": "ZDI-25-879" }, { "cve": "CVE-2025-43284", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-878/advisory.json", "detail_path": "advisories/ZDI-25-878", "id": "ZDI-25-878", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2026-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-878/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26523", "zdi_id": "ZDI-25-878" }, { "cve": "CVE-2025-53419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-877/advisory.json", "detail_path": "advisories/ZDI-25-877", "id": "ZDI-25-877", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Delta Electronics ISPSoft ISP File Parsing Improper Control of Dynamically-Managed Code Remote Code Execution Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-877/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25875", "zdi_id": "ZDI-25-877" }, { "cve": "CVE-2025-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-876/advisory.json", "detail_path": "advisories/ZDI-25-876", "id": "ZDI-25-876", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-876/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26744", "zdi_id": "ZDI-25-876" }, { "cve": "CVE-2025-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-875/advisory.json", "detail_path": "advisories/ZDI-25-875", "id": "ZDI-25-875", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-875/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26747", "zdi_id": "ZDI-25-875" }, { "cve": "CVE-2025-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-874/advisory.json", "detail_path": "advisories/ZDI-25-874", "id": "ZDI-25-874", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-874/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26748", "zdi_id": "ZDI-25-874" }, { "cve": "CVE-2025-38563", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-25-873/advisory.json", "detail_path": "advisories/ZDI-25-873", "id": "ZDI-25-873", "kind": "published", "published_date": "2025-08-28", "status": "published", "title": "Linux Kernel perf Subsystem AUX Buffers Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-873/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-27504", "zdi_id": "ZDI-25-873" }, { "cve": "CVE-2025-44002", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-25-872/advisory.json", "detail_path": "advisories/ZDI-25-872", "id": "ZDI-25-872", "kind": "published", "published_date": "2025-08-26", "status": "published", "title": "TeamViewer Link Following Denial-of-Service Vulnerability", "updated_date": "2025-08-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-872/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-27129", "zdi_id": "ZDI-25-872" }, { "cve": "CVE-2024-13087", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-25-871/advisory.json", "detail_path": "advisories/ZDI-25-871", "id": "ZDI-25-871", "kind": "published", "published_date": "2025-08-26", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 miro_webserver_lib_RunExecBash Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-871/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25847", "zdi_id": "ZDI-25-871" }, { "cve": "CVE-2025-9330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-870/advisory.json", "detail_path": "advisories/ZDI-25-870", "id": "ZDI-25-870", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-870/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25709", "zdi_id": "ZDI-25-870" }, { "cve": "CVE-2025-9323", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-869/advisory.json", "detail_path": "advisories/ZDI-25-869", "id": "ZDI-25-869", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-869/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-27101", "zdi_id": "ZDI-25-869" }, { "cve": "CVE-2025-9324", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-868/advisory.json", "detail_path": "advisories/ZDI-25-868", "id": "ZDI-25-868", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-868/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26802", "zdi_id": "ZDI-25-868" }, { "cve": "CVE-2025-9325", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-867/advisory.json", "detail_path": "advisories/ZDI-25-867", "id": "ZDI-25-867", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-867/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26785", "zdi_id": "ZDI-25-867" }, { "cve": "CVE-2025-9326", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-866/advisory.json", "detail_path": "advisories/ZDI-25-866", "id": "ZDI-25-866", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-866/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26784", "zdi_id": "ZDI-25-866" }, { "cve": "CVE-2025-9327", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-865/advisory.json", "detail_path": "advisories/ZDI-25-865", "id": "ZDI-25-865", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-865/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26774", "zdi_id": "ZDI-25-865" }, { "cve": "CVE-2025-9328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-864/advisory.json", "detail_path": "advisories/ZDI-25-864", "id": "ZDI-25-864", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-864/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26773", "zdi_id": "ZDI-25-864" }, { "cve": "CVE-2025-9329", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-863/advisory.json", "detail_path": "advisories/ZDI-25-863", "id": "ZDI-25-863", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-863/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-26772", "zdi_id": "ZDI-25-863" }, { "cve": "CVE-2025-5048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-862/advisory.json", "detail_path": "advisories/ZDI-25-862", "id": "ZDI-25-862", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Autodesk AutoCAD DGN File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-862/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27085", "zdi_id": "ZDI-25-862" }, { "cve": "CVE-2025-5047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-861/advisory.json", "detail_path": "advisories/ZDI-25-861", "id": "ZDI-25-861", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Autodesk AutoCAD DGN File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-861/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27084", "zdi_id": "ZDI-25-861" }, { "cve": "CVE-2025-5046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-860/advisory.json", "detail_path": "advisories/ZDI-25-860", "id": "ZDI-25-860", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Autodesk AutoCAD DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-860/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27083", "zdi_id": "ZDI-25-860" }, { "cve": "CVE-2025-54989", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Firebird SQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of XDR messages. The issue...", "detail_json": "/data/advisories/ZDI-25-859/advisory.json", "detail_path": "advisories/ZDI-25-859", "id": "ZDI-25-859", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Firebird SQL Database Server XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-859/", "vendor": "Firebird", "vendor_url": null, "zdi_can": "ZDI-CAN-26486", "zdi_id": "ZDI-25-859" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud r...", "detail_json": "/data/advisories/ZDI-25-858/advisory.json", "detail_path": "advisories/ZDI-25-858", "id": "ZDI-25-858", "kind": "published", "published_date": "2025-08-21", "status": "published", "title": "Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability", "updated_date": "2025-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-858/", "vendor": "Axis Communications", "vendor_url": null, "zdi_can": "ZDI-CAN-25774", "zdi_id": "ZDI-25-858" }, { "cve": "CVE-2025-8297", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-25-857/advisory.json", "detail_path": "advisories/ZDI-25-857", "id": "ZDI-25-857", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-857/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-27433", "zdi_id": "ZDI-25-857" }, { "cve": "CVE-2025-8296", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds...", "detail_json": "/data/advisories/ZDI-25-856/advisory.json", "detail_path": "advisories/ZDI-25-856", "id": "ZDI-25-856", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-856/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-27134", "zdi_id": "ZDI-25-856" }, { "cve": "CVE-2025-9276", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw exists within the configuration of the system shadow file. Th...", "detail_json": "/data/advisories/ZDI-25-855/advisory.json", "detail_path": "advisories/ZDI-25-855", "id": "ZDI-25-855", "kind": "published", "published_date": "2025-08-27", "status": "published", "title": "Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability", "updated_date": "2025-08-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-855/", "vendor": "Cockroach Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-22195", "zdi_id": "ZDI-25-855" }, { "cve": "CVE-2025-9275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-25-854/advisory.json", "detail_path": "advisories/ZDI-25-854", "id": "ZDI-25-854", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(0Day) Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-854/", "vendor": "Oxford Instruments", "vendor_url": null, "zdi_can": "ZDI-CAN-21655", "zdi_id": "ZDI-25-854" }, { "cve": "CVE-2025-9274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-25-853/advisory.json", "detail_path": "advisories/ZDI-25-853", "id": "ZDI-25-853", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(0Day) Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-853/", "vendor": "Oxford Instruments", "vendor_url": null, "zdi_can": "ZDI-CAN-21657", "zdi_id": "ZDI-25-853" }, { "cve": "CVE-2025-9273", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of MySQL connections. When connecti...", "detail_json": "/data/advisories/ZDI-25-852/advisory.json", "detail_path": "advisories/ZDI-25-852", "id": "ZDI-25-852", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(0Day) CData API Server MySQL Misconfiguration Information Disclosure Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-852/", "vendor": "CData", "vendor_url": null, "zdi_can": "ZDI-CAN-23950", "zdi_id": "ZDI-25-852" }, { "cve": "CVE-2025-23318", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IPC messages. A c...", "detail_json": "/data/advisories/ZDI-25-851/advisory.json", "detail_path": "advisories/ZDI-25-851", "id": "ZDI-25-851", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(Pwn2Own) NVIDIA Triton Inference Server IPC Push Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-851/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27250", "zdi_id": "ZDI-25-851" }, { "cve": "CVE-2025-23333", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LoadFromSharedMemory fu...", "detail_json": "/data/advisories/ZDI-25-850/advisory.json", "detail_path": "advisories/ZDI-25-850", "id": "ZDI-25-850", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(Pwn2Own) NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-850/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27249", "zdi_id": "ZDI-25-850" }, { "cve": "CVE-2025-23320", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SharedMemoryManager cla...", "detail_json": "/data/advisories/ZDI-25-849/advisory.json", "detail_path": "advisories/ZDI-25-849", "id": "ZDI-25-849", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "(Pwn2Own) NVIDIA Triton Inference Server SharedMemoryManager Error Message Information Disclosure Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-849/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27181", "zdi_id": "ZDI-25-849" }, { "cve": "CVE-2025-23296", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the secure_server method. The issue results from...", "detail_json": "/data/advisories/ZDI-25-848/advisory.json", "detail_path": "advisories/ZDI-25-848", "id": "ZDI-25-848", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability", "updated_date": "2025-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-848/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27209", "zdi_id": "ZDI-25-848" }, { "cve": "CVE-2025-23296", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TorchSerializer class. The issue results fr...", "detail_json": "/data/advisories/ZDI-25-847/advisory.json", "detail_path": "advisories/ZDI-25-847", "id": "ZDI-25-847", "kind": "published", "published_date": "2025-08-20", "status": "published", "title": "NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-09-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-847/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27210", "zdi_id": "ZDI-25-847" }, { "cve": "CVE-2025-31281", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-846/advisory.json", "detail_path": "advisories/ZDI-25-846", "id": "ZDI-25-846", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "Apple macOS USD importMeshJointWeights Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-846/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27058", "zdi_id": "ZDI-25-846" }, { "cve": "CVE-2025-53132", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-845/advisory.json", "detail_path": "advisories/ZDI-25-845", "id": "ZDI-25-845", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kfull Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-845/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27174", "zdi_id": "ZDI-25-845" }, { "cve": "CVE-2025-53788", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to read arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-25-844/advisory.json", "detail_path": "advisories/ZDI-25-844", "id": "ZDI-25-844", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-844/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27541", "zdi_id": "ZDI-25-844" }, { "cve": "CVE-2025-50168", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-843/advisory.json", "detail_path": "advisories/ZDI-25-843", "id": "ZDI-25-843", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kbase Type Confusion Local Privilege Escalation Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-843/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27188", "zdi_id": "ZDI-25-843" }, { "cve": "CVE-2025-53156", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-842/advisory.json", "detail_path": "advisories/ZDI-25-842", "id": "ZDI-25-842", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-842/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27171", "zdi_id": "ZDI-25-842" }, { "cve": "CVE-2025-53723", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-841/advisory.json", "detail_path": "advisories/ZDI-25-841", "id": "ZDI-25-841", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows 11 vhdmp Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-841/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27235", "zdi_id": "ZDI-25-841" }, { "cve": "CVE-2025-53155", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-840/advisory.json", "detail_path": "advisories/ZDI-25-840", "id": "ZDI-25-840", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows 11 vhdmp Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-840/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27256", "zdi_id": "ZDI-25-840" }, { "cve": "CVE-2025-53783", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. Authentication is not required to exploit this vulnerability. The specific flaw exists within the real time media manager. The issue results fro...", "detail_json": "/data/advisories/ZDI-25-839/advisory.json", "detail_path": "advisories/ZDI-25-839", "id": "ZDI-25-839", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "Microsoft Teams Real Time Media Manager Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-839/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26363", "zdi_id": "ZDI-25-839" }, { "cve": "CVE-2025-50167", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-838/advisory.json", "detail_path": "advisories/ZDI-25-838", "id": "ZDI-25-838", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows 11 vhdmp Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-838/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27158", "zdi_id": "ZDI-25-838" }, { "cve": "CVE-2025-6377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-25-837/advisory.json", "detail_path": "advisories/ZDI-25-837", "id": "ZDI-25-837", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-08-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-837/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-26559", "zdi_id": "ZDI-25-837" }, { "cve": "CVE-2025-6376", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-25-836/advisory.json", "detail_path": "advisories/ZDI-25-836", "id": "ZDI-25-836", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-08-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-836/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-26556", "zdi_id": "ZDI-25-836" }, { "cve": "CVE-2025-8614", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-835/advisory.json", "detail_path": "advisories/ZDI-25-835", "id": "ZDI-25-835", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-09-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-835/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-26766", "zdi_id": "ZDI-25-835" }, { "cve": "CVE-2025-48071", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-834/advisory.json", "detail_path": "advisories/ZDI-25-834", "id": "ZDI-25-834", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-08-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-834/", "vendor": "Academy Software Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-26141", "zdi_id": "ZDI-25-834" }, { "cve": "CVE-2025-23298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-833/advisory.json", "detail_path": "advisories/ZDI-25-833", "id": "ZDI-25-833", "kind": "published", "published_date": "2025-08-14", "status": "published", "title": "NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-833/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27199", "zdi_id": "ZDI-25-833" }, { "cve": "CVE-2025-53417", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-25-832/advisory.json", "detail_path": "advisories/ZDI-25-832", "id": "ZDI-25-832", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-08-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-832/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26478", "zdi_id": "ZDI-25-832" }, { "cve": "CVE-2025-53417", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens o...", "detail_json": "/data/advisories/ZDI-25-831/advisory.json", "detail_path": "advisories/ZDI-25-831", "id": "ZDI-25-831", "kind": "published", "published_date": "2025-08-13", "status": "published", "title": "Delta Electronics DIAView Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-08-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-831/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26477", "zdi_id": "ZDI-25-831" }, { "cve": "CVE-2025-54924", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-25-830/advisory.json", "detail_path": "advisories/ZDI-25-830", "id": "ZDI-25-830", "kind": "published", "published_date": "2025-08-12", "status": "published", "title": "(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetPagesAsImages Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-830/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26463", "zdi_id": "ZDI-25-830" }, { "cve": "CVE-2025-54923", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementat...", "detail_json": "/data/advisories/ZDI-25-829/advisory.json", "detail_path": "advisories/ZDI-25-829", "id": "ZDI-25-829", "kind": "published", "published_date": "2025-08-12", "status": "published", "title": "(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-829/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26275", "zdi_id": "ZDI-25-829" }, { "cve": "CVE-2025-54927", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the HttpPostedF...", "detail_json": "/data/advisories/ZDI-25-828/advisory.json", "detail_path": "advisories/ZDI-25-828", "id": "ZDI-25-828", "kind": "published", "published_date": "2025-08-12", "status": "published", "title": "(0Day) Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-828/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26274", "zdi_id": "ZDI-25-828" }, { "cve": "CVE-2025-54926", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the Get...", "detail_json": "/data/advisories/ZDI-25-827/advisory.json", "detail_path": "advisories/ZDI-25-827", "id": "ZDI-25-827", "kind": "published", "published_date": "2025-08-12", "status": "published", "title": "(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-827/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26273", "zdi_id": "ZDI-25-827" }, { "cve": "CVE-2025-54925", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-25-826/advisory.json", "detail_path": "advisories/ZDI-25-826", "id": "ZDI-25-826", "kind": "published", "published_date": "2025-08-12", "status": "published", "title": "(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-826/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26464", "zdi_id": "ZDI-25-826" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore framework is required to exploit this vulnerability but attack vectors may vary depending on the imple...", "detail_json": "/data/advisories/ZDI-25-825/advisory.json", "detail_path": "advisories/ZDI-25-825", "id": "ZDI-25-825", "kind": "published", "published_date": "2025-08-11", "status": "published", "title": "Apple macOS AudioToolboxCore Audio Conversion Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-08-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-825/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26281", "zdi_id": "ZDI-25-825" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-824/advisory.json", "detail_path": "advisories/ZDI-25-824", "id": "ZDI-25-824", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-824/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26364", "zdi_id": "ZDI-25-824" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-823/advisory.json", "detail_path": "advisories/ZDI-25-823", "id": "ZDI-25-823", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-823/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26372", "zdi_id": "ZDI-25-823" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetTransf...", "detail_json": "/data/advisories/ZDI-25-822/advisory.json", "detail_path": "advisories/ZDI-25-822", "id": "ZDI-25-822", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-822/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25207", "zdi_id": "ZDI-25-822" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-821/advisory.json", "detail_path": "advisories/ZDI-25-821", "id": "ZDI-25-821", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows Internet Explorer Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-821/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24974", "zdi_id": "ZDI-25-821" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information or create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-25-820/advisory.json", "detail_path": "advisories/ZDI-25-820", "id": "ZDI-25-820", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft SharePoint IsAuthorizedType Deserialization of Untrusted Data Information Disclosure and Denial-of-Service Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-820/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24831", "zdi_id": "ZDI-25-820" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-25-819/advisory.json", "detail_path": "advisories/ZDI-25-819", "id": "ZDI-25-819", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows NetBIOS Hostname SmartScreen Bypass Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-819/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24425", "zdi_id": "ZDI-25-819" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-25-818/advisory.json", "detail_path": "advisories/ZDI-25-818", "id": "ZDI-25-818", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows OneDrive SmartScreen Bypass Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-818/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24078", "zdi_id": "ZDI-25-818" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-817/advisory.json", "detail_path": "advisories/ZDI-25-817", "id": "ZDI-25-817", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Edge PDF NTLM Response Information Disclosure Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-817/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23584", "zdi_id": "ZDI-25-817" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the gNB-ID provided...", "detail_json": "/data/advisories/ZDI-25-816/advisory.json", "detail_path": "advisories/ZDI-25-816", "id": "ZDI-25-816", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Azure AP5GC gNB-ID Use of Multiple Resources with Duplicate Identifier Denial-Of-Service Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-816/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23960", "zdi_id": "ZDI-25-816" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-25-815/advisory.json", "detail_path": "advisories/ZDI-25-815", "id": "ZDI-25-815", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows CAB File SmartScreen Bypass Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-815/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23990", "zdi_id": "ZDI-25-815" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-814/advisory.json", "detail_path": "advisories/ZDI-25-814", "id": "ZDI-25-814", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows MonikerLink Information Disclosure Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-814/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23548", "zdi_id": "ZDI-25-814" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The sp...", "detail_json": "/data/advisories/ZDI-25-813/advisory.json", "detail_path": "advisories/ZDI-25-813", "id": "ZDI-25-813", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft PowerShell TryModuleAutoLoading Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-813/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23444", "zdi_id": "ZDI-25-813" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-812/advisory.json", "detail_path": "advisories/ZDI-25-812", "id": "ZDI-25-812", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows SmartScreen Bypass Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-812/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23938", "zdi_id": "ZDI-25-812" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to host arbitrary documents on a trusted domain used by Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-811/advisory.json", "detail_path": "advisories/ZDI-25-811", "id": "ZDI-25-811", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Office OfficeApps Unintended Proxy Information Disclosure Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-811/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23946", "zdi_id": "ZDI-25-811" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-810/advisory.json", "detail_path": "advisories/ZDI-25-810", "id": "ZDI-25-810", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Windows ZIP File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-810/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23945", "zdi_id": "ZDI-25-810" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell backend. The issue results from an e...", "detail_json": "/data/advisories/ZDI-25-809/advisory.json", "detail_path": "advisories/ZDI-25-809", "id": "ZDI-25-809", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-809/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23450", "zdi_id": "ZDI-25-809" }, { "cve": "CVE-2025-8610", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StorageNode service, which listens on TCP p...", "detail_json": "/data/advisories/ZDI-25-808/advisory.json", "detail_path": "advisories/ZDI-25-808", "id": "ZDI-25-808", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-808/", "vendor": "AOMEI", "vendor_url": null, "zdi_can": "ZDI-CAN-26156", "zdi_id": "ZDI-25-808" }, { "cve": "CVE-2025-8611", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DaoService service, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-25-807/advisory.json", "detail_path": "advisories/ZDI-25-807", "id": "ZDI-25-807", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-807/", "vendor": "AOMEI", "vendor_url": null, "zdi_can": "ZDI-CAN-26158", "zdi_id": "ZDI-25-807" }, { "cve": "CVE-2025-8612", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Us...", "detail_json": "/data/advisories/ZDI-25-806/advisory.json", "detail_path": "advisories/ZDI-25-806", "id": "ZDI-25-806", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-806/", "vendor": "AOMEI", "vendor_url": null, "zdi_can": "ZDI-CAN-27059", "zdi_id": "ZDI-25-806" }, { "cve": "CVE-2025-8613", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from th...", "detail_json": "/data/advisories/ZDI-25-805/advisory.json", "detail_path": "advisories/ZDI-25-805", "id": "ZDI-25-805", "kind": "published", "published_date": "2025-08-06", "status": "published", "title": "(0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-805/", "vendor": "Vacron", "vendor_url": null, "zdi_can": "ZDI-CAN-25892", "zdi_id": "ZDI-25-805" }, { "cve": "CVE-2025-8656", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The iss...", "detail_json": "/data/advisories/ZDI-25-804/advisory.json", "detail_path": "advisories/ZDI-25-804", "id": "ZDI-25-804", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-804/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26355", "zdi_id": "ZDI-25-804" }, { "cve": "CVE-2025-8655", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-803/advisory.json", "detail_path": "advisories/ZDI-25-803", "id": "ZDI-25-803", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-803/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26314", "zdi_id": "ZDI-25-803" }, { "cve": "CVE-2025-8654", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The...", "detail_json": "/data/advisories/ZDI-25-802/advisory.json", "detail_path": "advisories/ZDI-25-802", "id": "ZDI-25-802", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-802/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26313", "zdi_id": "ZDI-25-802" }, { "cve": "CVE-2025-8653", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results f...", "detail_json": "/data/advisories/ZDI-25-801/advisory.json", "detail_path": "advisories/ZDI-25-801", "id": "ZDI-25-801", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-801/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26312", "zdi_id": "ZDI-25-801" }, { "cve": "CVE-2025-8652", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue...", "detail_json": "/data/advisories/ZDI-25-800/advisory.json", "detail_path": "advisories/ZDI-25-800", "id": "ZDI-25-800", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-800/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26311", "zdi_id": "ZDI-25-800" }, { "cve": "CVE-2025-8651", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue...", "detail_json": "/data/advisories/ZDI-25-799/advisory.json", "detail_path": "advisories/ZDI-25-799", "id": "ZDI-25-799", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-799/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26307", "zdi_id": "ZDI-25-799" }, { "cve": "CVE-2025-8650", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-798/advisory.json", "detail_path": "advisories/ZDI-25-798", "id": "ZDI-25-798", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-798/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26306", "zdi_id": "ZDI-25-798" }, { "cve": "CVE-2025-8649", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue...", "detail_json": "/data/advisories/ZDI-25-797/advisory.json", "detail_path": "advisories/ZDI-25-797", "id": "ZDI-25-797", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-797/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26305", "zdi_id": "ZDI-25-797" }, { "cve": "CVE-2025-8648", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-796/advisory.json", "detail_path": "advisories/ZDI-25-796", "id": "ZDI-25-796", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-796/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26271", "zdi_id": "ZDI-25-796" }, { "cve": "CVE-2025-8647", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-795/advisory.json", "detail_path": "advisories/ZDI-25-795", "id": "ZDI-25-795", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-795/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26270", "zdi_id": "ZDI-25-795" }, { "cve": "CVE-2025-8646", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-794/advisory.json", "detail_path": "advisories/ZDI-25-794", "id": "ZDI-25-794", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-794/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26269", "zdi_id": "ZDI-25-794" }, { "cve": "CVE-2025-8645", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-793/advisory.json", "detail_path": "advisories/ZDI-25-793", "id": "ZDI-25-793", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-793/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26268", "zdi_id": "ZDI-25-793" }, { "cve": "CVE-2025-8644", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-792/advisory.json", "detail_path": "advisories/ZDI-25-792", "id": "ZDI-25-792", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-792/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26267", "zdi_id": "ZDI-25-792" }, { "cve": "CVE-2025-8643", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-791/advisory.json", "detail_path": "advisories/ZDI-25-791", "id": "ZDI-25-791", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-791/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26266", "zdi_id": "ZDI-25-791" }, { "cve": "CVE-2025-8642", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-790/advisory.json", "detail_path": "advisories/ZDI-25-790", "id": "ZDI-25-790", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-790/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26265", "zdi_id": "ZDI-25-790" }, { "cve": "CVE-2025-8641", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-789/advisory.json", "detail_path": "advisories/ZDI-25-789", "id": "ZDI-25-789", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-789/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26264", "zdi_id": "ZDI-25-789" }, { "cve": "CVE-2025-8640", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-788/advisory.json", "detail_path": "advisories/ZDI-25-788", "id": "ZDI-25-788", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-788/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26263", "zdi_id": "ZDI-25-788" }, { "cve": "CVE-2025-8639", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results...", "detail_json": "/data/advisories/ZDI-25-787/advisory.json", "detail_path": "advisories/ZDI-25-787", "id": "ZDI-25-787", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-787/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26262", "zdi_id": "ZDI-25-787" }, { "cve": "CVE-2025-8638", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-786/advisory.json", "detail_path": "advisories/ZDI-25-786", "id": "ZDI-25-786", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-786/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26261", "zdi_id": "ZDI-25-786" }, { "cve": "CVE-2025-8637", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-785/advisory.json", "detail_path": "advisories/ZDI-25-785", "id": "ZDI-25-785", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-785/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26260", "zdi_id": "ZDI-25-785" }, { "cve": "CVE-2025-8636", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-784/advisory.json", "detail_path": "advisories/ZDI-25-784", "id": "ZDI-25-784", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-784/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26259", "zdi_id": "ZDI-25-784" }, { "cve": "CVE-2025-8635", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-783/advisory.json", "detail_path": "advisories/ZDI-25-783", "id": "ZDI-25-783", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-783/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26258", "zdi_id": "ZDI-25-783" }, { "cve": "CVE-2025-8634", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-782/advisory.json", "detail_path": "advisories/ZDI-25-782", "id": "ZDI-25-782", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-782/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26257", "zdi_id": "ZDI-25-782" }, { "cve": "CVE-2025-8633", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-781/advisory.json", "detail_path": "advisories/ZDI-25-781", "id": "ZDI-25-781", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-781/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26256", "zdi_id": "ZDI-25-781" }, { "cve": "CVE-2025-8632", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-780/advisory.json", "detail_path": "advisories/ZDI-25-780", "id": "ZDI-25-780", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-780/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26255", "zdi_id": "ZDI-25-780" }, { "cve": "CVE-2025-8631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-779/advisory.json", "detail_path": "advisories/ZDI-25-779", "id": "ZDI-25-779", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-779/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26254", "zdi_id": "ZDI-25-779" }, { "cve": "CVE-2025-8630", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-778/advisory.json", "detail_path": "advisories/ZDI-25-778", "id": "ZDI-25-778", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-778/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26253", "zdi_id": "ZDI-25-778" }, { "cve": "CVE-2025-8629", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-777/advisory.json", "detail_path": "advisories/ZDI-25-777", "id": "ZDI-25-777", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-777/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26252", "zdi_id": "ZDI-25-777" }, { "cve": "CVE-2025-8628", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process....", "detail_json": "/data/advisories/ZDI-25-776/advisory.json", "detail_path": "advisories/ZDI-25-776", "id": "ZDI-25-776", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-776/", "vendor": "Kenwood", "vendor_url": null, "zdi_can": "ZDI-CAN-26064", "zdi_id": "ZDI-25-776" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-775/advisory.json", "detail_path": "advisories/ZDI-25-775", "id": "ZDI-25-775", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Google Chrome SwiftShader Out-Of-Bound Write Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-775/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-25494", "zdi_id": "ZDI-25-775" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-25-774/advisory.json", "detail_path": "advisories/ZDI-25-774", "id": "ZDI-25-774", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Google Drive ZIP File Mark-of-the-Web Bypass Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-774/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-24741", "zdi_id": "ZDI-25-774" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-25-773/advisory.json", "detail_path": "advisories/ZDI-25-773", "id": "ZDI-25-773", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "(0Day) Google Drive File Sharing Mark-of-the-Web Bypass Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-773/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-24742", "zdi_id": "ZDI-25-773" }, { "cve": "CVE-2025-54987", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-25-772/advisory.json", "detail_path": "advisories/ZDI-25-772", "id": "ZDI-25-772", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-772/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-27855", "zdi_id": "ZDI-25-772" }, { "cve": "CVE-2025-54948", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-25-771/advisory.json", "detail_path": "advisories/ZDI-25-771", "id": "ZDI-25-771", "kind": "published", "published_date": "2025-08-05", "status": "published", "title": "Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-08-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-771/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-27834", "zdi_id": "ZDI-25-771" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue re...", "detail_json": "/data/advisories/ZDI-25-770/advisory.json", "detail_path": "advisories/ZDI-25-770", "id": "ZDI-25-770", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "Microsoft Skype Chromium Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-770/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25335", "zdi_id": "ZDI-25-770" }, { "cve": "CVE-2025-7849", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-769/advisory.json", "detail_path": "advisories/ZDI-25-769", "id": "ZDI-25-769", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "NI LabVIEW VI File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-769/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-27088", "zdi_id": "ZDI-25-769" }, { "cve": "CVE-2025-7848", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-768/advisory.json", "detail_path": "advisories/ZDI-25-768", "id": "ZDI-25-768", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "NI LabVIEW VI File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-768/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-27081", "zdi_id": "ZDI-25-768" }, { "cve": "CVE-2025-8477", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-767/advisory.json", "detail_path": "advisories/ZDI-25-767", "id": "ZDI-25-767", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-767/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26324", "zdi_id": "ZDI-25-767" }, { "cve": "CVE-2025-8480", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming applica...", "detail_json": "/data/advisories/ZDI-25-766/advisory.json", "detail_path": "advisories/ZDI-25-766", "id": "ZDI-25-766", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 Command Injection Remote Code Execution", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-766/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26357", "zdi_id": "ZDI-25-766" }, { "cve": "CVE-2025-8476", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming applica...", "detail_json": "/data/advisories/ZDI-25-765/advisory.json", "detail_path": "advisories/ZDI-25-765", "id": "ZDI-25-765", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-765/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26322", "zdi_id": "ZDI-25-765" }, { "cve": "CVE-2025-8475", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The...", "detail_json": "/data/advisories/ZDI-25-764/advisory.json", "detail_path": "advisories/ZDI-25-764", "id": "ZDI-25-764", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-764/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26321", "zdi_id": "ZDI-25-764" }, { "cve": "CVE-2025-8474", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple...", "detail_json": "/data/advisories/ZDI-25-763/advisory.json", "detail_path": "advisories/ZDI-25-763", "id": "ZDI-25-763", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-763/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26318", "zdi_id": "ZDI-25-763" }, { "cve": "CVE-2025-8473", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wstpCBCUpdStart functi...", "detail_json": "/data/advisories/ZDI-25-762/advisory.json", "detail_path": "advisories/ZDI-25-762", "id": "ZDI-25-762", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-762/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26317", "zdi_id": "ZDI-25-762" }, { "cve": "CVE-2025-8472", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The...", "detail_json": "/data/advisories/ZDI-25-761/advisory.json", "detail_path": "advisories/ZDI-25-761", "id": "ZDI-25-761", "kind": "published", "published_date": "2025-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-761/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-26316", "zdi_id": "ZDI-25-761" }, { "cve": "CVE-2024-50388", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the provided usernam...", "detail_json": "/data/advisories/ZDI-25-760/advisory.json", "detail_path": "advisories/ZDI-25-760", "id": "ZDI-25-760", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 rsync Daemon Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-760/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25536", "zdi_id": "ZDI-25-760" }, { "cve": "CVE-2024-50387", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of command line argumen...", "detail_json": "/data/advisories/ZDI-25-759/advisory.json", "detail_path": "advisories/ZDI-25-759", "id": "ZDI-25-759", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Log Tool SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-759/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25656", "zdi_id": "ZDI-25-759" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the provided usernam...", "detail_json": "/data/advisories/ZDI-25-758/advisory.json", "detail_path": "advisories/ZDI-25-758", "id": "ZDI-25-758", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-758/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25612", "zdi_id": "ZDI-25-758" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of parameters provid...", "detail_json": "/data/advisories/ZDI-25-757/advisory.json", "detail_path": "advisories/ZDI-25-757", "id": "ZDI-25-757", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-757/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25673", "zdi_id": "ZDI-25-757" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the...", "detail_json": "/data/advisories/ZDI-25-756/advisory.json", "detail_path": "advisories/ZDI-25-756", "id": "ZDI-25-756", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-756/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25488", "zdi_id": "ZDI-25-756" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the username para...", "detail_json": "/data/advisories/ZDI-25-755/advisory.json", "detail_path": "advisories/ZDI-25-755", "id": "ZDI-25-755", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-755/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25672", "zdi_id": "ZDI-25-755" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...", "detail_json": "/data/advisories/ZDI-25-754/advisory.json", "detail_path": "advisories/ZDI-25-754", "id": "ZDI-25-754", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-754/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25653", "zdi_id": "ZDI-25-754" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function responsible for URL decoding. The...", "detail_json": "/data/advisories/ZDI-25-753/advisory.json", "detail_path": "advisories/ZDI-25-753", "id": "ZDI-25-753", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-753/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25482", "zdi_id": "ZDI-25-753" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of gRPC messages. Th...", "detail_json": "/data/advisories/ZDI-25-752/advisory.json", "detail_path": "advisories/ZDI-25-752", "id": "ZDI-25-752", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 gRPC WAN_ADDR6 Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-752/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25667", "zdi_id": "ZDI-25-752" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to redirect localhost traffic on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /etc/hosts file. The issu...", "detail_json": "/data/advisories/ZDI-25-751/advisory.json", "detail_path": "advisories/ZDI-25-751", "id": "ZDI-25-751", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 IPv6 Incorrectly Specified Destination in a Communication Channel Network Spoofing Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-751/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25625", "zdi_id": "ZDI-25-751" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parseMIME method. The issue r...", "detail_json": "/data/advisories/ZDI-25-750/advisory.json", "detail_path": "advisories/ZDI-25-750", "id": "ZDI-25-750", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 lionic_dpi parseMIME Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-750/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25624", "zdi_id": "ZDI-25-750" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rul...", "detail_json": "/data/advisories/ZDI-25-749/advisory.json", "detail_path": "advisories/ZDI-25-749", "id": "ZDI-25-749", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 qfirewall Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-749/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25596", "zdi_id": "ZDI-25-749" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the storage of credentials. The issue result...", "detail_json": "/data/advisories/ZDI-25-748/advisory.json", "detail_path": "advisories/ZDI-25-748", "id": "ZDI-25-748", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 system.db Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-748/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25657", "zdi_id": "ZDI-25-748" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-464. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reset_password.cgi endpoint. The issue re...", "detail_json": "/data/advisories/ZDI-25-747/advisory.json", "detail_path": "advisories/ZDI-25-747", "id": "ZDI-25-747", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 reset_password.cgi Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-747/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25646", "zdi_id": "ZDI-25-747" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reset_password.cgi endpo...", "detail_json": "/data/advisories/ZDI-25-746/advisory.json", "detail_path": "advisories/ZDI-25-746", "id": "ZDI-25-746", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Information Disclosure Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-746/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25645", "zdi_id": "ZDI-25-746" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reset_password.cgi endpo...", "detail_json": "/data/advisories/ZDI-25-745/advisory.json", "detail_path": "advisories/ZDI-25-745", "id": "ZDI-25-745", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Information Disclosure Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-745/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25644", "zdi_id": "ZDI-25-745" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reset_password.cgi endpoint. The...", "detail_json": "/data/advisories/ZDI-25-744/advisory.json", "detail_path": "advisories/ZDI-25-744", "id": "ZDI-25-744", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-744/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25483", "zdi_id": "ZDI-25-744" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-743/advisory.json", "detail_path": "advisories/ZDI-25-743", "id": "ZDI-25-743", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 qnap_exec Command Injection Privilege Escalation Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-743/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25585", "zdi_id": "ZDI-25-743" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Active Directory integration. The...", "detail_json": "/data/advisories/ZDI-25-742/advisory.json", "detail_path": "advisories/ZDI-25-742", "id": "ZDI-25-742", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Active Directory Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-742/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25587", "zdi_id": "ZDI-25-742" }, { "cve": "CVE-2024-50389", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability, however a specific configuration is necessary. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-25-741/advisory.json", "detail_path": "advisories/ZDI-25-741", "id": "ZDI-25-741", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 openvpn_cli user_name SQL Injection Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-741/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25580", "zdi_id": "ZDI-25-741" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the Backup and Restore functionality....", "detail_json": "/data/advisories/ZDI-25-740/advisory.json", "detail_path": "advisories/ZDI-25-740", "id": "ZDI-25-740", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 backup Use of Hard-coded Cryptographic Key Privilege Escalation Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-740/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25641", "zdi_id": "ZDI-25-740" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fl...", "detail_json": "/data/advisories/ZDI-25-739/advisory.json", "detail_path": "advisories/ZDI-25-739", "id": "ZDI-25-739", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Remote Code Execution Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-739/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25634", "zdi_id": "ZDI-25-739" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default SSH credentials. The i...", "detail_json": "/data/advisories/ZDI-25-738/advisory.json", "detail_path": "advisories/ZDI-25-738", "id": "ZDI-25-738", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 SSH Use of Weak Credentials Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-738/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25635", "zdi_id": "ZDI-25-738" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the do_fetch method. The i...", "detail_json": "/data/advisories/ZDI-25-737/advisory.json", "detail_path": "advisories/ZDI-25-737", "id": "ZDI-25-737", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 do_fetch Improper Certificate Validation Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-737/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25530", "zdi_id": "ZDI-25-737" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-25-736/advisory.json", "detail_path": "advisories/ZDI-25-736", "id": "ZDI-25-736", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 access_setting HTTP Request Smuggling Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-736/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25632", "zdi_id": "ZDI-25-736" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-25-735/advisory.json", "detail_path": "advisories/ZDI-25-735", "id": "ZDI-25-735", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 local_pwd_reset HTTP Request Smuggling Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-735/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25631", "zdi_id": "ZDI-25-735" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPMI interface. The issue resu...", "detail_json": "/data/advisories/ZDI-25-734/advisory.json", "detail_path": "advisories/ZDI-25-734", "id": "ZDI-25-734", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(Pwn2Own) QNAP QHora-322 IPMI Use of Weak Credentials Authentication Bypass Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-734/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-25633", "zdi_id": "ZDI-25-734" }, { "cve": "CVE-2025-8426", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-25-733/advisory.json", "detail_path": "advisories/ZDI-25-733", "id": "ZDI-25-733", "kind": "published", "published_date": "2025-07-31", "status": "published", "title": "(0Day) Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability", "updated_date": "2025-07-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-733/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24915", "zdi_id": "ZDI-25-733" }, { "cve": "CVE-2025-8389", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-25-732/advisory.json", "detail_path": "advisories/ZDI-25-732", "id": "ZDI-25-732", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-732/", "vendor": "Lorex", "vendor_url": null, "zdi_can": "ZDI-CAN-25639", "zdi_id": "ZDI-25-732" }, { "cve": "CVE-2024-52544", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module....", "detail_json": "/data/advisories/ZDI-25-731/advisory.json", "detail_path": "advisories/ZDI-25-731", "id": "ZDI-25-731", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-731/", "vendor": "Lorex", "vendor_url": null, "zdi_can": "ZDI-CAN-25537", "zdi_id": "ZDI-25-731" }, { "cve": "CVE-2025-3132", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module....", "detail_json": "/data/advisories/ZDI-25-730/advisory.json", "detail_path": "advisories/ZDI-25-730", "id": "ZDI-25-730", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-730/", "vendor": "Lorex", "vendor_url": null, "zdi_can": "ZDI-CAN-25647", "zdi_id": "ZDI-25-730" }, { "cve": "CVE-2024-50126", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-729/advisory.json", "detail_path": "advisories/ZDI-25-729", "id": "ZDI-25-729", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu Kernel taprio Scheduler Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-729/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-23656", "zdi_id": "ZDI-25-729" }, { "cve": "CVE-2025-31239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the MediaToolbox framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-25-728/advisory.json", "detail_path": "advisories/ZDI-25-728", "id": "ZDI-25-728", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-728/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26782", "zdi_id": "ZDI-25-728" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-25-727/advisory.json", "detail_path": "advisories/ZDI-25-727", "id": "ZDI-25-727", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "Apple macOS libFontValidation kern Table Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-727/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25365", "zdi_id": "ZDI-25-727" }, { "cve": "CVE-2025-7993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-726/advisory.json", "detail_path": "advisories/ZDI-25-726", "id": "ZDI-25-726", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-726/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25355", "zdi_id": "ZDI-25-726" }, { "cve": "CVE-2025-8006", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-725/advisory.json", "detail_path": "advisories/ZDI-25-725", "id": "ZDI-25-725", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-725/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26238", "zdi_id": "ZDI-25-725" }, { "cve": "CVE-2025-8002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-724/advisory.json", "detail_path": "advisories/ZDI-25-724", "id": "ZDI-25-724", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-724/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26233", "zdi_id": "ZDI-25-724" }, { "cve": "CVE-2025-8004", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-723/advisory.json", "detail_path": "advisories/ZDI-25-723", "id": "ZDI-25-723", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-723/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26236", "zdi_id": "ZDI-25-723" }, { "cve": "CVE-2025-8005", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-722/advisory.json", "detail_path": "advisories/ZDI-25-722", "id": "ZDI-25-722", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-722/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26237", "zdi_id": "ZDI-25-722" }, { "cve": "CVE-2025-8001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-721/advisory.json", "detail_path": "advisories/ZDI-25-721", "id": "ZDI-25-721", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-721/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26053", "zdi_id": "ZDI-25-721" }, { "cve": "CVE-2025-8003", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-720/advisory.json", "detail_path": "advisories/ZDI-25-720", "id": "ZDI-25-720", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-720/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26235", "zdi_id": "ZDI-25-720" }, { "cve": "CVE-2025-7997", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-719/advisory.json", "detail_path": "advisories/ZDI-25-719", "id": "ZDI-25-719", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-719/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26045", "zdi_id": "ZDI-25-719" }, { "cve": "CVE-2025-8000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-718/advisory.json", "detail_path": "advisories/ZDI-25-718", "id": "ZDI-25-718", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-718/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26051", "zdi_id": "ZDI-25-718" }, { "cve": "CVE-2025-7995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-717/advisory.json", "detail_path": "advisories/ZDI-25-717", "id": "ZDI-25-717", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-717/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25981", "zdi_id": "ZDI-25-717" }, { "cve": "CVE-2025-7996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-716/advisory.json", "detail_path": "advisories/ZDI-25-716", "id": "ZDI-25-716", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-716/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25982", "zdi_id": "ZDI-25-716" }, { "cve": "CVE-2025-7998", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-715/advisory.json", "detail_path": "advisories/ZDI-25-715", "id": "ZDI-25-715", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-715/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26046", "zdi_id": "ZDI-25-715" }, { "cve": "CVE-2025-7994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-714/advisory.json", "detail_path": "advisories/ZDI-25-714", "id": "ZDI-25-714", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-714/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25976", "zdi_id": "ZDI-25-714" }, { "cve": "CVE-2025-7999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-713/advisory.json", "detail_path": "advisories/ZDI-25-713", "id": "ZDI-25-713", "kind": "published", "published_date": "2025-07-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-713/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-26049", "zdi_id": "ZDI-25-713" }, { "cve": "CVE-2025-8321", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feat...", "detail_json": "/data/advisories/ZDI-25-712/advisory.json", "detail_path": "advisories/ZDI-25-712", "id": "ZDI-25-712", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "(Pwn2Own) Tesla Wall Connector Firmware Downgrade Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-712/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-26299", "zdi_id": "ZDI-25-712" }, { "cve": "CVE-2025-8320", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HTTP Con...", "detail_json": "/data/advisories/ZDI-25-711/advisory.json", "detail_path": "advisories/ZDI-25-711", "id": "ZDI-25-711", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "(Pwn2Own) Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-711/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-26300", "zdi_id": "ZDI-25-711" }, { "cve": "CVE-2024-45710", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-25-710/advisory.json", "detail_path": "advisories/ZDI-25-710", "id": "ZDI-25-710", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "SolarWinds Platform SolarWindsAgent64 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-710/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-24672", "zdi_id": "ZDI-25-710" }, { "cve": "CVE-2025-43214", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-709/advisory.json", "detail_path": "advisories/ZDI-25-709", "id": "ZDI-25-709", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple Safari JavaScriptCore WasmToJSException Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-08-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-709/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27217", "zdi_id": "ZDI-25-709" }, { "cve": "CVE-2024-3863", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malic...", "detail_json": "/data/advisories/ZDI-25-708/advisory.json", "detail_path": "advisories/ZDI-25-708", "id": "ZDI-25-708", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Mozilla Firefox Web Page Download Mark-Of-The-Web Protection Mechanism Failure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-708/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-22536", "zdi_id": "ZDI-25-708" }, { "cve": "CVE-2024-13960", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-707/advisory.json", "detail_path": "advisories/ZDI-25-707", "id": "ZDI-25-707", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "AVG TuneUp for PC TuneUp Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-707/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-23383", "zdi_id": "ZDI-25-707" }, { "cve": "CVE-2025-7675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-706/advisory.json", "detail_path": "advisories/ZDI-25-706", "id": "ZDI-25-706", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-706/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27226", "zdi_id": "ZDI-25-706" }, { "cve": "CVE-2025-7497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-705/advisory.json", "detail_path": "advisories/ZDI-25-705", "id": "ZDI-25-705", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-705/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27225", "zdi_id": "ZDI-25-705" }, { "cve": "CVE-2025-6637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-704/advisory.json", "detail_path": "advisories/ZDI-25-704", "id": "ZDI-25-704", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-704/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27223", "zdi_id": "ZDI-25-704" }, { "cve": "CVE-2025-6636", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-703/advisory.json", "detail_path": "advisories/ZDI-25-703", "id": "ZDI-25-703", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-703/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27222", "zdi_id": "ZDI-25-703" }, { "cve": "CVE-2025-6635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-702/advisory.json", "detail_path": "advisories/ZDI-25-702", "id": "ZDI-25-702", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-702/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27253", "zdi_id": "ZDI-25-702" }, { "cve": "CVE-2025-6631", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-701/advisory.json", "detail_path": "advisories/ZDI-25-701", "id": "ZDI-25-701", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-701/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27221", "zdi_id": "ZDI-25-701" }, { "cve": "CVE-2025-5038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-700/advisory.json", "detail_path": "advisories/ZDI-25-700", "id": "ZDI-25-700", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-700/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26927", "zdi_id": "ZDI-25-700" }, { "cve": "CVE-2025-5043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-699/advisory.json", "detail_path": "advisories/ZDI-25-699", "id": "ZDI-25-699", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-699/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26848", "zdi_id": "ZDI-25-699" }, { "cve": "CVE-2024-13962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-25-698/advisory.json", "detail_path": "advisories/ZDI-25-698", "id": "ZDI-25-698", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-698/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-25548", "zdi_id": "ZDI-25-698" }, { "cve": "CVE-2024-13959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-697/advisory.json", "detail_path": "advisories/ZDI-25-697", "id": "ZDI-25-697", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-697/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-25498", "zdi_id": "ZDI-25-697" }, { "cve": "CVE-2024-13961", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-25-696/advisory.json", "detail_path": "advisories/ZDI-25-696", "id": "ZDI-25-696", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-696/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-25549", "zdi_id": "ZDI-25-696" }, { "cve": "CVE-2024-13944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-695/advisory.json", "detail_path": "advisories/ZDI-25-695", "id": "ZDI-25-695", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-695/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-25509", "zdi_id": "ZDI-25-695" }, { "cve": "CVE-2025-53416", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-694/advisory.json", "detail_path": "advisories/ZDI-25-694", "id": "ZDI-25-694", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-694/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25406", "zdi_id": "ZDI-25-694" }, { "cve": "CVE-2024-13944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Norton Utilities Ultimate. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-25-693/advisory.json", "detail_path": "advisories/ZDI-25-693", "id": "ZDI-25-693", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Norton Utilities Ultimate NortonUtilitiesSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-693/", "vendor": "Norton", "vendor_url": null, "zdi_can": "ZDI-CAN-25570", "zdi_id": "ZDI-25-693" }, { "cve": "CVE-2024-21273", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-692/advisory.json", "detail_path": "advisories/ZDI-25-692", "id": "ZDI-25-692", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Oracle VirtualBox VirtIO-SCSI Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-692/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-25015", "zdi_id": "ZDI-25-692" }, { "cve": "CVE-2025-43221", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-691/advisory.json", "detail_path": "advisories/ZDI-25-691", "id": "ZDI-25-691", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-691/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26915", "zdi_id": "ZDI-25-691" }, { "cve": "CVE-2025-43221", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-690/advisory.json", "detail_path": "advisories/ZDI-25-690", "id": "ZDI-25-690", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-690/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26909", "zdi_id": "ZDI-25-690" }, { "cve": "CVE-2025-31281", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-689/advisory.json", "detail_path": "advisories/ZDI-25-689", "id": "ZDI-25-689", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-689/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27107", "zdi_id": "ZDI-25-689" }, { "cve": "CVE-2025-31281", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-688/advisory.json", "detail_path": "advisories/ZDI-25-688", "id": "ZDI-25-688", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-688/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26966", "zdi_id": "ZDI-25-688" }, { "cve": "CVE-2025-31281", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-687/advisory.json", "detail_path": "advisories/ZDI-25-687", "id": "ZDI-25-687", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD readAccessorDataToFloat Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-687/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26846", "zdi_id": "ZDI-25-687" }, { "cve": "CVE-2025-43224", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-686/advisory.json", "detail_path": "advisories/ZDI-25-686", "id": "ZDI-25-686", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-686/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26914", "zdi_id": "ZDI-25-686" }, { "cve": "CVE-2025-43224", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-685/advisory.json", "detail_path": "advisories/ZDI-25-685", "id": "ZDI-25-685", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-685/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26853", "zdi_id": "ZDI-25-685" }, { "cve": "CVE-2025-43224", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-684/advisory.json", "detail_path": "advisories/ZDI-25-684", "id": "ZDI-25-684", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-684/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26830", "zdi_id": "ZDI-25-684" }, { "cve": "CVE-2025-43264", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-683/advisory.json", "detail_path": "advisories/ZDI-25-683", "id": "ZDI-25-683", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importMeshJointWeights Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-683/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27105", "zdi_id": "ZDI-25-683" }, { "cve": "CVE-2025-43264", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-682/advisory.json", "detail_path": "advisories/ZDI-25-682", "id": "ZDI-25-682", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importMeshes Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-682/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26829", "zdi_id": "ZDI-25-682" }, { "cve": "CVE-2025-43210", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-681/advisory.json", "detail_path": "advisories/ZDI-25-681", "id": "ZDI-25-681", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-681/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27287", "zdi_id": "ZDI-25-681" }, { "cve": "CVE-2025-43186", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-680/advisory.json", "detail_path": "advisories/ZDI-25-680", "id": "ZDI-25-680", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS AudioToolbox MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-680/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27274", "zdi_id": "ZDI-25-680" }, { "cve": "CVE-2025-43215", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-679/advisory.json", "detail_path": "advisories/ZDI-25-679", "id": "ZDI-25-679", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD readColor Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-679/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27106", "zdi_id": "ZDI-25-679" }, { "cve": "CVE-2025-43239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-678/advisory.json", "detail_path": "advisories/ZDI-25-678", "id": "ZDI-25-678", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-678/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27041", "zdi_id": "ZDI-25-678" }, { "cve": "CVE-2025-43218", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-677/advisory.json", "detail_path": "advisories/ZDI-25-677", "id": "ZDI-25-677", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD CustomLoadImageData Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-677/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-27036", "zdi_id": "ZDI-25-677" }, { "cve": "CVE-2025-43219", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-25-676/advisory.json", "detail_path": "advisories/ZDI-25-676", "id": "ZDI-25-676", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD importSkeletons Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-676/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26978", "zdi_id": "ZDI-25-676" }, { "cve": "CVE-2025-31280", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-25-675/advisory.json", "detail_path": "advisories/ZDI-25-675", "id": "ZDI-25-675", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS USD readAccessorInts Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-675/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26847", "zdi_id": "ZDI-25-675" }, { "cve": "CVE-2025-43255", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-674/advisory.json", "detail_path": "advisories/ZDI-25-674", "id": "ZDI-25-674", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-674/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26636", "zdi_id": "ZDI-25-674" }, { "cve": "CVE-2025-43209", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-673/advisory.json", "detail_path": "advisories/ZDI-25-673", "id": "ZDI-25-673", "kind": "published", "published_date": "2025-07-29", "status": "published", "title": "Apple Safari getHourCycles Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-673/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26616", "zdi_id": "ZDI-25-673" }, { "cve": "CVE-2025-54442", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the filenameHasEx...", "detail_json": "/data/advisories/ZDI-25-672/advisory.json", "detail_path": "advisories/ZDI-25-672", "id": "ZDI-25-672", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-672/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25806", "zdi_id": "ZDI-25-672" }, { "cve": "CVE-2025-54455", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PremiumClientService class. The issu...", "detail_json": "/data/advisories/ZDI-25-671/advisory.json", "detail_path": "advisories/ZDI-25-671", "id": "ZDI-25-671", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-671/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25978", "zdi_id": "ZDI-25-671" }, { "cve": "CVE-2025-54454", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PremiumClientService class. The issu...", "detail_json": "/data/advisories/ZDI-25-670/advisory.json", "detail_path": "advisories/ZDI-25-670", "id": "ZDI-25-670", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-670/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25839", "zdi_id": "ZDI-25-670" }, { "cve": "CVE-2025-54453", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...", "detail_json": "/data/advisories/ZDI-25-669/advisory.json", "detail_path": "advisories/ZDI-25-669", "id": "ZDI-25-669", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server FtpMetaUploadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-669/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25802", "zdi_id": "ZDI-25-669" }, { "cve": "CVE-2025-54452", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ServletAuthenticationProce...", "detail_json": "/data/advisories/ZDI-25-668/advisory.json", "detail_path": "advisories/ZDI-25-668", "id": "ZDI-25-668", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server ServletAuthenticationProcessingFilter Authentication Bypass Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-668/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25800", "zdi_id": "ZDI-25-668" }, { "cve": "CVE-2025-54451", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from...", "detail_json": "/data/advisories/ZDI-25-667/advisory.json", "detail_path": "advisories/ZDI-25-667", "id": "ZDI-25-667", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server MagicInfoCache Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-667/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-26058", "zdi_id": "ZDI-25-667" }, { "cve": "CVE-2025-54450", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeviceLogUploadServlet class. The issue...", "detail_json": "/data/advisories/ZDI-25-666/advisory.json", "detail_path": "advisories/ZDI-25-666", "id": "ZDI-25-666", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-666/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-26057", "zdi_id": "ZDI-25-666" }, { "cve": "CVE-2025-54449", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fillLftOrLfdI...", "detail_json": "/data/advisories/ZDI-25-665/advisory.json", "detail_path": "advisories/ZDI-25-665", "id": "ZDI-25-665", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-665/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25873", "zdi_id": "ZDI-25-665" }, { "cve": "CVE-2025-54448", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyResourceT...", "detail_json": "/data/advisories/ZDI-25-664/advisory.json", "detail_path": "advisories/ZDI-25-664", "id": "ZDI-25-664", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server copyResourceToFile Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-664/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25874", "zdi_id": "ZDI-25-664" }, { "cve": "CVE-2025-54447", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenApiController class. The issue...", "detail_json": "/data/advisories/ZDI-25-663/advisory.json", "detail_path": "advisories/ZDI-25-663", "id": "ZDI-25-663", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server OpenApiController Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-663/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25885", "zdi_id": "ZDI-25-663" }, { "cve": "CVE-2025-54446", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ResponseUploadActivity class. The i...", "detail_json": "/data/advisories/ZDI-25-662/advisory.json", "detail_path": "advisories/ZDI-25-662", "id": "ZDI-25-662", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server ResponseUploadActivity Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-662/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25955", "zdi_id": "ZDI-25-662" }, { "cve": "CVE-2025-54445", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the parse...", "detail_json": "/data/advisories/ZDI-25-661/advisory.json", "detail_path": "advisories/ZDI-25-661", "id": "ZDI-25-661", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server parseXMLString XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-661/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25860", "zdi_id": "ZDI-25-661" }, { "cve": "CVE-2025-54444", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the filenameHasEx...", "detail_json": "/data/advisories/ZDI-25-660/advisory.json", "detail_path": "advisories/ZDI-25-660", "id": "ZDI-25-660", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-660/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25804", "zdi_id": "ZDI-25-660" }, { "cve": "CVE-2025-54443", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWUpdateFileUploadServlet class. Th...", "detail_json": "/data/advisories/ZDI-25-659/advisory.json", "detail_path": "advisories/ZDI-25-659", "id": "ZDI-25-659", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server SWUpdateFileUploadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-659/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25772", "zdi_id": "ZDI-25-659" }, { "cve": "CVE-2025-54441", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...", "detail_json": "/data/advisories/ZDI-25-658/advisory.json", "detail_path": "advisories/ZDI-25-658", "id": "ZDI-25-658", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server getFontFileFromMagicInfoServer Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-658/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25807", "zdi_id": "ZDI-25-658" }, { "cve": "CVE-2025-54440", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MagicInfoWebAuthorClient app. The i...", "detail_json": "/data/advisories/ZDI-25-657/advisory.json", "detail_path": "advisories/ZDI-25-657", "id": "ZDI-25-657", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-657/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-26519", "zdi_id": "ZDI-25-657" }, { "cve": "CVE-2025-54439", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...", "detail_json": "/data/advisories/ZDI-25-656/advisory.json", "detail_path": "advisories/ZDI-25-656", "id": "ZDI-25-656", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server getZipFileListForImport Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-656/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25809", "zdi_id": "ZDI-25-656" }, { "cve": "CVE-2025-54438", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadChangedFiles function. The i...", "detail_json": "/data/advisories/ZDI-25-655/advisory.json", "detail_path": "advisories/ZDI-25-655", "id": "ZDI-25-655", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-655/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-26520", "zdi_id": "ZDI-25-655" }, { "cve": "CVE-2025-26397", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds TFTP Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-654/advisory.json", "detail_path": "advisories/ZDI-25-654", "id": "ZDI-25-654", "kind": "published", "published_date": "2025-07-28", "status": "published", "title": "SolarWinds TFTP Server Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": "2025-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-654/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-26280", "zdi_id": "ZDI-25-654" }, { "cve": "CVE-2025-53770", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specif...", "detail_json": "/data/advisories/ZDI-25-653/advisory.json", "detail_path": "advisories/ZDI-25-653", "id": "ZDI-25-653", "kind": "published", "published_date": "2025-07-25", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-653/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27791", "zdi_id": "ZDI-25-653" }, { "cve": "CVE-2025-53771", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ToolPane endpoint. The application does no...", "detail_json": "/data/advisories/ZDI-25-652/advisory.json", "detail_path": "advisories/ZDI-25-652", "id": "ZDI-25-652", "kind": "published", "published_date": "2025-07-25", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability", "updated_date": "2025-07-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-652/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27790", "zdi_id": "ZDI-25-652" }, { "cve": "CVE-2025-38350", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-651/advisory.json", "detail_path": "advisories/ZDI-25-651", "id": "ZDI-25-651", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "(Pwn2Own) Red Hat Enterprise Linux CBS Packet Scheduling Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-651/", "vendor": "Red Hat", "vendor_url": null, "zdi_can": "ZDI-CAN-27159", "zdi_id": "ZDI-25-651" }, { "cve": "CVE-2025-6685", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of v...", "detail_json": "/data/advisories/ZDI-25-650/advisory.json", "detail_path": "advisories/ZDI-25-650", "id": "ZDI-25-650", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "ATEN eco DC Missing Authorization Privilege Escalation Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-650/", "vendor": "ATEN", "vendor_url": null, "zdi_can": "ZDI-CAN-26647", "zdi_id": "ZDI-25-650" }, { "cve": "CVE-2025-24287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili...", "detail_json": "/data/advisories/ZDI-25-649/advisory.json", "detail_path": "advisories/ZDI-25-649", "id": "ZDI-25-649", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "Veeam Agent for Microsoft Windows Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-649/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-25685", "zdi_id": "ZDI-25-649" }, { "cve": "CVE-2025-7976", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-648/advisory.json", "detail_path": "advisories/ZDI-25-648", "id": "ZDI-25-648", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-648/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-26882", "zdi_id": "ZDI-25-648" }, { "cve": "CVE-2025-7975", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-647/advisory.json", "detail_path": "advisories/ZDI-25-647", "id": "ZDI-25-647", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-647/", "vendor": "Anritsu", "vendor_url": null, "zdi_can": "ZDI-CAN-26913", "zdi_id": "ZDI-25-647" }, { "cve": "CVE-2025-8069", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-25-646/advisory.json", "detail_path": "advisories/ZDI-25-646", "id": "ZDI-25-646", "kind": "published", "published_date": "2025-07-24", "status": "published", "title": "Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-07-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-646/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-26780", "zdi_id": "ZDI-25-646" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-645/advisory.json", "detail_path": "advisories/ZDI-25-645", "id": "ZDI-25-645", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-645/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27254", "zdi_id": "ZDI-25-645" }, { "cve": "CVE-2025-7988", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-644/advisory.json", "detail_path": "advisories/ZDI-25-644", "id": "ZDI-25-644", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-644/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25862", "zdi_id": "ZDI-25-644" }, { "cve": "CVE-2025-7991", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-643/advisory.json", "detail_path": "advisories/ZDI-25-643", "id": "ZDI-25-643", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-643/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25945", "zdi_id": "ZDI-25-643" }, { "cve": "CVE-2025-7992", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-642/advisory.json", "detail_path": "advisories/ZDI-25-642", "id": "ZDI-25-642", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-642/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25972", "zdi_id": "ZDI-25-642" }, { "cve": "CVE-2025-7987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-641/advisory.json", "detail_path": "advisories/ZDI-25-641", "id": "ZDI-25-641", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-641/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25756", "zdi_id": "ZDI-25-641" }, { "cve": "CVE-2025-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-640/advisory.json", "detail_path": "advisories/ZDI-25-640", "id": "ZDI-25-640", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-640/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25943", "zdi_id": "ZDI-25-640" }, { "cve": "CVE-2025-7986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-639/advisory.json", "detail_path": "advisories/ZDI-25-639", "id": "ZDI-25-639", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-639/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25755", "zdi_id": "ZDI-25-639" }, { "cve": "CVE-2025-7990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-638/advisory.json", "detail_path": "advisories/ZDI-25-638", "id": "ZDI-25-638", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-638/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25944", "zdi_id": "ZDI-25-638" }, { "cve": "CVE-2025-7985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-637/advisory.json", "detail_path": "advisories/ZDI-25-637", "id": "ZDI-25-637", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-637/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25704", "zdi_id": "ZDI-25-637" }, { "cve": "CVE-2025-7984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-636/advisory.json", "detail_path": "advisories/ZDI-25-636", "id": "ZDI-25-636", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-636/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25700", "zdi_id": "ZDI-25-636" }, { "cve": "CVE-2025-7983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-635/advisory.json", "detail_path": "advisories/ZDI-25-635", "id": "ZDI-25-635", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-635/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25477", "zdi_id": "ZDI-25-635" }, { "cve": "CVE-2025-7981", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-634/advisory.json", "detail_path": "advisories/ZDI-25-634", "id": "ZDI-25-634", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-634/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25475", "zdi_id": "ZDI-25-634" }, { "cve": "CVE-2025-7979", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-633/advisory.json", "detail_path": "advisories/ZDI-25-633", "id": "ZDI-25-633", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-633/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25463", "zdi_id": "ZDI-25-633" }, { "cve": "CVE-2025-7978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-632/advisory.json", "detail_path": "advisories/ZDI-25-632", "id": "ZDI-25-632", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-632/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25459", "zdi_id": "ZDI-25-632" }, { "cve": "CVE-2025-7980", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-631/advisory.json", "detail_path": "advisories/ZDI-25-631", "id": "ZDI-25-631", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-631/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25465", "zdi_id": "ZDI-25-631" }, { "cve": "CVE-2025-7982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-630/advisory.json", "detail_path": "advisories/ZDI-25-630", "id": "ZDI-25-630", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-630/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25476", "zdi_id": "ZDI-25-630" }, { "cve": "CVE-2025-7977", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-629/advisory.json", "detail_path": "advisories/ZDI-25-629", "id": "ZDI-25-629", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-629/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25354", "zdi_id": "ZDI-25-629" }, { "cve": "CVE-2025-25271", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation...", "detail_json": "/data/advisories/ZDI-25-628/advisory.json", "detail_path": "advisories/ZDI-25-628", "id": "ZDI-25-628", "kind": "published", "published_date": "2025-07-22", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability", "updated_date": "2025-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-628/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-26346", "zdi_id": "ZDI-25-628" }, { "cve": "CVE-2025-7974", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 300...", "detail_json": "/data/advisories/ZDI-25-627/advisory.json", "detail_path": "advisories/ZDI-25-627", "id": "ZDI-25-627", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "rocket.chat Incorrect Authorization Information Disclosure Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-627/", "vendor": "rocket.chat", "vendor_url": null, "zdi_can": "ZDI-CAN-26517", "zdi_id": "ZDI-25-627" }, { "cve": "CVE-2025-23266", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-626/advisory.json", "detail_path": "advisories/ZDI-25-626", "id": "ZDI-25-626", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "(Pwn2Own) NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-626/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-27193", "zdi_id": "ZDI-25-626" }, { "cve": "CVE-2025-24286", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobManagmentService comp...", "detail_json": "/data/advisories/ZDI-25-625/advisory.json", "detail_path": "advisories/ZDI-25-625", "id": "ZDI-25-625", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-625/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-26062", "zdi_id": "ZDI-25-625" }, { "cve": "CVE-2024-25995", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of t...", "detail_json": "/data/advisories/ZDI-25-624/advisory.json", "detail_path": "advisories/ZDI-25-624", "id": "ZDI-25-624", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-624/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23328", "zdi_id": "ZDI-25-624" }, { "cve": "CVE-2025-25270", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-623/advisory.json", "detail_path": "advisories/ZDI-25-623", "id": "ZDI-25-623", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-623/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-26332", "zdi_id": "ZDI-25-623" }, { "cve": "CVE-2025-25268", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration...", "detail_json": "/data/advisories/ZDI-25-622/advisory.json", "detail_path": "advisories/ZDI-25-622", "id": "ZDI-25-622", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-622/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-26331", "zdi_id": "ZDI-25-622" }, { "cve": "CVE-2025-25269", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration...", "detail_json": "/data/advisories/ZDI-25-621/advisory.json", "detail_path": "advisories/ZDI-25-621", "id": "ZDI-25-621", "kind": "published", "published_date": "2025-07-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-621/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-26350", "zdi_id": "ZDI-25-621" }, { "cve": "CVE-2025-6973", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-620/advisory.json", "detail_path": "advisories/ZDI-25-620", "id": "ZDI-25-620", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-620/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26901", "zdi_id": "ZDI-25-620" }, { "cve": "CVE-2025-0831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-619/advisory.json", "detail_path": "advisories/ZDI-25-619", "id": "ZDI-25-619", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-619/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26813", "zdi_id": "ZDI-25-619" }, { "cve": "CVE-2025-6974", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-618/advisory.json", "detail_path": "advisories/ZDI-25-618", "id": "ZDI-25-618", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-618/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26895", "zdi_id": "ZDI-25-618" }, { "cve": "CVE-2025-6972", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-617/advisory.json", "detail_path": "advisories/ZDI-25-617", "id": "ZDI-25-617", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-617/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26971", "zdi_id": "ZDI-25-617" }, { "cve": "CVE-2025-6971", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-616/advisory.json", "detail_path": "advisories/ZDI-25-616", "id": "ZDI-25-616", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-616/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26975", "zdi_id": "ZDI-25-616" }, { "cve": "CVE-2025-7042", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-615/advisory.json", "detail_path": "advisories/ZDI-25-615", "id": "ZDI-25-615", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer IPT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-615/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-27117", "zdi_id": "ZDI-25-615" }, { "cve": "CVE-2025-37107", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service,...", "detail_json": "/data/advisories/ZDI-25-614/advisory.json", "detail_path": "advisories/ZDI-25-614", "id": "ZDI-25-614", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-614/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25791", "zdi_id": "ZDI-25-614" }, { "cve": "CVE-2025-37106", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information or edit configuration on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-613/advisory.json", "detail_path": "advisories/ZDI-25-613", "id": "ZDI-25-613", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-613/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25790", "zdi_id": "ZDI-25-613" }, { "cve": "CVE-2025-37105", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the h...", "detail_json": "/data/advisories/ZDI-25-612/advisory.json", "detail_path": "advisories/ZDI-25-612", "id": "ZDI-25-612", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-612/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25789", "zdi_id": "ZDI-25-612" }, { "cve": "CVE-2025-41239", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-611/advisory.json", "detail_path": "advisories/ZDI-25-611", "id": "ZDI-25-611", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-611/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-27123", "zdi_id": "ZDI-25-611" }, { "cve": "CVE-2025-38191", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the destroy_previous_session functi...", "detail_json": "/data/advisories/ZDI-25-610/advisory.json", "detail_path": "advisories/ZDI-25-610", "id": "ZDI-25-610", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-610/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-27391", "zdi_id": "ZDI-25-610" }, { "cve": "CVE-2025-20281", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the invokeStr...", "detail_json": "/data/advisories/ZDI-25-609/advisory.json", "detail_path": "advisories/ZDI-25-609", "id": "ZDI-25-609", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine invokeStrongSwanShellScript Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-609/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-27121", "zdi_id": "ZDI-25-609" }, { "cve": "CVE-2025-20282", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the handleFil...", "detail_json": "/data/advisories/ZDI-25-608/advisory.json", "detail_path": "advisories/ZDI-25-608", "id": "ZDI-25-608", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine handleFilesUpload Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-608/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-26483", "zdi_id": "ZDI-25-608" }, { "cve": "CVE-2025-20337", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the enableStr...", "detail_json": "/data/advisories/ZDI-25-607/advisory.json", "detail_path": "advisories/ZDI-25-607", "id": "ZDI-25-607", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine enableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-607/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-26481", "zdi_id": "ZDI-25-607" }, { "cve": "CVE-2025-20284", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the handleStrongS...", "detail_json": "/data/advisories/ZDI-25-606/advisory.json", "detail_path": "advisories/ZDI-25-606", "id": "ZDI-25-606", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine handleStrongSwanTunnelStatus Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-606/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-26482", "zdi_id": "ZDI-25-606" }, { "cve": "CVE-2025-20285", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass IP restrictions on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web.xml file....", "detail_json": "/data/advisories/ZDI-25-605/advisory.json", "detail_path": "advisories/ZDI-25-605", "id": "ZDI-25-605", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-605/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-26480", "zdi_id": "ZDI-25-605" }, { "cve": "CVE-2025-20283", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the disableStrong...", "detail_json": "/data/advisories/ZDI-25-604/advisory.json", "detail_path": "advisories/ZDI-25-604", "id": "ZDI-25-604", "kind": "published", "published_date": "2025-07-17", "status": "published", "title": "Cisco Identity Services Engine disableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-604/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-26479", "zdi_id": "ZDI-25-604" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-603/advisory.json", "detail_path": "advisories/ZDI-25-603", "id": "ZDI-25-603", "kind": "published", "published_date": "2025-07-16", "status": "published", "title": "Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-603/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27152", "zdi_id": "ZDI-25-603" }, { "cve": "CVE-2025-53027", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-602/advisory.json", "detail_path": "advisories/ZDI-25-602", "id": "ZDI-25-602", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-602/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27154", "zdi_id": "ZDI-25-602" }, { "cve": "CVE-2025-53024", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-601/advisory.json", "detail_path": "advisories/ZDI-25-601", "id": "ZDI-25-601", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-601/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27122", "zdi_id": "ZDI-25-601" }, { "cve": "CVE-2025-53028", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-600/advisory.json", "detail_path": "advisories/ZDI-25-600", "id": "ZDI-25-600", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-600/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-27163", "zdi_id": "ZDI-25-600" }, { "cve": "CVE-2025-53026", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-599/advisory.json", "detail_path": "advisories/ZDI-25-599", "id": "ZDI-25-599", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-599/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-26653", "zdi_id": "ZDI-25-599" }, { "cve": "CVE-2025-53025", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-598/advisory.json", "detail_path": "advisories/ZDI-25-598", "id": "ZDI-25-598", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-598/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-26654", "zdi_id": "ZDI-25-598" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-597/advisory.json", "detail_path": "advisories/ZDI-25-597", "id": "ZDI-25-597", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-597/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26922", "zdi_id": "ZDI-25-597" }, { "cve": "CVE-2025-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-596/advisory.json", "detail_path": "advisories/ZDI-25-596", "id": "ZDI-25-596", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-596/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26917", "zdi_id": "ZDI-25-596" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-595/advisory.json", "detail_path": "advisories/ZDI-25-595", "id": "ZDI-25-595", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-595/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-27098", "zdi_id": "ZDI-25-595" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-594/advisory.json", "detail_path": "advisories/ZDI-25-594", "id": "ZDI-25-594", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-594/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26963", "zdi_id": "ZDI-25-594" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-593/advisory.json", "detail_path": "advisories/ZDI-25-593", "id": "ZDI-25-593", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-593/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26925", "zdi_id": "ZDI-25-593" }, { "cve": "CVE-2025-5037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-592/advisory.json", "detail_path": "advisories/ZDI-25-592", "id": "ZDI-25-592", "kind": "published", "published_date": "2025-07-15", "status": "published", "title": "Autodesk Revit RVT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-592/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26923", "zdi_id": "ZDI-25-592" }, { "cve": "CVE-2025-53415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-591/advisory.json", "detail_path": "advisories/ZDI-25-591", "id": "ZDI-25-591", "kind": "published", "published_date": "2025-07-11", "status": "published", "title": "Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-591/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26161", "zdi_id": "ZDI-25-591" }, { "cve": "CVE-2025-2790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-25-590/advisory.json", "detail_path": "advisories/ZDI-25-590", "id": "ZDI-25-590", "kind": "published", "published_date": "2025-07-11", "status": "published", "title": "G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-590/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-26240", "zdi_id": "ZDI-25-590" }, { "cve": "CVE-2025-53378", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to hijack security agents on affected installations of Trend Micro Worry-Free Business Security. In most cases, user interaction is required to exploit this vulnerability in that the target must visit a malicious pag...", "detail_json": "/data/advisories/ZDI-25-589/advisory.json", "detail_path": "advisories/ZDI-25-589", "id": "ZDI-25-589", "kind": "published", "published_date": "2025-07-11", "status": "published", "title": "Trend Micro Worry-Free Business Security Missing Authentication Vulnerability", "updated_date": "2025-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-589/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25342", "zdi_id": "ZDI-25-589" }, { "cve": "CVE-2025-53503", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-25-588/advisory.json", "detail_path": "advisories/ZDI-25-588", "id": "ZDI-25-588", "kind": "published", "published_date": "2025-07-11", "status": "published", "title": "Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-588/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26484", "zdi_id": "ZDI-25-588" }, { "cve": "CVE-2025-7222", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-587/advisory.json", "detail_path": "advisories/ZDI-25-587", "id": "ZDI-25-587", "kind": "published", "published_date": "2025-07-11", "status": "published", "title": "Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-587/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-26473", "zdi_id": "ZDI-25-587" }, { "cve": "CVE-2025-52837", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-586/advisory.json", "detail_path": "advisories/ZDI-25-586", "id": "ZDI-25-586", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-586/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25729", "zdi_id": "ZDI-25-586" }, { "cve": "CVE-2025-52521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-585/advisory.json", "detail_path": "advisories/ZDI-25-585", "id": "ZDI-25-585", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-585/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-26887", "zdi_id": "ZDI-25-585" }, { "cve": "CVE-2025-49727", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-584/advisory.json", "detail_path": "advisories/ZDI-25-584", "id": "ZDI-25-584", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-584/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27167", "zdi_id": "ZDI-25-584" }, { "cve": "CVE-2025-49732", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-583/advisory.json", "detail_path": "advisories/ZDI-25-583", "id": "ZDI-25-583", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-583/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26791", "zdi_id": "ZDI-25-583" }, { "cve": "CVE-2025-49740", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-582/advisory.json", "detail_path": "advisories/ZDI-25-582", "id": "ZDI-25-582", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-582/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27246", "zdi_id": "ZDI-25-582" }, { "cve": "CVE-2025-49704", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specif...", "detail_json": "/data/advisories/ZDI-25-581/advisory.json", "detail_path": "advisories/ZDI-25-581", "id": "ZDI-25-581", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-581/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27247", "zdi_id": "ZDI-25-581" }, { "cve": "CVE-2025-49706", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Referer HTTP header provid...", "detail_json": "/data/advisories/ZDI-25-580/advisory.json", "detail_path": "advisories/ZDI-25-580", "id": "ZDI-25-580", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-27162", "zdi_id": "ZDI-25-580" }, { "cve": "CVE-2025-47993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-25-579/advisory.json", "detail_path": "advisories/ZDI-25-579", "id": "ZDI-25-579", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-579/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26249", "zdi_id": "ZDI-25-579" }, { "cve": "CVE-2025-49742", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-578/advisory.json", "detail_path": "advisories/ZDI-25-578", "id": "ZDI-25-578", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-578/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26768", "zdi_id": "ZDI-25-578" }, { "cve": "CVE-2025-48820", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-577/advisory.json", "detail_path": "advisories/ZDI-25-577", "id": "ZDI-25-577", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-577/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26358", "zdi_id": "ZDI-25-577" }, { "cve": "CVE-2025-40738", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-576/advisory.json", "detail_path": "advisories/ZDI-25-576", "id": "ZDI-25-576", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-576/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26572", "zdi_id": "ZDI-25-576" }, { "cve": "CVE-2025-40737", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-575/advisory.json", "detail_path": "advisories/ZDI-25-575", "id": "ZDI-25-575", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-575/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26571", "zdi_id": "ZDI-25-575" }, { "cve": "CVE-2025-40736", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the reqToChangePassword met...", "detail_json": "/data/advisories/ZDI-25-574/advisory.json", "detail_path": "advisories/ZDI-25-574", "id": "ZDI-25-574", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-574/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-26569", "zdi_id": "ZDI-25-574" }, { "cve": "CVE-2025-7299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-573/advisory.json", "detail_path": "advisories/ZDI-25-573", "id": "ZDI-25-573", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-573/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26376", "zdi_id": "ZDI-25-573" }, { "cve": "CVE-2025-7325", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-572/advisory.json", "detail_path": "advisories/ZDI-25-572", "id": "ZDI-25-572", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-572/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26434", "zdi_id": "ZDI-25-572" }, { "cve": "CVE-2025-7324", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-571/advisory.json", "detail_path": "advisories/ZDI-25-571", "id": "ZDI-25-571", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-571/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26430", "zdi_id": "ZDI-25-571" }, { "cve": "CVE-2025-7323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-570/advisory.json", "detail_path": "advisories/ZDI-25-570", "id": "ZDI-25-570", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-570/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26428", "zdi_id": "ZDI-25-570" }, { "cve": "CVE-2025-7322", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-569/advisory.json", "detail_path": "advisories/ZDI-25-569", "id": "ZDI-25-569", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-569/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26423", "zdi_id": "ZDI-25-569" }, { "cve": "CVE-2025-7321", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-568/advisory.json", "detail_path": "advisories/ZDI-25-568", "id": "ZDI-25-568", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-568/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26421", "zdi_id": "ZDI-25-568" }, { "cve": "CVE-2025-7320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-567/advisory.json", "detail_path": "advisories/ZDI-25-567", "id": "ZDI-25-567", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-567/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26418", "zdi_id": "ZDI-25-567" }, { "cve": "CVE-2025-7319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-566/advisory.json", "detail_path": "advisories/ZDI-25-566", "id": "ZDI-25-566", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-566/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26413", "zdi_id": "ZDI-25-566" }, { "cve": "CVE-2025-7318", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-565/advisory.json", "detail_path": "advisories/ZDI-25-565", "id": "ZDI-25-565", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-565/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26412", "zdi_id": "ZDI-25-565" }, { "cve": "CVE-2025-7317", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-564/advisory.json", "detail_path": "advisories/ZDI-25-564", "id": "ZDI-25-564", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-564/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26411", "zdi_id": "ZDI-25-564" }, { "cve": "CVE-2025-7316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-563/advisory.json", "detail_path": "advisories/ZDI-25-563", "id": "ZDI-25-563", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-563/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26410", "zdi_id": "ZDI-25-563" }, { "cve": "CVE-2025-7315", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-562/advisory.json", "detail_path": "advisories/ZDI-25-562", "id": "ZDI-25-562", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-562/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26408", "zdi_id": "ZDI-25-562" }, { "cve": "CVE-2025-7314", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-561/advisory.json", "detail_path": "advisories/ZDI-25-561", "id": "ZDI-25-561", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-561/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26400", "zdi_id": "ZDI-25-561" }, { "cve": "CVE-2025-7313", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-560/advisory.json", "detail_path": "advisories/ZDI-25-560", "id": "ZDI-25-560", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-560/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26399", "zdi_id": "ZDI-25-560" }, { "cve": "CVE-2025-7312", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-559/advisory.json", "detail_path": "advisories/ZDI-25-559", "id": "ZDI-25-559", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-559/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26398", "zdi_id": "ZDI-25-559" }, { "cve": "CVE-2025-7311", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-558/advisory.json", "detail_path": "advisories/ZDI-25-558", "id": "ZDI-25-558", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-558/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26395", "zdi_id": "ZDI-25-558" }, { "cve": "CVE-2025-7309", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-557/advisory.json", "detail_path": "advisories/ZDI-25-557", "id": "ZDI-25-557", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-557/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26391", "zdi_id": "ZDI-25-557" }, { "cve": "CVE-2025-7310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-556/advisory.json", "detail_path": "advisories/ZDI-25-556", "id": "ZDI-25-556", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-556/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26393", "zdi_id": "ZDI-25-556" }, { "cve": "CVE-2025-7308", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-555/advisory.json", "detail_path": "advisories/ZDI-25-555", "id": "ZDI-25-555", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-555/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26389", "zdi_id": "ZDI-25-555" }, { "cve": "CVE-2025-7307", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-554/advisory.json", "detail_path": "advisories/ZDI-25-554", "id": "ZDI-25-554", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-554/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26388", "zdi_id": "ZDI-25-554" }, { "cve": "CVE-2025-7306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-553/advisory.json", "detail_path": "advisories/ZDI-25-553", "id": "ZDI-25-553", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-553/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26387", "zdi_id": "ZDI-25-553" }, { "cve": "CVE-2025-7305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-552/advisory.json", "detail_path": "advisories/ZDI-25-552", "id": "ZDI-25-552", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-552/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26386", "zdi_id": "ZDI-25-552" }, { "cve": "CVE-2025-7304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-551/advisory.json", "detail_path": "advisories/ZDI-25-551", "id": "ZDI-25-551", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-551/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26385", "zdi_id": "ZDI-25-551" }, { "cve": "CVE-2025-7303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-550/advisory.json", "detail_path": "advisories/ZDI-25-550", "id": "ZDI-25-550", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-550/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26384", "zdi_id": "ZDI-25-550" }, { "cve": "CVE-2025-7302", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-549/advisory.json", "detail_path": "advisories/ZDI-25-549", "id": "ZDI-25-549", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-549/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26381", "zdi_id": "ZDI-25-549" }, { "cve": "CVE-2025-7301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-548/advisory.json", "detail_path": "advisories/ZDI-25-548", "id": "ZDI-25-548", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-548/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26380", "zdi_id": "ZDI-25-548" }, { "cve": "CVE-2025-7300", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-547/advisory.json", "detail_path": "advisories/ZDI-25-547", "id": "ZDI-25-547", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-547/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26377", "zdi_id": "ZDI-25-547" }, { "cve": "CVE-2025-7296", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-546/advisory.json", "detail_path": "advisories/ZDI-25-546", "id": "ZDI-25-546", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-546/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26243", "zdi_id": "ZDI-25-546" }, { "cve": "CVE-2025-7297", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-545/advisory.json", "detail_path": "advisories/ZDI-25-545", "id": "ZDI-25-545", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-545/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26244", "zdi_id": "ZDI-25-545" }, { "cve": "CVE-2025-7295", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-544/advisory.json", "detail_path": "advisories/ZDI-25-544", "id": "ZDI-25-544", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-544/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26242", "zdi_id": "ZDI-25-544" }, { "cve": "CVE-2025-7294", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-543/advisory.json", "detail_path": "advisories/ZDI-25-543", "id": "ZDI-25-543", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-543/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26230", "zdi_id": "ZDI-25-543" }, { "cve": "CVE-2025-7298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-542/advisory.json", "detail_path": "advisories/ZDI-25-542", "id": "ZDI-25-542", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-542/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26246", "zdi_id": "ZDI-25-542" }, { "cve": "CVE-2025-7293", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-541/advisory.json", "detail_path": "advisories/ZDI-25-541", "id": "ZDI-25-541", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-541/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26229", "zdi_id": "ZDI-25-541" }, { "cve": "CVE-2025-7292", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-540/advisory.json", "detail_path": "advisories/ZDI-25-540", "id": "ZDI-25-540", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-540/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26228", "zdi_id": "ZDI-25-540" }, { "cve": "CVE-2025-7291", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-539/advisory.json", "detail_path": "advisories/ZDI-25-539", "id": "ZDI-25-539", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-539/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26227", "zdi_id": "ZDI-25-539" }, { "cve": "CVE-2025-7290", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-538/advisory.json", "detail_path": "advisories/ZDI-25-538", "id": "ZDI-25-538", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-538/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26226", "zdi_id": "ZDI-25-538" }, { "cve": "CVE-2025-7285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-537/advisory.json", "detail_path": "advisories/ZDI-25-537", "id": "ZDI-25-537", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-537/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26221", "zdi_id": "ZDI-25-537" }, { "cve": "CVE-2025-7284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-536/advisory.json", "detail_path": "advisories/ZDI-25-536", "id": "ZDI-25-536", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-536/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26220", "zdi_id": "ZDI-25-536" }, { "cve": "CVE-2025-7289", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-535/advisory.json", "detail_path": "advisories/ZDI-25-535", "id": "ZDI-25-535", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-535/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26225", "zdi_id": "ZDI-25-535" }, { "cve": "CVE-2025-7288", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-534/advisory.json", "detail_path": "advisories/ZDI-25-534", "id": "ZDI-25-534", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-534/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26224", "zdi_id": "ZDI-25-534" }, { "cve": "CVE-2025-7287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-533/advisory.json", "detail_path": "advisories/ZDI-25-533", "id": "ZDI-25-533", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-533/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26223", "zdi_id": "ZDI-25-533" }, { "cve": "CVE-2025-7286", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-532/advisory.json", "detail_path": "advisories/ZDI-25-532", "id": "ZDI-25-532", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-532/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26222", "zdi_id": "ZDI-25-532" }, { "cve": "CVE-2025-7283", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-531/advisory.json", "detail_path": "advisories/ZDI-25-531", "id": "ZDI-25-531", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-531/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26219", "zdi_id": "ZDI-25-531" }, { "cve": "CVE-2025-7282", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-530/advisory.json", "detail_path": "advisories/ZDI-25-530", "id": "ZDI-25-530", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-530/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26216", "zdi_id": "ZDI-25-530" }, { "cve": "CVE-2025-7281", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-529/advisory.json", "detail_path": "advisories/ZDI-25-529", "id": "ZDI-25-529", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-529/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26215", "zdi_id": "ZDI-25-529" }, { "cve": "CVE-2025-7280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-528/advisory.json", "detail_path": "advisories/ZDI-25-528", "id": "ZDI-25-528", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-528/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26214", "zdi_id": "ZDI-25-528" }, { "cve": "CVE-2025-7279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-527/advisory.json", "detail_path": "advisories/ZDI-25-527", "id": "ZDI-25-527", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-527/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26213", "zdi_id": "ZDI-25-527" }, { "cve": "CVE-2025-7278", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-526/advisory.json", "detail_path": "advisories/ZDI-25-526", "id": "ZDI-25-526", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-526/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26211", "zdi_id": "ZDI-25-526" }, { "cve": "CVE-2025-7274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-525/advisory.json", "detail_path": "advisories/ZDI-25-525", "id": "ZDI-25-525", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-525/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26203", "zdi_id": "ZDI-25-525" }, { "cve": "CVE-2025-7277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-524/advisory.json", "detail_path": "advisories/ZDI-25-524", "id": "ZDI-25-524", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-524/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26209", "zdi_id": "ZDI-25-524" }, { "cve": "CVE-2025-7276", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-523/advisory.json", "detail_path": "advisories/ZDI-25-523", "id": "ZDI-25-523", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-523/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26208", "zdi_id": "ZDI-25-523" }, { "cve": "CVE-2025-7275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-522/advisory.json", "detail_path": "advisories/ZDI-25-522", "id": "ZDI-25-522", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-522/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26204", "zdi_id": "ZDI-25-522" }, { "cve": "CVE-2025-7272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-521/advisory.json", "detail_path": "advisories/ZDI-25-521", "id": "ZDI-25-521", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-521/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26198", "zdi_id": "ZDI-25-521" }, { "cve": "CVE-2025-7271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-520/advisory.json", "detail_path": "advisories/ZDI-25-520", "id": "ZDI-25-520", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-520/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26193", "zdi_id": "ZDI-25-520" }, { "cve": "CVE-2025-7273", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-519/advisory.json", "detail_path": "advisories/ZDI-25-519", "id": "ZDI-25-519", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-519/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26202", "zdi_id": "ZDI-25-519" }, { "cve": "CVE-2025-7270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-518/advisory.json", "detail_path": "advisories/ZDI-25-518", "id": "ZDI-25-518", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-518/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26189", "zdi_id": "ZDI-25-518" }, { "cve": "CVE-2025-7269", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-517/advisory.json", "detail_path": "advisories/ZDI-25-517", "id": "ZDI-25-517", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-517/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26188", "zdi_id": "ZDI-25-517" }, { "cve": "CVE-2025-7268", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-516/advisory.json", "detail_path": "advisories/ZDI-25-516", "id": "ZDI-25-516", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-516/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26182", "zdi_id": "ZDI-25-516" }, { "cve": "CVE-2025-7267", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-515/advisory.json", "detail_path": "advisories/ZDI-25-515", "id": "ZDI-25-515", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-515/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26179", "zdi_id": "ZDI-25-515" }, { "cve": "CVE-2025-7266", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-514/advisory.json", "detail_path": "advisories/ZDI-25-514", "id": "ZDI-25-514", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-514/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26174", "zdi_id": "ZDI-25-514" }, { "cve": "CVE-2025-7265", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-513/advisory.json", "detail_path": "advisories/ZDI-25-513", "id": "ZDI-25-513", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-513/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26173", "zdi_id": "ZDI-25-513" }, { "cve": "CVE-2025-7264", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-512/advisory.json", "detail_path": "advisories/ZDI-25-512", "id": "ZDI-25-512", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-512/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26171", "zdi_id": "ZDI-25-512" }, { "cve": "CVE-2025-7263", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-511/advisory.json", "detail_path": "advisories/ZDI-25-511", "id": "ZDI-25-511", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-511/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26170", "zdi_id": "ZDI-25-511" }, { "cve": "CVE-2025-7262", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-510/advisory.json", "detail_path": "advisories/ZDI-25-510", "id": "ZDI-25-510", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-510/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26132", "zdi_id": "ZDI-25-510" }, { "cve": "CVE-2025-7261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-509/advisory.json", "detail_path": "advisories/ZDI-25-509", "id": "ZDI-25-509", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-509/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26130", "zdi_id": "ZDI-25-509" }, { "cve": "CVE-2025-7260", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-508/advisory.json", "detail_path": "advisories/ZDI-25-508", "id": "ZDI-25-508", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-508/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26129", "zdi_id": "ZDI-25-508" }, { "cve": "CVE-2025-7258", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-507/advisory.json", "detail_path": "advisories/ZDI-25-507", "id": "ZDI-25-507", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-507/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26127", "zdi_id": "ZDI-25-507" }, { "cve": "CVE-2025-7239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-506/advisory.json", "detail_path": "advisories/ZDI-25-506", "id": "ZDI-25-506", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-506/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26085", "zdi_id": "ZDI-25-506" }, { "cve": "CVE-2025-7238", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-505/advisory.json", "detail_path": "advisories/ZDI-25-505", "id": "ZDI-25-505", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-505/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26084", "zdi_id": "ZDI-25-505" }, { "cve": "CVE-2025-7237", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-504/advisory.json", "detail_path": "advisories/ZDI-25-504", "id": "ZDI-25-504", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-504/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26083", "zdi_id": "ZDI-25-504" }, { "cve": "CVE-2025-7257", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-503/advisory.json", "detail_path": "advisories/ZDI-25-503", "id": "ZDI-25-503", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-503/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26126", "zdi_id": "ZDI-25-503" }, { "cve": "CVE-2025-7256", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-502/advisory.json", "detail_path": "advisories/ZDI-25-502", "id": "ZDI-25-502", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-502/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26119", "zdi_id": "ZDI-25-502" }, { "cve": "CVE-2025-7248", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-501/advisory.json", "detail_path": "advisories/ZDI-25-501", "id": "ZDI-25-501", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-501/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26098", "zdi_id": "ZDI-25-501" }, { "cve": "CVE-2025-7255", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-500/advisory.json", "detail_path": "advisories/ZDI-25-500", "id": "ZDI-25-500", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-500/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26118", "zdi_id": "ZDI-25-500" }, { "cve": "CVE-2025-7247", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-499/advisory.json", "detail_path": "advisories/ZDI-25-499", "id": "ZDI-25-499", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-499/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26096", "zdi_id": "ZDI-25-499" }, { "cve": "CVE-2025-7246", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-498/advisory.json", "detail_path": "advisories/ZDI-25-498", "id": "ZDI-25-498", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-498/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26095", "zdi_id": "ZDI-25-498" }, { "cve": "CVE-2025-7244", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-497/advisory.json", "detail_path": "advisories/ZDI-25-497", "id": "ZDI-25-497", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-497/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26093", "zdi_id": "ZDI-25-497" }, { "cve": "CVE-2025-7254", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-496/advisory.json", "detail_path": "advisories/ZDI-25-496", "id": "ZDI-25-496", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-496/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26113", "zdi_id": "ZDI-25-496" }, { "cve": "CVE-2025-7234", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-495/advisory.json", "detail_path": "advisories/ZDI-25-495", "id": "ZDI-25-495", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-495/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26074", "zdi_id": "ZDI-25-495" }, { "cve": "CVE-2025-7233", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-494/advisory.json", "detail_path": "advisories/ZDI-25-494", "id": "ZDI-25-494", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-494/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26072", "zdi_id": "ZDI-25-494" }, { "cve": "CVE-2025-7253", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-493/advisory.json", "detail_path": "advisories/ZDI-25-493", "id": "ZDI-25-493", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-493/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26112", "zdi_id": "ZDI-25-493" }, { "cve": "CVE-2025-7249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-492/advisory.json", "detail_path": "advisories/ZDI-25-492", "id": "ZDI-25-492", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-492/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26100", "zdi_id": "ZDI-25-492" }, { "cve": "CVE-2025-7243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-491/advisory.json", "detail_path": "advisories/ZDI-25-491", "id": "ZDI-25-491", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-491/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26091", "zdi_id": "ZDI-25-491" }, { "cve": "CVE-2025-7242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-490/advisory.json", "detail_path": "advisories/ZDI-25-490", "id": "ZDI-25-490", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-490/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26088", "zdi_id": "ZDI-25-490" }, { "cve": "CVE-2025-7241", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-489/advisory.json", "detail_path": "advisories/ZDI-25-489", "id": "ZDI-25-489", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-489/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26087", "zdi_id": "ZDI-25-489" }, { "cve": "CVE-2025-7240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-488/advisory.json", "detail_path": "advisories/ZDI-25-488", "id": "ZDI-25-488", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-488/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26086", "zdi_id": "ZDI-25-488" }, { "cve": "CVE-2025-7236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-487/advisory.json", "detail_path": "advisories/ZDI-25-487", "id": "ZDI-25-487", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-487/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26080", "zdi_id": "ZDI-25-487" }, { "cve": "CVE-2025-7250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-486/advisory.json", "detail_path": "advisories/ZDI-25-486", "id": "ZDI-25-486", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-486/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26107", "zdi_id": "ZDI-25-486" }, { "cve": "CVE-2025-7235", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-485/advisory.json", "detail_path": "advisories/ZDI-25-485", "id": "ZDI-25-485", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-485/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26075", "zdi_id": "ZDI-25-485" }, { "cve": "CVE-2025-7252", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-484/advisory.json", "detail_path": "advisories/ZDI-25-484", "id": "ZDI-25-484", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-484/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26109", "zdi_id": "ZDI-25-484" }, { "cve": "CVE-2025-7251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-483/advisory.json", "detail_path": "advisories/ZDI-25-483", "id": "ZDI-25-483", "kind": "published", "published_date": "2025-07-08", "status": "published", "title": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-483/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-26108", "zdi_id": "ZDI-25-483" }, { "cve": "CVE-2025-7231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-482/advisory.json", "detail_path": "advisories/ZDI-25-482", "id": "ZDI-25-482", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-482/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25724", "zdi_id": "ZDI-25-482" }, { "cve": "CVE-2025-7230", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-481/advisory.json", "detail_path": "advisories/ZDI-25-481", "id": "ZDI-25-481", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-481/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25723", "zdi_id": "ZDI-25-481" }, { "cve": "CVE-2025-7229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-480/advisory.json", "detail_path": "advisories/ZDI-25-480", "id": "ZDI-25-480", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-480/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25722", "zdi_id": "ZDI-25-480" }, { "cve": "CVE-2025-7228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-479/advisory.json", "detail_path": "advisories/ZDI-25-479", "id": "ZDI-25-479", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-479/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25571", "zdi_id": "ZDI-25-479" }, { "cve": "CVE-2025-7227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-478/advisory.json", "detail_path": "advisories/ZDI-25-478", "id": "ZDI-25-478", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-478/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25550", "zdi_id": "ZDI-25-478" }, { "cve": "CVE-2025-7226", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-477/advisory.json", "detail_path": "advisories/ZDI-25-477", "id": "ZDI-25-477", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-477/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25048", "zdi_id": "ZDI-25-477" }, { "cve": "CVE-2025-7225", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-476/advisory.json", "detail_path": "advisories/ZDI-25-476", "id": "ZDI-25-476", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-476/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25047", "zdi_id": "ZDI-25-476" }, { "cve": "CVE-2025-7224", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-475/advisory.json", "detail_path": "advisories/ZDI-25-475", "id": "ZDI-25-475", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-475/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25045", "zdi_id": "ZDI-25-475" }, { "cve": "CVE-2025-7223", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-474/advisory.json", "detail_path": "advisories/ZDI-25-474", "id": "ZDI-25-474", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-474/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-25044", "zdi_id": "ZDI-25-474" }, { "cve": "CVE-2025-6812", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-473/advisory.json", "detail_path": "advisories/ZDI-25-473", "id": "ZDI-25-473", "kind": "published", "published_date": "2025-07-07", "status": "published", "title": "Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-473/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-25039", "zdi_id": "ZDI-25-473" }, { "cve": "CVE-2025-47726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-472/advisory.json", "detail_path": "advisories/ZDI-25-472", "id": "ZDI-25-472", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-472/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26720", "zdi_id": "ZDI-25-472" }, { "cve": "CVE-2025-47727", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-471/advisory.json", "detail_path": "advisories/ZDI-25-471", "id": "ZDI-25-471", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-471/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26842", "zdi_id": "ZDI-25-471" }, { "cve": "CVE-2025-47725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-470/advisory.json", "detail_path": "advisories/ZDI-25-470", "id": "ZDI-25-470", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-470/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26719", "zdi_id": "ZDI-25-470" }, { "cve": "CVE-2025-47724", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-469/advisory.json", "detail_path": "advisories/ZDI-25-469", "id": "ZDI-25-469", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-469/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26718", "zdi_id": "ZDI-25-469" }, { "cve": "CVE-2019-18935, CVE-2017-11317, CVE-2014-2217", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use...", "detail_json": "/data/advisories/ZDI-25-468/advisory.json", "detail_path": "advisories/ZDI-25-468", "id": "ZDI-25-468", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "GFI Archiver Telerik Web UI Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-468/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-26061", "zdi_id": "ZDI-25-468" }, { "cve": "CVE-2025-6663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-467/advisory.json", "detail_path": "advisories/ZDI-25-467", "id": "ZDI-25-467", "kind": "published", "published_date": "2025-07-03", "status": "published", "title": "GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-467/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-27381", "zdi_id": "ZDI-25-467" }, { "cve": "CVE-2025-6809", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the readNICParamete...", "detail_json": "/data/advisories/ZDI-25-466/advisory.json", "detail_path": "advisories/ZDI-25-466", "id": "ZDI-25-466", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-466/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-25218", "zdi_id": "ZDI-25-466" }, { "cve": "CVE-2025-6808", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the readObjectFromC...", "detail_json": "/data/advisories/ZDI-25-465/advisory.json", "detail_path": "advisories/ZDI-25-465", "id": "ZDI-25-465", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-465/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-25217", "zdi_id": "ZDI-25-465" }, { "cve": "CVE-2025-6802", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL...", "detail_json": "/data/advisories/ZDI-25-464/advisory.json", "detail_path": "advisories/ZDI-25-464", "id": "ZDI-25-464", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-464/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24922", "zdi_id": "ZDI-25-464" }, { "cve": "CVE-2025-6807", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getDriv...", "detail_json": "/data/advisories/ZDI-25-463/advisory.json", "detail_path": "advisories/ZDI-25-463", "id": "ZDI-25-463", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-463/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24980", "zdi_id": "ZDI-25-463" }, { "cve": "CVE-2025-6806", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile met...", "detail_json": "/data/advisories/ZDI-25-462/advisory.json", "detail_path": "advisories/ZDI-25-462", "id": "ZDI-25-462", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-462/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24979", "zdi_id": "ZDI-25-462" }, { "cve": "CVE-2025-6805", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogF...", "detail_json": "/data/advisories/ZDI-25-461/advisory.json", "detail_path": "advisories/ZDI-25-461", "id": "ZDI-25-461", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-461/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24925", "zdi_id": "ZDI-25-461" }, { "cve": "CVE-2025-6801", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveNICParamsTo...", "detail_json": "/data/advisories/ZDI-25-460/advisory.json", "detail_path": "advisories/ZDI-25-460", "id": "ZDI-25-460", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-460/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24921", "zdi_id": "ZDI-25-460" }, { "cve": "CVE-2025-6800", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the restore...", "detail_json": "/data/advisories/ZDI-25-459/advisory.json", "detail_path": "advisories/ZDI-25-459", "id": "ZDI-25-459", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-459/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24920", "zdi_id": "ZDI-25-459" }, { "cve": "CVE-2025-6799", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFile...", "detail_json": "/data/advisories/ZDI-25-458/advisory.json", "detail_path": "advisories/ZDI-25-458", "id": "ZDI-25-458", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-458/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24919", "zdi_id": "ZDI-25-458" }, { "cve": "CVE-2025-6798", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile m...", "detail_json": "/data/advisories/ZDI-25-457/advisory.json", "detail_path": "advisories/ZDI-25-457", "id": "ZDI-25-457", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-457/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24918", "zdi_id": "ZDI-25-457" }, { "cve": "CVE-2025-6797", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFile...", "detail_json": "/data/advisories/ZDI-25-456/advisory.json", "detail_path": "advisories/ZDI-25-456", "id": "ZDI-25-456", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-456/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24917", "zdi_id": "ZDI-25-456" }, { "cve": "CVE-2025-6795", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFile...", "detail_json": "/data/advisories/ZDI-25-455/advisory.json", "detail_path": "advisories/ZDI-25-455", "id": "ZDI-25-455", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-455/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24914", "zdi_id": "ZDI-25-455" }, { "cve": "CVE-2025-6794", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText meth...", "detail_json": "/data/advisories/ZDI-25-454/advisory.json", "detail_path": "advisories/ZDI-25-454", "id": "ZDI-25-454", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-454/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24913", "zdi_id": "ZDI-25-454" }, { "cve": "CVE-2025-6804", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compres...", "detail_json": "/data/advisories/ZDI-25-453/advisory.json", "detail_path": "advisories/ZDI-25-453", "id": "ZDI-25-453", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-453/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24924", "zdi_id": "ZDI-25-453" }, { "cve": "CVE-2025-6803", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compres...", "detail_json": "/data/advisories/ZDI-25-452/advisory.json", "detail_path": "advisories/ZDI-25-452", "id": "ZDI-25-452", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-452/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24923", "zdi_id": "ZDI-25-452" }, { "cve": "CVE-2025-6796", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getAppF...", "detail_json": "/data/advisories/ZDI-25-451/advisory.json", "detail_path": "advisories/ZDI-25-451", "id": "ZDI-25-451", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-451/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24916", "zdi_id": "ZDI-25-451" }, { "cve": "CVE-2025-6793", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QL...", "detail_json": "/data/advisories/ZDI-25-450/advisory.json", "detail_path": "advisories/ZDI-25-450", "id": "ZDI-25-450", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2025-06-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-450/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-24912", "zdi_id": "ZDI-25-450" }, { "cve": "CVE-2025-6811", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-25-449/advisory.json", "detail_path": "advisories/ZDI-25-449", "id": "ZDI-25-449", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-449/", "vendor": "Mescius", "vendor_url": null, "zdi_can": "ZDI-CAN-25397", "zdi_id": "ZDI-25-449" }, { "cve": "CVE-2025-6810", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-25-448/advisory.json", "detail_path": "advisories/ZDI-25-448", "id": "ZDI-25-448", "kind": "published", "published_date": "2025-06-27", "status": "published", "title": "(0Day) Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-448/", "vendor": "Mescius", "vendor_url": null, "zdi_can": "ZDI-CAN-25246", "zdi_id": "ZDI-25-448" }, { "cve": "CVE-2025-6662", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-447/advisory.json", "detail_path": "advisories/ZDI-25-447", "id": "ZDI-25-447", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-447/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26985", "zdi_id": "ZDI-25-447" }, { "cve": "CVE-2025-6661", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-446/advisory.json", "detail_path": "advisories/ZDI-25-446", "id": "ZDI-25-446", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-446/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26823", "zdi_id": "ZDI-25-446" }, { "cve": "CVE-2025-6659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-445/advisory.json", "detail_path": "advisories/ZDI-25-445", "id": "ZDI-25-445", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-445/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26734", "zdi_id": "ZDI-25-445" }, { "cve": "CVE-2025-6658", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-444/advisory.json", "detail_path": "advisories/ZDI-25-444", "id": "ZDI-25-444", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-444/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26733", "zdi_id": "ZDI-25-444" }, { "cve": "CVE-2025-6660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-443/advisory.json", "detail_path": "advisories/ZDI-25-443", "id": "ZDI-25-443", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-443/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26763", "zdi_id": "ZDI-25-443" }, { "cve": "CVE-2025-6657", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-442/advisory.json", "detail_path": "advisories/ZDI-25-442", "id": "ZDI-25-442", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-442/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26732", "zdi_id": "ZDI-25-442" }, { "cve": "CVE-2025-6656", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-441/advisory.json", "detail_path": "advisories/ZDI-25-441", "id": "ZDI-25-441", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-441/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26731", "zdi_id": "ZDI-25-441" }, { "cve": "CVE-2025-6655", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-440/advisory.json", "detail_path": "advisories/ZDI-25-440", "id": "ZDI-25-440", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-440/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26730", "zdi_id": "ZDI-25-440" }, { "cve": "CVE-2025-6654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-439/advisory.json", "detail_path": "advisories/ZDI-25-439", "id": "ZDI-25-439", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-439/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26729", "zdi_id": "ZDI-25-439" }, { "cve": "CVE-2025-6653", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-438/advisory.json", "detail_path": "advisories/ZDI-25-438", "id": "ZDI-25-438", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-438/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26726", "zdi_id": "ZDI-25-438" }, { "cve": "CVE-2025-6652", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-437/advisory.json", "detail_path": "advisories/ZDI-25-437", "id": "ZDI-25-437", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-437/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26724", "zdi_id": "ZDI-25-437" }, { "cve": "CVE-2025-6651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-436/advisory.json", "detail_path": "advisories/ZDI-25-436", "id": "ZDI-25-436", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-436/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26713", "zdi_id": "ZDI-25-436" }, { "cve": "CVE-2025-6650", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-435/advisory.json", "detail_path": "advisories/ZDI-25-435", "id": "ZDI-25-435", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-435/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26712", "zdi_id": "ZDI-25-435" }, { "cve": "CVE-2025-6649", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-434/advisory.json", "detail_path": "advisories/ZDI-25-434", "id": "ZDI-25-434", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-434/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26709", "zdi_id": "ZDI-25-434" }, { "cve": "CVE-2025-6648", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-433/advisory.json", "detail_path": "advisories/ZDI-25-433", "id": "ZDI-25-433", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-433/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26671", "zdi_id": "ZDI-25-433" }, { "cve": "CVE-2025-6647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-432/advisory.json", "detail_path": "advisories/ZDI-25-432", "id": "ZDI-25-432", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-432/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26644", "zdi_id": "ZDI-25-432" }, { "cve": "CVE-2025-6646", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-431/advisory.json", "detail_path": "advisories/ZDI-25-431", "id": "ZDI-25-431", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-431/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26643", "zdi_id": "ZDI-25-431" }, { "cve": "CVE-2025-6645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-430/advisory.json", "detail_path": "advisories/ZDI-25-430", "id": "ZDI-25-430", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-430/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26642", "zdi_id": "ZDI-25-430" }, { "cve": "CVE-2025-6644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-429/advisory.json", "detail_path": "advisories/ZDI-25-429", "id": "ZDI-25-429", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-429/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26536", "zdi_id": "ZDI-25-429" }, { "cve": "CVE-2025-6643", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-428/advisory.json", "detail_path": "advisories/ZDI-25-428", "id": "ZDI-25-428", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-428/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26532", "zdi_id": "ZDI-25-428" }, { "cve": "CVE-2025-6642", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-427/advisory.json", "detail_path": "advisories/ZDI-25-427", "id": "ZDI-25-427", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-427/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26530", "zdi_id": "ZDI-25-427" }, { "cve": "CVE-2025-6641", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-426/advisory.json", "detail_path": "advisories/ZDI-25-426", "id": "ZDI-25-426", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-426/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26528", "zdi_id": "ZDI-25-426" }, { "cve": "CVE-2025-6640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-425/advisory.json", "detail_path": "advisories/ZDI-25-425", "id": "ZDI-25-425", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-425/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-26527", "zdi_id": "ZDI-25-425" }, { "cve": "CVE-2025-6443", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of remote IP addresses when pro...", "detail_json": "/data/advisories/ZDI-25-424/advisory.json", "detail_path": "advisories/ZDI-25-424", "id": "ZDI-25-424", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-424/", "vendor": "Mikrotik", "vendor_url": null, "zdi_can": "ZDI-CAN-26415", "zdi_id": "ZDI-25-424" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft WinJS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of WinJS. When installed from the...", "detail_json": "/data/advisories/ZDI-25-423/advisory.json", "detail_path": "advisories/ZDI-25-423", "id": "ZDI-25-423", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "Microsoft WinJS winjsdevelop Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-423/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23719", "zdi_id": "ZDI-25-423" }, { "cve": null, "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within Azure Machine Learning Environments....", "detail_json": "/data/advisories/ZDI-25-422/advisory.json", "detail_path": "advisories/ZDI-25-422", "id": "ZDI-25-422", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "Microsoft Azure Machine Learning Environments Denial-of-Service Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-422/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24823", "zdi_id": "ZDI-25-422" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within Azure App Services. The issue results from...", "detail_json": "/data/advisories/ZDI-25-421/advisory.json", "detail_path": "advisories/ZDI-25-421", "id": "ZDI-25-421", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "Microsoft Azure App Services Information Disclosure Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-421/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24622", "zdi_id": "ZDI-25-421" }, { "cve": "CVE-2024-8404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-420/advisory.json", "detail_path": "advisories/ZDI-25-420", "id": "ZDI-25-420", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-420/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-26241", "zdi_id": "ZDI-25-420" }, { "cve": "CVE-2025-36537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-419/advisory.json", "detail_path": "advisories/ZDI-25-419", "id": "ZDI-25-419", "kind": "published", "published_date": "2025-06-25", "status": "published", "title": "TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-419/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-26660", "zdi_id": "ZDI-25-419" }, { "cve": "CVE-2025-31196", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-418/advisory.json", "detail_path": "advisories/ZDI-25-418", "id": "ZDI-25-418", "kind": "published", "published_date": "2025-06-24", "status": "published", "title": "Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-418/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26498", "zdi_id": "ZDI-25-418" }, { "cve": "CVE-2025-20234", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Clam AntiVirus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-417/advisory.json", "detail_path": "advisories/ZDI-25-417", "id": "ZDI-25-417", "kind": "published", "published_date": "2025-06-23", "status": "published", "title": "Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-417/", "vendor": "Clam AntiVirus", "vendor_url": null, "zdi_can": "ZDI-CAN-26010", "zdi_id": "ZDI-25-417" }, { "cve": "CVE-2025-6445", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific f...", "detail_json": "/data/advisories/ZDI-25-416/advisory.json", "detail_path": "advisories/ZDI-25-416", "id": "ZDI-25-416", "kind": "published", "published_date": "2025-06-23", "status": "published", "title": "ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-416/", "vendor": "ServiceStack", "vendor_url": null, "zdi_can": "ZDI-CAN-25837", "zdi_id": "ZDI-25-416" }, { "cve": "CVE-2025-6444", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific f...", "detail_json": "/data/advisories/ZDI-25-415/advisory.json", "detail_path": "advisories/ZDI-25-415", "id": "ZDI-25-415", "kind": "published", "published_date": "2025-06-23", "status": "published", "title": "ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability", "updated_date": "2025-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-415/", "vendor": "ServiceStack", "vendor_url": null, "zdi_can": "ZDI-CAN-25834", "zdi_id": "ZDI-25-415" }, { "cve": "CVE-2025-6442", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-25-414/advisory.json", "detail_path": "advisories/ZDI-25-414", "id": "ZDI-25-414", "kind": "published", "published_date": "2025-06-23", "status": "published", "title": "Ruby WEBrick read_header HTTP Request Smuggling Vulnerability", "updated_date": "2025-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-414/", "vendor": "Ruby", "vendor_url": null, "zdi_can": "ZDI-CAN-21876", "zdi_id": "ZDI-25-414" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-413/advisory.json", "detail_path": "advisories/ZDI-25-413", "id": "ZDI-25-413", "kind": "published", "published_date": "2025-06-19", "status": "published", "title": "Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-413/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26018", "zdi_id": "ZDI-25-413" }, { "cve": "CVE-2025-41413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-412/advisory.json", "detail_path": "advisories/ZDI-25-412", "id": "ZDI-25-412", "kind": "published", "published_date": "2025-06-19", "status": "published", "title": "Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-412/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26031", "zdi_id": "ZDI-25-412" }, { "cve": "CVE-2025-47728", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-411/advisory.json", "detail_path": "advisories/ZDI-25-411", "id": "ZDI-25-411", "kind": "published", "published_date": "2025-06-19", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-06-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-411/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-26167", "zdi_id": "ZDI-25-411" }, { "cve": "CVE-2025-6216", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from rel...", "detail_json": "/data/advisories/ZDI-25-410/advisory.json", "detail_path": "advisories/ZDI-25-410", "id": "ZDI-25-410", "kind": "published", "published_date": "2025-06-19", "status": "published", "title": "Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability", "updated_date": "2025-06-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-410/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-27104", "zdi_id": "ZDI-25-410" }, { "cve": "CVE-2025-6218", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-409/advisory.json", "detail_path": "advisories/ZDI-25-409", "id": "ZDI-25-409", "kind": "published", "published_date": "2025-06-19", "status": "published", "title": "RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-409/", "vendor": "RARLAB", "vendor_url": null, "zdi_can": "ZDI-CAN-27198", "zdi_id": "ZDI-25-409" }, { "cve": "CVE-2025-6217", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-25-408/advisory.json", "detail_path": "advisories/ZDI-25-408", "id": "ZDI-25-408", "kind": "published", "published_date": "2025-06-18", "status": "published", "title": "PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": "2025-06-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-408/", "vendor": "PEAK-System", "vendor_url": null, "zdi_can": "ZDI-CAN-24161", "zdi_id": "ZDI-25-408" }, { "cve": "CVE-2024-28988", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy. The issue results from the...", "detail_json": "/data/advisories/ZDI-25-407/advisory.json", "detail_path": "advisories/ZDI-25-407", "id": "ZDI-25-407", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-407/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-25346", "zdi_id": "ZDI-25-407" }, { "cve": "CVE-2024-45711", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Serv-U. Authentication is required to exploit this vulnerability. The specific flaw exists within the FTP service, which listens on TCP port 21 by def...", "detail_json": "/data/advisories/ZDI-25-406/advisory.json", "detail_path": "advisories/ZDI-25-406", "id": "ZDI-25-406", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-406/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-25087", "zdi_id": "ZDI-25-406" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-405/advisory.json", "detail_path": "advisories/ZDI-25-405", "id": "ZDI-25-405", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-405/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26024", "zdi_id": "ZDI-25-405" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-404/advisory.json", "detail_path": "advisories/ZDI-25-404", "id": "ZDI-25-404", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-404/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26022", "zdi_id": "ZDI-25-404" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-403/advisory.json", "detail_path": "advisories/ZDI-25-403", "id": "ZDI-25-403", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-403/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26020", "zdi_id": "ZDI-25-403" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-402/advisory.json", "detail_path": "advisories/ZDI-25-402", "id": "ZDI-25-402", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor TL5 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-402/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-25942", "zdi_id": "ZDI-25-402" }, { "cve": "CVE-2025-41413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-401/advisory.json", "detail_path": "advisories/ZDI-25-401", "id": "ZDI-25-401", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-401/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26028", "zdi_id": "ZDI-25-401" }, { "cve": "CVE-2025-32412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-400/advisory.json", "detail_path": "advisories/ZDI-25-400", "id": "ZDI-25-400", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-400/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26032", "zdi_id": "ZDI-25-400" }, { "cve": "CVE-2025-41388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-399/advisory.json", "detail_path": "advisories/ZDI-25-399", "id": "ZDI-25-399", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-399/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-26026", "zdi_id": "ZDI-25-399" }, { "cve": "CVE-2025-49384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-25-398/advisory.json", "detail_path": "advisories/ZDI-25-398", "id": "ZDI-25-398", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-398/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25876", "zdi_id": "ZDI-25-398" }, { "cve": "CVE-2025-3495", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PLC simulator service, which listens o...", "detail_json": "/data/advisories/ZDI-25-397/advisory.json", "detail_path": "advisories/ZDI-25-397", "id": "ZDI-25-397", "kind": "published", "published_date": "2025-06-17", "status": "published", "title": "Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability", "updated_date": "2025-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-397/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25049", "zdi_id": "ZDI-25-397" }, { "cve": "CVE-2025-31353", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-396/advisory.json", "detail_path": "advisories/ZDI-25-396", "id": "ZDI-25-396", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateOpcSettings SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-396/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25916", "zdi_id": "ZDI-25-396" }, { "cve": "CVE-2025-31352", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-395/advisory.json", "detail_path": "advisories/ZDI-25-395", "id": "ZDI-25-395", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateGateways SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-395/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25915", "zdi_id": "ZDI-25-395" }, { "cve": "CVE-2025-31351", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-394/advisory.json", "detail_path": "advisories/ZDI-25-394", "id": "ZDI-25-394", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-394/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25917", "zdi_id": "ZDI-25-394" }, { "cve": "CVE-2025-31350", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-393/advisory.json", "detail_path": "advisories/ZDI-25-393", "id": "ZDI-25-393", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateBufferingSettings SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-393/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25918", "zdi_id": "ZDI-25-393" }, { "cve": "CVE-2025-31349", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-392/advisory.json", "detail_path": "advisories/ZDI-25-392", "id": "ZDI-25-392", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateSmtpSettings SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-392/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25919", "zdi_id": "ZDI-25-392" }, { "cve": "CVE-2025-31343", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-391/advisory.json", "detail_path": "advisories/ZDI-25-391", "id": "ZDI-25-391", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateTcmSettings SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-391/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25920", "zdi_id": "ZDI-25-391" }, { "cve": "CVE-2025-30032", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-390/advisory.json", "detail_path": "advisories/ZDI-25-390", "id": "ZDI-25-390", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-390/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25921", "zdi_id": "ZDI-25-390" }, { "cve": "CVE-2025-30031", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-389/advisory.json", "detail_path": "advisories/ZDI-25-389", "id": "ZDI-25-389", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateUsers SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-389/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25922", "zdi_id": "ZDI-25-389" }, { "cve": "CVE-2025-30030", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-388/advisory.json", "detail_path": "advisories/ZDI-25-388", "id": "ZDI-25-388", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic ImportDatabase SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-388/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25924", "zdi_id": "ZDI-25-388" }, { "cve": "CVE-2025-30003", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-387/advisory.json", "detail_path": "advisories/ZDI-25-387", "id": "ZDI-25-387", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateProjectConnections SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-387/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25910", "zdi_id": "ZDI-25-387" }, { "cve": "CVE-2025-30002", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-386/advisory.json", "detail_path": "advisories/ZDI-25-386", "id": "ZDI-25-386", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateConnectionVariables SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-386/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25909", "zdi_id": "ZDI-25-386" }, { "cve": "CVE-2025-29905", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-25-385/advisory.json", "detail_path": "advisories/ZDI-25-385", "id": "ZDI-25-385", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-385/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25923", "zdi_id": "ZDI-25-385" }, { "cve": "CVE-2025-27540", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Authent...", "detail_json": "/data/advisories/ZDI-25-384/advisory.json", "detail_path": "advisories/ZDI-25-384", "id": "ZDI-25-384", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic Authenticate SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-384/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25913", "zdi_id": "ZDI-25-384" }, { "cve": "CVE-2025-27539", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the VerifyU...", "detail_json": "/data/advisories/ZDI-25-383/advisory.json", "detail_path": "advisories/ZDI-25-383", "id": "ZDI-25-383", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic VerifyUser SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-383/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25914", "zdi_id": "ZDI-25-383" }, { "cve": "CVE-2025-32475", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-382/advisory.json", "detail_path": "advisories/ZDI-25-382", "id": "ZDI-25-382", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic UpdateProject SQL Injection Information Disclosure Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-382/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25912", "zdi_id": "ZDI-25-382" }, { "cve": "CVE-2025-27495", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the CreateT...", "detail_json": "/data/advisories/ZDI-25-381/advisory.json", "detail_path": "advisories/ZDI-25-381", "id": "ZDI-25-381", "kind": "published", "published_date": "2025-06-16", "status": "published", "title": "Siemens TeleControl Server Basic CreateTrace SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-381/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25911", "zdi_id": "ZDI-25-381" }, { "cve": "CVE-2025-49385", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-380/advisory.json", "detail_path": "advisories/ZDI-25-380", "id": "ZDI-25-380", "kind": "published", "published_date": "2025-06-13", "status": "published", "title": "Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-380/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25877", "zdi_id": "ZDI-25-380" }, { "cve": "CVE-2025-23117", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Ubiquiti Networks AI Bullet Cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-25-379/advisory.json", "detail_path": "advisories/ZDI-25-379", "id": "ZDI-25-379", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-379/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-25589", "zdi_id": "ZDI-25-379" }, { "cve": "CVE-2025-23116", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks UniFi Console devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of bridge device adop...", "detail_json": "/data/advisories/ZDI-25-378/advisory.json", "detail_path": "advisories/ZDI-25-378", "id": "ZDI-25-378", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-378/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-25588", "zdi_id": "ZDI-25-378" }, { "cve": "CVE-2025-23119", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DHCP packet options....", "detail_json": "/data/advisories/ZDI-25-377/advisory.json", "detail_path": "advisories/ZDI-25-377", "id": "ZDI-25-377", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-377/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-25603", "zdi_id": "ZDI-25-377" }, { "cve": "CVE-2025-23118", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ubnt_avclient component. The issue...", "detail_json": "/data/advisories/ZDI-25-376/advisory.json", "detail_path": "advisories/ZDI-25-376", "id": "ZDI-25-376", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-376/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-25666", "zdi_id": "ZDI-25-376" }, { "cve": "CVE-2025-49218", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-25-375/advisory.json", "detail_path": "advisories/ZDI-25-375", "id": "ZDI-25-375", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-375/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25526", "zdi_id": "ZDI-25-375" }, { "cve": "CVE-2025-49217", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Validate...", "detail_json": "/data/advisories/ZDI-25-374/advisory.json", "detail_path": "advisories/ZDI-25-374", "id": "ZDI-25-374", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-374/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25505", "zdi_id": "ZDI-25-374" }, { "cve": "CVE-2025-49216", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DbAppDomain service. The issue...", "detail_json": "/data/advisories/ZDI-25-373/advisory.json", "detail_path": "advisories/ZDI-25-373", "id": "ZDI-25-373", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-373/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25519", "zdi_id": "ZDI-25-373" }, { "cve": "CVE-2025-49215", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-25-372/advisory.json", "detail_path": "advisories/ZDI-25-372", "id": "ZDI-25-372", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-372/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25527", "zdi_id": "ZDI-25-372" }, { "cve": "CVE-2025-49212", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-25-371/advisory.json", "detail_path": "advisories/ZDI-25-371", "id": "ZDI-25-371", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-371/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25518", "zdi_id": "ZDI-25-371" }, { "cve": "CVE-2025-49213", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PolicyServerWindowsService cla...", "detail_json": "/data/advisories/ZDI-25-370/advisory.json", "detail_path": "advisories/ZDI-25-370", "id": "ZDI-25-370", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-370/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25506", "zdi_id": "ZDI-25-370" }, { "cve": "CVE-2025-49212", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PolicyValueTableSerializationB...", "detail_json": "/data/advisories/ZDI-25-369/advisory.json", "detail_path": "advisories/ZDI-25-369", "id": "ZDI-25-369", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-369/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25507", "zdi_id": "ZDI-25-369" }, { "cve": "CVE-2025-49211", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-25-368/advisory.json", "detail_path": "advisories/ZDI-25-368", "id": "ZDI-25-368", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-368/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25528", "zdi_id": "ZDI-25-368" }, { "cve": "CVE-2025-49220", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ConvertFromJson...", "detail_json": "/data/advisories/ZDI-25-367/advisory.json", "detail_path": "advisories/ZDI-25-367", "id": "ZDI-25-367", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-367/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25495", "zdi_id": "ZDI-25-367" }, { "cve": "CVE-2025-49219", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetReportDetail...", "detail_json": "/data/advisories/ZDI-25-366/advisory.json", "detail_path": "advisories/ZDI-25-366", "id": "ZDI-25-366", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-366/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25286", "zdi_id": "ZDI-25-366" }, { "cve": "CVE-2025-49158", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-365/advisory.json", "detail_path": "advisories/ZDI-25-365", "id": "ZDI-25-365", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-365/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25771", "zdi_id": "ZDI-25-365" }, { "cve": "CVE-2025-49157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-364/advisory.json", "detail_path": "advisories/ZDI-25-364", "id": "ZDI-25-364", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-364/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25273", "zdi_id": "ZDI-25-364" }, { "cve": "CVE-2025-49156", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-363/advisory.json", "detail_path": "advisories/ZDI-25-363", "id": "ZDI-25-363", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-363/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24973", "zdi_id": "ZDI-25-363" }, { "cve": "CVE-2025-49155", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One Security Agent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-362/advisory.json", "detail_path": "advisories/ZDI-25-362", "id": "ZDI-25-362", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24571", "zdi_id": "ZDI-25-362" }, { "cve": "CVE-2025-48443", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. A...", "detail_json": "/data/advisories/ZDI-25-361/advisory.json", "detail_path": "advisories/ZDI-25-361", "id": "ZDI-25-361", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-361/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25574", "zdi_id": "ZDI-25-361" }, { "cve": "CVE-2025-49487", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configura...", "detail_json": "/data/advisories/ZDI-25-360/advisory.json", "detail_path": "advisories/ZDI-25-360", "id": "ZDI-25-360", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-360/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-23056", "zdi_id": "ZDI-25-360" }, { "cve": "CVE-2025-47959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-359/advisory.json", "detail_path": "advisories/ZDI-25-359", "id": "ZDI-25-359", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-359/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26586", "zdi_id": "ZDI-25-359" }, { "cve": "CVE-2025-5820", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel commu...", "detail_json": "/data/advisories/ZDI-25-358/advisory.json", "detail_path": "advisories/ZDI-25-358", "id": "ZDI-25-358", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-358/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26285", "zdi_id": "ZDI-25-358" }, { "cve": "CVE-2025-5476", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue resul...", "detail_json": "/data/advisories/ZDI-25-357/advisory.json", "detail_path": "advisories/ZDI-25-357", "id": "ZDI-25-357", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-357/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26284", "zdi_id": "ZDI-25-357" }, { "cve": "CVE-2025-5479", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-25-356/advisory.json", "detail_path": "advisories/ZDI-25-356", "id": "ZDI-25-356", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-356/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26290", "zdi_id": "ZDI-25-356" }, { "cve": "CVE-2025-5478", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Blueto...", "detail_json": "/data/advisories/ZDI-25-355/advisory.json", "detail_path": "advisories/ZDI-25-355", "id": "ZDI-25-355", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-355/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26288", "zdi_id": "ZDI-25-355" }, { "cve": "CVE-2025-5477", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-354/advisory.json", "detail_path": "advisories/ZDI-25-354", "id": "ZDI-25-354", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-354/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26286", "zdi_id": "ZDI-25-354" }, { "cve": "CVE-2025-5475", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-25-353/advisory.json", "detail_path": "advisories/ZDI-25-353", "id": "ZDI-25-353", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-353/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-26283", "zdi_id": "ZDI-25-353" }, { "cve": "CVE-2025-5832", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the software update veri...", "detail_json": "/data/advisories/ZDI-25-352/advisory.json", "detail_path": "advisories/ZDI-25-352", "id": "ZDI-25-352", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-352/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-26079", "zdi_id": "ZDI-25-352" }, { "cve": "CVE-2025-5834", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specif...", "detail_json": "/data/advisories/ZDI-25-351/advisory.json", "detail_path": "advisories/ZDI-25-351", "id": "ZDI-25-351", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-26078", "zdi_id": "ZDI-25-351" }, { "cve": "CVE-2025-5833", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the...", "detail_json": "/data/advisories/ZDI-25-350/advisory.json", "detail_path": "advisories/ZDI-25-350", "id": "ZDI-25-350", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability", "updated_date": "2025-08-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-350/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-26077", "zdi_id": "ZDI-25-350" }, { "cve": "CVE-2025-5830", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-25-349/advisory.json", "detail_path": "advisories/ZDI-25-349", "id": "ZDI-25-349", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-349/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26327", "zdi_id": "ZDI-25-349" }, { "cve": "CVE-2025-5829", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-25-348/advisory.json", "detail_path": "advisories/ZDI-25-348", "id": "ZDI-25-348", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-348/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26330", "zdi_id": "ZDI-25-348" }, { "cve": "CVE-2025-5828", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-25-347/advisory.json", "detail_path": "advisories/ZDI-25-347", "id": "ZDI-25-347", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-347/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26328", "zdi_id": "ZDI-25-347" }, { "cve": "CVE-2025-5827", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-25-346/advisory.json", "detail_path": "advisories/ZDI-25-346", "id": "ZDI-25-346", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-346/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26369", "zdi_id": "ZDI-25-346" }, { "cve": "CVE-2025-5826", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-25-345/advisory.json", "detail_path": "advisories/ZDI-25-345", "id": "ZDI-25-345", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-345/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26368", "zdi_id": "ZDI-25-345" }, { "cve": "CVE-2025-5825", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the targ...", "detail_json": "/data/advisories/ZDI-25-344/advisory.json", "detail_path": "advisories/ZDI-25-344", "id": "ZDI-25-344", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-344/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26354", "zdi_id": "ZDI-25-344" }, { "cve": "CVE-2025-5824", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order...", "detail_json": "/data/advisories/ZDI-25-343/advisory.json", "detail_path": "advisories/ZDI-25-343", "id": "ZDI-25-343", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-343/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26353", "zdi_id": "ZDI-25-343" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-25-342/advisory.json", "detail_path": "advisories/ZDI-25-342", "id": "ZDI-25-342", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-342/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26352", "zdi_id": "ZDI-25-342" }, { "cve": "CVE-2025-5823", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability. The specific flaw exists within the implem...", "detail_json": "/data/advisories/ZDI-25-341/advisory.json", "detail_path": "advisories/ZDI-25-341", "id": "ZDI-25-341", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-341/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26351", "zdi_id": "ZDI-25-341" }, { "cve": "CVE-2025-5822", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-25-340/advisory.json", "detail_path": "advisories/ZDI-25-340", "id": "ZDI-25-340", "kind": "published", "published_date": "2025-06-11", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability", "updated_date": "2025-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-340/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-26325", "zdi_id": "ZDI-25-340" }, { "cve": "CVE-2025-30167", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of JupyterLab. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the v...", "detail_json": "/data/advisories/ZDI-25-339/advisory.json", "detail_path": "advisories/ZDI-25-339", "id": "ZDI-25-339", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-339/", "vendor": "Jupyter", "vendor_url": null, "zdi_can": "ZDI-CAN-25932", "zdi_id": "ZDI-25-339" }, { "cve": "CVE-2025-43574", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-338/advisory.json", "detail_path": "advisories/ZDI-25-338", "id": "ZDI-25-338", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-338/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26593", "zdi_id": "ZDI-25-338" }, { "cve": "CVE-2025-47112", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-25-337/advisory.json", "detail_path": "advisories/ZDI-25-337", "id": "ZDI-25-337", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-337/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26777", "zdi_id": "ZDI-25-337" }, { "cve": "CVE-2025-43573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-336/advisory.json", "detail_path": "advisories/ZDI-25-336", "id": "ZDI-25-336", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-336/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26590", "zdi_id": "ZDI-25-336" }, { "cve": "CVE-2025-43575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-335/advisory.json", "detail_path": "advisories/ZDI-25-335", "id": "ZDI-25-335", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-335/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26342", "zdi_id": "ZDI-25-335" }, { "cve": "CVE-2025-30394", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Desktop Gateway service...", "detail_json": "/data/advisories/ZDI-25-334/advisory.json", "detail_path": "advisories/ZDI-25-334", "id": "ZDI-25-334", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-334/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26776", "zdi_id": "ZDI-25-334" }, { "cve": "CVE-2025-32714", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-333/advisory.json", "detail_path": "advisories/ZDI-25-333", "id": "ZDI-25-333", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-333/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26487", "zdi_id": "ZDI-25-333" }, { "cve": "CVE-2025-33075", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-332/advisory.json", "detail_path": "advisories/ZDI-25-332", "id": "ZDI-25-332", "kind": "published", "published_date": "2025-06-10", "status": "published", "title": "Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-332/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26710", "zdi_id": "ZDI-25-332" }, { "cve": "CVE-2025-5036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-331/advisory.json", "detail_path": "advisories/ZDI-25-331", "id": "ZDI-25-331", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-331/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26852", "zdi_id": "ZDI-25-331" }, { "cve": "CVE-2025-5751", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management c...", "detail_json": "/data/advisories/ZDI-25-330/advisory.json", "detail_path": "advisories/ZDI-25-330", "id": "ZDI-25-330", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-330/", "vendor": "WOLFBOX", "vendor_url": null, "zdi_can": "ZDI-CAN-26292", "zdi_id": "ZDI-25-330" }, { "cve": "CVE-2025-5750", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, l...", "detail_json": "/data/advisories/ZDI-25-329/advisory.json", "detail_path": "advisories/ZDI-25-329", "id": "ZDI-25-329", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-329/", "vendor": "WOLFBOX", "vendor_url": null, "zdi_can": "ZDI-CAN-26294", "zdi_id": "ZDI-25-329" }, { "cve": "CVE-2025-5749", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of crypto...", "detail_json": "/data/advisories/ZDI-25-328/advisory.json", "detail_path": "advisories/ZDI-25-328", "id": "ZDI-25-328", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-328/", "vendor": "WOLFBOX", "vendor_url": null, "zdi_can": "ZDI-CAN-26295", "zdi_id": "ZDI-25-328" }, { "cve": "CVE-2025-5748", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-25-327/advisory.json", "detail_path": "advisories/ZDI-25-327", "id": "ZDI-25-327", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-327/", "vendor": "WOLFBOX", "vendor_url": null, "zdi_can": "ZDI-CAN-26349", "zdi_id": "ZDI-25-327" }, { "cve": "CVE-2025-5747", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command fr...", "detail_json": "/data/advisories/ZDI-25-326/advisory.json", "detail_path": "advisories/ZDI-25-326", "id": "ZDI-25-326", "kind": "published", "published_date": "2025-06-06", "status": "published", "title": "(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-326/", "vendor": "WOLFBOX", "vendor_url": null, "zdi_can": "ZDI-CAN-26501", "zdi_id": "ZDI-25-326" }, { "cve": "CVE-2025-37099", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementati...", "detail_json": "/data/advisories/ZDI-25-325/advisory.json", "detail_path": "advisories/ZDI-25-325", "id": "ZDI-25-325", "kind": "published", "published_date": "2025-06-05", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-325/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25954", "zdi_id": "ZDI-25-325" }, { "cve": "CVE-2025-5481", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-324/advisory.json", "detail_path": "advisories/ZDI-25-324", "id": "ZDI-25-324", "kind": "published", "published_date": "2025-06-03", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-324/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-26168", "zdi_id": "ZDI-25-324" }, { "cve": "CVE-2025-5480", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-25-323/advisory.json", "detail_path": "advisories/ZDI-25-323", "id": "ZDI-25-323", "kind": "published", "published_date": "2025-06-03", "status": "published", "title": "Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-323/", "vendor": "Action1", "vendor_url": null, "zdi_can": "ZDI-CAN-26767", "zdi_id": "ZDI-25-323" }, { "cve": "CVE-2025-5474", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Use...", "detail_json": "/data/advisories/ZDI-25-322/advisory.json", "detail_path": "advisories/ZDI-25-322", "id": "ZDI-25-322", "kind": "published", "published_date": "2025-06-03", "status": "published", "title": "2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-322/", "vendor": "2BrightSparks", "vendor_url": null, "zdi_can": "ZDI-CAN-26962", "zdi_id": "ZDI-25-322" }, { "cve": "CVE-2025-5473", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-321/advisory.json", "detail_path": "advisories/ZDI-25-321", "id": "ZDI-25-321", "kind": "published", "published_date": "2025-06-03", "status": "published", "title": "GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-321/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-26752", "zdi_id": "ZDI-25-321" }, { "cve": "CVE-2025-26396", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds DameWare Mini Remote Control Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-25-320/advisory.json", "detail_path": "advisories/ZDI-25-320", "id": "ZDI-25-320", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-320/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-26279", "zdi_id": "ZDI-25-320" }, { "cve": "CVE-2025-37096", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-319/advisory.json", "detail_path": "advisories/ZDI-25-319", "id": "ZDI-25-319", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-319/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25316", "zdi_id": "ZDI-25-319" }, { "cve": "CVE-2025-37095", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...", "detail_json": "/data/advisories/ZDI-25-318/advisory.json", "detail_path": "advisories/ZDI-25-318", "id": "ZDI-25-318", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-318/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25315", "zdi_id": "ZDI-25-318" }, { "cve": "CVE-2025-37094", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-317/advisory.json", "detail_path": "advisories/ZDI-25-317", "id": "ZDI-25-317", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-317/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25314", "zdi_id": "ZDI-25-317" }, { "cve": "CVE-2025-37093", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the...", "detail_json": "/data/advisories/ZDI-25-316/advisory.json", "detail_path": "advisories/ZDI-25-316", "id": "ZDI-25-316", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-316/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24985", "zdi_id": "ZDI-25-316" }, { "cve": "CVE-2025-37092", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-315/advisory.json", "detail_path": "advisories/ZDI-25-315", "id": "ZDI-25-315", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-315/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24984", "zdi_id": "ZDI-25-315" }, { "cve": "CVE-2025-37091", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-314/advisory.json", "detail_path": "advisories/ZDI-25-314", "id": "ZDI-25-314", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-314/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24983", "zdi_id": "ZDI-25-314" }, { "cve": "CVE-2025-37090", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the impl...", "detail_json": "/data/advisories/ZDI-25-313/advisory.json", "detail_path": "advisories/ZDI-25-313", "id": "ZDI-25-313", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-313/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24982", "zdi_id": "ZDI-25-313" }, { "cve": "CVE-2025-37089", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-25-312/advisory.json", "detail_path": "advisories/ZDI-25-312", "id": "ZDI-25-312", "kind": "published", "published_date": "2025-06-02", "status": "published", "title": "Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-312/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24981", "zdi_id": "ZDI-25-312" }, { "cve": "CVE-2025-1051", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results fro...", "detail_json": "/data/advisories/ZDI-25-311/advisory.json", "detail_path": "advisories/ZDI-25-311", "id": "ZDI-25-311", "kind": "published", "published_date": "2025-05-29", "status": "published", "title": "(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-311/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-25865", "zdi_id": "ZDI-25-311" }, { "cve": "CVE-2025-22037", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-310/advisory.json", "detail_path": "advisories/ZDI-25-310", "id": "ZDI-25-310", "kind": "published", "published_date": "2025-05-29", "status": "published", "title": "Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-06-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-310/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-26505", "zdi_id": "ZDI-25-310" }, { "cve": "CVE-2025-2146", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticate...", "detail_json": "/data/advisories/ZDI-25-309/advisory.json", "detail_path": "advisories/ZDI-25-309", "id": "ZDI-25-309", "kind": "published", "published_date": "2025-05-28", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-309/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-25779", "zdi_id": "ZDI-25-309" }, { "cve": "CVE-2025-30310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dreamweaver. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-308/advisory.json", "detail_path": "advisories/ZDI-25-308", "id": "ZDI-25-308", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Adobe Dreamweaver V8 Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-308/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-25684", "zdi_id": "ZDI-25-308" }, { "cve": null, "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-307/advisory.json", "detail_path": "advisories/ZDI-25-307", "id": "ZDI-25-307", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-307/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-26711", "zdi_id": "ZDI-25-307" }, { "cve": "CVE-2024-5652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-25-306/advisory.json", "detail_path": "advisories/ZDI-25-306", "id": "ZDI-25-306", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-306/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-23513", "zdi_id": "ZDI-25-306" }, { "cve": "CVE-2025-31219", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-305/advisory.json", "detail_path": "advisories/ZDI-25-305", "id": "ZDI-25-305", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-305/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24156", "zdi_id": "ZDI-25-305" }, { "cve": "CVE-2025-31251", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-304/advisory.json", "detail_path": "advisories/ZDI-25-304", "id": "ZDI-25-304", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-304/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26603", "zdi_id": "ZDI-25-304" }, { "cve": "CVE-2025-24222", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-303/advisory.json", "detail_path": "advisories/ZDI-25-303", "id": "ZDI-25-303", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-303/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26148", "zdi_id": "ZDI-25-303" }, { "cve": "CVE-2025-31239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-302/advisory.json", "detail_path": "advisories/ZDI-25-302", "id": "ZDI-25-302", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple macOS CoreMedia Framework Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-302/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26650", "zdi_id": "ZDI-25-302" }, { "cve": "CVE-2025-31238", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-301/advisory.json", "detail_path": "advisories/ZDI-25-301", "id": "ZDI-25-301", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-301/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26150", "zdi_id": "ZDI-25-301" }, { "cve": "CVE-2025-31209", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may vary depending on the implement...", "detail_json": "/data/advisories/ZDI-25-300/advisory.json", "detail_path": "advisories/ZDI-25-300", "id": "ZDI-25-300", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple macOS PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-300/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26714", "zdi_id": "ZDI-25-300" }, { "cve": "CVE-2025-31208", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-299/advisory.json", "detail_path": "advisories/ZDI-25-299", "id": "ZDI-25-299", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple macOS acv2 Codec Converter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-299/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26783", "zdi_id": "ZDI-25-299" }, { "cve": "CVE-2025-31233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-298/advisory.json", "detail_path": "advisories/ZDI-25-298", "id": "ZDI-25-298", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-298/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26826", "zdi_id": "ZDI-25-298" }, { "cve": "CVE-2025-47867", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getBlock function. The issue results from...", "detail_json": "/data/advisories/ZDI-25-297/advisory.json", "detail_path": "advisories/ZDI-25-297", "id": "ZDI-25-297", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-297/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24936", "zdi_id": "ZDI-25-297" }, { "cve": "CVE-2025-47866", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to upload arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTMCM webapp widget. The issue results...", "detail_json": "/data/advisories/ZDI-25-296/advisory.json", "detail_path": "advisories/ZDI-25-296", "id": "ZDI-25-296", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-296/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25331", "zdi_id": "ZDI-25-296" }, { "cve": "CVE-2025-47865", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. Th...", "detail_json": "/data/advisories/ZDI-25-295/advisory.json", "detail_path": "advisories/ZDI-25-295", "id": "ZDI-25-295", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-295/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24938", "zdi_id": "ZDI-25-295" }, { "cve": "CVE-2025-29975", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-25-294/advisory.json", "detail_path": "advisories/ZDI-25-294", "id": "ZDI-25-294", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-294/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26137", "zdi_id": "ZDI-25-294" }, { "cve": "CVE-2025-29837", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-293/advisory.json", "detail_path": "advisories/ZDI-25-293", "id": "ZDI-25-293", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "Microsoft Windows Installer Service Link Following Information Disclosure Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-293/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26153", "zdi_id": "ZDI-25-293" }, { "cve": "CVE-2025-4918", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-292/advisory.json", "detail_path": "advisories/ZDI-25-292", "id": "ZDI-25-292", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "(Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-06-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-292/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-27202", "zdi_id": "ZDI-25-292" }, { "cve": "CVE-2025-4919", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-291/advisory.json", "detail_path": "advisories/ZDI-25-291", "id": "ZDI-25-291", "kind": "published", "published_date": "2025-05-21", "status": "published", "title": "(Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-291/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-27172", "zdi_id": "ZDI-25-291" }, { "cve": "CVE-2025-3617", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-25-290/advisory.json", "detail_path": "advisories/ZDI-25-290", "id": "ZDI-25-290", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-290/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25727", "zdi_id": "ZDI-25-290" }, { "cve": "CVE-2025-3618", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ThinServer compo...", "detail_json": "/data/advisories/ZDI-25-289/advisory.json", "detail_path": "advisories/ZDI-25-289", "id": "ZDI-25-289", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2025-05-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-289/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25872", "zdi_id": "ZDI-25-289" }, { "cve": "CVE-2025-25254", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgi_httpcontentrouting_post function. The issue...", "detail_json": "/data/advisories/ZDI-25-288/advisory.json", "detail_path": "advisories/ZDI-25-288", "id": "ZDI-25-288", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-05-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-288/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-25181", "zdi_id": "ZDI-25-288" }, { "cve": "CVE-2025-46618", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of filenames in the diagno...", "detail_json": "/data/advisories/ZDI-25-287/advisory.json", "detail_path": "advisories/ZDI-25-287", "id": "ZDI-25-287", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability", "updated_date": "2025-05-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-287/", "vendor": "JetBrains", "vendor_url": null, "zdi_can": "ZDI-CAN-25977", "zdi_id": "ZDI-25-287" }, { "cve": "CVE-2025-1883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-286/advisory.json", "detail_path": "advisories/ZDI-25-286", "id": "ZDI-25-286", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-05-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-286/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26017", "zdi_id": "ZDI-25-286" }, { "cve": "CVE-2025-1884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-285/advisory.json", "detail_path": "advisories/ZDI-25-285", "id": "ZDI-25-285", "kind": "published", "published_date": "2025-05-13", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-05-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-285/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-26029", "zdi_id": "ZDI-25-285" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-284/advisory.json", "detail_path": "advisories/ZDI-25-284", "id": "ZDI-25-284", "kind": "published", "published_date": "2025-05-02", "status": "published", "title": "MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-05-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-284/", "vendor": "MATE Desktop", "vendor_url": null, "zdi_can": "ZDI-CAN-22063", "zdi_id": "ZDI-25-284" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-25-283/advisory.json", "detail_path": "advisories/ZDI-25-283", "id": "ZDI-25-283", "kind": "published", "published_date": "2025-05-02", "status": "published", "title": "MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability", "updated_date": "2025-05-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-283/", "vendor": "MATE Desktop", "vendor_url": null, "zdi_can": "ZDI-CAN-22225", "zdi_id": "ZDI-25-283" }, { "cve": "CVE-2025-2774", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of p...", "detail_json": "/data/advisories/ZDI-25-282/advisory.json", "detail_path": "advisories/ZDI-25-282", "id": "ZDI-25-282", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Webmin CRLF Injection Privilege Escalation Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-282/", "vendor": "Webmin", "vendor_url": null, "zdi_can": "ZDI-CAN-26502", "zdi_id": "ZDI-25-282" }, { "cve": "CVE-2025-20175", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by defaul...", "detail_json": "/data/advisories/ZDI-25-281/advisory.json", "detail_path": "advisories/ZDI-25-281", "id": "ZDI-25-281", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-281/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25017", "zdi_id": "ZDI-25-281" }, { "cve": "CVE-2025-20170", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-280/advisory.json", "detail_path": "advisories/ZDI-25-280", "id": "ZDI-25-280", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-280/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25024", "zdi_id": "ZDI-25-280" }, { "cve": "CVE-2025-20173", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by defaul...", "detail_json": "/data/advisories/ZDI-25-279/advisory.json", "detail_path": "advisories/ZDI-25-279", "id": "ZDI-25-279", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-279/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25022", "zdi_id": "ZDI-25-279" }, { "cve": "CVE-2025-20176", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by defaul...", "detail_json": "/data/advisories/ZDI-25-278/advisory.json", "detail_path": "advisories/ZDI-25-278", "id": "ZDI-25-278", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-278/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25021", "zdi_id": "ZDI-25-278" }, { "cve": "CVE-2025-20175", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by defaul...", "detail_json": "/data/advisories/ZDI-25-277/advisory.json", "detail_path": "advisories/ZDI-25-277", "id": "ZDI-25-277", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-277/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25020", "zdi_id": "ZDI-25-277" }, { "cve": "CVE-2025-20174", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by defaul...", "detail_json": "/data/advisories/ZDI-25-276/advisory.json", "detail_path": "advisories/ZDI-25-276", "id": "ZDI-25-276", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-276/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25019", "zdi_id": "ZDI-25-276" }, { "cve": "CVE-2025-20171", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-275/advisory.json", "detail_path": "advisories/ZDI-25-275", "id": "ZDI-25-275", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-275/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25018", "zdi_id": "ZDI-25-275" }, { "cve": "CVE-2025-20172", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-274/advisory.json", "detail_path": "advisories/ZDI-25-274", "id": "ZDI-25-274", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-274/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25575", "zdi_id": "ZDI-25-274" }, { "cve": "CVE-2025-20172", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-273/advisory.json", "detail_path": "advisories/ZDI-25-273", "id": "ZDI-25-273", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-273/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25023", "zdi_id": "ZDI-25-273" }, { "cve": "CVE-2025-20172", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-272/advisory.json", "detail_path": "advisories/ZDI-25-272", "id": "ZDI-25-272", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-272/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25576", "zdi_id": "ZDI-25-272" }, { "cve": "CVE-2025-20172", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-271/advisory.json", "detail_path": "advisories/ZDI-25-271", "id": "ZDI-25-271", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-271/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25577", "zdi_id": "ZDI-25-271" }, { "cve": "CVE-2025-20169", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port...", "detail_json": "/data/advisories/ZDI-25-270/advisory.json", "detail_path": "advisories/ZDI-25-270", "id": "ZDI-25-270", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-270/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-25030", "zdi_id": "ZDI-25-270" }, { "cve": "CVE-2024-10445", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of fi...", "detail_json": "/data/advisories/ZDI-25-269/advisory.json", "detail_path": "advisories/ZDI-25-269", "id": "ZDI-25-269", "kind": "published", "published_date": "2025-05-01", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability", "updated_date": "2025-05-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-269/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25663", "zdi_id": "ZDI-25-269" }, { "cve": "CVE-2025-2759", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-268/advisory.json", "detail_path": "advisories/ZDI-25-268", "id": "ZDI-25-268", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-268/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-25448", "zdi_id": "ZDI-25-268" }, { "cve": "CVE-2025-3887", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-267/advisory.json", "detail_path": "advisories/ZDI-25-267", "id": "ZDI-25-267", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-07-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-267/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-26596", "zdi_id": "ZDI-25-267" }, { "cve": "CVE-2025-29953", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-25-266/advisory.json", "detail_path": "advisories/ZDI-25-266", "id": "ZDI-25-266", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-266/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-22235", "zdi_id": "ZDI-25-266" }, { "cve": "CVE-2025-2082", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate...", "detail_json": "/data/advisories/ZDI-25-265/advisory.json", "detail_path": "advisories/ZDI-25-265", "id": "ZDI-25-265", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-265/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23800", "zdi_id": "ZDI-25-265" }, { "cve": "CVE-2024-6032", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-25-264/advisory.json", "detail_path": "advisories/ZDI-25-264", "id": "ZDI-25-264", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-264/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23201", "zdi_id": "ZDI-25-264" }, { "cve": "CVE-2024-6030", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-263/advisory.json", "detail_path": "advisories/ZDI-25-263", "id": "ZDI-25-263", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-263/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23200", "zdi_id": "ZDI-25-263" }, { "cve": "CVE-2024-13943", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-25-262/advisory.json", "detail_path": "advisories/ZDI-25-262", "id": "ZDI-25-262", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-262/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23199", "zdi_id": "ZDI-25-262" }, { "cve": "CVE-2024-6031", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-25-261/advisory.json", "detail_path": "advisories/ZDI-25-261", "id": "ZDI-25-261", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-261/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23198", "zdi_id": "ZDI-25-261" }, { "cve": "CVE-2024-6029", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue res...", "detail_json": "/data/advisories/ZDI-25-260/advisory.json", "detail_path": "advisories/ZDI-25-260", "id": "ZDI-25-260", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-260/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-23197", "zdi_id": "ZDI-25-260" }, { "cve": "CVE-2024-34098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-259/advisory.json", "detail_path": "advisories/ZDI-25-259", "id": "ZDI-25-259", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-259/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23843", "zdi_id": "ZDI-25-259" }, { "cve": "CVE-2024-34099", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-258/advisory.json", "detail_path": "advisories/ZDI-25-258", "id": "ZDI-25-258", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-258/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23553", "zdi_id": "ZDI-25-258" }, { "cve": "CVE-2024-21113", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-25-257/advisory.json", "detail_path": "advisories/ZDI-25-257", "id": "ZDI-25-257", "kind": "published", "published_date": "2025-04-30", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2025-04-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-257/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23786", "zdi_id": "ZDI-25-257" }, { "cve": "CVE-2025-3500", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-25-256/advisory.json", "detail_path": "advisories/ZDI-25-256", "id": "ZDI-25-256", "kind": "published", "published_date": "2025-04-24", "status": "published", "title": "Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2025-04-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-256/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-26610", "zdi_id": "ZDI-25-256" }, { "cve": "CVE-2025-3486", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the isZipEntryValide method. The issue r...", "detail_json": "/data/advisories/ZDI-25-255/advisory.json", "detail_path": "advisories/ZDI-25-255", "id": "ZDI-25-255", "kind": "published", "published_date": "2025-04-24", "status": "published", "title": "Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-04-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-255/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-25730", "zdi_id": "ZDI-25-255" }, { "cve": "CVE-2025-3485", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue...", "detail_json": "/data/advisories/ZDI-25-254/advisory.json", "detail_path": "advisories/ZDI-25-254", "id": "ZDI-25-254", "kind": "published", "published_date": "2025-04-24", "status": "published", "title": "Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-254/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-26524", "zdi_id": "ZDI-25-254" }, { "cve": "CVE-2025-32817", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-25-253/advisory.json", "detail_path": "advisories/ZDI-25-253", "id": "ZDI-25-253", "kind": "published", "published_date": "2025-04-24", "status": "published", "title": "SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability", "updated_date": "2025-05-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-253/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-25726", "zdi_id": "ZDI-25-253" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Cato Networks Cato Client for macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-252/advisory.json", "detail_path": "advisories/ZDI-25-252", "id": "ZDI-25-252", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2025-04-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-252/", "vendor": "Cato Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-23275", "zdi_id": "ZDI-25-252" }, { "cve": "CVE-2025-3885", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth...", "detail_json": "/data/advisories/ZDI-25-251/advisory.json", "detail_path": "advisories/ZDI-25-251", "id": "ZDI-25-251", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2025-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-251/", "vendor": "Harman Becker", "vendor_url": null, "zdi_can": "ZDI-CAN-23942", "zdi_id": "ZDI-25-251" }, { "cve": "CVE-2025-3884", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Ace Editor web application. The issue res...", "detail_json": "/data/advisories/ZDI-25-250/advisory.json", "detail_path": "advisories/ZDI-25-250", "id": "ZDI-25-250", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability", "updated_date": "2025-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-250/", "vendor": "Cloudera", "vendor_url": null, "zdi_can": "ZDI-CAN-24332", "zdi_id": "ZDI-25-250" }, { "cve": "CVE-2025-3883", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-25-249/advisory.json", "detail_path": "advisories/ZDI-25-249", "id": "ZDI-25-249", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-249/", "vendor": "eCharge Hardy Barth", "vendor_url": null, "zdi_can": "ZDI-CAN-23115", "zdi_id": "ZDI-25-249" }, { "cve": "CVE-2025-3882", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-25-248/advisory.json", "detail_path": "advisories/ZDI-25-248", "id": "ZDI-25-248", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-248/", "vendor": "eCharge Hardy Barth", "vendor_url": null, "zdi_can": "ZDI-CAN-23114", "zdi_id": "ZDI-25-248" }, { "cve": "CVE-2025-3881", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-25-247/advisory.json", "detail_path": "advisories/ZDI-25-247", "id": "ZDI-25-247", "kind": "published", "published_date": "2025-04-23", "status": "published", "title": "(0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-247/", "vendor": "eCharge Hardy Barth", "vendor_url": null, "zdi_can": "ZDI-CAN-23113", "zdi_id": "ZDI-25-247" }, { "cve": "CVE-2025-3480", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The is...", "detail_json": "/data/advisories/ZDI-25-246/advisory.json", "detail_path": "advisories/ZDI-25-246", "id": "ZDI-25-246", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability", "updated_date": "2025-04-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-246/", "vendor": "MedDream", "vendor_url": null, "zdi_can": "ZDI-CAN-25842", "zdi_id": "ZDI-25-246" }, { "cve": "CVE-2025-3481", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results...", "detail_json": "/data/advisories/ZDI-25-245/advisory.json", "detail_path": "advisories/ZDI-25-245", "id": "ZDI-25-245", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-245/", "vendor": "MedDream", "vendor_url": null, "zdi_can": "ZDI-CAN-25827", "zdi_id": "ZDI-25-245" }, { "cve": "CVE-2025-3482", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results...", "detail_json": "/data/advisories/ZDI-25-244/advisory.json", "detail_path": "advisories/ZDI-25-244", "id": "ZDI-25-244", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-244/", "vendor": "MedDream", "vendor_url": null, "zdi_can": "ZDI-CAN-25826", "zdi_id": "ZDI-25-244" }, { "cve": "CVE-2025-3483", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results...", "detail_json": "/data/advisories/ZDI-25-243/advisory.json", "detail_path": "advisories/ZDI-25-243", "id": "ZDI-25-243", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-243/", "vendor": "MedDream", "vendor_url": null, "zdi_can": "ZDI-CAN-25825", "zdi_id": "ZDI-25-243" }, { "cve": "CVE-2025-3484", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results...", "detail_json": "/data/advisories/ZDI-25-242/advisory.json", "detail_path": "advisories/ZDI-25-242", "id": "ZDI-25-242", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-242/", "vendor": "MedDream", "vendor_url": null, "zdi_can": "ZDI-CAN-25853", "zdi_id": "ZDI-25-242" }, { "cve": "CVE-2025-30642", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t...", "detail_json": "/data/advisories/ZDI-25-241/advisory.json", "detail_path": "advisories/ZDI-25-241", "id": "ZDI-25-241", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-241/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25681", "zdi_id": "ZDI-25-241" }, { "cve": "CVE-2025-30641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-25-240/advisory.json", "detail_path": "advisories/ZDI-25-240", "id": "ZDI-25-240", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-240/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24931", "zdi_id": "ZDI-25-240" }, { "cve": "CVE-2025-30640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-25-239/advisory.json", "detail_path": "advisories/ZDI-25-239", "id": "ZDI-25-239", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-239/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24930", "zdi_id": "ZDI-25-239" }, { "cve": "CVE-2025-30680", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Query metho...", "detail_json": "/data/advisories/ZDI-25-238/advisory.json", "detail_path": "advisories/ZDI-25-238", "id": "ZDI-25-238", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-238/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25524", "zdi_id": "ZDI-25-238" }, { "cve": "CVE-2025-30679", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-25-237/advisory.json", "detail_path": "advisories/ZDI-25-237", "id": "ZDI-25-237", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-237/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24934", "zdi_id": "ZDI-25-237" }, { "cve": "CVE-2025-30678", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-25-236/advisory.json", "detail_path": "advisories/ZDI-25-236", "id": "ZDI-25-236", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-236/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24939", "zdi_id": "ZDI-25-236" }, { "cve": "CVE-2025-22461", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the OpenRecordSet method...", "detail_json": "/data/advisories/ZDI-25-235/advisory.json", "detail_path": "advisories/ZDI-25-235", "id": "ZDI-25-235", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-235/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25953", "zdi_id": "ZDI-25-235" }, { "cve": "CVE-2025-29812", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-234/advisory.json", "detail_path": "advisories/ZDI-25-234", "id": "ZDI-25-234", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-234/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25985", "zdi_id": "ZDI-25-234" }, { "cve": "CVE-2025-1045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-25-233/advisory.json", "detail_path": "advisories/ZDI-25-233", "id": "ZDI-25-233", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-233/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-24586", "zdi_id": "ZDI-25-233" }, { "cve": "CVE-2025-1047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-232/advisory.json", "detail_path": "advisories/ZDI-25-232", "id": "ZDI-25-232", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-232/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23694", "zdi_id": "ZDI-25-232" }, { "cve": "CVE-2025-1046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-231/advisory.json", "detail_path": "advisories/ZDI-25-231", "id": "ZDI-25-231", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-231/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23646", "zdi_id": "ZDI-25-231" }, { "cve": "CVE-2024-49413", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-230/advisory.json", "detail_path": "advisories/ZDI-25-230", "id": "ZDI-25-230", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-230/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25651", "zdi_id": "ZDI-25-230" }, { "cve": "CVE-2024-49421", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform activities on the target device. The specific flaw exists within the Quick Sha...", "detail_json": "/data/advisories/ZDI-25-229/advisory.json", "detail_path": "advisories/ZDI-25-229", "id": "ZDI-25-229", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-229/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25650", "zdi_id": "ZDI-25-229" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform activities on the target device. The specific flaw exists within the Quick Sha...", "detail_json": "/data/advisories/ZDI-25-228/advisory.json", "detail_path": "advisories/ZDI-25-228", "id": "ZDI-25-228", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-228/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25649", "zdi_id": "ZDI-25-228" }, { "cve": "CVE-2024-49420", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to execute low-privileged script on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-25-227/advisory.json", "detail_path": "advisories/ZDI-25-227", "id": "ZDI-25-227", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-227/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25648", "zdi_id": "ZDI-25-227" }, { "cve": "CVE-2024-49419, CVE-2024-49418", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Samsung Galaxy S24 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-226/advisory.json", "detail_path": "advisories/ZDI-25-226", "id": "ZDI-25-226", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-226/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25581", "zdi_id": "ZDI-25-226" }, { "cve": "CVE-2025-1050", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue res...", "detail_json": "/data/advisories/ZDI-25-225/advisory.json", "detail_path": "advisories/ZDI-25-225", "id": "ZDI-25-225", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-225/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-25606", "zdi_id": "ZDI-25-225" }, { "cve": "CVE-2025-1049", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ID3 data. The issue results from...", "detail_json": "/data/advisories/ZDI-25-224/advisory.json", "detail_path": "advisories/ZDI-25-224", "id": "ZDI-25-224", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-224/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-25601", "zdi_id": "ZDI-25-224" }, { "cve": "CVE-2025-1048", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMB data. The i...", "detail_json": "/data/advisories/ZDI-25-223/advisory.json", "detail_path": "advisories/ZDI-25-223", "id": "ZDI-25-223", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-223/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-25535", "zdi_id": "ZDI-25-223" }, { "cve": "CVE-2024-11346", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the concatstrings met...", "detail_json": "/data/advisories/ZDI-25-222/advisory.json", "detail_path": "advisories/ZDI-25-222", "id": "ZDI-25-222", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-222/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25674", "zdi_id": "ZDI-25-222" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX331adwe printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-25-221/advisory.json", "detail_path": "advisories/ZDI-25-221", "id": "ZDI-25-221", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-221/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25849", "zdi_id": "ZDI-25-221" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the PATH_TRAN...", "detail_json": "/data/advisories/ZDI-25-220/advisory.json", "detail_path": "advisories/ZDI-25-220", "id": "ZDI-25-220", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-220/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25848", "zdi_id": "ZDI-25-220" }, { "cve": "CVE-2024-11347", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of JBIG2 files. T...", "detail_json": "/data/advisories/ZDI-25-219/advisory.json", "detail_path": "advisories/ZDI-25-219", "id": "ZDI-25-219", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-219/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25676", "zdi_id": "ZDI-25-219" }, { "cve": "CVE-2024-11345", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of JPEG2000 files...", "detail_json": "/data/advisories/ZDI-25-218/advisory.json", "detail_path": "advisories/ZDI-25-218", "id": "ZDI-25-218", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-218/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25621", "zdi_id": "ZDI-25-218" }, { "cve": "CVE-2024-11344", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loadCFFdata method. The i...", "detail_json": "/data/advisories/ZDI-25-217/advisory.json", "detail_path": "advisories/ZDI-25-217", "id": "ZDI-25-217", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-217/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-25539", "zdi_id": "ZDI-25-217" }, { "cve": "CVE-2024-11131", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology TC500 cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ONVIF p...", "detail_json": "/data/advisories/ZDI-25-216/advisory.json", "detail_path": "advisories/ZDI-25-216", "id": "ZDI-25-216", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-216/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25538", "zdi_id": "ZDI-25-216" }, { "cve": "CVE-2024-10444", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of LD...", "detail_json": "/data/advisories/ZDI-25-215/advisory.json", "detail_path": "advisories/ZDI-25-215", "id": "ZDI-25-215", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-215/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25487", "zdi_id": "ZDI-25-215" }, { "cve": "CVE-2024-10441", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of t...", "detail_json": "/data/advisories/ZDI-25-214/advisory.json", "detail_path": "advisories/ZDI-25-214", "id": "ZDI-25-214", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-214/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25403", "zdi_id": "ZDI-25-214" }, { "cve": "CVE-2024-50631", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the update_settings co...", "detail_json": "/data/advisories/ZDI-25-213/advisory.json", "detail_path": "advisories/ZDI-25-213", "id": "ZDI-25-213", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-213/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25659", "zdi_id": "ZDI-25-213" }, { "cve": "CVE-2024-50630", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syncd authentic...", "detail_json": "/data/advisories/ZDI-25-212/advisory.json", "detail_path": "advisories/ZDI-25-212", "id": "ZDI-25-212", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-212/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25658", "zdi_id": "ZDI-25-212" }, { "cve": "CVE-2024-50629", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsin...", "detail_json": "/data/advisories/ZDI-25-211/advisory.json", "detail_path": "advisories/ZDI-25-211", "id": "ZDI-25-211", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-211/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25613", "zdi_id": "ZDI-25-211" }, { "cve": "CVE-2024-10445", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ta...", "detail_json": "/data/advisories/ZDI-25-210/advisory.json", "detail_path": "advisories/ZDI-25-210", "id": "ZDI-25-210", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-210/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25662", "zdi_id": "ZDI-25-210" }, { "cve": "CVE-2024-10445", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the d...", "detail_json": "/data/advisories/ZDI-25-209/advisory.json", "detail_path": "advisories/ZDI-25-209", "id": "ZDI-25-209", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-209/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25617", "zdi_id": "ZDI-25-209" }, { "cve": "CVE-2024-10442", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of co...", "detail_json": "/data/advisories/ZDI-25-208/advisory.json", "detail_path": "advisories/ZDI-25-208", "id": "ZDI-25-208", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-208/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25607", "zdi_id": "ZDI-25-208" }, { "cve": "CVE-2024-10443", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-25-207/advisory.json", "detail_path": "advisories/ZDI-25-207", "id": "ZDI-25-207", "kind": "published", "published_date": "2025-04-09", "status": "published", "title": "(Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-207/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-25623", "zdi_id": "ZDI-25-207" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When in...", "detail_json": "/data/advisories/ZDI-25-206/advisory.json", "detail_path": "advisories/ZDI-25-206", "id": "ZDI-25-206", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-206/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-25427", "zdi_id": "ZDI-25-206" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When in...", "detail_json": "/data/advisories/ZDI-25-205/advisory.json", "detail_path": "advisories/ZDI-25-205", "id": "ZDI-25-205", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-205/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-25426", "zdi_id": "ZDI-25-205" }, { "cve": "CVE-2025-2761", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-204/advisory.json", "detail_path": "advisories/ZDI-25-204", "id": "ZDI-25-204", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-25100", "zdi_id": "ZDI-25-204" }, { "cve": "CVE-2025-2760", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-25-203/advisory.json", "detail_path": "advisories/ZDI-25-203", "id": "ZDI-25-203", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-25082", "zdi_id": "ZDI-25-203" }, { "cve": "CVE-2024-55597", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary XML schema files on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgi_xmlprotection_xmlschemafile_post...", "detail_json": "/data/advisories/ZDI-25-202/advisory.json", "detail_path": "advisories/ZDI-25-202", "id": "ZDI-25-202", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-202/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-25559", "zdi_id": "ZDI-25-202" }, { "cve": "CVE-2025-27529", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-25-201/advisory.json", "detail_path": "advisories/ZDI-25-201", "id": "ZDI-25-201", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-201/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25572", "zdi_id": "ZDI-25-201" }, { "cve": "CVE-2025-30232", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-25-200/advisory.json", "detail_path": "advisories/ZDI-25-200", "id": "ZDI-25-200", "kind": "published", "published_date": "2025-04-07", "status": "published", "title": "Exim Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-04-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-200/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-26250", "zdi_id": "ZDI-25-200" }, { "cve": "CVE-2025-1660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-199/advisory.json", "detail_path": "advisories/ZDI-25-199", "id": "ZDI-25-199", "kind": "published", "published_date": "2025-04-03", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-04-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-199/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25970", "zdi_id": "ZDI-25-199" }, { "cve": "CVE-2025-1659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-198/advisory.json", "detail_path": "advisories/ZDI-25-198", "id": "ZDI-25-198", "kind": "published", "published_date": "2025-04-03", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-04-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-198/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25968", "zdi_id": "ZDI-25-198" }, { "cve": "CVE-2025-1658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-197/advisory.json", "detail_path": "advisories/ZDI-25-197", "id": "ZDI-25-197", "kind": "published", "published_date": "2025-04-03", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-04-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-197/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25971", "zdi_id": "ZDI-25-197" }, { "cve": "CVE-2025-24185", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-196/advisory.json", "detail_path": "advisories/ZDI-25-196", "id": "ZDI-25-196", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-196/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25736", "zdi_id": "ZDI-25-196" }, { "cve": "CVE-2025-24210", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-195/advisory.json", "detail_path": "advisories/ZDI-25-195", "id": "ZDI-25-195", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-195/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25812", "zdi_id": "ZDI-25-195" }, { "cve": "CVE-2025-24256", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-194/advisory.json", "detail_path": "advisories/ZDI-25-194", "id": "ZDI-25-194", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-194/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26063", "zdi_id": "ZDI-25-194" }, { "cve": "CVE-2025-24182", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-193/advisory.json", "detail_path": "advisories/ZDI-25-193", "id": "ZDI-25-193", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-193/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26154", "zdi_id": "ZDI-25-193" }, { "cve": "CVE-2025-24190", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-192/advisory.json", "detail_path": "advisories/ZDI-25-192", "id": "ZDI-25-192", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-192/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26494", "zdi_id": "ZDI-25-192" }, { "cve": "CVE-2025-24211", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-191/advisory.json", "detail_path": "advisories/ZDI-25-191", "id": "ZDI-25-191", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-191/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26497", "zdi_id": "ZDI-25-191" }, { "cve": "CVE-2025-24230", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-190/advisory.json", "detail_path": "advisories/ZDI-25-190", "id": "ZDI-25-190", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-190/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26495", "zdi_id": "ZDI-25-190" }, { "cve": "CVE-2025-24243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-189/advisory.json", "detail_path": "advisories/ZDI-25-189", "id": "ZDI-25-189", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-189/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26248", "zdi_id": "ZDI-25-189" }, { "cve": "CVE-2025-24244", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the impleme...", "detail_json": "/data/advisories/ZDI-25-188/advisory.json", "detail_path": "advisories/ZDI-25-188", "id": "ZDI-25-188", "kind": "published", "published_date": "2025-04-01", "status": "published", "title": "Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-188/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26247", "zdi_id": "ZDI-25-188" }, { "cve": "CVE-2025-2773", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-25-187/advisory.json", "detail_path": "advisories/ZDI-25-187", "id": "ZDI-25-187", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-11-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-187/", "vendor": "BEC Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-25903", "zdi_id": "ZDI-25-187" }, { "cve": "CVE-2025-2770", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The iss...", "detail_json": "/data/advisories/ZDI-25-186/advisory.json", "detail_path": "advisories/ZDI-25-186", "id": "ZDI-25-186", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability", "updated_date": "2025-11-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-186/", "vendor": "BEC Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-25986", "zdi_id": "ZDI-25-186" }, { "cve": "CVE-2025-2772", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermana...", "detail_json": "/data/advisories/ZDI-25-185/advisory.json", "detail_path": "advisories/ZDI-25-185", "id": "ZDI-25-185", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability", "updated_date": "2025-11-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-185/", "vendor": "BEC Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-25895", "zdi_id": "ZDI-25-185" }, { "cve": "CVE-2025-2771", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue re...", "detail_json": "/data/advisories/ZDI-25-184/advisory.json", "detail_path": "advisories/ZDI-25-184", "id": "ZDI-25-184", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) BEC Technologies Multiple Routers Authentication Bypass Vulnerability", "updated_date": "2025-11-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-184/", "vendor": "BEC Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-25894", "zdi_id": "ZDI-25-184" }, { "cve": "CVE-2025-2769", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-183/advisory.json", "detail_path": "advisories/ZDI-25-183", "id": "ZDI-25-183", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-183/", "vendor": "Bdrive", "vendor_url": null, "zdi_can": "ZDI-CAN-25295", "zdi_id": "ZDI-25-183" }, { "cve": "CVE-2025-2768", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-182/advisory.json", "detail_path": "advisories/ZDI-25-182", "id": "ZDI-25-182", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-182/", "vendor": "Bdrive", "vendor_url": null, "zdi_can": "ZDI-CAN-25041", "zdi_id": "ZDI-25-182" }, { "cve": "CVE-2025-2767", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP hea...", "detail_json": "/data/advisories/ZDI-25-181/advisory.json", "detail_path": "advisories/ZDI-25-181", "id": "ZDI-25-181", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-181/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-24407", "zdi_id": "ZDI-25-181" }, { "cve": "CVE-2025-2766", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. Th...", "detail_json": "/data/advisories/ZDI-25-180/advisory.json", "detail_path": "advisories/ZDI-25-180", "id": "ZDI-25-180", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) 70mai A510 Use of Default Password Authentication Bypass Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-180/", "vendor": "70mai", "vendor_url": null, "zdi_can": "ZDI-CAN-24996", "zdi_id": "ZDI-25-180" }, { "cve": "CVE-2025-2763", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update p...", "detail_json": "/data/advisories/ZDI-25-179/advisory.json", "detail_path": "advisories/ZDI-25-179", "id": "ZDI-25-179", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-179/", "vendor": "CarlinKit", "vendor_url": null, "zdi_can": "ZDI-CAN-24356", "zdi_id": "ZDI-25-179" }, { "cve": "CVE-2025-2764", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-25-178/advisory.json", "detail_path": "advisories/ZDI-25-178", "id": "ZDI-25-178", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-178/", "vendor": "CarlinKit", "vendor_url": null, "zdi_can": "ZDI-CAN-24355", "zdi_id": "ZDI-25-178" }, { "cve": "CVE-2025-2765", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wi...", "detail_json": "/data/advisories/ZDI-25-177/advisory.json", "detail_path": "advisories/ZDI-25-177", "id": "ZDI-25-177", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-177/", "vendor": "CarlinKit", "vendor_url": null, "zdi_can": "ZDI-CAN-24349", "zdi_id": "ZDI-25-177" }, { "cve": "CVE-2025-2762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-25-176/advisory.json", "detail_path": "advisories/ZDI-25-176", "id": "ZDI-25-176", "kind": "published", "published_date": "2025-03-25", "status": "published", "title": "(0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-176/", "vendor": "CarlinKit", "vendor_url": null, "zdi_can": "ZDI-CAN-25948", "zdi_id": "ZDI-25-176" }, { "cve": "CVE-2025-2532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-175/advisory.json", "detail_path": "advisories/ZDI-25-175", "id": "ZDI-25-175", "kind": "published", "published_date": "2025-03-20", "status": "published", "title": "(0Day) Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-175/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23709", "zdi_id": "ZDI-25-175" }, { "cve": "CVE-2025-2531", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-174/advisory.json", "detail_path": "advisories/ZDI-25-174", "id": "ZDI-25-174", "kind": "published", "published_date": "2025-03-20", "status": "published", "title": "(0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-174/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23704", "zdi_id": "ZDI-25-174" }, { "cve": "CVE-2025-2530", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-173/advisory.json", "detail_path": "advisories/ZDI-25-173", "id": "ZDI-25-173", "kind": "published", "published_date": "2025-03-20", "status": "published", "title": "(0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2025-03-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-173/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23698", "zdi_id": "ZDI-25-173" }, { "cve": "CVE-2025-24124", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-172/advisory.json", "detail_path": "advisories/ZDI-25-172", "id": "ZDI-25-172", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-172/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25319", "zdi_id": "ZDI-25-172" }, { "cve": "CVE-2024-54500", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-25-171/advisory.json", "detail_path": "advisories/ZDI-25-171", "id": "ZDI-25-171", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS ImageIO Pixel Conversion Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-171/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25242", "zdi_id": "ZDI-25-171" }, { "cve": "CVE-2024-54501", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-170/advisory.json", "detail_path": "advisories/ZDI-25-170", "id": "ZDI-25-170", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS WindowServer Denial-of-Service Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-170/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25546", "zdi_id": "ZDI-25-170" }, { "cve": "CVE-2024-54497", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WindowServer component. The issue re...", "detail_json": "/data/advisories/ZDI-25-169/advisory.json", "detail_path": "advisories/ZDI-25-169", "id": "ZDI-25-169", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS WindowServer Unchecked Input for Loop Condition Denial-of-Service Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-169/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25201", "zdi_id": "ZDI-25-169" }, { "cve": "CVE-2025-24123", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-25-168/advisory.json", "detail_path": "advisories/ZDI-25-168", "id": "ZDI-25-168", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-168/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25370", "zdi_id": "ZDI-25-168" }, { "cve": "CVE-2025-24139", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-167/advisory.json", "detail_path": "advisories/ZDI-25-167", "id": "ZDI-25-167", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-167/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25735", "zdi_id": "ZDI-25-167" }, { "cve": "CVE-2024-54486", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementa...", "detail_json": "/data/advisories/ZDI-25-166/advisory.json", "detail_path": "advisories/ZDI-25-166", "id": "ZDI-25-166", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS libFontParser Glyph Mapping Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-166/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25338", "zdi_id": "ZDI-25-166" }, { "cve": "CVE-2024-54499", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-25-165/advisory.json", "detail_path": "advisories/ZDI-25-165", "id": "ZDI-25-165", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple macOS ImageIO JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-165/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25661", "zdi_id": "ZDI-25-165" }, { "cve": "CVE-2025-24149", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple SceneKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-25-164/advisory.json", "detail_path": "advisories/ZDI-25-164", "id": "ZDI-25-164", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-164/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25808", "zdi_id": "ZDI-25-164" }, { "cve": "CVE-2025-1652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-163/advisory.json", "detail_path": "advisories/ZDI-25-163", "id": "ZDI-25-163", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-163/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26554", "zdi_id": "ZDI-25-163" }, { "cve": "CVE-2025-1427", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-162/advisory.json", "detail_path": "advisories/ZDI-25-162", "id": "ZDI-25-162", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-162/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25695", "zdi_id": "ZDI-25-162" }, { "cve": "CVE-2025-1428", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-161/advisory.json", "detail_path": "advisories/ZDI-25-161", "id": "ZDI-25-161", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-161/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25767", "zdi_id": "ZDI-25-161" }, { "cve": "CVE-2025-1429", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-160/advisory.json", "detail_path": "advisories/ZDI-25-160", "id": "ZDI-25-160", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-160/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25784", "zdi_id": "ZDI-25-160" }, { "cve": "CVE-2025-1649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-159/advisory.json", "detail_path": "advisories/ZDI-25-159", "id": "ZDI-25-159", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD CATPRODUCT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-159/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25811", "zdi_id": "ZDI-25-159" }, { "cve": "CVE-2025-1650", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-158/advisory.json", "detail_path": "advisories/ZDI-25-158", "id": "ZDI-25-158", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-158/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25951", "zdi_id": "ZDI-25-158" }, { "cve": "CVE-2025-1651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-157/advisory.json", "detail_path": "advisories/ZDI-25-157", "id": "ZDI-25-157", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-157/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25952", "zdi_id": "ZDI-25-157" }, { "cve": "CVE-2025-1430", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-156/advisory.json", "detail_path": "advisories/ZDI-25-156", "id": "ZDI-25-156", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-156/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25989", "zdi_id": "ZDI-25-156" }, { "cve": "CVE-2025-1433", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-155/advisory.json", "detail_path": "advisories/ZDI-25-155", "id": "ZDI-25-155", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-155/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26521", "zdi_id": "ZDI-25-155" }, { "cve": "CVE-2025-1432", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-154/advisory.json", "detail_path": "advisories/ZDI-25-154", "id": "ZDI-25-154", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-154/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-26135", "zdi_id": "ZDI-25-154" }, { "cve": "CVE-2025-1431", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-153/advisory.json", "detail_path": "advisories/ZDI-25-153", "id": "ZDI-25-153", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-153/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25997", "zdi_id": "ZDI-25-153" }, { "cve": "CVE-2024-12130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-25-152/advisory.json", "detail_path": "advisories/ZDI-25-152", "id": "ZDI-25-152", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-152/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25481", "zdi_id": "ZDI-25-152" }, { "cve": "CVE-2025-1758", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mangle executable. The issue...", "detail_json": "/data/advisories/ZDI-25-151/advisory.json", "detail_path": "advisories/ZDI-25-151", "id": "ZDI-25-151", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-151/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-25708", "zdi_id": "ZDI-25-151" }, { "cve": "CVE-2025-26633", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-150/advisory.json", "detail_path": "advisories/ZDI-25-150", "id": "ZDI-25-150", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-150/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-26371", "zdi_id": "ZDI-25-150" }, { "cve": "CVE-2025-271561", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-149/advisory.json", "detail_path": "advisories/ZDI-25-149", "id": "ZDI-25-149", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-149/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26251", "zdi_id": "ZDI-25-149" }, { "cve": "CVE-2025-9491", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-25-148/advisory.json", "detail_path": "advisories/ZDI-25-148", "id": "ZDI-25-148", "kind": "published", "published_date": "2025-03-18", "status": "published", "title": "(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability", "updated_date": "2025-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-148/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25373", "zdi_id": "ZDI-25-148" }, { "cve": "CVE-2025-2450", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-147/advisory.json", "detail_path": "advisories/ZDI-25-147", "id": "ZDI-25-147", "kind": "published", "published_date": "2025-03-17", "status": "published", "title": "(0Day) NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability", "updated_date": "2025-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-147/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22833", "zdi_id": "ZDI-25-147" }, { "cve": "CVE-2025-2449", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-146/advisory.json", "detail_path": "advisories/ZDI-25-146", "id": "ZDI-25-146", "kind": "published", "published_date": "2025-03-17", "status": "published", "title": "(0Day) NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-146/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21805", "zdi_id": "ZDI-25-146" }, { "cve": "CVE-2025-23242", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to access protected functionality on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the Triton Inference Serv...", "detail_json": "/data/advisories/ZDI-25-145/advisory.json", "detail_path": "advisories/ZDI-25-145", "id": "ZDI-25-145", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-145/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-25794", "zdi_id": "ZDI-25-145" }, { "cve": "CVE-2025-23243", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the riva_quickstart component. The issue results from t...", "detail_json": "/data/advisories/ZDI-25-144/advisory.json", "detail_path": "advisories/ZDI-25-144", "id": "ZDI-25-144", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-144/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-25682", "zdi_id": "ZDI-25-144" }, { "cve": "CVE-2025-26594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-143/advisory.json", "detail_path": "advisories/ZDI-25-143", "id": "ZDI-25-143", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server ChangeWindowAttributes Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-143/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25544", "zdi_id": "ZDI-25-143" }, { "cve": "CVE-2025-26595", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-142/advisory.json", "detail_path": "advisories/ZDI-25-142", "id": "ZDI-25-142", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server XkbVModMaskText Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-142/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25545", "zdi_id": "ZDI-25-142" }, { "cve": "CVE-2025-26596", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-141/advisory.json", "detail_path": "advisories/ZDI-25-141", "id": "ZDI-25-141", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server XkbSizeKeySyms Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-141/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25543", "zdi_id": "ZDI-25-141" }, { "cve": "CVE-2025-26597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-140/advisory.json", "detail_path": "advisories/ZDI-25-140", "id": "ZDI-25-140", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server XkbChangeTypesOfKey Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-140/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25683", "zdi_id": "ZDI-25-140" }, { "cve": "CVE-2025-26598", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-139/advisory.json", "detail_path": "advisories/ZDI-25-139", "id": "ZDI-25-139", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server CreatePointerBarrierClient Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-139/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25740", "zdi_id": "ZDI-25-139" }, { "cve": "CVE-2025-26599", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-138/advisory.json", "detail_path": "advisories/ZDI-25-138", "id": "ZDI-25-138", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server compRedirectWindow Type Confusion Local Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-138/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25851", "zdi_id": "ZDI-25-138" }, { "cve": "CVE-2025-26600", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-137/advisory.json", "detail_path": "advisories/ZDI-25-137", "id": "ZDI-25-137", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-137/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25871", "zdi_id": "ZDI-25-137" }, { "cve": "CVE-2025-26601", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-136/advisory.json", "detail_path": "advisories/ZDI-25-136", "id": "ZDI-25-136", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "X.Org Server SyncInitTrigger Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-136/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-25870", "zdi_id": "ZDI-25-136" }, { "cve": "CVE-2025-27162", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-135/advisory.json", "detail_path": "advisories/ZDI-25-135", "id": "ZDI-25-135", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use of Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-135/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26232", "zdi_id": "ZDI-25-135" }, { "cve": "CVE-2025-24431", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-134/advisory.json", "detail_path": "advisories/ZDI-25-134", "id": "ZDI-25-134", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-134/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-25734", "zdi_id": "ZDI-25-134" }, { "cve": "CVE-2025-27174", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-133/advisory.json", "detail_path": "advisories/ZDI-25-133", "id": "ZDI-25-133", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-133/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26231", "zdi_id": "ZDI-25-133" }, { "cve": "CVE-2025-27159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-132/advisory.json", "detail_path": "advisories/ZDI-25-132", "id": "ZDI-25-132", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-132/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26147", "zdi_id": "ZDI-25-132" }, { "cve": "CVE-2025-27160", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-131/advisory.json", "detail_path": "advisories/ZDI-25-131", "id": "ZDI-25-131", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-131/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-26169", "zdi_id": "ZDI-25-131" }, { "cve": "CVE-2025-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-25-130/advisory.json", "detail_path": "advisories/ZDI-25-130", "id": "ZDI-25-130", "kind": "published", "published_date": "2025-03-13", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-130/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25443", "zdi_id": "ZDI-25-130" }, { "cve": "CVE-2025-2231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-129/advisory.json", "detail_path": "advisories/ZDI-25-129", "id": "ZDI-25-129", "kind": "published", "published_date": "2025-03-12", "status": "published", "title": "PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-129/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25473", "zdi_id": "ZDI-25-129" }, { "cve": "CVE-2024-12742", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI G Web Development. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-128/advisory.json", "detail_path": "advisories/ZDI-25-128", "id": "ZDI-25-128", "kind": "published", "published_date": "2025-03-11", "status": "published", "title": "NI G Web Development GWEBPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-03-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-128/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21907", "zdi_id": "ZDI-25-128" }, { "cve": "CVE-2025-2233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which list...", "detail_json": "/data/advisories/ZDI-25-127/advisory.json", "detail_path": "advisories/ZDI-25-127", "id": "ZDI-25-127", "kind": "published", "published_date": "2025-03-11", "status": "published", "title": "(0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability", "updated_date": "2025-04-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-127/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-25615", "zdi_id": "ZDI-25-127" }, { "cve": "CVE-2025-2022", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-126/advisory.json", "detail_path": "advisories/ZDI-25-126", "id": "ZDI-25-126", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-126/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25276", "zdi_id": "ZDI-25-126" }, { "cve": "CVE-2025-2021", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-125/advisory.json", "detail_path": "advisories/ZDI-25-125", "id": "ZDI-25-125", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-125/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25264", "zdi_id": "ZDI-25-125" }, { "cve": "CVE-2025-2020", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-124/advisory.json", "detail_path": "advisories/ZDI-25-124", "id": "ZDI-25-124", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-124/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25254", "zdi_id": "ZDI-25-124" }, { "cve": "CVE-2025-2019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-123/advisory.json", "detail_path": "advisories/ZDI-25-123", "id": "ZDI-25-123", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-123/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25252", "zdi_id": "ZDI-25-123" }, { "cve": "CVE-2025-2023", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-122/advisory.json", "detail_path": "advisories/ZDI-25-122", "id": "ZDI-25-122", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-122/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25348", "zdi_id": "ZDI-25-122" }, { "cve": "CVE-2025-2017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-121/advisory.json", "detail_path": "advisories/ZDI-25-121", "id": "ZDI-25-121", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-121/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25240", "zdi_id": "ZDI-25-121" }, { "cve": "CVE-2025-2013", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-120/advisory.json", "detail_path": "advisories/ZDI-25-120", "id": "ZDI-25-120", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-120/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25186", "zdi_id": "ZDI-25-120" }, { "cve": "CVE-2025-2012", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-119/advisory.json", "detail_path": "advisories/ZDI-25-119", "id": "ZDI-25-119", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-119/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25185", "zdi_id": "ZDI-25-119" }, { "cve": "CVE-2025-2018", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-118/advisory.json", "detail_path": "advisories/ZDI-25-118", "id": "ZDI-25-118", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-118/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25245", "zdi_id": "ZDI-25-118" }, { "cve": "CVE-2025-2016", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-117/advisory.json", "detail_path": "advisories/ZDI-25-117", "id": "ZDI-25-117", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-117/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25238", "zdi_id": "ZDI-25-117" }, { "cve": "CVE-2025-2015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-116/advisory.json", "detail_path": "advisories/ZDI-25-116", "id": "ZDI-25-116", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-116/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25236", "zdi_id": "ZDI-25-116" }, { "cve": "CVE-2025-2014", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-115/advisory.json", "detail_path": "advisories/ZDI-25-115", "id": "ZDI-25-115", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-115/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-25235", "zdi_id": "ZDI-25-115" }, { "cve": "CVE-2024-13171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-114/advisory.json", "detail_path": "advisories/ZDI-25-114", "id": "ZDI-25-114", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-114/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25312", "zdi_id": "ZDI-25-114" }, { "cve": "CVE-2024-12198", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-113/advisory.json", "detail_path": "advisories/ZDI-25-113", "id": "ZDI-25-113", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-113/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25882", "zdi_id": "ZDI-25-113" }, { "cve": "CVE-2024-12193", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-112/advisory.json", "detail_path": "advisories/ZDI-25-112", "id": "ZDI-25-112", "kind": "published", "published_date": "2025-03-10", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-112/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25869", "zdi_id": "ZDI-25-112" }, { "cve": "CVE-2025-2024", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-25-111/advisory.json", "detail_path": "advisories/ZDI-25-111", "id": "ZDI-25-111", "kind": "published", "published_date": "2025-03-06", "status": "published", "title": "Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-111/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-25210", "zdi_id": "ZDI-25-111" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SEW-EURODRIVE MOVITOOLS MotionStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-25-110/advisory.json", "detail_path": "advisories/ZDI-25-110", "id": "ZDI-25-110", "kind": "published", "published_date": "2025-03-05", "status": "published", "title": "SEW-EURODRIVE MOVITOOLS MotionStudio mticomp0 ICP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-110/", "vendor": "SEW-EURODRIVE", "vendor_url": null, "zdi_can": "ZDI-CAN-25013", "zdi_id": "ZDI-25-110" }, { "cve": "CVE-2024-56325", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue results from...", "detail_json": "/data/advisories/ZDI-25-109/advisory.json", "detail_path": "advisories/ZDI-25-109", "id": "ZDI-25-109", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-109/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-24001", "zdi_id": "ZDI-25-109" }, { "cve": "CVE-2025-26507", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-25-108/advisory.json", "detail_path": "advisories/ZDI-25-108", "id": "ZDI-25-108", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP 3301fdw suidexec Command Injection Local Privilege Escalation Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-108/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-26611", "zdi_id": "ZDI-25-108" }, { "cve": "CVE-2025-26506", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Post...", "detail_json": "/data/advisories/ZDI-25-107/advisory.json", "detail_path": "advisories/ZDI-25-107", "id": "ZDI-25-107", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-107/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-25594", "zdi_id": "ZDI-25-107" }, { "cve": "CVE-2025-26508", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Post...", "detail_json": "/data/advisories/ZDI-25-106/advisory.json", "detail_path": "advisories/ZDI-25-106", "id": "ZDI-25-106", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-106/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-25533", "zdi_id": "ZDI-25-106" }, { "cve": "CVE-2024-12741", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI DAQExpress. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-105/advisory.json", "detail_path": "advisories/ZDI-25-105", "id": "ZDI-25-105", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "NI DAQExpress LVPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-105/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21908", "zdi_id": "ZDI-25-105" }, { "cve": "CVE-2024-52606", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the TestWebsiteUrl m...", "detail_json": "/data/advisories/ZDI-25-104/advisory.json", "detail_path": "advisories/ZDI-25-104", "id": "ZDI-25-104", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "SolarWinds Platform TestWebsiteUrl Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-104/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-25334", "zdi_id": "ZDI-25-104" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-103/advisory.json", "detail_path": "advisories/ZDI-25-103", "id": "ZDI-25-103", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(0Day) Delta Electronics ISPSoft CBDGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-103/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25031", "zdi_id": "ZDI-25-103" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-102/advisory.json", "detail_path": "advisories/ZDI-25-102", "id": "ZDI-25-102", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(0Day) Delta Electronics ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-102/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25225", "zdi_id": "ZDI-25-102" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-25-101/advisory.json", "detail_path": "advisories/ZDI-25-101", "id": "ZDI-25-101", "kind": "published", "published_date": "2025-03-03", "status": "published", "title": "(0Day) Delta Electronics ISPSoft DVP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-101/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25284", "zdi_id": "ZDI-25-101" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists wit...", "detail_json": "/data/advisories/ZDI-25-100/advisory.json", "detail_path": "advisories/ZDI-25-100", "id": "ZDI-25-100", "kind": "published", "published_date": "2025-02-27", "status": "published", "title": "Linux Kernel ksmbd Session Setup Race Condition Remote Code Execution Vulnerability", "updated_date": "2025-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-100/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-25737", "zdi_id": "ZDI-25-100" }, { "cve": "CVE-2025-1520", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the SQL parser. The issue resu...", "detail_json": "/data/advisories/ZDI-25-099/advisory.json", "detail_path": "advisories/ZDI-25-099", "id": "ZDI-25-099", "kind": "published", "published_date": "2025-02-25", "status": "published", "title": "PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-099/", "vendor": "PostHog", "vendor_url": null, "zdi_can": "ZDI-CAN-25350", "zdi_id": "ZDI-25-099" }, { "cve": "CVE-2025-22880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-098/advisory.json", "detail_path": "advisories/ZDI-25-098", "id": "ZDI-25-098", "kind": "published", "published_date": "2025-02-25", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-098/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25300", "zdi_id": "ZDI-25-098" }, { "cve": "CVE-2025-1522", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The...", "detail_json": "/data/advisories/ZDI-25-097/advisory.json", "detail_path": "advisories/ZDI-25-097", "id": "ZDI-25-097", "kind": "published", "published_date": "2025-02-25", "status": "published", "title": "PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-097/", "vendor": "PostHog", "vendor_url": null, "zdi_can": "ZDI-CAN-25358", "zdi_id": "ZDI-25-097" }, { "cve": "CVE-2025-1521", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter...", "detail_json": "/data/advisories/ZDI-25-096/advisory.json", "detail_path": "advisories/ZDI-25-096", "id": "ZDI-25-096", "kind": "published", "published_date": "2025-02-25", "status": "published", "title": "PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2025-02-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-096/", "vendor": "PostHog", "vendor_url": null, "zdi_can": "ZDI-CAN-25352", "zdi_id": "ZDI-25-096" }, { "cve": "CVE-2024-50569", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the gui_upload_compress_act function. The issue resu...", "detail_json": "/data/advisories/ZDI-25-095/advisory.json", "detail_path": "advisories/ZDI-25-095", "id": "ZDI-25-095", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "Fortinet FortiWeb gui_upload_compress_act Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-095/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-25180", "zdi_id": "ZDI-25-095" }, { "cve": "CVE-2024-50567", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgi_grpc_idl_file_post function. The issue resul...", "detail_json": "/data/advisories/ZDI-25-094/advisory.json", "detail_path": "advisories/ZDI-25-094", "id": "ZDI-25-094", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-094/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-25182", "zdi_id": "ZDI-25-094" }, { "cve": "CVE-2024-27834", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Pointer Authentication Code protection mechanism on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...", "detail_json": "/data/advisories/ZDI-25-093/advisory.json", "detail_path": "advisories/ZDI-25-093", "id": "ZDI-25-093", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "(Pwn2Own) Apple Safari Pointer Authentication Code Bypass Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-093/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-26551", "zdi_id": "ZDI-25-093" }, { "cve": "CVE-2024-27833", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-25-092/advisory.json", "detail_path": "advisories/ZDI-25-092", "id": "ZDI-25-092", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "(Pwn2Own) Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-092/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23795", "zdi_id": "ZDI-25-092" }, { "cve": "CVE-2025-21373", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-091/advisory.json", "detail_path": "advisories/ZDI-25-091", "id": "ZDI-25-091", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-091/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25761", "zdi_id": "ZDI-25-091" }, { "cve": "CVE-2025-21404", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-25-090/advisory.json", "detail_path": "advisories/ZDI-25-090", "id": "ZDI-25-090", "kind": "published", "published_date": "2025-02-24", "status": "published", "title": "Microsoft Edge UI Misrepresentation Remote Code Execution Vulnerability", "updated_date": "2025-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-090/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25393", "zdi_id": "ZDI-25-090" }, { "cve": "CVE-2025-20014", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 34022 by...", "detail_json": "/data/advisories/ZDI-25-089/advisory.json", "detail_path": "advisories/ZDI-25-089", "id": "ZDI-25-089", "kind": "published", "published_date": "2025-02-19", "status": "published", "title": "mySCADA myPRO Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-089/", "vendor": "mySCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-24785", "zdi_id": "ZDI-25-089" }, { "cve": "CVE-2025-20061", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 34022 by...", "detail_json": "/data/advisories/ZDI-25-088/advisory.json", "detail_path": "advisories/ZDI-25-088", "id": "ZDI-25-088", "kind": "published", "published_date": "2025-02-19", "status": "published", "title": "mySCADA myPRO Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-088/", "vendor": "mySCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-24784", "zdi_id": "ZDI-25-088" }, { "cve": "CVE-2025-23359", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute code within a container in order to exploit this vulnerability. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-087/advisory.json", "detail_path": "advisories/ZDI-25-087", "id": "ZDI-25-087", "kind": "published", "published_date": "2025-02-19", "status": "published", "title": "NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability", "updated_date": "2025-02-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-087/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-26525", "zdi_id": "ZDI-25-087" }, { "cve": "CVE-2025-0900", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-086/advisory.json", "detail_path": "advisories/ZDI-25-086", "id": "ZDI-25-086", "kind": "published", "published_date": "2025-02-11", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-02-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-086/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25368", "zdi_id": "ZDI-25-086" }, { "cve": "CVE-2025-1044", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on T...", "detail_json": "/data/advisories/ZDI-25-085/advisory.json", "detail_path": "advisories/ZDI-25-085", "id": "ZDI-25-085", "kind": "published", "published_date": "2025-02-05", "status": "published", "title": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability", "updated_date": "2025-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-085/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25336", "zdi_id": "ZDI-25-085" }, { "cve": "CVE-2025-1052", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-084/advisory.json", "detail_path": "advisories/ZDI-25-084", "id": "ZDI-25-084", "kind": "published", "published_date": "2025-02-05", "status": "published", "title": "Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-084/", "vendor": "Mintty", "vendor_url": null, "zdi_can": "ZDI-CAN-23382", "zdi_id": "ZDI-25-084" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file while in Inter...", "detail_json": "/data/advisories/ZDI-25-083/advisory.json", "detail_path": "advisories/ZDI-25-083", "id": "ZDI-25-083", "kind": "published", "published_date": "2025-02-04", "status": "published", "title": "Microsoft Edge ms-its: Scheme Remote Code Execution Vulnerability", "updated_date": "2025-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24690", "zdi_id": "ZDI-25-083" }, { "cve": "CVE-2025-0413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-25-082/advisory.json", "detail_path": "advisories/ZDI-25-082", "id": "ZDI-25-082", "kind": "published", "published_date": "2025-02-04", "status": "published", "title": "Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-082/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-25014", "zdi_id": "ZDI-25-082" }, { "cve": "CVE-2025-0065", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-25-081/advisory.json", "detail_path": "advisories/ZDI-25-081", "id": "ZDI-25-081", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "TeamViewer Improper Neutralization of Argument Delimiters Local Privilege Escalation Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-081/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-25816", "zdi_id": "ZDI-25-081" }, { "cve": "CVE-2024-12740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-080/advisory.json", "detail_path": "advisories/ZDI-25-080", "id": "ZDI-25-080", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "NI Vision Builder AI JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-080/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22834", "zdi_id": "ZDI-25-080" }, { "cve": "CVE-2024-12740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Development Module. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-079/advisory.json", "detail_path": "advisories/ZDI-25-079", "id": "ZDI-25-079", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-079/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22611", "zdi_id": "ZDI-25-079" }, { "cve": "CVE-2024-12740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-25-078/advisory.json", "detail_path": "advisories/ZDI-25-078", "id": "ZDI-25-078", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "NI Vision Builder AI JPG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-078/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22884", "zdi_id": "ZDI-25-078" }, { "cve": "CVE-2024-12740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Development Module. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-25-077/advisory.json", "detail_path": "advisories/ZDI-25-077", "id": "ZDI-25-077", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-077/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22663", "zdi_id": "ZDI-25-077" }, { "cve": "CVE-2024-9632", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-25-076/advisory.json", "detail_path": "advisories/ZDI-25-076", "id": "ZDI-25-076", "kind": "published", "published_date": "2025-02-03", "status": "published", "title": "NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-076/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-25094", "zdi_id": "ZDI-25-076" }, { "cve": "CVE-2024-12649", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within parsing of TrueType f...", "detail_json": "/data/advisories/ZDI-25-075/advisory.json", "detail_path": "advisories/ZDI-25-075", "id": "ZDI-25-075", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-075/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-25622", "zdi_id": "ZDI-25-075" }, { "cve": "CVE-2024-12648", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of TIF fi...", "detail_json": "/data/advisories/ZDI-25-074/advisory.json", "detail_path": "advisories/ZDI-25-074", "id": "ZDI-25-074", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-074/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-25592", "zdi_id": "ZDI-25-074" }, { "cve": "CVE-2024-12647", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The...", "detail_json": "/data/advisories/ZDI-25-073/advisory.json", "detail_path": "advisories/ZDI-25-073", "id": "ZDI-25-073", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-073/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-25490", "zdi_id": "ZDI-25-073" }, { "cve": "CVE-2025-0902", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-072/advisory.json", "detail_path": "advisories/ZDI-25-072", "id": "ZDI-25-072", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-072/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25405", "zdi_id": "ZDI-25-072" }, { "cve": "CVE-2025-0904", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-071/advisory.json", "detail_path": "advisories/ZDI-25-071", "id": "ZDI-25-071", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-071/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25422", "zdi_id": "ZDI-25-071" }, { "cve": "CVE-2025-0903", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-070/advisory.json", "detail_path": "advisories/ZDI-25-070", "id": "ZDI-25-070", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-070/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25421", "zdi_id": "ZDI-25-070" }, { "cve": "CVE-2025-0907", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-069/advisory.json", "detail_path": "advisories/ZDI-25-069", "id": "ZDI-25-069", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-069/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25435", "zdi_id": "ZDI-25-069" }, { "cve": "CVE-2025-0906", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-068/advisory.json", "detail_path": "advisories/ZDI-25-068", "id": "ZDI-25-068", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-068/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25434", "zdi_id": "ZDI-25-068" }, { "cve": "CVE-2025-0905", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-067/advisory.json", "detail_path": "advisories/ZDI-25-067", "id": "ZDI-25-067", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-067/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25433", "zdi_id": "ZDI-25-067" }, { "cve": "CVE-2025-0911", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-066/advisory.json", "detail_path": "advisories/ZDI-25-066", "id": "ZDI-25-066", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-066/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25957", "zdi_id": "ZDI-25-066" }, { "cve": "CVE-2025-0910", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-065/advisory.json", "detail_path": "advisories/ZDI-25-065", "id": "ZDI-25-065", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-065/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25748", "zdi_id": "ZDI-25-065" }, { "cve": "CVE-2025-0909", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-064/advisory.json", "detail_path": "advisories/ZDI-25-064", "id": "ZDI-25-064", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-064/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25678", "zdi_id": "ZDI-25-064" }, { "cve": "CVE-2025-0908", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-25-063/advisory.json", "detail_path": "advisories/ZDI-25-063", "id": "ZDI-25-063", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-02-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-063/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25557", "zdi_id": "ZDI-25-063" }, { "cve": "CVE-2025-0901", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-062/advisory.json", "detail_path": "advisories/ZDI-25-062", "id": "ZDI-25-062", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-062/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25372", "zdi_id": "ZDI-25-062" }, { "cve": "CVE-2025-0899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-25-061/advisory.json", "detail_path": "advisories/ZDI-25-061", "id": "ZDI-25-061", "kind": "published", "published_date": "2025-01-31", "status": "published", "title": "PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-061/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25349", "zdi_id": "ZDI-25-061" }, { "cve": "CVE-2024-9954", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-060/advisory.json", "detail_path": "advisories/ZDI-25-060", "id": "ZDI-25-060", "kind": "published", "published_date": "2025-01-30", "status": "published", "title": "Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-01-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-060/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-25396", "zdi_id": "ZDI-25-060" }, { "cve": "CVE-2024-53041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-059/advisory.json", "detail_path": "advisories/ZDI-25-059", "id": "ZDI-25-059", "kind": "published", "published_date": "2025-01-22", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-01-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-059/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25000", "zdi_id": "ZDI-25-059" }, { "cve": "CVE-2024-53242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-058/advisory.json", "detail_path": "advisories/ZDI-25-058", "id": "ZDI-25-058", "kind": "published", "published_date": "2025-01-22", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2025-01-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-058/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25206", "zdi_id": "ZDI-25-058" }, { "cve": "CVE-2024-45471", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-057/advisory.json", "detail_path": "advisories/ZDI-25-057", "id": "ZDI-25-057", "kind": "published", "published_date": "2025-01-22", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-01-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-057/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25205", "zdi_id": "ZDI-25-057" }, { "cve": "CVE-2024-45469", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-25-056/advisory.json", "detail_path": "advisories/ZDI-25-056", "id": "ZDI-25-056", "kind": "published", "published_date": "2025-01-22", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-01-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-056/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-25202", "zdi_id": "ZDI-25-056" }, { "cve": "CVE-2025-0574", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of URLs in the web ser...", "detail_json": "/data/advisories/ZDI-25-055/advisory.json", "detail_path": "advisories/ZDI-25-055", "id": "ZDI-25-055", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-055/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25318", "zdi_id": "ZDI-25-055" }, { "cve": "CVE-2025-0572", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the...", "detail_json": "/data/advisories/ZDI-25-054/advisory.json", "detail_path": "advisories/ZDI-25-054", "id": "ZDI-25-054", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-054/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25308", "zdi_id": "ZDI-25-054" }, { "cve": "CVE-2025-0573", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from...", "detail_json": "/data/advisories/ZDI-25-053/advisory.json", "detail_path": "advisories/ZDI-25-053", "id": "ZDI-25-053", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-053/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25309", "zdi_id": "ZDI-25-053" }, { "cve": "CVE-2025-0569", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issu...", "detail_json": "/data/advisories/ZDI-25-052/advisory.json", "detail_path": "advisories/ZDI-25-052", "id": "ZDI-25-052", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-052/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25303", "zdi_id": "ZDI-25-052" }, { "cve": "CVE-2025-0571", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue re...", "detail_json": "/data/advisories/ZDI-25-051/advisory.json", "detail_path": "advisories/ZDI-25-051", "id": "ZDI-25-051", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-051/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25305", "zdi_id": "ZDI-25-051" }, { "cve": "CVE-2025-0570", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue re...", "detail_json": "/data/advisories/ZDI-25-050/advisory.json", "detail_path": "advisories/ZDI-25-050", "id": "ZDI-25-050", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-050/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25304", "zdi_id": "ZDI-25-050" }, { "cve": "CVE-2025-0568", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issu...", "detail_json": "/data/advisories/ZDI-25-049/advisory.json", "detail_path": "advisories/ZDI-25-049", "id": "ZDI-25-049", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-049/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-25302", "zdi_id": "ZDI-25-049" }, { "cve": "CVE-2024-27856", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of Text objects. The issue results from...", "detail_json": "/data/advisories/ZDI-25-048/advisory.json", "detail_path": "advisories/ZDI-25-048", "id": "ZDI-25-048", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-048/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24012", "zdi_id": "ZDI-25-048" }, { "cve": "CVE-2025-1240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-047/advisory.json", "detail_path": "advisories/ZDI-25-047", "id": "ZDI-25-047", "kind": "published", "published_date": "2025-02-11", "status": "published", "title": "WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-05-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-047/", "vendor": "WinZip Computing", "vendor_url": null, "zdi_can": "ZDI-CAN-24986", "zdi_id": "ZDI-25-047" }, { "cve": "CVE-2025-21127", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-25-046/advisory.json", "detail_path": "advisories/ZDI-25-046", "id": "ZDI-25-046", "kind": "published", "published_date": "2025-01-20", "status": "published", "title": "Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2025-01-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-046/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-25333", "zdi_id": "ZDI-25-046" }, { "cve": "CVE-2025-0411", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-25-045/advisory.json", "detail_path": "advisories/ZDI-25-045", "id": "ZDI-25-045", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "7-Zip Mark-of-the-Web Bypass Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-25456", "zdi_id": "ZDI-25-045" }, { "cve": "CVE-2024-13179", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue result...", "detail_json": "/data/advisories/ZDI-25-044/advisory.json", "detail_path": "advisories/ZDI-25-044", "id": "ZDI-25-044", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-044/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25713", "zdi_id": "ZDI-25-044" }, { "cve": "CVE-2024-13180", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue re...", "detail_json": "/data/advisories/ZDI-25-043/advisory.json", "detail_path": "advisories/ZDI-25-043", "id": "ZDI-25-043", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-043/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25712", "zdi_id": "ZDI-25-043" }, { "cve": "CVE-2024-13181", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrou...", "detail_json": "/data/advisories/ZDI-25-042/advisory.json", "detail_path": "advisories/ZDI-25-042", "id": "ZDI-25-042", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-042/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25711", "zdi_id": "ZDI-25-042" }, { "cve": "CVE-2024-13162", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the updateAssetInfo meth...", "detail_json": "/data/advisories/ZDI-25-041/advisory.json", "detail_path": "advisories/ZDI-25-041", "id": "ZDI-25-041", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-041/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25929", "zdi_id": "ZDI-25-041" }, { "cve": "CVE-2024-13163", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-040/advisory.json", "detail_path": "advisories/ZDI-25-040", "id": "ZDI-25-040", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-040/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25432", "zdi_id": "ZDI-25-040" }, { "cve": "CVE-2024-13164", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results...", "detail_json": "/data/advisories/ZDI-25-039/advisory.json", "detail_path": "advisories/ZDI-25-039", "id": "ZDI-25-039", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-039/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25431", "zdi_id": "ZDI-25-039" }, { "cve": "CVE-2024-13165", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue...", "detail_json": "/data/advisories/ZDI-25-038/advisory.json", "detail_path": "advisories/ZDI-25-038", "id": "ZDI-25-038", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-038/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25420", "zdi_id": "ZDI-25-038" }, { "cve": "CVE-2024-13166", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue...", "detail_json": "/data/advisories/ZDI-25-037/advisory.json", "detail_path": "advisories/ZDI-25-037", "id": "ZDI-25-037", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-037/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25419", "zdi_id": "ZDI-25-037" }, { "cve": "CVE-2024-13167", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue...", "detail_json": "/data/advisories/ZDI-25-036/advisory.json", "detail_path": "advisories/ZDI-25-036", "id": "ZDI-25-036", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-036/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25418", "zdi_id": "ZDI-25-036" }, { "cve": "CVE-2024-13168", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue...", "detail_json": "/data/advisories/ZDI-25-035/advisory.json", "detail_path": "advisories/ZDI-25-035", "id": "ZDI-25-035", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-035/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25417", "zdi_id": "ZDI-25-035" }, { "cve": "CVE-2024-13169", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-25-034/advisory.json", "detail_path": "advisories/ZDI-25-034", "id": "ZDI-25-034", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-034/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25416", "zdi_id": "ZDI-25-034" }, { "cve": "CVE-2024-13170", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue...", "detail_json": "/data/advisories/ZDI-25-033/advisory.json", "detail_path": "advisories/ZDI-25-033", "id": "ZDI-25-033", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-033/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25415", "zdi_id": "ZDI-25-033" }, { "cve": "CVE-2024-13172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-25-032/advisory.json", "detail_path": "advisories/ZDI-25-032", "id": "ZDI-25-032", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-032/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25249", "zdi_id": "ZDI-25-032" }, { "cve": "CVE-2024-13158", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the MyResolveEventHandle...", "detail_json": "/data/advisories/ZDI-25-031/advisory.json", "detail_path": "advisories/ZDI-25-031", "id": "ZDI-25-031", "kind": "published", "published_date": "2025-01-19", "status": "published", "title": "Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-031/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25209", "zdi_id": "ZDI-25-031" }, { "cve": "CVE-2025-21363", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-25-030/advisory.json", "detail_path": "advisories/ZDI-25-030", "id": "ZDI-25-030", "kind": "published", "published_date": "2025-01-15", "status": "published", "title": "Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2025-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25187", "zdi_id": "ZDI-25-030" }, { "cve": "CVE-2025-21331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-25-029/advisory.json", "detail_path": "advisories/ZDI-25-029", "id": "ZDI-25-029", "kind": "published", "published_date": "2025-01-15", "status": "published", "title": "Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-029/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25332", "zdi_id": "ZDI-25-029" }, { "cve": "CVE-2025-21298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-25-028/advisory.json", "detail_path": "advisories/ZDI-25-028", "id": "ZDI-25-028", "kind": "published", "published_date": "2025-01-15", "status": "published", "title": "Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-028/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25188", "zdi_id": "ZDI-25-028" }, { "cve": "CVE-2024-2886", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-25-027/advisory.json", "detail_path": "advisories/ZDI-25-027", "id": "ZDI-25-027", "kind": "published", "published_date": "2025-01-12", "status": "published", "title": "(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-01-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-027/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-23793", "zdi_id": "ZDI-25-027" }, { "cve": "CVE-2024-45301", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-25-026/advisory.json", "detail_path": "advisories/ZDI-25-026", "id": "ZDI-25-026", "kind": "published", "published_date": "2025-01-10", "status": "published", "title": "Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability", "updated_date": "2025-01-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-026/", "vendor": "Mintty", "vendor_url": null, "zdi_can": "ZDI-CAN-24744", "zdi_id": "ZDI-25-026" }, { "cve": "CVE-2024-9525", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-025/advisory.json", "detail_path": "advisories/ZDI-25-025", "id": "ZDI-25-025", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-025/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-22247", "zdi_id": "ZDI-25-025" }, { "cve": "CVE-2024-9524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-024/advisory.json", "detail_path": "advisories/ZDI-25-024", "id": "ZDI-25-024", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-024/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-22246", "zdi_id": "ZDI-25-024" }, { "cve": "CVE-2024-9523", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-25-023/advisory.json", "detail_path": "advisories/ZDI-25-023", "id": "ZDI-25-023", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-023/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-22245", "zdi_id": "ZDI-25-023" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-022/advisory.json", "detail_path": "advisories/ZDI-25-022", "id": "ZDI-25-022", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-022/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25404", "zdi_id": "ZDI-25-022" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-021/advisory.json", "detail_path": "advisories/ZDI-25-021", "id": "ZDI-25-021", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-021/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25364", "zdi_id": "ZDI-25-021" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-020/advisory.json", "detail_path": "advisories/ZDI-25-020", "id": "ZDI-25-020", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-020/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25366", "zdi_id": "ZDI-25-020" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-019/advisory.json", "detail_path": "advisories/ZDI-25-019", "id": "ZDI-25-019", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-019/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25339", "zdi_id": "ZDI-25-019" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-018/advisory.json", "detail_path": "advisories/ZDI-25-018", "id": "ZDI-25-018", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-018/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25341", "zdi_id": "ZDI-25-018" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implem...", "detail_json": "/data/advisories/ZDI-25-017/advisory.json", "detail_path": "advisories/ZDI-25-017", "id": "ZDI-25-017", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-017/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25340", "zdi_id": "ZDI-25-017" }, { "cve": "CVE-2024-44240, CVE-2024-44302", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-016/advisory.json", "detail_path": "advisories/ZDI-25-016", "id": "ZDI-25-016", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-016/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25263", "zdi_id": "ZDI-25-016" }, { "cve": "CVE-2024-44240, CVE-2024-44302", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-25-015/advisory.json", "detail_path": "advisories/ZDI-25-015", "id": "ZDI-25-015", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-015/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25213", "zdi_id": "ZDI-25-015" }, { "cve": "CVE-2024-53706", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to expl...", "detail_json": "/data/advisories/ZDI-25-014/advisory.json", "detail_path": "advisories/ZDI-25-014", "id": "ZDI-25-014", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-014/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-24821", "zdi_id": "ZDI-25-014" }, { "cve": "CVE-2024-53705", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of SonicWALL NSv. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-25-013/advisory.json", "detail_path": "advisories/ZDI-25-013", "id": "ZDI-25-013", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-013/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-24820", "zdi_id": "ZDI-25-013" }, { "cve": "CVE-2024-53704", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Base64-encoded session cookies. The...", "detail_json": "/data/advisories/ZDI-25-012/advisory.json", "detail_path": "advisories/ZDI-25-012", "id": "ZDI-25-012", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "SonicWALL NSv Authentication Bypass Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-012/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-24819", "zdi_id": "ZDI-25-012" }, { "cve": "CVE-2024-40762", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation of cookies. The issue results from the...", "detail_json": "/data/advisories/ZDI-25-011/advisory.json", "detail_path": "advisories/ZDI-25-011", "id": "ZDI-25-011", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-011/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-24818", "zdi_id": "ZDI-25-011" }, { "cve": "CVE-2024-46981", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the Lua module. The issue results from the lack of validat...", "detail_json": "/data/advisories/ZDI-25-010/advisory.json", "detail_path": "advisories/ZDI-25-010", "id": "ZDI-25-010", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-010/", "vendor": "Redis", "vendor_url": null, "zdi_can": "ZDI-CAN-24487", "zdi_id": "ZDI-25-010" }, { "cve": "CVE-2024-55656", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the RedisBloom module. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-25-009/advisory.json", "detail_path": "advisories/ZDI-25-009", "id": "ZDI-25-009", "kind": "published", "published_date": "2025-01-09", "status": "published", "title": "Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-009/", "vendor": "Redis", "vendor_url": null, "zdi_can": "ZDI-CAN-24143", "zdi_id": "ZDI-25-009" }, { "cve": "CVE-2024-55955", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-25-008/advisory.json", "detail_path": "advisories/ZDI-25-008", "id": "ZDI-25-008", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-008/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24932", "zdi_id": "ZDI-25-008" }, { "cve": "CVE-2024-52047", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the getWidgetPoolManager function. The issue resu...", "detail_json": "/data/advisories/ZDI-25-007/advisory.json", "detail_path": "advisories/ZDI-25-007", "id": "ZDI-25-007", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-007/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-23401", "zdi_id": "ZDI-25-007" }, { "cve": "CVE-2024-52049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-006/advisory.json", "detail_path": "advisories/ZDI-25-006", "id": "ZDI-25-006", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-006/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24674", "zdi_id": "ZDI-25-006" }, { "cve": "CVE-2024-52048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-005/advisory.json", "detail_path": "advisories/ZDI-25-005", "id": "ZDI-25-005", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-005/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24675", "zdi_id": "ZDI-25-005" }, { "cve": "CVE-2024-55917", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-004/advisory.json", "detail_path": "advisories/ZDI-25-004", "id": "ZDI-25-004", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-004/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24566", "zdi_id": "ZDI-25-004" }, { "cve": "CVE-2024-55632", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-003/advisory.json", "detail_path": "advisories/ZDI-25-003", "id": "ZDI-25-003", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-003/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24557", "zdi_id": "ZDI-25-003" }, { "cve": "CVE-2024-52050", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-002/advisory.json", "detail_path": "advisories/ZDI-25-002", "id": "ZDI-25-002", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-002/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24609", "zdi_id": "ZDI-25-002" }, { "cve": "CVE-2024-55631", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-25-001/advisory.json", "detail_path": "advisories/ZDI-25-001", "id": "ZDI-25-001", "kind": "published", "published_date": "2025-01-08", "status": "published", "title": "Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-001/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-23995", "zdi_id": "ZDI-25-001" }, { "cve": "CVE-2024-7074", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SynapseArtifactUploaderAdmin endpoint, which list...", "detail_json": "/data/advisories/ZDI-24-1741/advisory.json", "detail_path": "advisories/ZDI-24-1741", "id": "ZDI-24-1741", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1741/", "vendor": "WSO2", "vendor_url": null, "zdi_can": "ZDI-CAN-26065", "zdi_id": "ZDI-24-1741" }, { "cve": "CVE-2024-6914", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the user self-registration p...", "detail_json": "/data/advisories/ZDI-24-1740/advisory.json", "detail_path": "advisories/ZDI-24-1740", "id": "ZDI-24-1740", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "WSO2 API Manager Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1740/", "vendor": "WSO2", "vendor_url": null, "zdi_can": "ZDI-CAN-23650", "zdi_id": "ZDI-24-1740" }, { "cve": "CVE-2024-12753", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1739/advisory.json", "detail_path": "advisories/ZDI-24-1739", "id": "ZDI-24-1739", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1739/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25408", "zdi_id": "ZDI-24-1739" }, { "cve": "CVE-2024-12752", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1738/advisory.json", "detail_path": "advisories/ZDI-24-1738", "id": "ZDI-24-1738", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1738/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25345", "zdi_id": "ZDI-24-1738" }, { "cve": "CVE-2024-12751", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1737/advisory.json", "detail_path": "advisories/ZDI-24-1737", "id": "ZDI-24-1737", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1737/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25344", "zdi_id": "ZDI-24-1737" }, { "cve": "CVE-2024-12833", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-24-1736/advisory.json", "detail_path": "advisories/ZDI-24-1736", "id": "ZDI-24-1736", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1736/", "vendor": "Paessler", "vendor_url": null, "zdi_can": "ZDI-CAN-23371", "zdi_id": "ZDI-24-1736" }, { "cve": "CVE-2024-13051", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1735/advisory.json", "detail_path": "advisories/ZDI-24-1735", "id": "ZDI-24-1735", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1735/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24977", "zdi_id": "ZDI-24-1735" }, { "cve": "CVE-2024-13050", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1734/advisory.json", "detail_path": "advisories/ZDI-24-1734", "id": "ZDI-24-1734", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1734/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24976", "zdi_id": "ZDI-24-1734" }, { "cve": "CVE-2024-13049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1733/advisory.json", "detail_path": "advisories/ZDI-24-1733", "id": "ZDI-24-1733", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1733/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24847", "zdi_id": "ZDI-24-1733" }, { "cve": "CVE-2024-13048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1732/advisory.json", "detail_path": "advisories/ZDI-24-1732", "id": "ZDI-24-1732", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1732/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24844", "zdi_id": "ZDI-24-1732" }, { "cve": "CVE-2024-13047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1731/advisory.json", "detail_path": "advisories/ZDI-24-1731", "id": "ZDI-24-1731", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1731/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24843", "zdi_id": "ZDI-24-1731" }, { "cve": "CVE-2024-13046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1730/advisory.json", "detail_path": "advisories/ZDI-24-1730", "id": "ZDI-24-1730", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1730/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24867", "zdi_id": "ZDI-24-1730" }, { "cve": "CVE-2024-13045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1729/advisory.json", "detail_path": "advisories/ZDI-24-1729", "id": "ZDI-24-1729", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1729/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24848", "zdi_id": "ZDI-24-1729" }, { "cve": "CVE-2024-13044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1728/advisory.json", "detail_path": "advisories/ZDI-24-1728", "id": "ZDI-24-1728", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1728/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-24870", "zdi_id": "ZDI-24-1728" }, { "cve": "CVE-2024-13043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1727/advisory.json", "detail_path": "advisories/ZDI-24-1727", "id": "ZDI-24-1727", "kind": "published", "published_date": "2024-12-30", "status": "published", "title": "(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1727/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23478", "zdi_id": "ZDI-24-1727" }, { "cve": "CVE-2024-50285", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specif...", "detail_json": "/data/advisories/ZDI-24-1726/advisory.json", "detail_path": "advisories/ZDI-24-1726", "id": "ZDI-24-1726", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "Linux Kernel ksmbd TCP Connection Memory Exhaustion Denial-of-Service Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1726/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-25738", "zdi_id": "ZDI-24-1726" }, { "cve": "CVE-2024-12828", "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-24-1725/advisory.json", "detail_path": "advisories/ZDI-24-1725", "id": "ZDI-24-1725", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "Webmin CGI Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1725/", "vendor": "Webmin", "vendor_url": null, "zdi_can": "ZDI-CAN-22346", "zdi_id": "ZDI-24-1725" }, { "cve": "CVE-2024-12836", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1724/advisory.json", "detail_path": "advisories/ZDI-24-1724", "id": "ZDI-24-1724", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "(0Day) Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1724/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22450", "zdi_id": "ZDI-24-1724" }, { "cve": "CVE-2024-12835", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1723/advisory.json", "detail_path": "advisories/ZDI-24-1723", "id": "ZDI-24-1723", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "(0Day) Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1723/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22415", "zdi_id": "ZDI-24-1723" }, { "cve": "CVE-2024-12834", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1722/advisory.json", "detail_path": "advisories/ZDI-24-1722", "id": "ZDI-24-1722", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "(0Day) Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1722/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22414", "zdi_id": "ZDI-24-1722" }, { "cve": "CVE-2024-12677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1721/advisory.json", "detail_path": "advisories/ZDI-24-1721", "id": "ZDI-24-1721", "kind": "published", "published_date": "2024-12-20", "status": "published", "title": "Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1721/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22331", "zdi_id": "ZDI-24-1721" }, { "cve": "CVE-2024-12831", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-1720/advisory.json", "detail_path": "advisories/ZDI-24-1720", "id": "ZDI-24-1720", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(0Day) Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1720/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-24324", "zdi_id": "ZDI-24-1720" }, { "cve": "CVE-2024-12832", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry...", "detail_json": "/data/advisories/ZDI-24-1719/advisory.json", "detail_path": "advisories/ZDI-24-1719", "id": "ZDI-24-1719", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(0Day) Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1719/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-24325", "zdi_id": "ZDI-24-1719" }, { "cve": "CVE-2024-12830", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method...", "detail_json": "/data/advisories/ZDI-24-1718/advisory.json", "detail_path": "advisories/ZDI-24-1718", "id": "ZDI-24-1718", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(0Day) Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1718/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-24019", "zdi_id": "ZDI-24-1718" }, { "cve": "CVE-2024-12829", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from t...", "detail_json": "/data/advisories/ZDI-24-1717/advisory.json", "detail_path": "advisories/ZDI-24-1717", "id": "ZDI-24-1717", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(0Day) Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1717/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-24015", "zdi_id": "ZDI-24-1717" }, { "cve": "CVE-2024-11364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1716/advisory.json", "detail_path": "advisories/ZDI-24-1716", "id": "ZDI-24-1716", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1716/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24545", "zdi_id": "ZDI-24-1716" }, { "cve": "CVE-2024-11157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1715/advisory.json", "detail_path": "advisories/ZDI-24-1715", "id": "ZDI-24-1715", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1715/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24539", "zdi_id": "ZDI-24-1715" }, { "cve": "CVE-2024-12175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1714/advisory.json", "detail_path": "advisories/ZDI-24-1714", "id": "ZDI-24-1714", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1714/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24158", "zdi_id": "ZDI-24-1714" }, { "cve": "CVE-2024-11364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1713/advisory.json", "detail_path": "advisories/ZDI-24-1713", "id": "ZDI-24-1713", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(0Day) Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1713/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24614", "zdi_id": "ZDI-24-1713" }, { "cve": "CVE-2024-12700", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class....", "detail_json": "/data/advisories/ZDI-24-1712/advisory.json", "detail_path": "advisories/ZDI-24-1712", "id": "ZDI-24-1712", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1712/", "vendor": "Tibbo", "vendor_url": null, "zdi_can": "ZDI-CAN-24941", "zdi_id": "ZDI-24-1712" }, { "cve": "CVE-2024-12754", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-1711/advisory.json", "detail_path": "advisories/ZDI-24-1711", "id": "ZDI-24-1711", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "AnyDesk Link Following Information Disclosure Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1711/", "vendor": "AnyDesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23940", "zdi_id": "ZDI-24-1711" }, { "cve": "CVE-2024-12200", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1710/advisory.json", "detail_path": "advisories/ZDI-24-1710", "id": "ZDI-24-1710", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1710/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25850", "zdi_id": "ZDI-24-1710" }, { "cve": "CVE-2024-12198", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1709/advisory.json", "detail_path": "advisories/ZDI-24-1709", "id": "ZDI-24-1709", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1709/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25881", "zdi_id": "ZDI-24-1709" }, { "cve": "CVE-2024-12197", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1708/advisory.json", "detail_path": "advisories/ZDI-24-1708", "id": "ZDI-24-1708", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1708/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25880", "zdi_id": "ZDI-24-1708" }, { "cve": "CVE-2024-12179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1707/advisory.json", "detail_path": "advisories/ZDI-24-1707", "id": "ZDI-24-1707", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1707/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25878", "zdi_id": "ZDI-24-1707" }, { "cve": "CVE-2024-12194", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1706/advisory.json", "detail_path": "advisories/ZDI-24-1706", "id": "ZDI-24-1706", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1706/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25879", "zdi_id": "ZDI-24-1706" }, { "cve": "CVE-2024-12192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1705/advisory.json", "detail_path": "advisories/ZDI-24-1705", "id": "ZDI-24-1705", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1705/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25868", "zdi_id": "ZDI-24-1705" }, { "cve": "CVE-2024-12191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1704/advisory.json", "detail_path": "advisories/ZDI-24-1704", "id": "ZDI-24-1704", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1704/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25867", "zdi_id": "ZDI-24-1704" }, { "cve": "CVE-2024-12178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1703/advisory.json", "detail_path": "advisories/ZDI-24-1703", "id": "ZDI-24-1703", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1703/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25866", "zdi_id": "ZDI-24-1703" }, { "cve": "CVE-2024-12671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1702/advisory.json", "detail_path": "advisories/ZDI-24-1702", "id": "ZDI-24-1702", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1702/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25967", "zdi_id": "ZDI-24-1702" }, { "cve": "CVE-2024-12670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1701/advisory.json", "detail_path": "advisories/ZDI-24-1701", "id": "ZDI-24-1701", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1701/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25965", "zdi_id": "ZDI-24-1701" }, { "cve": "CVE-2024-12669", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1700/advisory.json", "detail_path": "advisories/ZDI-24-1700", "id": "ZDI-24-1700", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1700/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25966", "zdi_id": "ZDI-24-1700" }, { "cve": "CVE-2024-11422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1699/advisory.json", "detail_path": "advisories/ZDI-24-1699", "id": "ZDI-24-1699", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1699/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25691", "zdi_id": "ZDI-24-1699" }, { "cve": "CVE-2024-26256", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1698/advisory.json", "detail_path": "advisories/ZDI-24-1698", "id": "ZDI-24-1698", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "libarchive run_filters Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1698/", "vendor": "libarchive", "vendor_url": null, "zdi_can": "ZDI-CAN-23999", "zdi_id": "ZDI-24-1698" }, { "cve": "CVE-2025-24893", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of XWiki.org XWiki. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the text parameter provided to the...", "detail_json": "/data/advisories/ZDI-24-1697/advisory.json", "detail_path": "advisories/ZDI-24-1697", "id": "ZDI-24-1697", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "XWiki.org XWiki SolrSearchMacros text Command Injection Remote Code Execution Vulnerability", "updated_date": "2025-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1697/", "vendor": "XWiki.org", "vendor_url": null, "zdi_can": "ZDI-CAN-23994", "zdi_id": "ZDI-24-1697" }, { "cve": "CVE-2024-20697", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1696/advisory.json", "detail_path": "advisories/ZDI-24-1696", "id": "ZDI-24-1696", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "libarchive RAR File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1696/", "vendor": "libarchive", "vendor_url": null, "zdi_can": "ZDI-CAN-23729", "zdi_id": "ZDI-24-1696" }, { "cve": "CVE-2024-37373", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-1695/advisory.json", "detail_path": "advisories/ZDI-24-1695", "id": "ZDI-24-1695", "kind": "published", "published_date": "2024-12-17", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1695/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24375", "zdi_id": "ZDI-24-1695" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-1694/advisory.json", "detail_path": "advisories/ZDI-24-1694", "id": "ZDI-24-1694", "kind": "published", "published_date": "2024-12-17", "status": "published", "title": "Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-12-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1694/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25733", "zdi_id": "ZDI-24-1694" }, { "cve": "CVE-2024-47484", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the clientPath parameter pro...", "detail_json": "/data/advisories/ZDI-24-1693/advisory.json", "detail_path": "advisories/ZDI-24-1693", "id": "ZDI-24-1693", "kind": "published", "published_date": "2024-12-16", "status": "published", "title": "Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1693/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-25066", "zdi_id": "ZDI-24-1693" }, { "cve": "CVE-2024-47977", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the type parameter provided to t...", "detail_json": "/data/advisories/ZDI-24-1692/advisory.json", "detail_path": "advisories/ZDI-24-1692", "id": "ZDI-24-1692", "kind": "published", "published_date": "2024-12-16", "status": "published", "title": "Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1692/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-25068", "zdi_id": "ZDI-24-1692" }, { "cve": "CVE-2024-52538", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the start parameter provided to...", "detail_json": "/data/advisories/ZDI-24-1691/advisory.json", "detail_path": "advisories/ZDI-24-1691", "id": "ZDI-24-1691", "kind": "published", "published_date": "2024-12-16", "status": "published", "title": "Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1691/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-25067", "zdi_id": "ZDI-24-1691" }, { "cve": "CVE-2024-47977", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the proxies parameter provided t...", "detail_json": "/data/advisories/ZDI-24-1690/advisory.json", "detail_path": "advisories/ZDI-24-1690", "id": "ZDI-24-1690", "kind": "published", "published_date": "2024-12-16", "status": "published", "title": "Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1690/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-25065", "zdi_id": "ZDI-24-1690" }, { "cve": "CVE-2024-47977", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the groupname parameter provided...", "detail_json": "/data/advisories/ZDI-24-1689/advisory.json", "detail_path": "advisories/ZDI-24-1689", "id": "ZDI-24-1689", "kind": "published", "published_date": "2024-12-16", "status": "published", "title": "Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1689/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-25064", "zdi_id": "ZDI-24-1689" }, { "cve": null, "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-24-1688/advisory.json", "detail_path": "advisories/ZDI-24-1688", "id": "ZDI-24-1688", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Linux Kernel ksmbd PreviousSessionId Race Condition Remote Code Execution Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1688/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-25040", "zdi_id": "ZDI-24-1688" }, { "cve": "CVE-2024-46908", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteri...", "detail_json": "/data/advisories/ZDI-24-1687/advisory.json", "detail_path": "advisories/ZDI-24-1687", "id": "ZDI-24-1687", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1687/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24647", "zdi_id": "ZDI-24-1687" }, { "cve": "CVE-2024-46907", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteri...", "detail_json": "/data/advisories/ZDI-24-1686/advisory.json", "detail_path": "advisories/ZDI-24-1686", "id": "ZDI-24-1686", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1686/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24644", "zdi_id": "ZDI-24-1686" }, { "cve": "CVE-2024-46905", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetOrderByClause...", "detail_json": "/data/advisories/ZDI-24-1685/advisory.json", "detail_path": "advisories/ZDI-24-1685", "id": "ZDI-24-1685", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Progress Software WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1685/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24634", "zdi_id": "ZDI-24-1685" }, { "cve": "CVE-2024-46906", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSqlWhereClaus...", "detail_json": "/data/advisories/ZDI-24-1684/advisory.json", "detail_path": "advisories/ZDI-24-1684", "id": "ZDI-24-1684", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Progress Software WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1684/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24638", "zdi_id": "ZDI-24-1684" }, { "cve": "CVE-2024-12552", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1683/advisory.json", "detail_path": "advisories/ZDI-24-1683", "id": "ZDI-24-1683", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1683/", "vendor": "Wacom", "vendor_url": null, "zdi_can": "ZDI-CAN-25359", "zdi_id": "ZDI-24-1683" }, { "cve": "CVE-2024-12553", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-24-1682/advisory.json", "detail_path": "advisories/ZDI-24-1682", "id": "ZDI-24-1682", "kind": "published", "published_date": "2024-12-12", "status": "published", "title": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability", "updated_date": "2024-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1682/", "vendor": "GeoVision", "vendor_url": null, "zdi_can": "ZDI-CAN-25394", "zdi_id": "ZDI-24-1682" }, { "cve": "CVE-2024-12547", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1681/advisory.json", "detail_path": "advisories/ZDI-24-1681", "id": "ZDI-24-1681", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1681/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25560", "zdi_id": "ZDI-24-1681" }, { "cve": "CVE-2024-12548", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1680/advisory.json", "detail_path": "advisories/ZDI-24-1680", "id": "ZDI-24-1680", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1680/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25564", "zdi_id": "ZDI-24-1680" }, { "cve": "CVE-2024-12549", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1679/advisory.json", "detail_path": "advisories/ZDI-24-1679", "id": "ZDI-24-1679", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1679/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25565", "zdi_id": "ZDI-24-1679" }, { "cve": "CVE-2024-12550", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1678/advisory.json", "detail_path": "advisories/ZDI-24-1678", "id": "ZDI-24-1678", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1678/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25566", "zdi_id": "ZDI-24-1678" }, { "cve": "CVE-2024-12551", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1677/advisory.json", "detail_path": "advisories/ZDI-24-1677", "id": "ZDI-24-1677", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1677/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-25567", "zdi_id": "ZDI-24-1677" }, { "cve": "CVE-2024-52323", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getOAToken action....", "detail_json": "/data/advisories/ZDI-24-1676/advisory.json", "detail_path": "advisories/ZDI-24-1676", "id": "ZDI-24-1676", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "ManageEngine Analytics Plus getOAToken Exposed Dangerous Method Privilege Escalation Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1676/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-25135", "zdi_id": "ZDI-24-1676" }, { "cve": "CVE-2024-11611", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1675/advisory.json", "detail_path": "advisories/ZDI-24-1675", "id": "ZDI-24-1675", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1675/", "vendor": "AutomationDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-24774", "zdi_id": "ZDI-24-1675" }, { "cve": "CVE-2024-11610", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1674/advisory.json", "detail_path": "advisories/ZDI-24-1674", "id": "ZDI-24-1674", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1674/", "vendor": "AutomationDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-24773", "zdi_id": "ZDI-24-1674" }, { "cve": "CVE-2024-11609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1673/advisory.json", "detail_path": "advisories/ZDI-24-1673", "id": "ZDI-24-1673", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1673/", "vendor": "AutomationDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-24772", "zdi_id": "ZDI-24-1673" }, { "cve": "CVE-2024-11949", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by defa...", "detail_json": "/data/advisories/ZDI-24-1672/advisory.json", "detail_path": "advisories/ZDI-24-1672", "id": "ZDI-24-1672", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1672/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-24331", "zdi_id": "ZDI-24-1672" }, { "cve": "CVE-2024-11948", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use...", "detail_json": "/data/advisories/ZDI-24-1671/advisory.json", "detail_path": "advisories/ZDI-24-1671", "id": "ZDI-24-1671", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "GFI Archiver Telerik Web UI Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1671/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-24041", "zdi_id": "ZDI-24-1671" }, { "cve": "CVE-2024-11947", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Core Service, which listens on TCP port 8017 by defau...", "detail_json": "/data/advisories/ZDI-24-1670/advisory.json", "detail_path": "advisories/ZDI-24-1670", "id": "ZDI-24-1670", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1670/", "vendor": "GFI", "vendor_url": null, "zdi_can": "ZDI-CAN-24029", "zdi_id": "ZDI-24-1670" }, { "cve": "CVE-2024-53909", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the MonitoringMiddleTier service, w...", "detail_json": "/data/advisories/ZDI-24-1669/advisory.json", "detail_path": "advisories/ZDI-24-1669", "id": "ZDI-24-1669", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1669/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24334", "zdi_id": "ZDI-24-1669" }, { "cve": "CVE-2024-53910", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVExchangeWebServicesProxy serv...", "detail_json": "/data/advisories/ZDI-24-1668/advisory.json", "detail_path": "advisories/ZDI-24-1668", "id": "ZDI-24-1668", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1668/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24336", "zdi_id": "ZDI-24-1668" }, { "cve": "CVE-2024-53911", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The i...", "detail_json": "/data/advisories/ZDI-24-1667/advisory.json", "detail_path": "advisories/ZDI-24-1667", "id": "ZDI-24-1667", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1667/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24339", "zdi_id": "ZDI-24-1667" }, { "cve": "CVE-2024-53913", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The i...", "detail_json": "/data/advisories/ZDI-24-1666/advisory.json", "detail_path": "advisories/ZDI-24-1666", "id": "ZDI-24-1666", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1666/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24343", "zdi_id": "ZDI-24-1666" }, { "cve": "CVE-2024-53914", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVTaskGuardian service. The iss...", "detail_json": "/data/advisories/ZDI-24-1665/advisory.json", "detail_path": "advisories/ZDI-24-1665", "id": "ZDI-24-1665", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1665/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24344", "zdi_id": "ZDI-24-1665" }, { "cve": "CVE-2024-53912", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVMonitoring service. The issue...", "detail_json": "/data/advisories/ZDI-24-1664/advisory.json", "detail_path": "advisories/ZDI-24-1664", "id": "ZDI-24-1664", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1664/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24341", "zdi_id": "ZDI-24-1664" }, { "cve": "CVE-2024-53915", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVFileSvrArcMngr service. The i...", "detail_json": "/data/advisories/ZDI-24-1663/advisory.json", "detail_path": "advisories/ZDI-24-1663", "id": "ZDI-24-1663", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1663/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24405", "zdi_id": "ZDI-24-1663" }, { "cve": "CVE-2024-52941", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-24-1662/advisory.json", "detail_path": "advisories/ZDI-24-1662", "id": "ZDI-24-1662", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault MobileHTMLView Cross-Site Scripting Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1662/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24695", "zdi_id": "ZDI-24-1662" }, { "cve": "CVE-2024-52942", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-24-1661/advisory.json", "detail_path": "advisories/ZDI-24-1661", "id": "ZDI-24-1661", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1661/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24696", "zdi_id": "ZDI-24-1661" }, { "cve": "CVE-2024-52943", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-24-1660/advisory.json", "detail_path": "advisories/ZDI-24-1660", "id": "ZDI-24-1660", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1660/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24697", "zdi_id": "ZDI-24-1660" }, { "cve": "CVE-2024-52944", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-24-1659/advisory.json", "detail_path": "advisories/ZDI-24-1659", "id": "ZDI-24-1659", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1659/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-24698", "zdi_id": "ZDI-24-1659" }, { "cve": "CVE-2024-49041", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1658/advisory.json", "detail_path": "advisories/ZDI-24-1658", "id": "ZDI-24-1658", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Microsoft Edge File Extension Spoofing Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1658/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25361", "zdi_id": "ZDI-24-1658" }, { "cve": "CVE-2024-49082", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of...", "detail_json": "/data/advisories/ZDI-24-1657/advisory.json", "detail_path": "advisories/ZDI-24-1657", "id": "ZDI-24-1657", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Microsoft Windows Directory Traversal Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1657/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24583", "zdi_id": "ZDI-24-1657" }, { "cve": "CVE-2024-47964", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1656/advisory.json", "detail_path": "advisories/ZDI-24-1656", "id": "ZDI-24-1656", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1656/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25292", "zdi_id": "ZDI-24-1656" }, { "cve": "CVE-2024-11156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1655/advisory.json", "detail_path": "advisories/ZDI-24-1655", "id": "ZDI-24-1655", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1655/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24540", "zdi_id": "ZDI-24-1655" }, { "cve": "CVE-2024-11156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1654/advisory.json", "detail_path": "advisories/ZDI-24-1654", "id": "ZDI-24-1654", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1654/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24139", "zdi_id": "ZDI-24-1654" }, { "cve": "CVE-2024-11155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1653/advisory.json", "detail_path": "advisories/ZDI-24-1653", "id": "ZDI-24-1653", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1653/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24544", "zdi_id": "ZDI-24-1653" }, { "cve": "CVE-2024-11156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1652/advisory.json", "detail_path": "advisories/ZDI-24-1652", "id": "ZDI-24-1652", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1652/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24542", "zdi_id": "ZDI-24-1652" }, { "cve": "CVE-2024-12130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1651/advisory.json", "detail_path": "advisories/ZDI-24-1651", "id": "ZDI-24-1651", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1651/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24541", "zdi_id": "ZDI-24-1651" }, { "cve": "CVE-2024-11158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1650/advisory.json", "detail_path": "advisories/ZDI-24-1650", "id": "ZDI-24-1650", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1650/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24137", "zdi_id": "ZDI-24-1650" }, { "cve": "CVE-2024-11156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-1649/advisory.json", "detail_path": "advisories/ZDI-24-1649", "id": "ZDI-24-1649", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1649/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24115", "zdi_id": "ZDI-24-1649" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1648/advisory.json", "detail_path": "advisories/ZDI-24-1648", "id": "ZDI-24-1648", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "Linux Kernel Bluetooth HCI Request Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1648/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-24547", "zdi_id": "ZDI-24-1648" }, { "cve": "CVE-2024-8805", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Classic HID connections. The...", "detail_json": "/data/advisories/ZDI-24-1647/advisory.json", "detail_path": "advisories/ZDI-24-1647", "id": "ZDI-24-1647", "kind": "published", "published_date": "2024-12-10", "status": "published", "title": "BlueZ Classic HID Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2024-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1647/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-25398", "zdi_id": "ZDI-24-1647" }, { "cve": "CVE-2024-11872", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1646/advisory.json", "detail_path": "advisories/ZDI-24-1646", "id": "ZDI-24-1646", "kind": "published", "published_date": "2024-12-04", "status": "published", "title": "Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": "2024-12-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1646/", "vendor": "Epic Games", "vendor_url": null, "zdi_can": "ZDI-CAN-24329", "zdi_id": "ZDI-24-1646" }, { "cve": "CVE-2024-46909", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the WriteData...", "detail_json": "/data/advisories/ZDI-24-1645/advisory.json", "detail_path": "advisories/ZDI-24-1645", "id": "ZDI-24-1645", "kind": "published", "published_date": "2024-12-06", "status": "published", "title": "Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-12-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1645/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24975", "zdi_id": "ZDI-24-1645" }, { "cve": "CVE-2024-11946", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of fir...", "detail_json": "/data/advisories/ZDI-24-1644/advisory.json", "detail_path": "advisories/ZDI-24-1644", "id": "ZDI-24-1644", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(Pwn2Own) iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644/", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25668", "zdi_id": "ZDI-24-1644" }, { "cve": "CVE-2024-11944", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method....", "detail_json": "/data/advisories/ZDI-24-1643/advisory.json", "detail_path": "advisories/ZDI-24-1643", "id": "ZDI-24-1643", "kind": "published", "published_date": "2024-12-19", "status": "published", "title": "(Pwn2Own) iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-12-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1643/", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25626", "zdi_id": "ZDI-24-1643" }, { "cve": "CVE-2024-42070", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-1642/advisory.json", "detail_path": "advisories/ZDI-24-1642", "id": "ZDI-24-1642", "kind": "published", "published_date": "2024-12-03", "status": "published", "title": "Linux Kernel nftables Type Confusion Information Disclosure Vulnerability", "updated_date": "2024-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1642/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-24348", "zdi_id": "ZDI-24-1642" }, { "cve": "CVE-2023-49797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-1641/advisory.json", "detail_path": "advisories/ZDI-24-1641", "id": "ZDI-24-1641", "kind": "published", "published_date": "2024-12-03", "status": "published", "title": "Intel Computing Improvement Program PyInstaller Local Privilege Escalation Vulnerability", "updated_date": "2024-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1641/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-21847", "zdi_id": "ZDI-24-1641" }, { "cve": "CVE-2024-11950", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-1640/advisory.json", "detail_path": "advisories/ZDI-24-1640", "id": "ZDI-24-1640", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/", "vendor": "XnSoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22913", "zdi_id": "ZDI-24-1640" }, { "cve": "CVE-2024-53676", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementati...", "detail_json": "/data/advisories/ZDI-24-1639/advisory.json", "detail_path": "advisories/ZDI-24-1639", "id": "ZDI-24-1639", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support processAtatchmentDataStream Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1639/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-25161", "zdi_id": "ZDI-24-1639" }, { "cve": "CVE-2024-53675", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the impl...", "detail_json": "/data/advisories/ZDI-24-1638/advisory.json", "detail_path": "advisories/ZDI-24-1638", "id": "ZDI-24-1638", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support validateAgainstXSD XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1638/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24814", "zdi_id": "ZDI-24-1638" }, { "cve": "CVE-2024-53674", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the impl...", "detail_json": "/data/advisories/ZDI-24-1637/advisory.json", "detail_path": "advisories/ZDI-24-1637", "id": "ZDI-24-1637", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support getDocumentRootElement XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1637/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24813", "zdi_id": "ZDI-24-1637" }, { "cve": "CVE-2024-53673", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DESTA servic...", "detail_json": "/data/advisories/ZDI-24-1636/advisory.json", "detail_path": "advisories/ZDI-24-1636", "id": "ZDI-24-1636", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support DESTA Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1636/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24812", "zdi_id": "ZDI-24-1636" }, { "cve": "CVE-2024-11622", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the impl...", "detail_json": "/data/advisories/ZDI-24-1635/advisory.json", "detail_path": "advisories/ZDI-24-1635", "id": "ZDI-24-1635", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise Insight Remote Support setInputStream XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1635/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24811", "zdi_id": "ZDI-24-1635" }, { "cve": "CVE-2024-51770", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...", "detail_json": "/data/advisories/ZDI-24-1634/advisory.json", "detail_path": "advisories/ZDI-24-1634", "id": "ZDI-24-1634", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1634/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24694", "zdi_id": "ZDI-24-1634" }, { "cve": "CVE-2024-51769", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...", "detail_json": "/data/advisories/ZDI-24-1633/advisory.json", "detail_path": "advisories/ZDI-24-1633", "id": "ZDI-24-1633", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1633/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24693", "zdi_id": "ZDI-24-1633" }, { "cve": "CVE-2024-51768", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. Although authentication is required to exploit this vulnerability, the existing authentication mech...", "detail_json": "/data/advisories/ZDI-24-1632/advisory.json", "detail_path": "advisories/ZDI-24-1632", "id": "ZDI-24-1632", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server hsqldb Remote Code Execution Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1632/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24692", "zdi_id": "ZDI-24-1632" }, { "cve": "CVE-2024-51767", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service,...", "detail_json": "/data/advisories/ZDI-24-1631/advisory.json", "detail_path": "advisories/ZDI-24-1631", "id": "ZDI-24-1631", "kind": "published", "published_date": "2024-12-02", "status": "published", "title": "Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability", "updated_date": "2024-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1631/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-24691", "zdi_id": "ZDI-24-1631" }, { "cve": "CVE-2024-11933", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1630/advisory.json", "detail_path": "advisories/ZDI-24-1630", "id": "ZDI-24-1630", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1630/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24548", "zdi_id": "ZDI-24-1630" }, { "cve": "CVE-2024-11803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1629/advisory.json", "detail_path": "advisories/ZDI-24-1629", "id": "ZDI-24-1629", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1629/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24771", "zdi_id": "ZDI-24-1629" }, { "cve": "CVE-2024-11802", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1628/advisory.json", "detail_path": "advisories/ZDI-24-1628", "id": "ZDI-24-1628", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1628/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24770", "zdi_id": "ZDI-24-1628" }, { "cve": "CVE-2024-11801", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1627/advisory.json", "detail_path": "advisories/ZDI-24-1627", "id": "ZDI-24-1627", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1627/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24769", "zdi_id": "ZDI-24-1627" }, { "cve": "CVE-2024-11800", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1626/advisory.json", "detail_path": "advisories/ZDI-24-1626", "id": "ZDI-24-1626", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1626/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24768", "zdi_id": "ZDI-24-1626" }, { "cve": "CVE-2024-11799", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1625/advisory.json", "detail_path": "advisories/ZDI-24-1625", "id": "ZDI-24-1625", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1625/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24664", "zdi_id": "ZDI-24-1625" }, { "cve": "CVE-2024-11798", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1624/advisory.json", "detail_path": "advisories/ZDI-24-1624", "id": "ZDI-24-1624", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1624/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24663", "zdi_id": "ZDI-24-1624" }, { "cve": "CVE-2024-11797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1623/advisory.json", "detail_path": "advisories/ZDI-24-1623", "id": "ZDI-24-1623", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1623/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24662", "zdi_id": "ZDI-24-1623" }, { "cve": "CVE-2024-11796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1622/advisory.json", "detail_path": "advisories/ZDI-24-1622", "id": "ZDI-24-1622", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1622/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24506", "zdi_id": "ZDI-24-1622" }, { "cve": "CVE-2024-11795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1621/advisory.json", "detail_path": "advisories/ZDI-24-1621", "id": "ZDI-24-1621", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1621/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24505", "zdi_id": "ZDI-24-1621" }, { "cve": "CVE-2024-11794", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1620/advisory.json", "detail_path": "advisories/ZDI-24-1620", "id": "ZDI-24-1620", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1620/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24504", "zdi_id": "ZDI-24-1620" }, { "cve": "CVE-2024-11793", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1619/advisory.json", "detail_path": "advisories/ZDI-24-1619", "id": "ZDI-24-1619", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1619/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24503", "zdi_id": "ZDI-24-1619" }, { "cve": "CVE-2024-11792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1618/advisory.json", "detail_path": "advisories/ZDI-24-1618", "id": "ZDI-24-1618", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1618/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24502", "zdi_id": "ZDI-24-1618" }, { "cve": "CVE-2024-11791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1617/advisory.json", "detail_path": "advisories/ZDI-24-1617", "id": "ZDI-24-1617", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1617/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24450", "zdi_id": "ZDI-24-1617" }, { "cve": "CVE-2024-11790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1616/advisory.json", "detail_path": "advisories/ZDI-24-1616", "id": "ZDI-24-1616", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1616/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24449", "zdi_id": "ZDI-24-1616" }, { "cve": "CVE-2024-11789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1615/advisory.json", "detail_path": "advisories/ZDI-24-1615", "id": "ZDI-24-1615", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1615/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24448", "zdi_id": "ZDI-24-1615" }, { "cve": "CVE-2024-11787", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1614/advisory.json", "detail_path": "advisories/ZDI-24-1614", "id": "ZDI-24-1614", "kind": "published", "published_date": "2024-11-27", "status": "published", "title": "(0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1614/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-24413", "zdi_id": "ZDI-24-1614" }, { "cve": "CVE-2024-36488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-24-1613/advisory.json", "detail_path": "advisories/ZDI-24-1613", "id": "ZDI-24-1613", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1613/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-23927", "zdi_id": "ZDI-24-1613" }, { "cve": "CVE-2024-11581", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1612/advisory.json", "detail_path": "advisories/ZDI-24-1612", "id": "ZDI-24-1612", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1612/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23826", "zdi_id": "ZDI-24-1612" }, { "cve": "CVE-2024-11580", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1611/advisory.json", "detail_path": "advisories/ZDI-24-1611", "id": "ZDI-24-1611", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1611/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23700", "zdi_id": "ZDI-24-1611" }, { "cve": "CVE-2024-11579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1610/advisory.json", "detail_path": "advisories/ZDI-24-1610", "id": "ZDI-24-1610", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1610/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23697", "zdi_id": "ZDI-24-1610" }, { "cve": "CVE-2024-11578", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1609/advisory.json", "detail_path": "advisories/ZDI-24-1609", "id": "ZDI-24-1609", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1609/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23693", "zdi_id": "ZDI-24-1609" }, { "cve": "CVE-2024-11577", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1608/advisory.json", "detail_path": "advisories/ZDI-24-1608", "id": "ZDI-24-1608", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1608/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23685", "zdi_id": "ZDI-24-1608" }, { "cve": "CVE-2024-11576", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1607/advisory.json", "detail_path": "advisories/ZDI-24-1607", "id": "ZDI-24-1607", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1607/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23681", "zdi_id": "ZDI-24-1607" }, { "cve": "CVE-2024-11612", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-24-1606/advisory.json", "detail_path": "advisories/ZDI-24-1606", "id": "ZDI-24-1606", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "7-Zip Qcow Handler Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2024-11-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1606/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-24307", "zdi_id": "ZDI-24-1606" }, { "cve": "CVE-2024-49529", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1605/advisory.json", "detail_path": "advisories/ZDI-24-1605", "id": "ZDI-24-1605", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1605/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24608", "zdi_id": "ZDI-24-1605" }, { "cve": "CVE-2024-11507", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1604/advisory.json", "detail_path": "advisories/ZDI-24-1604", "id": "ZDI-24-1604", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1604/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22177", "zdi_id": "ZDI-24-1604" }, { "cve": "CVE-2024-11508", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1603/advisory.json", "detail_path": "advisories/ZDI-24-1603", "id": "ZDI-24-1603", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1603/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22184", "zdi_id": "ZDI-24-1603" }, { "cve": "CVE-2024-11509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1602/advisory.json", "detail_path": "advisories/ZDI-24-1602", "id": "ZDI-24-1602", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1602/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22185", "zdi_id": "ZDI-24-1602" }, { "cve": "CVE-2024-11513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1601/advisory.json", "detail_path": "advisories/ZDI-24-1601", "id": "ZDI-24-1601", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1601/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23971", "zdi_id": "ZDI-24-1601" }, { "cve": "CVE-2024-11516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1600/advisory.json", "detail_path": "advisories/ZDI-24-1600", "id": "ZDI-24-1600", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1600/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24011", "zdi_id": "ZDI-24-1600" }, { "cve": "CVE-2024-11514", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1599/advisory.json", "detail_path": "advisories/ZDI-24-1599", "id": "ZDI-24-1599", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1599/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23975", "zdi_id": "ZDI-24-1599" }, { "cve": "CVE-2024-11515", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1598/advisory.json", "detail_path": "advisories/ZDI-24-1598", "id": "ZDI-24-1598", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1598/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24010", "zdi_id": "ZDI-24-1598" }, { "cve": "CVE-2024-11517", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1597/advisory.json", "detail_path": "advisories/ZDI-24-1597", "id": "ZDI-24-1597", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1597/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24118", "zdi_id": "ZDI-24-1597" }, { "cve": "CVE-2024-11518", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1596/advisory.json", "detail_path": "advisories/ZDI-24-1596", "id": "ZDI-24-1596", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1596/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24444", "zdi_id": "ZDI-24-1596" }, { "cve": "CVE-2024-11519", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1595/advisory.json", "detail_path": "advisories/ZDI-24-1595", "id": "ZDI-24-1595", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1595/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24445", "zdi_id": "ZDI-24-1595" }, { "cve": "CVE-2024-11506", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1594/advisory.json", "detail_path": "advisories/ZDI-24-1594", "id": "ZDI-24-1594", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1594/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22169", "zdi_id": "ZDI-24-1594" }, { "cve": "CVE-2024-11524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1593/advisory.json", "detail_path": "advisories/ZDI-24-1593", "id": "ZDI-24-1593", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1593/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24598", "zdi_id": "ZDI-24-1593" }, { "cve": "CVE-2024-11523", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1592/advisory.json", "detail_path": "advisories/ZDI-24-1592", "id": "ZDI-24-1592", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1592/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24597", "zdi_id": "ZDI-24-1592" }, { "cve": "CVE-2024-11525", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1591/advisory.json", "detail_path": "advisories/ZDI-24-1591", "id": "ZDI-24-1591", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1591/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24599", "zdi_id": "ZDI-24-1591" }, { "cve": "CVE-2024-11522", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1590/advisory.json", "detail_path": "advisories/ZDI-24-1590", "id": "ZDI-24-1590", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1590/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24595", "zdi_id": "ZDI-24-1590" }, { "cve": "CVE-2024-11528", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1589/advisory.json", "detail_path": "advisories/ZDI-24-1589", "id": "ZDI-24-1589", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1589/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24602", "zdi_id": "ZDI-24-1589" }, { "cve": "CVE-2024-11538", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1588/advisory.json", "detail_path": "advisories/ZDI-24-1588", "id": "ZDI-24-1588", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1588/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24629", "zdi_id": "ZDI-24-1588" }, { "cve": "CVE-2024-11532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1587/advisory.json", "detail_path": "advisories/ZDI-24-1587", "id": "ZDI-24-1587", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1587/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24615", "zdi_id": "ZDI-24-1587" }, { "cve": "CVE-2024-11533", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1586/advisory.json", "detail_path": "advisories/ZDI-24-1586", "id": "ZDI-24-1586", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1586/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24616", "zdi_id": "ZDI-24-1586" }, { "cve": "CVE-2024-11534", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1585/advisory.json", "detail_path": "advisories/ZDI-24-1585", "id": "ZDI-24-1585", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1585/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24617", "zdi_id": "ZDI-24-1585" }, { "cve": "CVE-2024-11535", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1584/advisory.json", "detail_path": "advisories/ZDI-24-1584", "id": "ZDI-24-1584", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1584/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24618", "zdi_id": "ZDI-24-1584" }, { "cve": "CVE-2024-11536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1583/advisory.json", "detail_path": "advisories/ZDI-24-1583", "id": "ZDI-24-1583", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1583/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24619", "zdi_id": "ZDI-24-1583" }, { "cve": "CVE-2024-11537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1582/advisory.json", "detail_path": "advisories/ZDI-24-1582", "id": "ZDI-24-1582", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1582/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24620", "zdi_id": "ZDI-24-1582" }, { "cve": "CVE-2024-11554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1581/advisory.json", "detail_path": "advisories/ZDI-24-1581", "id": "ZDI-24-1581", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1581/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24754", "zdi_id": "ZDI-24-1581" }, { "cve": "CVE-2024-11520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1580/advisory.json", "detail_path": "advisories/ZDI-24-1580", "id": "ZDI-24-1580", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1580/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24488", "zdi_id": "ZDI-24-1580" }, { "cve": "CVE-2024-11521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1579/advisory.json", "detail_path": "advisories/ZDI-24-1579", "id": "ZDI-24-1579", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1579/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24578", "zdi_id": "ZDI-24-1579" }, { "cve": "CVE-2024-11560", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1578/advisory.json", "detail_path": "advisories/ZDI-24-1578", "id": "ZDI-24-1578", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1578/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24853", "zdi_id": "ZDI-24-1578" }, { "cve": "CVE-2024-11561", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1577/advisory.json", "detail_path": "advisories/ZDI-24-1577", "id": "ZDI-24-1577", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1577/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24857", "zdi_id": "ZDI-24-1577" }, { "cve": "CVE-2024-11563", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1576/advisory.json", "detail_path": "advisories/ZDI-24-1576", "id": "ZDI-24-1576", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1576/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24860", "zdi_id": "ZDI-24-1576" }, { "cve": "CVE-2024-11567", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1575/advisory.json", "detail_path": "advisories/ZDI-24-1575", "id": "ZDI-24-1575", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1575/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24871", "zdi_id": "ZDI-24-1575" }, { "cve": "CVE-2024-11569", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1574/advisory.json", "detail_path": "advisories/ZDI-24-1574", "id": "ZDI-24-1574", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1574/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24873", "zdi_id": "ZDI-24-1574" }, { "cve": "CVE-2024-11574", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1573/advisory.json", "detail_path": "advisories/ZDI-24-1573", "id": "ZDI-24-1573", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1573/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24900", "zdi_id": "ZDI-24-1573" }, { "cve": "CVE-2024-11562", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1572/advisory.json", "detail_path": "advisories/ZDI-24-1572", "id": "ZDI-24-1572", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1572/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24858", "zdi_id": "ZDI-24-1572" }, { "cve": "CVE-2024-11570", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1571/advisory.json", "detail_path": "advisories/ZDI-24-1571", "id": "ZDI-24-1571", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1571/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24885", "zdi_id": "ZDI-24-1571" }, { "cve": "CVE-2024-11572", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1570/advisory.json", "detail_path": "advisories/ZDI-24-1570", "id": "ZDI-24-1570", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1570/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24897", "zdi_id": "ZDI-24-1570" }, { "cve": "CVE-2024-11575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1569/advisory.json", "detail_path": "advisories/ZDI-24-1569", "id": "ZDI-24-1569", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1569/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24901", "zdi_id": "ZDI-24-1569" }, { "cve": "CVE-2024-11564", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1568/advisory.json", "detail_path": "advisories/ZDI-24-1568", "id": "ZDI-24-1568", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1568/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24864", "zdi_id": "ZDI-24-1568" }, { "cve": "CVE-2024-11565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1567/advisory.json", "detail_path": "advisories/ZDI-24-1567", "id": "ZDI-24-1567", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1567/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24866", "zdi_id": "ZDI-24-1567" }, { "cve": "CVE-2024-11571", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1566/advisory.json", "detail_path": "advisories/ZDI-24-1566", "id": "ZDI-24-1566", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1566/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24895", "zdi_id": "ZDI-24-1566" }, { "cve": "CVE-2024-11573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1565/advisory.json", "detail_path": "advisories/ZDI-24-1565", "id": "ZDI-24-1565", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1565/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24898", "zdi_id": "ZDI-24-1565" }, { "cve": "CVE-2024-11566", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1564/advisory.json", "detail_path": "advisories/ZDI-24-1564", "id": "ZDI-24-1564", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1564/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24868", "zdi_id": "ZDI-24-1564" }, { "cve": "CVE-2024-11568", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1563/advisory.json", "detail_path": "advisories/ZDI-24-1563", "id": "ZDI-24-1563", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1563/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24872", "zdi_id": "ZDI-24-1563" }, { "cve": "CVE-2024-11556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1562/advisory.json", "detail_path": "advisories/ZDI-24-1562", "id": "ZDI-24-1562", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1562/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24795", "zdi_id": "ZDI-24-1562" }, { "cve": "CVE-2024-11557", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1561/advisory.json", "detail_path": "advisories/ZDI-24-1561", "id": "ZDI-24-1561", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1561/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24807", "zdi_id": "ZDI-24-1561" }, { "cve": "CVE-2024-11558", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1560/advisory.json", "detail_path": "advisories/ZDI-24-1560", "id": "ZDI-24-1560", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1560/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24808", "zdi_id": "ZDI-24-1560" }, { "cve": "CVE-2024-11555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1559/advisory.json", "detail_path": "advisories/ZDI-24-1559", "id": "ZDI-24-1559", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1559/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24780", "zdi_id": "ZDI-24-1559" }, { "cve": "CVE-2024-11559", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1558/advisory.json", "detail_path": "advisories/ZDI-24-1558", "id": "ZDI-24-1558", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1558/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24809", "zdi_id": "ZDI-24-1558" }, { "cve": "CVE-2024-11510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1557/advisory.json", "detail_path": "advisories/ZDI-24-1557", "id": "ZDI-24-1557", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1557/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22718", "zdi_id": "ZDI-24-1557" }, { "cve": "CVE-2024-11511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1556/advisory.json", "detail_path": "advisories/ZDI-24-1556", "id": "ZDI-24-1556", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1556/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22735", "zdi_id": "ZDI-24-1556" }, { "cve": "CVE-2024-11512", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1555/advisory.json", "detail_path": "advisories/ZDI-24-1555", "id": "ZDI-24-1555", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1555/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-22741", "zdi_id": "ZDI-24-1555" }, { "cve": "CVE-2024-11553", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1554/advisory.json", "detail_path": "advisories/ZDI-24-1554", "id": "ZDI-24-1554", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1554/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24752", "zdi_id": "ZDI-24-1554" }, { "cve": "CVE-2024-11539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1553/advisory.json", "detail_path": "advisories/ZDI-24-1553", "id": "ZDI-24-1553", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1553/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24699", "zdi_id": "ZDI-24-1553" }, { "cve": "CVE-2024-11541", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1552/advisory.json", "detail_path": "advisories/ZDI-24-1552", "id": "ZDI-24-1552", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1552/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24702", "zdi_id": "ZDI-24-1552" }, { "cve": "CVE-2024-11540", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1551/advisory.json", "detail_path": "advisories/ZDI-24-1551", "id": "ZDI-24-1551", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1551/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24700", "zdi_id": "ZDI-24-1551" }, { "cve": "CVE-2024-11542", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1550/advisory.json", "detail_path": "advisories/ZDI-24-1550", "id": "ZDI-24-1550", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1550/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24703", "zdi_id": "ZDI-24-1550" }, { "cve": "CVE-2024-11551", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1549/advisory.json", "detail_path": "advisories/ZDI-24-1549", "id": "ZDI-24-1549", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1549/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24749", "zdi_id": "ZDI-24-1549" }, { "cve": "CVE-2024-11543", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1548/advisory.json", "detail_path": "advisories/ZDI-24-1548", "id": "ZDI-24-1548", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1548/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24704", "zdi_id": "ZDI-24-1548" }, { "cve": "CVE-2024-11549", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1547/advisory.json", "detail_path": "advisories/ZDI-24-1547", "id": "ZDI-24-1547", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1547/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24746", "zdi_id": "ZDI-24-1547" }, { "cve": "CVE-2024-11552", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1546/advisory.json", "detail_path": "advisories/ZDI-24-1546", "id": "ZDI-24-1546", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1546/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24751", "zdi_id": "ZDI-24-1546" }, { "cve": "CVE-2024-11548", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1545/advisory.json", "detail_path": "advisories/ZDI-24-1545", "id": "ZDI-24-1545", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1545/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24745", "zdi_id": "ZDI-24-1545" }, { "cve": "CVE-2024-11547", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1544/advisory.json", "detail_path": "advisories/ZDI-24-1544", "id": "ZDI-24-1544", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1544/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24732", "zdi_id": "ZDI-24-1544" }, { "cve": "CVE-2024-11546", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1543/advisory.json", "detail_path": "advisories/ZDI-24-1543", "id": "ZDI-24-1543", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1543/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24714", "zdi_id": "ZDI-24-1543" }, { "cve": "CVE-2024-11545", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1542/advisory.json", "detail_path": "advisories/ZDI-24-1542", "id": "ZDI-24-1542", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1542/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24709", "zdi_id": "ZDI-24-1542" }, { "cve": "CVE-2024-11544", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1541/advisory.json", "detail_path": "advisories/ZDI-24-1541", "id": "ZDI-24-1541", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1541/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24707", "zdi_id": "ZDI-24-1541" }, { "cve": "CVE-2024-11550", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1540/advisory.json", "detail_path": "advisories/ZDI-24-1540", "id": "ZDI-24-1540", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1540/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24748", "zdi_id": "ZDI-24-1540" }, { "cve": "CVE-2024-11526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1539/advisory.json", "detail_path": "advisories/ZDI-24-1539", "id": "ZDI-24-1539", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1539/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24600", "zdi_id": "ZDI-24-1539" }, { "cve": "CVE-2024-11527", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1538/advisory.json", "detail_path": "advisories/ZDI-24-1538", "id": "ZDI-24-1538", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1538/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24601", "zdi_id": "ZDI-24-1538" }, { "cve": "CVE-2024-11529", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1537/advisory.json", "detail_path": "advisories/ZDI-24-1537", "id": "ZDI-24-1537", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1537/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24604", "zdi_id": "ZDI-24-1537" }, { "cve": "CVE-2024-11530", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1536/advisory.json", "detail_path": "advisories/ZDI-24-1536", "id": "ZDI-24-1536", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1536/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24605", "zdi_id": "ZDI-24-1536" }, { "cve": "CVE-2024-11531", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1535/advisory.json", "detail_path": "advisories/ZDI-24-1535", "id": "ZDI-24-1535", "kind": "published", "published_date": "2024-11-21", "status": "published", "title": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1535/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24606", "zdi_id": "ZDI-24-1535" }, { "cve": "CVE-2024-38024", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific met...", "detail_json": "/data/advisories/ZDI-24-1534/advisory.json", "detail_path": "advisories/ZDI-24-1534", "id": "ZDI-24-1534", "kind": "published", "published_date": "2024-11-20", "status": "published", "title": "Microsoft SharePoint Server FindSpecific Unsafe Reflection Remote Code Execution Vulnerability", "updated_date": "2024-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1534/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24221", "zdi_id": "ZDI-24-1534" }, { "cve": "CVE-2024-8424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1533/advisory.json", "detail_path": "advisories/ZDI-24-1533", "id": "ZDI-24-1533", "kind": "published", "published_date": "2024-11-20", "status": "published", "title": "Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1533/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23477", "zdi_id": "ZDI-24-1533" }, { "cve": "CVE-2024-11477", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-24-1532/advisory.json", "detail_path": "advisories/ZDI-24-1532", "id": "ZDI-24-1532", "kind": "published", "published_date": "2024-11-20", "status": "published", "title": "7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2024-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1532/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-24346", "zdi_id": "ZDI-24-1532" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of RSA Security SecureID Software Token for Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious f...", "detail_json": "/data/advisories/ZDI-24-1531/advisory.json", "detail_path": "advisories/ZDI-24-1531", "id": "ZDI-24-1531", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "RSA Security SecureID Software Token for Microsoft Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1531/", "vendor": "RSA Security", "vendor_url": null, "zdi_can": "ZDI-CAN-21830", "zdi_id": "ZDI-24-1531" }, { "cve": "CVE-2024-31210", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WordPress Core. Authentication may be required to exploit this vulnerability, depending on the product configuration. The specific flaw exists within the maybe_u...", "detail_json": "/data/advisories/ZDI-24-1530/advisory.json", "detail_path": "advisories/ZDI-24-1530", "id": "ZDI-24-1530", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "WordPress Core maybe_unserialize Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1530/", "vendor": "WordPress", "vendor_url": null, "zdi_can": "ZDI-CAN-22613", "zdi_id": "ZDI-24-1530" }, { "cve": "CVE-2024-10204", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1529/advisory.json", "detail_path": "advisories/ZDI-24-1529", "id": "ZDI-24-1529", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer X_B File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1529/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-25011", "zdi_id": "ZDI-24-1529" }, { "cve": "CVE-2024-10204", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1528/advisory.json", "detail_path": "advisories/ZDI-24-1528", "id": "ZDI-24-1528", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1528/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-25038", "zdi_id": "ZDI-24-1528" }, { "cve": "CVE-2024-52573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1527/advisory.json", "detail_path": "advisories/ZDI-24-1527", "id": "ZDI-24-1527", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1527/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24521", "zdi_id": "ZDI-24-1527" }, { "cve": "CVE-2024-52571", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1526/advisory.json", "detail_path": "advisories/ZDI-24-1526", "id": "ZDI-24-1526", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1526/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24485", "zdi_id": "ZDI-24-1526" }, { "cve": "CVE-2024-52567", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1525/advisory.json", "detail_path": "advisories/ZDI-24-1525", "id": "ZDI-24-1525", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1525/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24237", "zdi_id": "ZDI-24-1525" }, { "cve": "CVE-2024-52566", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1524/advisory.json", "detail_path": "advisories/ZDI-24-1524", "id": "ZDI-24-1524", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1524/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24233", "zdi_id": "ZDI-24-1524" }, { "cve": "CVE-2024-52565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1523/advisory.json", "detail_path": "advisories/ZDI-24-1523", "id": "ZDI-24-1523", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1523/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24231", "zdi_id": "ZDI-24-1523" }, { "cve": "CVE-2024-52570", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1522/advisory.json", "detail_path": "advisories/ZDI-24-1522", "id": "ZDI-24-1522", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1522/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24365", "zdi_id": "ZDI-24-1522" }, { "cve": "CVE-2024-52569", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1521/advisory.json", "detail_path": "advisories/ZDI-24-1521", "id": "ZDI-24-1521", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1521/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24260", "zdi_id": "ZDI-24-1521" }, { "cve": "CVE-2024-52568", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1520/advisory.json", "detail_path": "advisories/ZDI-24-1520", "id": "ZDI-24-1520", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1520/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24244", "zdi_id": "ZDI-24-1520" }, { "cve": "CVE-2024-52574", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1519/advisory.json", "detail_path": "advisories/ZDI-24-1519", "id": "ZDI-24-1519", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1519/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24543", "zdi_id": "ZDI-24-1519" }, { "cve": "CVE-2024-52572", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-1518/advisory.json", "detail_path": "advisories/ZDI-24-1518", "id": "ZDI-24-1518", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1518/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-24486", "zdi_id": "ZDI-24-1518" }, { "cve": "CVE-2024-49592", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-1517/advisory.json", "detail_path": "advisories/ZDI-24-1517", "id": "ZDI-24-1517", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1517/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-24269", "zdi_id": "ZDI-24-1517" }, { "cve": "CVE-2024-51503", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Deep Security Notifier...", "detail_json": "/data/advisories/ZDI-24-1516/advisory.json", "detail_path": "advisories/ZDI-24-1516", "id": "ZDI-24-1516", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-25215", "zdi_id": "ZDI-24-1516" }, { "cve": "CVE-2024-11394", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1515/advisory.json", "detail_path": "advisories/ZDI-24-1515", "id": "ZDI-24-1515", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "(0Day) Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1515/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-25012", "zdi_id": "ZDI-24-1515" }, { "cve": "CVE-2024-11393", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1514/advisory.json", "detail_path": "advisories/ZDI-24-1514", "id": "ZDI-24-1514", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "(0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1514/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-25191", "zdi_id": "ZDI-24-1514" }, { "cve": "CVE-2024-11392", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1513/advisory.json", "detail_path": "advisories/ZDI-24-1513", "id": "ZDI-24-1513", "kind": "published", "published_date": "2024-11-19", "status": "published", "title": "(0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-11-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1513/", "vendor": "Hugging Face", "vendor_url": null, "zdi_can": "ZDI-CAN-24322", "zdi_id": "ZDI-24-1513" }, { "cve": "CVE-2024-7763", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of getReport meth...", "detail_json": "/data/advisories/ZDI-24-1512/advisory.json", "detail_path": "advisories/ZDI-24-1512", "id": "ZDI-24-1512", "kind": "published", "published_date": "2024-11-18", "status": "published", "title": "Progress Software WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability", "updated_date": "2024-11-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1512/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23661", "zdi_id": "ZDI-24-1512" }, { "cve": "CVE-2024-49032", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1511/advisory.json", "detail_path": "advisories/ZDI-24-1511", "id": "ZDI-24-1511", "kind": "published", "published_date": "2024-11-14", "status": "published", "title": "Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1511/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-25090", "zdi_id": "ZDI-24-1511" }, { "cve": "CVE-2024-50330", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetComputerID me...", "detail_json": "/data/advisories/ZDI-24-1510/advisory.json", "detail_path": "advisories/ZDI-24-1510", "id": "ZDI-24-1510", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager GetComputerID SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1510/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25414", "zdi_id": "ZDI-24-1510" }, { "cve": "CVE-2024-50329", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1509/advisory.json", "detail_path": "advisories/ZDI-24-1509", "id": "ZDI-24-1509", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager vulscan Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1509/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25250", "zdi_id": "ZDI-24-1509" }, { "cve": "CVE-2024-50328", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDetectedVulnerabi...", "detail_json": "/data/advisories/ZDI-24-1508/advisory.json", "detail_path": "advisories/ZDI-24-1508", "id": "ZDI-24-1508", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager GetDetectedVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1508/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25063", "zdi_id": "ZDI-24-1508" }, { "cve": "CVE-2024-50327", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ROI class. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-24-1507/advisory.json", "detail_path": "advisories/ZDI-24-1507", "id": "ZDI-24-1507", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1507/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25057", "zdi_id": "ZDI-24-1507" }, { "cve": "CVE-2024-50326", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the serverStorage class. The issue results fro...", "detail_json": "/data/advisories/ZDI-24-1506/advisory.json", "detail_path": "advisories/ZDI-24-1506", "id": "ZDI-24-1506", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager serverStorage SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1506/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25054", "zdi_id": "ZDI-24-1506" }, { "cve": "CVE-2024-50324", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilePath method....", "detail_json": "/data/advisories/ZDI-24-1505/advisory.json", "detail_path": "advisories/ZDI-24-1505", "id": "ZDI-24-1505", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager GetFilePath Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1505/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24834", "zdi_id": "ZDI-24-1505" }, { "cve": "CVE-2024-50323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-24-1504/advisory.json", "detail_path": "advisories/ZDI-24-1504", "id": "ZDI-24-1504", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1504/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24782", "zdi_id": "ZDI-24-1504" }, { "cve": "CVE-2024-50322", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-24-1503/advisory.json", "detail_path": "advisories/ZDI-24-1503", "id": "ZDI-24-1503", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1503/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24273", "zdi_id": "ZDI-24-1503" }, { "cve": "CVE-2024-37376", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_RunPatch class. The issue results f...", "detail_json": "/data/advisories/ZDI-24-1502/advisory.json", "detail_path": "advisories/ZDI-24-1502", "id": "ZDI-24-1502", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1502/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24293", "zdi_id": "ZDI-24-1502" }, { "cve": "CVE-2024-34787", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-24-1501/advisory.json", "detail_path": "advisories/ZDI-24-1501", "id": "ZDI-24-1501", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1501/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24272", "zdi_id": "ZDI-24-1501" }, { "cve": "CVE-2024-34784", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the DBDR class. The issu...", "detail_json": "/data/advisories/ZDI-24-1500/advisory.json", "detail_path": "advisories/ZDI-24-1500", "id": "ZDI-24-1500", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1500/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24297", "zdi_id": "ZDI-24-1500" }, { "cve": "CVE-2024-34782", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from...", "detail_json": "/data/advisories/ZDI-24-1499/advisory.json", "detail_path": "advisories/ZDI-24-1499", "id": "ZDI-24-1499", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1499/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24295", "zdi_id": "ZDI-24-1499" }, { "cve": "CVE-2024-34781", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_Run class. The issue results from t...", "detail_json": "/data/advisories/ZDI-24-1498/advisory.json", "detail_path": "advisories/ZDI-24-1498", "id": "ZDI-24-1498", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1498/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24294", "zdi_id": "ZDI-24-1498" }, { "cve": "CVE-2024-34781", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_QueryDetail class. The issue results fr...", "detail_json": "/data/advisories/ZDI-24-1497/advisory.json", "detail_path": "advisories/ZDI-24-1497", "id": "ZDI-24-1497", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1497/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24292", "zdi_id": "ZDI-24-1497" }, { "cve": "CVE-2024-32847", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_Run2 class. The issue results from...", "detail_json": "/data/advisories/ZDI-24-1496/advisory.json", "detail_path": "advisories/ZDI-24-1496", "id": "ZDI-24-1496", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1496/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24289", "zdi_id": "ZDI-24-1496" }, { "cve": "CVE-2024-32844", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_QueryDetail2 class. The issue results f...", "detail_json": "/data/advisories/ZDI-24-1495/advisory.json", "detail_path": "advisories/ZDI-24-1495", "id": "ZDI-24-1495", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1495/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24286", "zdi_id": "ZDI-24-1495" }, { "cve": "CVE-2024-32841", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetCountForQuery met...", "detail_json": "/data/advisories/ZDI-24-1494/advisory.json", "detail_path": "advisories/ZDI-24-1494", "id": "ZDI-24-1494", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1494/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24283", "zdi_id": "ZDI-24-1494" }, { "cve": "CVE-2024-32839", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MP_VistaReport class. The issue results fr...", "detail_json": "/data/advisories/ZDI-24-1493/advisory.json", "detail_path": "advisories/ZDI-24-1493", "id": "ZDI-24-1493", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1493/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24281", "zdi_id": "ZDI-24-1493" }, { "cve": "CVE-2024-50321", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1492/advisory.json", "detail_path": "advisories/ZDI-24-1492", "id": "ZDI-24-1492", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FP Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1492/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25455", "zdi_id": "ZDI-24-1492" }, { "cve": "CVE-2024-50320", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1491/advisory.json", "detail_path": "advisories/ZDI-24-1491", "id": "ZDI-24-1491", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FC Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1491/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25454", "zdi_id": "ZDI-24-1491" }, { "cve": "CVE-2024-50319", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1490/advisory.json", "detail_path": "advisories/ZDI-24-1490", "id": "ZDI-24-1490", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FN Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1490/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25453", "zdi_id": "ZDI-24-1490" }, { "cve": "CVE-2024-50318", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1489/advisory.json", "detail_path": "advisories/ZDI-24-1489", "id": "ZDI-24-1489", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FP Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1489/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25357", "zdi_id": "ZDI-24-1489" }, { "cve": "CVE-2024-50317", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1488/advisory.json", "detail_path": "advisories/ZDI-24-1488", "id": "ZDI-24-1488", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FN Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1488/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-25356", "zdi_id": "ZDI-24-1488" }, { "cve": "CVE-2024-7571", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-1487/advisory.json", "detail_path": "advisories/ZDI-24-1487", "id": "ZDI-24-1487", "kind": "published", "published_date": "2024-11-13", "status": "published", "title": "Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-11-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1487/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23545", "zdi_id": "ZDI-24-1487" }, { "cve": "CVE-2024-6871", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1486/advisory.json", "detail_path": "advisories/ZDI-24-1486", "id": "ZDI-24-1486", "kind": "published", "published_date": "2024-12-11", "status": "published", "title": "G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1486/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-22629", "zdi_id": "ZDI-24-1486" }, { "cve": "CVE-2024-9731", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1485/advisory.json", "detail_path": "advisories/ZDI-24-1485", "id": "ZDI-24-1485", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1485/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24145", "zdi_id": "ZDI-24-1485" }, { "cve": "CVE-2024-9728", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1484/advisory.json", "detail_path": "advisories/ZDI-24-1484", "id": "ZDI-24-1484", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1484/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24112", "zdi_id": "ZDI-24-1484" }, { "cve": "CVE-2024-9714", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1483/advisory.json", "detail_path": "advisories/ZDI-24-1483", "id": "ZDI-24-1483", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1483/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24097", "zdi_id": "ZDI-24-1483" }, { "cve": "CVE-2024-9721", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1482/advisory.json", "detail_path": "advisories/ZDI-24-1482", "id": "ZDI-24-1482", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1482/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24105", "zdi_id": "ZDI-24-1482" }, { "cve": "CVE-2024-9722", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1481/advisory.json", "detail_path": "advisories/ZDI-24-1481", "id": "ZDI-24-1481", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1481/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24106", "zdi_id": "ZDI-24-1481" }, { "cve": "CVE-2024-9723", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1480/advisory.json", "detail_path": "advisories/ZDI-24-1480", "id": "ZDI-24-1480", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1480/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24107", "zdi_id": "ZDI-24-1480" }, { "cve": "CVE-2024-9724", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1479/advisory.json", "detail_path": "advisories/ZDI-24-1479", "id": "ZDI-24-1479", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1479/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24108", "zdi_id": "ZDI-24-1479" }, { "cve": "CVE-2024-9725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1478/advisory.json", "detail_path": "advisories/ZDI-24-1478", "id": "ZDI-24-1478", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1478/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24109", "zdi_id": "ZDI-24-1478" }, { "cve": "CVE-2024-9720", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1477/advisory.json", "detail_path": "advisories/ZDI-24-1477", "id": "ZDI-24-1477", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1477/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24104", "zdi_id": "ZDI-24-1477" }, { "cve": "CVE-2024-9727", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1476/advisory.json", "detail_path": "advisories/ZDI-24-1476", "id": "ZDI-24-1476", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1476/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24111", "zdi_id": "ZDI-24-1476" }, { "cve": "CVE-2024-9726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1475/advisory.json", "detail_path": "advisories/ZDI-24-1475", "id": "ZDI-24-1475", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1475/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24110", "zdi_id": "ZDI-24-1475" }, { "cve": "CVE-2024-9713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1474/advisory.json", "detail_path": "advisories/ZDI-24-1474", "id": "ZDI-24-1474", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1474/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-23885", "zdi_id": "ZDI-24-1474" }, { "cve": "CVE-2024-9712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1473/advisory.json", "detail_path": "advisories/ZDI-24-1473", "id": "ZDI-24-1473", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "(0Day) Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1473/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-23530", "zdi_id": "ZDI-24-1473" }, { "cve": "CVE-2024-40715", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Veeam Backup Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of security...", "detail_json": "/data/advisories/ZDI-24-1472/advisory.json", "detail_path": "advisories/ZDI-24-1472", "id": "ZDI-24-1472", "kind": "published", "published_date": "2024-11-12", "status": "published", "title": "Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability", "updated_date": "2024-11-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1472/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-24589", "zdi_id": "ZDI-24-1472" }, { "cve": "CVE-2024-8424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1471/advisory.json", "detail_path": "advisories/ZDI-24-1471", "id": "ZDI-24-1471", "kind": "published", "published_date": "2024-11-11", "status": "published", "title": "Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-11-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1471/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23479", "zdi_id": "ZDI-24-1471" }, { "cve": "CVE-2024-39354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1470/advisory.json", "detail_path": "advisories/ZDI-24-1470", "id": "ZDI-24-1470", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1470/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25010", "zdi_id": "ZDI-24-1470" }, { "cve": "CVE-2024-39605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1469/advisory.json", "detail_path": "advisories/ZDI-24-1469", "id": "ZDI-24-1469", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1469/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25009", "zdi_id": "ZDI-24-1469" }, { "cve": "CVE-2024-47131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1468/advisory.json", "detail_path": "advisories/ZDI-24-1468", "id": "ZDI-24-1468", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1468/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25008", "zdi_id": "ZDI-24-1468" }, { "cve": "CVE-2024-39605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1467/advisory.json", "detail_path": "advisories/ZDI-24-1467", "id": "ZDI-24-1467", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1467/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25007", "zdi_id": "ZDI-24-1467" }, { "cve": "CVE-2024-47131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1466/advisory.json", "detail_path": "advisories/ZDI-24-1466", "id": "ZDI-24-1466", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1466/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25006", "zdi_id": "ZDI-24-1466" }, { "cve": "CVE-2024-39605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1465/advisory.json", "detail_path": "advisories/ZDI-24-1465", "id": "ZDI-24-1465", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1465/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25005", "zdi_id": "ZDI-24-1465" }, { "cve": "CVE-2024-39354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1464/advisory.json", "detail_path": "advisories/ZDI-24-1464", "id": "ZDI-24-1464", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1464/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25004", "zdi_id": "ZDI-24-1464" }, { "cve": "CVE-2024-47131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1463/advisory.json", "detail_path": "advisories/ZDI-24-1463", "id": "ZDI-24-1463", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1463/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25003", "zdi_id": "ZDI-24-1463" }, { "cve": "CVE-2024-39605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1462/advisory.json", "detail_path": "advisories/ZDI-24-1462", "id": "ZDI-24-1462", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1462/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25002", "zdi_id": "ZDI-24-1462" }, { "cve": "CVE-2024-39605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1461/advisory.json", "detail_path": "advisories/ZDI-24-1461", "id": "ZDI-24-1461", "kind": "published", "published_date": "2024-11-08", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-11-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1461/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25001", "zdi_id": "ZDI-24-1461" }, { "cve": "CVE-2024-39842", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommands_MC function. The issue results fro...", "detail_json": "/data/advisories/ZDI-24-1460/advisory.json", "detail_path": "advisories/ZDI-24-1460", "id": "ZDI-24-1460", "kind": "published", "published_date": "2024-11-06", "status": "published", "title": "Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-11-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1460/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-24538", "zdi_id": "ZDI-24-1460" }, { "cve": "CVE-2024-39843", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateAccessGroupLinks_MC function. The issue results from t...", "detail_json": "/data/advisories/ZDI-24-1459/advisory.json", "detail_path": "advisories/ZDI-24-1459", "id": "ZDI-24-1459", "kind": "published", "published_date": "2024-11-06", "status": "published", "title": "Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-11-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1459/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-24537", "zdi_id": "ZDI-24-1459" }, { "cve": "CVE-2024-39842", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactServiceCommands_MC function. The issue results...", "detail_json": "/data/advisories/ZDI-24-1458/advisory.json", "detail_path": "advisories/ZDI-24-1458", "id": "ZDI-24-1458", "kind": "published", "published_date": "2024-11-06", "status": "published", "title": "Centreon updateContactServiceCommands_MC SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-11-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1458/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-24535", "zdi_id": "ZDI-24-1458" }, { "cve": "CVE-2024-10456", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the _gE...", "detail_json": "/data/advisories/ZDI-24-1457/advisory.json", "detail_path": "advisories/ZDI-24-1457", "id": "ZDI-24-1457", "kind": "published", "published_date": "2024-11-06", "status": "published", "title": "Delta Electronics InfraSuite Device Master _gExtraInfo Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-11-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1457/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24594", "zdi_id": "ZDI-24-1457" }, { "cve": null, "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-24-1456/advisory.json", "detail_path": "advisories/ZDI-24-1456", "id": "ZDI-24-1456", "kind": "published", "published_date": "2024-11-05", "status": "published", "title": "Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability", "updated_date": "2024-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1456/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-25282", "zdi_id": "ZDI-24-1456" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1455/advisory.json", "detail_path": "advisories/ZDI-24-1455", "id": "ZDI-24-1455", "kind": "published", "published_date": "2024-11-05", "status": "published", "title": "Linux Kernel Net Scheduler ATM Queuing Discipline Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1455/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-23237", "zdi_id": "ZDI-24-1455" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1454/advisory.json", "detail_path": "advisories/ZDI-24-1454", "id": "ZDI-24-1454", "kind": "published", "published_date": "2024-11-05", "status": "published", "title": "Linux Kernel nftables Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": "2024-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1454/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-24184", "zdi_id": "ZDI-24-1454" }, { "cve": "CVE-2024-9632", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1453/advisory.json", "detail_path": "advisories/ZDI-24-1453", "id": "ZDI-24-1453", "kind": "published", "published_date": "2024-11-05", "status": "published", "title": "X.Org Server XkbSetCompatMap Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1453/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-24756", "zdi_id": "ZDI-24-1453" }, { "cve": "CVE-2024-8592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1452/advisory.json", "detail_path": "advisories/ZDI-24-1452", "id": "ZDI-24-1452", "kind": "published", "published_date": "2024-11-04", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-11-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1452/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24943", "zdi_id": "ZDI-24-1452" }, { "cve": "CVE-2024-44284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1451/advisory.json", "detail_path": "advisories/ZDI-24-1451", "id": "ZDI-24-1451", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1451/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24763", "zdi_id": "ZDI-24-1451" }, { "cve": "CVE-2024-44283", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1450/advisory.json", "detail_path": "advisories/ZDI-24-1450", "id": "ZDI-24-1450", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1450/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25146", "zdi_id": "ZDI-24-1450" }, { "cve": "CVE-2024-44282", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1449/advisory.json", "detail_path": "advisories/ZDI-24-1449", "id": "ZDI-24-1449", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS CoreFoundation Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1449/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25163", "zdi_id": "ZDI-24-1449" }, { "cve": "CVE-2024-44281", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1448/advisory.json", "detail_path": "advisories/ZDI-24-1448", "id": "ZDI-24-1448", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1448/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25148", "zdi_id": "ZDI-24-1448" }, { "cve": "CVE-2024-44279", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1447/advisory.json", "detail_path": "advisories/ZDI-24-1447", "id": "ZDI-24-1447", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1447/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25147", "zdi_id": "ZDI-24-1447" }, { "cve": "CVE-2024-44237", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1446/advisory.json", "detail_path": "advisories/ZDI-24-1446", "id": "ZDI-24-1446", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1446/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25084", "zdi_id": "ZDI-24-1446" }, { "cve": "CVE-2024-44236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1445/advisory.json", "detail_path": "advisories/ZDI-24-1445", "id": "ZDI-24-1445", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1445/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25085", "zdi_id": "ZDI-24-1445" }, { "cve": "CVE-2024-44218", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Scenekit framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The s...", "detail_json": "/data/advisories/ZDI-24-1444/advisory.json", "detail_path": "advisories/ZDI-24-1444", "id": "ZDI-24-1444", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple SceneKit Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1444/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25204", "zdi_id": "ZDI-24-1444" }, { "cve": "CVE-2024-44215", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-24-1443/advisory.json", "detail_path": "advisories/ZDI-24-1443", "id": "ZDI-24-1443", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS ImageIO JP2 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1443/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23979", "zdi_id": "ZDI-24-1443" }, { "cve": "CVE-2024-44240, CVE-2024-44302", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1442/advisory.json", "detail_path": "advisories/ZDI-24-1442", "id": "ZDI-24-1442", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1442/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-25214", "zdi_id": "ZDI-24-1442" }, { "cve": "CVE-2024-8587", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1441/advisory.json", "detail_path": "advisories/ZDI-24-1441", "id": "ZDI-24-1441", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1441/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24946", "zdi_id": "ZDI-24-1441" }, { "cve": "CVE-2024-8600", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1440/advisory.json", "detail_path": "advisories/ZDI-24-1440", "id": "ZDI-24-1440", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1440/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25032", "zdi_id": "ZDI-24-1440" }, { "cve": "CVE-2024-8588", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1439/advisory.json", "detail_path": "advisories/ZDI-24-1439", "id": "ZDI-24-1439", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1439/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24969", "zdi_id": "ZDI-24-1439" }, { "cve": "CVE-2024-8596", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1438/advisory.json", "detail_path": "advisories/ZDI-24-1438", "id": "ZDI-24-1438", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1438/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25133", "zdi_id": "ZDI-24-1438" }, { "cve": "CVE-2024-8589", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1437/advisory.json", "detail_path": "advisories/ZDI-24-1437", "id": "ZDI-24-1437", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1437/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25138", "zdi_id": "ZDI-24-1437" }, { "cve": "CVE-2024-8590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1436/advisory.json", "detail_path": "advisories/ZDI-24-1436", "id": "ZDI-24-1436", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1436/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25033", "zdi_id": "ZDI-24-1436" }, { "cve": "CVE-2024-8591", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1435/advisory.json", "detail_path": "advisories/ZDI-24-1435", "id": "ZDI-24-1435", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1435/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25072", "zdi_id": "ZDI-24-1435" }, { "cve": "CVE-2024-8593", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1434/advisory.json", "detail_path": "advisories/ZDI-24-1434", "id": "ZDI-24-1434", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1434/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25107", "zdi_id": "ZDI-24-1434" }, { "cve": "CVE-2024-8594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1433/advisory.json", "detail_path": "advisories/ZDI-24-1433", "id": "ZDI-24-1433", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1433/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24955", "zdi_id": "ZDI-24-1433" }, { "cve": "CVE-2024-8595", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1432/advisory.json", "detail_path": "advisories/ZDI-24-1432", "id": "ZDI-24-1432", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1432/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25126", "zdi_id": "ZDI-24-1432" }, { "cve": "CVE-2024-8597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1431/advisory.json", "detail_path": "advisories/ZDI-24-1431", "id": "ZDI-24-1431", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1431/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24961", "zdi_id": "ZDI-24-1431" }, { "cve": "CVE-2024-8598", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1430/advisory.json", "detail_path": "advisories/ZDI-24-1430", "id": "ZDI-24-1430", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1430/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25070", "zdi_id": "ZDI-24-1430" }, { "cve": "CVE-2024-8599", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1429/advisory.json", "detail_path": "advisories/ZDI-24-1429", "id": "ZDI-24-1429", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1429/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25104", "zdi_id": "ZDI-24-1429" }, { "cve": "CVE-2024-9826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1428/advisory.json", "detail_path": "advisories/ZDI-24-1428", "id": "ZDI-24-1428", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1428/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25168", "zdi_id": "ZDI-24-1428" }, { "cve": "CVE-2024-9827", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1427/advisory.json", "detail_path": "advisories/ZDI-24-1427", "id": "ZDI-24-1427", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1427/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25194", "zdi_id": "ZDI-24-1427" }, { "cve": "CVE-2024-8896", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1426/advisory.json", "detail_path": "advisories/ZDI-24-1426", "id": "ZDI-24-1426", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD DXF File Parsing Unitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1426/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25259", "zdi_id": "ZDI-24-1426" }, { "cve": "CVE-2024-9489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1425/advisory.json", "detail_path": "advisories/ZDI-24-1425", "id": "ZDI-24-1425", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1425/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25271", "zdi_id": "ZDI-24-1425" }, { "cve": "CVE-2024-9996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1424/advisory.json", "detail_path": "advisories/ZDI-24-1424", "id": "ZDI-24-1424", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1424/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25478", "zdi_id": "ZDI-24-1424" }, { "cve": "CVE-2024-9997", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1423/advisory.json", "detail_path": "advisories/ZDI-24-1423", "id": "ZDI-24-1423", "kind": "published", "published_date": "2024-10-31", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1423/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-25479", "zdi_id": "ZDI-24-1423" }, { "cve": "CVE-2024-8025", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1422/advisory.json", "detail_path": "advisories/ZDI-24-1422", "id": "ZDI-24-1422", "kind": "published", "published_date": "2024-10-24", "status": "published", "title": "Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1422/", "vendor": "Nikon", "vendor_url": null, "zdi_can": "ZDI-CAN-19873", "zdi_id": "ZDI-24-1422" }, { "cve": "CVE-2024-38814", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the listExtensions method. The issue...", "detail_json": "/data/advisories/ZDI-24-1421/advisory.json", "detail_path": "advisories/ZDI-24-1421", "id": "ZDI-24-1421", "kind": "published", "published_date": "2024-10-23", "status": "published", "title": "VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-10-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1421/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23941", "zdi_id": "ZDI-24-1421" }, { "cve": "CVE-2015-0250", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implemen...", "detail_json": "/data/advisories/ZDI-24-1420/advisory.json", "detail_path": "advisories/ZDI-24-1420", "id": "ZDI-24-1420", "kind": "published", "published_date": "2024-10-18", "status": "published", "title": "Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-10-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1420/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-23502", "zdi_id": "ZDI-24-1420" }, { "cve": "CVE-2024-48903", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-24-1419/advisory.json", "detail_path": "advisories/ZDI-24-1419", "id": "ZDI-24-1419", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17700", "zdi_id": "ZDI-24-1419" }, { "cve": "CVE-2024-48904", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API, which listens on TCP port 844...", "detail_json": "/data/advisories/ZDI-24-1418/advisory.json", "detail_path": "advisories/ZDI-24-1418", "id": "ZDI-24-1418", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1418/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-23182", "zdi_id": "ZDI-24-1418" }, { "cve": "CVE-2024-8531", "cvss": 7.2, "cvss_vector": null, "description_snippet": "The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of upgra...", "detail_json": "/data/advisories/ZDI-24-1417/advisory.json", "detail_path": "advisories/ZDI-24-1417", "id": "ZDI-24-1417", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Schneider Electric EcoStruxure Data Center Expert Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability", "updated_date": "2024-10-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1417/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-23203", "zdi_id": "ZDI-24-1417" }, { "cve": "CVE-2024-8530", "cvss": 5.9, "cvss_vector": null, "description_snippet": "The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handl...", "detail_json": "/data/advisories/ZDI-24-1416/advisory.json", "detail_path": "advisories/ZDI-24-1416", "id": "ZDI-24-1416", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability", "updated_date": "2024-10-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1416/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-23489", "zdi_id": "ZDI-24-1416" }, { "cve": "CVE-2024-8422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-1415/advisory.json", "detail_path": "advisories/ZDI-24-1415", "id": "ZDI-24-1415", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1415/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22347", "zdi_id": "ZDI-24-1415" }, { "cve": "CVE-2024-21273", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-1414/advisory.json", "detail_path": "advisories/ZDI-24-1414", "id": "ZDI-24-1414", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1414/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-25016", "zdi_id": "ZDI-24-1414" }, { "cve": "CVE-2024-21259", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1413/advisory.json", "detail_path": "advisories/ZDI-24-1413", "id": "ZDI-24-1413", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1413/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23961", "zdi_id": "ZDI-24-1413" }, { "cve": "CVE-2024-21248", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-1412/advisory.json", "detail_path": "advisories/ZDI-24-1412", "id": "ZDI-24-1412", "kind": "published", "published_date": "2024-10-17", "status": "published", "title": "Oracle VirtualBox Shared Folders Incorrect Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1412/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-24045", "zdi_id": "ZDI-24-1412" }, { "cve": "CVE-2024-47966", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1411/advisory.json", "detail_path": "advisories/ZDI-24-1411", "id": "ZDI-24-1411", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1411/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24765", "zdi_id": "ZDI-24-1411" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1410/advisory.json", "detail_path": "advisories/ZDI-24-1410", "id": "ZDI-24-1410", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1410/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24200", "zdi_id": "ZDI-24-1410" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1409/advisory.json", "detail_path": "advisories/ZDI-24-1409", "id": "ZDI-24-1409", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1409/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24199", "zdi_id": "ZDI-24-1409" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1408/advisory.json", "detail_path": "advisories/ZDI-24-1408", "id": "ZDI-24-1408", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1408/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24197", "zdi_id": "ZDI-24-1408" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1407/advisory.json", "detail_path": "advisories/ZDI-24-1407", "id": "ZDI-24-1407", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1407/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24196", "zdi_id": "ZDI-24-1407" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1406/advisory.json", "detail_path": "advisories/ZDI-24-1406", "id": "ZDI-24-1406", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1406/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24202", "zdi_id": "ZDI-24-1406" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1405/advisory.json", "detail_path": "advisories/ZDI-24-1405", "id": "ZDI-24-1405", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1405/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24201", "zdi_id": "ZDI-24-1405" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1404/advisory.json", "detail_path": "advisories/ZDI-24-1404", "id": "ZDI-24-1404", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1404/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23768", "zdi_id": "ZDI-24-1404" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1403/advisory.json", "detail_path": "advisories/ZDI-24-1403", "id": "ZDI-24-1403", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1403/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25270", "zdi_id": "ZDI-24-1403" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1402/advisory.json", "detail_path": "advisories/ZDI-24-1402", "id": "ZDI-24-1402", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1402/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25055", "zdi_id": "ZDI-24-1402" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1401/advisory.json", "detail_path": "advisories/ZDI-24-1401", "id": "ZDI-24-1401", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1401/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25056", "zdi_id": "ZDI-24-1401" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1400/advisory.json", "detail_path": "advisories/ZDI-24-1400", "id": "ZDI-24-1400", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1400/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25034", "zdi_id": "ZDI-24-1400" }, { "cve": "CVE-2024-47964", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1399/advisory.json", "detail_path": "advisories/ZDI-24-1399", "id": "ZDI-24-1399", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1399/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-25037", "zdi_id": "ZDI-24-1399" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1398/advisory.json", "detail_path": "advisories/ZDI-24-1398", "id": "ZDI-24-1398", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1398/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24788", "zdi_id": "ZDI-24-1398" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1397/advisory.json", "detail_path": "advisories/ZDI-24-1397", "id": "ZDI-24-1397", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft CMT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1397/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24790", "zdi_id": "ZDI-24-1397" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1396/advisory.json", "detail_path": "advisories/ZDI-24-1396", "id": "ZDI-24-1396", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1396/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24994", "zdi_id": "ZDI-24-1396" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1395/advisory.json", "detail_path": "advisories/ZDI-24-1395", "id": "ZDI-24-1395", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1395/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24758", "zdi_id": "ZDI-24-1395" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1394/advisory.json", "detail_path": "advisories/ZDI-24-1394", "id": "ZDI-24-1394", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1394/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24826", "zdi_id": "ZDI-24-1394" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1393/advisory.json", "detail_path": "advisories/ZDI-24-1393", "id": "ZDI-24-1393", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1393/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24829", "zdi_id": "ZDI-24-1393" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1392/advisory.json", "detail_path": "advisories/ZDI-24-1392", "id": "ZDI-24-1392", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1392/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24910", "zdi_id": "ZDI-24-1392" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1391/advisory.json", "detail_path": "advisories/ZDI-24-1391", "id": "ZDI-24-1391", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1391/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24971", "zdi_id": "ZDI-24-1391" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1390/advisory.json", "detail_path": "advisories/ZDI-24-1390", "id": "ZDI-24-1390", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1390/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24363", "zdi_id": "ZDI-24-1390" }, { "cve": "CVE-2024-47962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1389/advisory.json", "detail_path": "advisories/ZDI-24-1389", "id": "ZDI-24-1389", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1389/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24358", "zdi_id": "ZDI-24-1389" }, { "cve": "CVE-2024-47965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1388/advisory.json", "detail_path": "advisories/ZDI-24-1388", "id": "ZDI-24-1388", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1388/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24766", "zdi_id": "ZDI-24-1388" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1387/advisory.json", "detail_path": "advisories/ZDI-24-1387", "id": "ZDI-24-1387", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1387/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24767", "zdi_id": "ZDI-24-1387" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1386/advisory.json", "detail_path": "advisories/ZDI-24-1386", "id": "ZDI-24-1386", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1386/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24825", "zdi_id": "ZDI-24-1386" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1385/advisory.json", "detail_path": "advisories/ZDI-24-1385", "id": "ZDI-24-1385", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1385/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24827", "zdi_id": "ZDI-24-1385" }, { "cve": "CVE-2024-47963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1384/advisory.json", "detail_path": "advisories/ZDI-24-1384", "id": "ZDI-24-1384", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1384/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-24828", "zdi_id": "ZDI-24-1384" }, { "cve": "CVE-2024-9710", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The...", "detail_json": "/data/advisories/ZDI-24-1383/advisory.json", "detail_path": "advisories/ZDI-24-1383", "id": "ZDI-24-1383", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1383/", "vendor": "PostHog", "vendor_url": null, "zdi_can": "ZDI-CAN-25351", "zdi_id": "ZDI-24-1383" }, { "cve": "CVE-2024-6519", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1382/advisory.json", "detail_path": "advisories/ZDI-24-1382", "id": "ZDI-24-1382", "kind": "published", "published_date": "2024-10-15", "status": "published", "title": "QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1382/", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-23962", "zdi_id": "ZDI-24-1382" }, { "cve": "CVE-2024-9730", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1381/advisory.json", "detail_path": "advisories/ZDI-24-1381", "id": "ZDI-24-1381", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1381/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24146", "zdi_id": "ZDI-24-1381" }, { "cve": "CVE-2024-9729", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1380/advisory.json", "detail_path": "advisories/ZDI-24-1380", "id": "ZDI-24-1380", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1380/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24144", "zdi_id": "ZDI-24-1380" }, { "cve": "CVE-2024-9719", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1379/advisory.json", "detail_path": "advisories/ZDI-24-1379", "id": "ZDI-24-1379", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1379/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24103", "zdi_id": "ZDI-24-1379" }, { "cve": "CVE-2024-9718", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1378/advisory.json", "detail_path": "advisories/ZDI-24-1378", "id": "ZDI-24-1378", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1378/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24102", "zdi_id": "ZDI-24-1378" }, { "cve": "CVE-2024-9717", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1377/advisory.json", "detail_path": "advisories/ZDI-24-1377", "id": "ZDI-24-1377", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1377/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24101", "zdi_id": "ZDI-24-1377" }, { "cve": "CVE-2024-9715", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1376/advisory.json", "detail_path": "advisories/ZDI-24-1376", "id": "ZDI-24-1376", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1376/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24098", "zdi_id": "ZDI-24-1376" }, { "cve": "CVE-2024-9716", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1375/advisory.json", "detail_path": "advisories/ZDI-24-1375", "id": "ZDI-24-1375", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1375/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-24100", "zdi_id": "ZDI-24-1375" }, { "cve": "CVE-2024-9261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1374/advisory.json", "detail_path": "advisories/ZDI-24-1374", "id": "ZDI-24-1374", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1374/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23283", "zdi_id": "ZDI-24-1374" }, { "cve": "CVE-2024-9260", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1373/advisory.json", "detail_path": "advisories/ZDI-24-1373", "id": "ZDI-24-1373", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1373/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23280", "zdi_id": "ZDI-24-1373" }, { "cve": "CVE-2024-9259", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1372/advisory.json", "detail_path": "advisories/ZDI-24-1372", "id": "ZDI-24-1372", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1372/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23278", "zdi_id": "ZDI-24-1372" }, { "cve": "CVE-2024-9767", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1371/advisory.json", "detail_path": "advisories/ZDI-24-1371", "id": "ZDI-24-1371", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1371/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23277", "zdi_id": "ZDI-24-1371" }, { "cve": "CVE-2024-9258", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1370/advisory.json", "detail_path": "advisories/ZDI-24-1370", "id": "ZDI-24-1370", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1370/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23276", "zdi_id": "ZDI-24-1370" }, { "cve": "CVE-2024-9665", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-1369/advisory.json", "detail_path": "advisories/ZDI-24-1369", "id": "ZDI-24-1369", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1369/", "vendor": "Zimbra", "vendor_url": null, "zdi_can": "ZDI-CAN-23939", "zdi_id": "ZDI-24-1369" }, { "cve": "CVE-2024-9755", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1368/advisory.json", "detail_path": "advisories/ZDI-24-1368", "id": "ZDI-24-1368", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1368/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24472", "zdi_id": "ZDI-24-1368" }, { "cve": "CVE-2024-9757", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1367/advisory.json", "detail_path": "advisories/ZDI-24-1367", "id": "ZDI-24-1367", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1367/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24473", "zdi_id": "ZDI-24-1367" }, { "cve": "CVE-2024-9761", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1366/advisory.json", "detail_path": "advisories/ZDI-24-1366", "id": "ZDI-24-1366", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1366/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24477", "zdi_id": "ZDI-24-1366" }, { "cve": "CVE-2024-9735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1365/advisory.json", "detail_path": "advisories/ZDI-24-1365", "id": "ZDI-24-1365", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1365/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24451", "zdi_id": "ZDI-24-1365" }, { "cve": "CVE-2024-9744", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1364/advisory.json", "detail_path": "advisories/ZDI-24-1364", "id": "ZDI-24-1364", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1364/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24460", "zdi_id": "ZDI-24-1364" }, { "cve": "CVE-2024-9751", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1363/advisory.json", "detail_path": "advisories/ZDI-24-1363", "id": "ZDI-24-1363", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1363/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24468", "zdi_id": "ZDI-24-1363" }, { "cve": "CVE-2024-9764", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1362/advisory.json", "detail_path": "advisories/ZDI-24-1362", "id": "ZDI-24-1362", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1362/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24480", "zdi_id": "ZDI-24-1362" }, { "cve": "CVE-2024-9758", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1361/advisory.json", "detail_path": "advisories/ZDI-24-1361", "id": "ZDI-24-1361", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1361/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24474", "zdi_id": "ZDI-24-1361" }, { "cve": "CVE-2024-9753", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1360/advisory.json", "detail_path": "advisories/ZDI-24-1360", "id": "ZDI-24-1360", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1360/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24470", "zdi_id": "ZDI-24-1360" }, { "cve": "CVE-2024-9763", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1359/advisory.json", "detail_path": "advisories/ZDI-24-1359", "id": "ZDI-24-1359", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1359/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24479", "zdi_id": "ZDI-24-1359" }, { "cve": "CVE-2024-9762", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1358/advisory.json", "detail_path": "advisories/ZDI-24-1358", "id": "ZDI-24-1358", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1358/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24478", "zdi_id": "ZDI-24-1358" }, { "cve": "CVE-2024-9760", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1357/advisory.json", "detail_path": "advisories/ZDI-24-1357", "id": "ZDI-24-1357", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1357/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24476", "zdi_id": "ZDI-24-1357" }, { "cve": "CVE-2024-9759", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1356/advisory.json", "detail_path": "advisories/ZDI-24-1356", "id": "ZDI-24-1356", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1356/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24475", "zdi_id": "ZDI-24-1356" }, { "cve": "CVE-2024-9754", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1355/advisory.json", "detail_path": "advisories/ZDI-24-1355", "id": "ZDI-24-1355", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1355/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24471", "zdi_id": "ZDI-24-1355" }, { "cve": "CVE-2024-9752", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1354/advisory.json", "detail_path": "advisories/ZDI-24-1354", "id": "ZDI-24-1354", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1354/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24469", "zdi_id": "ZDI-24-1354" }, { "cve": "CVE-2024-9734", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1353/advisory.json", "detail_path": "advisories/ZDI-24-1353", "id": "ZDI-24-1353", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1353/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24400", "zdi_id": "ZDI-24-1353" }, { "cve": "CVE-2024-9733", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1352/advisory.json", "detail_path": "advisories/ZDI-24-1352", "id": "ZDI-24-1352", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1352/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24389", "zdi_id": "ZDI-24-1352" }, { "cve": "CVE-2024-9736", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1351/advisory.json", "detail_path": "advisories/ZDI-24-1351", "id": "ZDI-24-1351", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1351/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24452", "zdi_id": "ZDI-24-1351" }, { "cve": "CVE-2024-9737", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1350/advisory.json", "detail_path": "advisories/ZDI-24-1350", "id": "ZDI-24-1350", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1350/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24453", "zdi_id": "ZDI-24-1350" }, { "cve": "CVE-2024-9739", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1349/advisory.json", "detail_path": "advisories/ZDI-24-1349", "id": "ZDI-24-1349", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1349/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24455", "zdi_id": "ZDI-24-1349" }, { "cve": "CVE-2024-9750", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1348/advisory.json", "detail_path": "advisories/ZDI-24-1348", "id": "ZDI-24-1348", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1348/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24466", "zdi_id": "ZDI-24-1348" }, { "cve": "CVE-2024-9745", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1347/advisory.json", "detail_path": "advisories/ZDI-24-1347", "id": "ZDI-24-1347", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1347/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24461", "zdi_id": "ZDI-24-1347" }, { "cve": "CVE-2024-9741", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1346/advisory.json", "detail_path": "advisories/ZDI-24-1346", "id": "ZDI-24-1346", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1346/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24457", "zdi_id": "ZDI-24-1346" }, { "cve": "CVE-2024-9746", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1345/advisory.json", "detail_path": "advisories/ZDI-24-1345", "id": "ZDI-24-1345", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1345/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24462", "zdi_id": "ZDI-24-1345" }, { "cve": "CVE-2024-9747", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1344/advisory.json", "detail_path": "advisories/ZDI-24-1344", "id": "ZDI-24-1344", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1344/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24463", "zdi_id": "ZDI-24-1344" }, { "cve": "CVE-2024-9740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1343/advisory.json", "detail_path": "advisories/ZDI-24-1343", "id": "ZDI-24-1343", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1343/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24456", "zdi_id": "ZDI-24-1343" }, { "cve": "CVE-2024-9742", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1342/advisory.json", "detail_path": "advisories/ZDI-24-1342", "id": "ZDI-24-1342", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1342/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24458", "zdi_id": "ZDI-24-1342" }, { "cve": "CVE-2024-9738", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1341/advisory.json", "detail_path": "advisories/ZDI-24-1341", "id": "ZDI-24-1341", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1341/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24454", "zdi_id": "ZDI-24-1341" }, { "cve": "CVE-2024-9749", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-24-1340/advisory.json", "detail_path": "advisories/ZDI-24-1340", "id": "ZDI-24-1340", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1340/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24465", "zdi_id": "ZDI-24-1340" }, { "cve": "CVE-2024-9748", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1339/advisory.json", "detail_path": "advisories/ZDI-24-1339", "id": "ZDI-24-1339", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1339/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24464", "zdi_id": "ZDI-24-1339" }, { "cve": "CVE-2024-9743", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1338/advisory.json", "detail_path": "advisories/ZDI-24-1338", "id": "ZDI-24-1338", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1338/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24459", "zdi_id": "ZDI-24-1338" }, { "cve": "CVE-2024-9732", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-1337/advisory.json", "detail_path": "advisories/ZDI-24-1337", "id": "ZDI-24-1337", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1337/", "vendor": "Tungsten Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24385", "zdi_id": "ZDI-24-1337" }, { "cve": "CVE-2024-9766", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1336/advisory.json", "detail_path": "advisories/ZDI-24-1336", "id": "ZDI-24-1336", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1336/", "vendor": "Wacom", "vendor_url": null, "zdi_can": "ZDI-CAN-24304", "zdi_id": "ZDI-24-1336" }, { "cve": "CVE-2024-45315", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-24-1335/advisory.json", "detail_path": "advisories/ZDI-24-1335", "id": "ZDI-24-1335", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1335/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-22656", "zdi_id": "ZDI-24-1335" }, { "cve": "CVE-2024-45316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1334/advisory.json", "detail_path": "advisories/ZDI-24-1334", "id": "ZDI-24-1334", "kind": "published", "published_date": "2024-10-11", "status": "published", "title": "SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-10-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1334/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-22655", "zdi_id": "ZDI-24-1334" }, { "cve": "CVE-2024-0113", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /admin/launch endpoint. When pa...", "detail_json": "/data/advisories/ZDI-24-1333/advisory.json", "detail_path": "advisories/ZDI-24-1333", "id": "ZDI-24-1333", "kind": "published", "published_date": "2024-10-09", "status": "published", "title": "NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1333/", "vendor": "NVIDIA", "vendor_url": null, "zdi_can": "ZDI-CAN-24764", "zdi_id": "ZDI-24-1333" }, { "cve": "CVE-2024-45146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1332/advisory.json", "detail_path": "advisories/ZDI-24-1332", "id": "ZDI-24-1332", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1332/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24026", "zdi_id": "ZDI-24-1332" }, { "cve": "CVE-2024-45138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1331/advisory.json", "detail_path": "advisories/ZDI-24-1331", "id": "ZDI-24-1331", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1331/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24056", "zdi_id": "ZDI-24-1331" }, { "cve": "CVE-2024-43556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1330/advisory.json", "detail_path": "advisories/ZDI-24-1330", "id": "ZDI-24-1330", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1330/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24370", "zdi_id": "ZDI-24-1330" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud r...", "detail_json": "/data/advisories/ZDI-24-1329/advisory.json", "detail_path": "advisories/ZDI-24-1329", "id": "ZDI-24-1329", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1329/", "vendor": "Axis Communications", "vendor_url": null, "zdi_can": "ZDI-CAN-25281", "zdi_id": "ZDI-24-1329" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud r...", "detail_json": "/data/advisories/ZDI-24-1328/advisory.json", "detail_path": "advisories/ZDI-24-1328", "id": "ZDI-24-1328", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1328/", "vendor": "Axis Communications", "vendor_url": null, "zdi_can": "ZDI-CAN-25280", "zdi_id": "ZDI-24-1328" }, { "cve": "CVE-2024-47011", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue re...", "detail_json": "/data/advisories/ZDI-24-1327/advisory.json", "detail_path": "advisories/ZDI-24-1327", "id": "ZDI-24-1327", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1327/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23526", "zdi_id": "ZDI-24-1327" }, { "cve": "CVE-2024-47010", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrou...", "detail_json": "/data/advisories/ZDI-24-1326/advisory.json", "detail_path": "advisories/ZDI-24-1326", "id": "ZDI-24-1326", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1326/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23524", "zdi_id": "ZDI-24-1326" }, { "cve": "CVE-2024-47009", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue result...", "detail_json": "/data/advisories/ZDI-24-1325/advisory.json", "detail_path": "advisories/ZDI-24-1325", "id": "ZDI-24-1325", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1325/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23523", "zdi_id": "ZDI-24-1325" }, { "cve": "CVE-2024-47008", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAMCWSCo...", "detail_json": "/data/advisories/ZDI-24-1324/advisory.json", "detail_path": "advisories/ZDI-24-1324", "id": "ZDI-24-1324", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1324/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23520", "zdi_id": "ZDI-24-1324" }, { "cve": "CVE-2024-39843", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactContactGroup function. The issue results from t...", "detail_json": "/data/advisories/ZDI-24-1323/advisory.json", "detail_path": "advisories/ZDI-24-1323", "id": "ZDI-24-1323", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Centreon updateContactContactGroup SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1323/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-24536", "zdi_id": "ZDI-24-1323" }, { "cve": "CVE-2024-39842", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateAccessGroupLinks function. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-1322/advisory.json", "detail_path": "advisories/ZDI-24-1322", "id": "ZDI-24-1322", "kind": "published", "published_date": "2024-10-08", "status": "published", "title": "Centreon updateAccessGroupLinks SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1322/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-24534", "zdi_id": "ZDI-24-1322" }, { "cve": "CVE-2024-40841", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1321/advisory.json", "detail_path": "advisories/ZDI-24-1321", "id": "ZDI-24-1321", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1321/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24149", "zdi_id": "ZDI-24-1321" }, { "cve": "CVE-2024-7674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1320/advisory.json", "detail_path": "advisories/ZDI-24-1320", "id": "ZDI-24-1320", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1320/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24743", "zdi_id": "ZDI-24-1320" }, { "cve": "CVE-2024-7672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1319/advisory.json", "detail_path": "advisories/ZDI-24-1319", "id": "ZDI-24-1319", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1319/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24496", "zdi_id": "ZDI-24-1319" }, { "cve": "CVE-2024-7671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1318/advisory.json", "detail_path": "advisories/ZDI-24-1318", "id": "ZDI-24-1318", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1318/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24562", "zdi_id": "ZDI-24-1318" }, { "cve": "CVE-2024-7670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1317/advisory.json", "detail_path": "advisories/ZDI-24-1317", "id": "ZDI-24-1317", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1317/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24559", "zdi_id": "ZDI-24-1317" }, { "cve": "CVE-2024-7673", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1316/advisory.json", "detail_path": "advisories/ZDI-24-1316", "id": "ZDI-24-1316", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1316/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24560", "zdi_id": "ZDI-24-1316" }, { "cve": "CVE-2024-7675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1315/advisory.json", "detail_path": "advisories/ZDI-24-1315", "id": "ZDI-24-1315", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1315/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24561", "zdi_id": "ZDI-24-1315" }, { "cve": "CVE-2024-8405", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-1314/advisory.json", "detail_path": "advisories/ZDI-24-1314", "id": "ZDI-24-1314", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "PaperCut NG pc-web-print Link Following Denial-of-Service Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1314/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-24042", "zdi_id": "ZDI-24-1314" }, { "cve": "CVE-2024-40777", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1313/advisory.json", "detail_path": "advisories/ZDI-24-1313", "id": "ZDI-24-1313", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Apple macOS ImageIO PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1313/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24194", "zdi_id": "ZDI-24-1313" }, { "cve": "CVE-2024-40784", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1312/advisory.json", "detail_path": "advisories/ZDI-24-1312", "id": "ZDI-24-1312", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Apple macOS ImageIO KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1312/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23980", "zdi_id": "ZDI-24-1312" }, { "cve": "CVE-2024-38066", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1311/advisory.json", "detail_path": "advisories/ZDI-24-1311", "id": "ZDI-24-1311", "kind": "published", "published_date": "2024-10-02", "status": "published", "title": "Microsoft Windows Menu DC Path Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1311/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23562", "zdi_id": "ZDI-24-1311" }, { "cve": "CVE-2024-4696", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lenovo Service Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-1310/advisory.json", "detail_path": "advisories/ZDI-24-1310", "id": "ZDI-24-1310", "kind": "published", "published_date": "2024-09-27", "status": "published", "title": "Lenovo Service Bridge Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1310/", "vendor": "Lenovo", "vendor_url": null, "zdi_can": "ZDI-CAN-23010", "zdi_id": "ZDI-24-1310" }, { "cve": "CVE-2024-9256", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1309/advisory.json", "detail_path": "advisories/ZDI-24-1309", "id": "ZDI-24-1309", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1309/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25267", "zdi_id": "ZDI-24-1309" }, { "cve": "CVE-2024-9255", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1308/advisory.json", "detail_path": "advisories/ZDI-24-1308", "id": "ZDI-24-1308", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1308/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25174", "zdi_id": "ZDI-24-1308" }, { "cve": "CVE-2024-9254", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1307/advisory.json", "detail_path": "advisories/ZDI-24-1307", "id": "ZDI-24-1307", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1307/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-25173", "zdi_id": "ZDI-24-1307" }, { "cve": "CVE-2024-9251", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1306/advisory.json", "detail_path": "advisories/ZDI-24-1306", "id": "ZDI-24-1306", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1306/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24490", "zdi_id": "ZDI-24-1306" }, { "cve": "CVE-2024-9253", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1305/advisory.json", "detail_path": "advisories/ZDI-24-1305", "id": "ZDI-24-1305", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1305/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24492", "zdi_id": "ZDI-24-1305" }, { "cve": "CVE-2024-9252", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1304/advisory.json", "detail_path": "advisories/ZDI-24-1304", "id": "ZDI-24-1304", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1304/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24491", "zdi_id": "ZDI-24-1304" }, { "cve": "CVE-2024-9250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1303/advisory.json", "detail_path": "advisories/ZDI-24-1303", "id": "ZDI-24-1303", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1303/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24489", "zdi_id": "ZDI-24-1303" }, { "cve": "CVE-2024-9248", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1302/advisory.json", "detail_path": "advisories/ZDI-24-1302", "id": "ZDI-24-1302", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1302/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24300", "zdi_id": "ZDI-24-1302" }, { "cve": "CVE-2024-9249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1301/advisory.json", "detail_path": "advisories/ZDI-24-1301", "id": "ZDI-24-1301", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1301/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24301", "zdi_id": "ZDI-24-1301" }, { "cve": "CVE-2024-9247", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1300/advisory.json", "detail_path": "advisories/ZDI-24-1300", "id": "ZDI-24-1300", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1300/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24173", "zdi_id": "ZDI-24-1300" }, { "cve": "CVE-2024-9246", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1299/advisory.json", "detail_path": "advisories/ZDI-24-1299", "id": "ZDI-24-1299", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1299/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-24135", "zdi_id": "ZDI-24-1299" }, { "cve": "CVE-2024-9244", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1298/advisory.json", "detail_path": "advisories/ZDI-24-1298", "id": "ZDI-24-1298", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1298/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23933", "zdi_id": "ZDI-24-1298" }, { "cve": "CVE-2024-9245", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1297/advisory.json", "detail_path": "advisories/ZDI-24-1297", "id": "ZDI-24-1297", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1297/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23966", "zdi_id": "ZDI-24-1297" }, { "cve": "CVE-2024-9243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1296/advisory.json", "detail_path": "advisories/ZDI-24-1296", "id": "ZDI-24-1296", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1296/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23932", "zdi_id": "ZDI-24-1296" }, { "cve": "CVE-2024-9257", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delet...", "detail_json": "/data/advisories/ZDI-24-1295/advisory.json", "detail_path": "advisories/ZDI-24-1295", "id": "ZDI-24-1295", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1295/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25265", "zdi_id": "ZDI-24-1295" }, { "cve": "CVE-2024-22170", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP resp...", "detail_json": "/data/advisories/ZDI-24-1294/advisory.json", "detail_path": "advisories/ZDI-24-1294", "id": "ZDI-24-1294", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Western Digital MyCloud PR4100 ddns-start Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1294/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-22537", "zdi_id": "ZDI-24-1294" }, { "cve": "CVE-2024-38249", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1293/advisory.json", "detail_path": "advisories/ZDI-24-1293", "id": "ZDI-24-1293", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Microsoft Windows BeginPaint Brush Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1293/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24175", "zdi_id": "ZDI-24-1293" }, { "cve": "CVE-2024-38249", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1292/advisory.json", "detail_path": "advisories/ZDI-24-1292", "id": "ZDI-24-1292", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Microsoft Windows BeginPaint Color Space Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1292/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24179", "zdi_id": "ZDI-24-1292" }, { "cve": "CVE-2024-38249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1291/advisory.json", "detail_path": "advisories/ZDI-24-1291", "id": "ZDI-24-1291", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "Microsoft Windows Device Context Improper Release Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1291/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24091", "zdi_id": "ZDI-24-1291" }, { "cve": "CVE-2024-7481", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-24-1290/advisory.json", "detail_path": "advisories/ZDI-24-1290", "id": "ZDI-24-1290", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "TeamViewer Missing Authentication Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1290/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-24740", "zdi_id": "ZDI-24-1290" }, { "cve": "CVE-2024-7479", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-24-1289/advisory.json", "detail_path": "advisories/ZDI-24-1289", "id": "ZDI-24-1289", "kind": "published", "published_date": "2024-09-26", "status": "published", "title": "TeamViewer Missing Authentication Local Privilege Escalation Vulnerability", "updated_date": "2024-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1289/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-24623", "zdi_id": "ZDI-24-1289" }, { "cve": "CVE-2024-40846", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1288/advisory.json", "detail_path": "advisories/ZDI-24-1288", "id": "ZDI-24-1288", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleIntelKBLGraphicsMTLDriver Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1288/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24088", "zdi_id": "ZDI-24-1288" }, { "cve": "CVE-2024-44160", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1287/advisory.json", "detail_path": "advisories/ZDI-24-1287", "id": "ZDI-24-1287", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1287/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24140", "zdi_id": "ZDI-24-1287" }, { "cve": "CVE-2024-44161", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1286/advisory.json", "detail_path": "advisories/ZDI-24-1286", "id": "ZDI-24-1286", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleGVA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1286/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24411", "zdi_id": "ZDI-24-1286" }, { "cve": "CVE-2024-44154", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1285/advisory.json", "detail_path": "advisories/ZDI-24-1285", "id": "ZDI-24-1285", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS VideoToolbox Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1285/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24142", "zdi_id": "ZDI-24-1285" }, { "cve": "CVE-2024-40841", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1284/advisory.json", "detail_path": "advisories/ZDI-24-1284", "id": "ZDI-24-1284", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleIntelKBLGraphicsMTLDriver Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1284/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24087", "zdi_id": "ZDI-24-1284" }, { "cve": "CVE-2024-44176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The sp...", "detail_json": "/data/advisories/ZDI-24-1283/advisory.json", "detail_path": "advisories/ZDI-24-1283", "id": "ZDI-24-1283", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS ImageIO JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1283/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24570", "zdi_id": "ZDI-24-1283" }, { "cve": "CVE-2024-40845", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1282/advisory.json", "detail_path": "advisories/ZDI-24-1282", "id": "ZDI-24-1282", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleGVA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1282/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23949", "zdi_id": "ZDI-24-1282" }, { "cve": "CVE-2024-27861", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1281/advisory.json", "detail_path": "advisories/ZDI-24-1281", "id": "ZDI-24-1281", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1281/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24133", "zdi_id": "ZDI-24-1281" }, { "cve": "CVE-2024-27861", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1280/advisory.json", "detail_path": "advisories/ZDI-24-1280", "id": "ZDI-24-1280", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1280/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24132", "zdi_id": "ZDI-24-1280" }, { "cve": "CVE-2024-27860", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1279/advisory.json", "detail_path": "advisories/ZDI-24-1279", "id": "ZDI-24-1279", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1279/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24129", "zdi_id": "ZDI-24-1279" }, { "cve": "CVE-2024-27861", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1278/advisory.json", "detail_path": "advisories/ZDI-24-1278", "id": "ZDI-24-1278", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1278/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24126", "zdi_id": "ZDI-24-1278" }, { "cve": "CVE-2024-27861", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1277/advisory.json", "detail_path": "advisories/ZDI-24-1277", "id": "ZDI-24-1277", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1277/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24125", "zdi_id": "ZDI-24-1277" }, { "cve": "CVE-2024-27861", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1276/advisory.json", "detail_path": "advisories/ZDI-24-1276", "id": "ZDI-24-1276", "kind": "published", "published_date": "2024-09-25", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1276/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24124", "zdi_id": "ZDI-24-1276" }, { "cve": "CVE-2024-9114", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1275/advisory.json", "detail_path": "advisories/ZDI-24-1275", "id": "ZDI-24-1275", "kind": "published", "published_date": "2024-09-23", "status": "published", "title": "(0Day) FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1275/", "vendor": "FastStone", "vendor_url": null, "zdi_can": "ZDI-CAN-25145", "zdi_id": "ZDI-24-1275" }, { "cve": "CVE-2024-9113", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1274/advisory.json", "detail_path": "advisories/ZDI-24-1274", "id": "ZDI-24-1274", "kind": "published", "published_date": "2024-09-23", "status": "published", "title": "(0Day) FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1274/", "vendor": "FastStone", "vendor_url": null, "zdi_can": "ZDI-CAN-25140", "zdi_id": "ZDI-24-1274" }, { "cve": "CVE-2024-9112", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1273/advisory.json", "detail_path": "advisories/ZDI-24-1273", "id": "ZDI-24-1273", "kind": "published", "published_date": "2024-09-23", "status": "published", "title": "(0Day) FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1273/", "vendor": "FastStone", "vendor_url": null, "zdi_can": "ZDI-CAN-25102", "zdi_id": "ZDI-24-1273" }, { "cve": "CVE-2024-8849", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1272/advisory.json", "detail_path": "advisories/ZDI-24-1272", "id": "ZDI-24-1272", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1272/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25269", "zdi_id": "ZDI-24-1272" }, { "cve": "CVE-2024-8848", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1271/advisory.json", "detail_path": "advisories/ZDI-24-1271", "id": "ZDI-24-1271", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1271/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25268", "zdi_id": "ZDI-24-1271" }, { "cve": "CVE-2024-8847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1270/advisory.json", "detail_path": "advisories/ZDI-24-1270", "id": "ZDI-24-1270", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1270/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-25198", "zdi_id": "ZDI-24-1270" }, { "cve": "CVE-2024-8846", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1269/advisory.json", "detail_path": "advisories/ZDI-24-1269", "id": "ZDI-24-1269", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1269/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24835", "zdi_id": "ZDI-24-1269" }, { "cve": "CVE-2024-8845", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1268/advisory.json", "detail_path": "advisories/ZDI-24-1268", "id": "ZDI-24-1268", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1268/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24553", "zdi_id": "ZDI-24-1268" }, { "cve": "CVE-2024-8844", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1267/advisory.json", "detail_path": "advisories/ZDI-24-1267", "id": "ZDI-24-1267", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1267/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24550", "zdi_id": "ZDI-24-1267" }, { "cve": "CVE-2024-8843", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1266/advisory.json", "detail_path": "advisories/ZDI-24-1266", "id": "ZDI-24-1266", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1266/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24495", "zdi_id": "ZDI-24-1266" }, { "cve": "CVE-2024-8842", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1265/advisory.json", "detail_path": "advisories/ZDI-24-1265", "id": "ZDI-24-1265", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1265/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24481", "zdi_id": "ZDI-24-1265" }, { "cve": "CVE-2024-8841", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1264/advisory.json", "detail_path": "advisories/ZDI-24-1264", "id": "ZDI-24-1264", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1264/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24432", "zdi_id": "ZDI-24-1264" }, { "cve": "CVE-2024-8840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1263/advisory.json", "detail_path": "advisories/ZDI-24-1263", "id": "ZDI-24-1263", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1263/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24420", "zdi_id": "ZDI-24-1263" }, { "cve": "CVE-2024-8839", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1262/advisory.json", "detail_path": "advisories/ZDI-24-1262", "id": "ZDI-24-1262", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1262/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24419", "zdi_id": "ZDI-24-1262" }, { "cve": "CVE-2024-8838", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1261/advisory.json", "detail_path": "advisories/ZDI-24-1261", "id": "ZDI-24-1261", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1261/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24409", "zdi_id": "ZDI-24-1261" }, { "cve": "CVE-2024-8837", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1260/advisory.json", "detail_path": "advisories/ZDI-24-1260", "id": "ZDI-24-1260", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1260/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24408", "zdi_id": "ZDI-24-1260" }, { "cve": "CVE-2024-8836", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1259/advisory.json", "detail_path": "advisories/ZDI-24-1259", "id": "ZDI-24-1259", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1259/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24354", "zdi_id": "ZDI-24-1259" }, { "cve": "CVE-2024-8835", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1258/advisory.json", "detail_path": "advisories/ZDI-24-1258", "id": "ZDI-24-1258", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1258/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24320", "zdi_id": "ZDI-24-1258" }, { "cve": "CVE-2024-8834", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1257/advisory.json", "detail_path": "advisories/ZDI-24-1257", "id": "ZDI-24-1257", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1257/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24319", "zdi_id": "ZDI-24-1257" }, { "cve": "CVE-2024-8833", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1256/advisory.json", "detail_path": "advisories/ZDI-24-1256", "id": "ZDI-24-1256", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1256/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24318", "zdi_id": "ZDI-24-1256" }, { "cve": "CVE-2024-8832", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1255/advisory.json", "detail_path": "advisories/ZDI-24-1255", "id": "ZDI-24-1255", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1255/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24317", "zdi_id": "ZDI-24-1255" }, { "cve": "CVE-2024-8831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1254/advisory.json", "detail_path": "advisories/ZDI-24-1254", "id": "ZDI-24-1254", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1254/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24316", "zdi_id": "ZDI-24-1254" }, { "cve": "CVE-2024-8830", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1253/advisory.json", "detail_path": "advisories/ZDI-24-1253", "id": "ZDI-24-1253", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1253/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24315", "zdi_id": "ZDI-24-1253" }, { "cve": "CVE-2024-8829", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1252/advisory.json", "detail_path": "advisories/ZDI-24-1252", "id": "ZDI-24-1252", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1252/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24314", "zdi_id": "ZDI-24-1252" }, { "cve": "CVE-2024-8828", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1251/advisory.json", "detail_path": "advisories/ZDI-24-1251", "id": "ZDI-24-1251", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1251/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24313", "zdi_id": "ZDI-24-1251" }, { "cve": "CVE-2024-8827", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1250/advisory.json", "detail_path": "advisories/ZDI-24-1250", "id": "ZDI-24-1250", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1250/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24306", "zdi_id": "ZDI-24-1250" }, { "cve": "CVE-2024-8826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1249/advisory.json", "detail_path": "advisories/ZDI-24-1249", "id": "ZDI-24-1249", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1249/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24305", "zdi_id": "ZDI-24-1249" }, { "cve": "CVE-2024-8825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1248/advisory.json", "detail_path": "advisories/ZDI-24-1248", "id": "ZDI-24-1248", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1248/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24263", "zdi_id": "ZDI-24-1248" }, { "cve": "CVE-2024-8824", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1247/advisory.json", "detail_path": "advisories/ZDI-24-1247", "id": "ZDI-24-1247", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1247/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24262", "zdi_id": "ZDI-24-1247" }, { "cve": "CVE-2024-8823", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1246/advisory.json", "detail_path": "advisories/ZDI-24-1246", "id": "ZDI-24-1246", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1246/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24261", "zdi_id": "ZDI-24-1246" }, { "cve": "CVE-2024-8822", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1245/advisory.json", "detail_path": "advisories/ZDI-24-1245", "id": "ZDI-24-1245", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1245/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24217", "zdi_id": "ZDI-24-1245" }, { "cve": "CVE-2024-8821", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1244/advisory.json", "detail_path": "advisories/ZDI-24-1244", "id": "ZDI-24-1244", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1244/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24216", "zdi_id": "ZDI-24-1244" }, { "cve": "CVE-2024-8820", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1243/advisory.json", "detail_path": "advisories/ZDI-24-1243", "id": "ZDI-24-1243", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1243/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24215", "zdi_id": "ZDI-24-1243" }, { "cve": "CVE-2024-8819", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1242/advisory.json", "detail_path": "advisories/ZDI-24-1242", "id": "ZDI-24-1242", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1242/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24214", "zdi_id": "ZDI-24-1242" }, { "cve": "CVE-2024-8818", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1241/advisory.json", "detail_path": "advisories/ZDI-24-1241", "id": "ZDI-24-1241", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1241/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24213", "zdi_id": "ZDI-24-1241" }, { "cve": "CVE-2024-8817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1240/advisory.json", "detail_path": "advisories/ZDI-24-1240", "id": "ZDI-24-1240", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1240/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24212", "zdi_id": "ZDI-24-1240" }, { "cve": "CVE-2024-8816", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1239/advisory.json", "detail_path": "advisories/ZDI-24-1239", "id": "ZDI-24-1239", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1239/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24211", "zdi_id": "ZDI-24-1239" }, { "cve": "CVE-2024-8815", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1238/advisory.json", "detail_path": "advisories/ZDI-24-1238", "id": "ZDI-24-1238", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1238/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24210", "zdi_id": "ZDI-24-1238" }, { "cve": "CVE-2024-8814", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1237/advisory.json", "detail_path": "advisories/ZDI-24-1237", "id": "ZDI-24-1237", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1237/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24209", "zdi_id": "ZDI-24-1237" }, { "cve": "CVE-2024-8813", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1236/advisory.json", "detail_path": "advisories/ZDI-24-1236", "id": "ZDI-24-1236", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1236/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24208", "zdi_id": "ZDI-24-1236" }, { "cve": "CVE-2024-8812", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1235/advisory.json", "detail_path": "advisories/ZDI-24-1235", "id": "ZDI-24-1235", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1235/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-24207", "zdi_id": "ZDI-24-1235" }, { "cve": "CVE-2024-8811", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-1234/advisory.json", "detail_path": "advisories/ZDI-24-1234", "id": "ZDI-24-1234", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "WinZip Mark-of-the-Web Bypass Vulnerability", "updated_date": "2025-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1234/", "vendor": "WinZip Computing", "vendor_url": null, "zdi_can": "ZDI-CAN-23983", "zdi_id": "ZDI-24-1234" }, { "cve": "CVE-2024-8809", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000...", "detail_json": "/data/advisories/ZDI-24-1233/advisory.json", "detail_path": "advisories/ZDI-24-1233", "id": "ZDI-24-1233", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1233/", "vendor": "Cohesive Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-24178", "zdi_id": "ZDI-24-1233" }, { "cve": "CVE-2024-8808", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000...", "detail_json": "/data/advisories/ZDI-24-1232/advisory.json", "detail_path": "advisories/ZDI-24-1232", "id": "ZDI-24-1232", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1232/", "vendor": "Cohesive Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-24177", "zdi_id": "ZDI-24-1232" }, { "cve": "CVE-2024-8807", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-24-1231/advisory.json", "detail_path": "advisories/ZDI-24-1231", "id": "ZDI-24-1231", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1231/", "vendor": "Cohesive Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-24176", "zdi_id": "ZDI-24-1231" }, { "cve": "CVE-2024-8806", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-24-1230/advisory.json", "detail_path": "advisories/ZDI-24-1230", "id": "ZDI-24-1230", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1230/", "vendor": "Cohesive Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-24160", "zdi_id": "ZDI-24-1230" }, { "cve": "CVE-2024-8805", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. T...", "detail_json": "/data/advisories/ZDI-24-1229/advisory.json", "detail_path": "advisories/ZDI-24-1229", "id": "ZDI-24-1229", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2024-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1229/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-25177", "zdi_id": "ZDI-24-1229" }, { "cve": "CVE-2024-46903", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Deep Discovery Inspector. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which li...", "detail_json": "/data/advisories/ZDI-24-1228/advisory.json", "detail_path": "advisories/ZDI-24-1228", "id": "ZDI-24-1228", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Trend Micro Deep Discovery Inspector SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1228/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24585", "zdi_id": "ZDI-24-1228" }, { "cve": "CVE-2024-46902", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Deep Discovery Inspector. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which li...", "detail_json": "/data/advisories/ZDI-24-1227/advisory.json", "detail_path": "advisories/ZDI-24-1227", "id": "ZDI-24-1227", "kind": "published", "published_date": "2024-09-17", "status": "published", "title": "Trend Micro Deep Discovery Inspector SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1227/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-24584", "zdi_id": "ZDI-24-1227" }, { "cve": "CVE-2024-4708", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 5005 b...", "detail_json": "/data/advisories/ZDI-24-1226/advisory.json", "detail_path": "advisories/ZDI-24-1226", "id": "ZDI-24-1226", "kind": "published", "published_date": "2024-09-13", "status": "published", "title": "mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability", "updated_date": "2024-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1226/", "vendor": "mySCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-23546", "zdi_id": "ZDI-24-1226" }, { "cve": "CVE-2024-28990", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ in...", "detail_json": "/data/advisories/ZDI-24-1225/advisory.json", "detail_path": "advisories/ZDI-24-1225", "id": "ZDI-24-1225", "kind": "published", "published_date": "2024-09-13", "status": "published", "title": "SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1225/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-24271", "zdi_id": "ZDI-24-1225" }, { "cve": "CVE-2024-28991", "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-24-1224/advisory.json", "detail_path": "advisories/ZDI-24-1224", "id": "ZDI-24-1224", "kind": "published", "published_date": "2024-09-13", "status": "published", "title": "SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1224/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-24270", "zdi_id": "ZDI-24-1224" }, { "cve": "CVE-2024-29847", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AgentPortal service. The issue results...", "detail_json": "/data/advisories/ZDI-24-1223/advisory.json", "detail_path": "advisories/ZDI-24-1223", "id": "ZDI-24-1223", "kind": "published", "published_date": "2024-09-12", "status": "published", "title": "Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1223/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23850", "zdi_id": "ZDI-24-1223" }, { "cve": "CVE-2024-8012", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1222/advisory.json", "detail_path": "advisories/ZDI-24-1222", "id": "ZDI-24-1222", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1222/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23860", "zdi_id": "ZDI-24-1222" }, { "cve": "CVE-2024-34785", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadMotherboardTable...", "detail_json": "/data/advisories/ZDI-24-1221/advisory.json", "detail_path": "advisories/ZDI-24-1221", "id": "ZDI-24-1221", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager LoadMotherboardTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1221/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24302", "zdi_id": "ZDI-24-1221" }, { "cve": "CVE-2024-34783", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadSlotsTable metho...", "detail_json": "/data/advisories/ZDI-24-1220/advisory.json", "detail_path": "advisories/ZDI-24-1220", "id": "ZDI-24-1220", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager LoadSlotsTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1220/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24296", "zdi_id": "ZDI-24-1220" }, { "cve": "CVE-2024-34779", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadModuleTable meth...", "detail_json": "/data/advisories/ZDI-24-1219/advisory.json", "detail_path": "advisories/ZDI-24-1219", "id": "ZDI-24-1219", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1219/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24291", "zdi_id": "ZDI-24-1219" }, { "cve": "CVE-2024-32848", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the updateAssetInfo meth...", "detail_json": "/data/advisories/ZDI-24-1218/advisory.json", "detail_path": "advisories/ZDI-24-1218", "id": "ZDI-24-1218", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1218/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24290", "zdi_id": "ZDI-24-1218" }, { "cve": "CVE-2024-32846", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadSystemInfo metho...", "detail_json": "/data/advisories/ZDI-24-1217/advisory.json", "detail_path": "advisories/ZDI-24-1217", "id": "ZDI-24-1217", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager loadSystemInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1217/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24288", "zdi_id": "ZDI-24-1217" }, { "cve": "CVE-2024-32845", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSQLStatement meth...", "detail_json": "/data/advisories/ZDI-24-1216/advisory.json", "detail_path": "advisories/ZDI-24-1216", "id": "ZDI-24-1216", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager GetSQLStatement SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1216/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24287", "zdi_id": "ZDI-24-1216" }, { "cve": "CVE-2024-32843", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadKeyboardTable me...", "detail_json": "/data/advisories/ZDI-24-1215/advisory.json", "detail_path": "advisories/ZDI-24-1215", "id": "ZDI-24-1215", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager loadKeyboardTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1215/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24285", "zdi_id": "ZDI-24-1215" }, { "cve": "CVE-2024-32842", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetVulnerabilitiesDa...", "detail_json": "/data/advisories/ZDI-24-1214/advisory.json", "detail_path": "advisories/ZDI-24-1214", "id": "ZDI-24-1214", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1214/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24284", "zdi_id": "ZDI-24-1214" }, { "cve": "CVE-2024-32840", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadMouseTable metho...", "detail_json": "/data/advisories/ZDI-24-1213/advisory.json", "detail_path": "advisories/ZDI-24-1213", "id": "ZDI-24-1213", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager loadMouseTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1213/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24282", "zdi_id": "ZDI-24-1213" }, { "cve": "CVE-2024-37397", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ImportXml me...", "detail_json": "/data/advisories/ZDI-24-1212/advisory.json", "detail_path": "advisories/ZDI-24-1212", "id": "ZDI-24-1212", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager ImportXml XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1212/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24046", "zdi_id": "ZDI-24-1212" }, { "cve": "CVE-2024-8191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alte...", "detail_json": "/data/advisories/ZDI-24-1211/advisory.json", "detail_path": "advisories/ZDI-24-1211", "id": "ZDI-24-1211", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Ivanti Endpoint Manager WasPreviouslyMapped SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1211/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24274", "zdi_id": "ZDI-24-1211" }, { "cve": "CVE-2024-38213", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-24-1210/advisory.json", "detail_path": "advisories/ZDI-24-1210", "id": "ZDI-24-1210", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Microsoft Windows Drag and Drop SmartScreen Bypass Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1210/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24000", "zdi_id": "ZDI-24-1210" }, { "cve": "CVE-2024-38213", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...", "detail_json": "/data/advisories/ZDI-24-1209/advisory.json", "detail_path": "advisories/ZDI-24-1209", "id": "ZDI-24-1209", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "Microsoft Windows Defender SmartScreen Bypass Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1209/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23616", "zdi_id": "ZDI-24-1209" }, { "cve": "CVE-2024-8355", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceManager. When pa...", "detail_json": "/data/advisories/ZDI-24-1208/advisory.json", "detail_path": "advisories/ZDI-24-1208", "id": "ZDI-24-1208", "kind": "published", "published_date": "2024-09-11", "status": "published", "title": "(0Day) Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability", "updated_date": "2024-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1208/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-20112", "zdi_id": "ZDI-24-1208" }, { "cve": "CVE-2024-43461", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-24-1207/advisory.json", "detail_path": "advisories/ZDI-24-1207", "id": "ZDI-24-1207", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Microsoft Windows Internet Explorer File Extension Spoofing Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1207/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24998", "zdi_id": "ZDI-24-1207" }, { "cve": "CVE-2024-43466", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPAutoSerializingObject class....", "detail_json": "/data/advisories/ZDI-24-1206/advisory.json", "detail_path": "advisories/ZDI-24-1206", "id": "ZDI-24-1206", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Microsoft SharePoint SPAutoSerializingObject Deserialization of Untrusted Data Denial-of-Service Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1206/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24482", "zdi_id": "ZDI-24-1206" }, { "cve": "CVE-2024-38249", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1205/advisory.json", "detail_path": "advisories/ZDI-24-1205", "id": "ZDI-24-1205", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Microsoft Windows BeginPaint Pen Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1205/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24174", "zdi_id": "ZDI-24-1205" }, { "cve": "CVE-2024-38018", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of serialized instances of the SPThe...", "detail_json": "/data/advisories/ZDI-24-1204/advisory.json", "detail_path": "advisories/ZDI-24-1204", "id": "ZDI-24-1204", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Microsoft SharePoint SPThemes Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1204/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23930", "zdi_id": "ZDI-24-1204" }, { "cve": "CVE-2024-43760", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1203/advisory.json", "detail_path": "advisories/ZDI-24-1203", "id": "ZDI-24-1203", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe Photoshop JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1203/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24266", "zdi_id": "ZDI-24-1203" }, { "cve": "CVE-2024-39381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1202/advisory.json", "detail_path": "advisories/ZDI-24-1202", "id": "ZDI-24-1202", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe After Effects AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1202/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24049", "zdi_id": "ZDI-24-1202" }, { "cve": "CVE-2024-39384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1201/advisory.json", "detail_path": "advisories/ZDI-24-1201", "id": "ZDI-24-1201", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe Premiere Pro AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1201/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24052", "zdi_id": "ZDI-24-1201" }, { "cve": "CVE-2024-39377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1200/advisory.json", "detail_path": "advisories/ZDI-24-1200", "id": "ZDI-24-1200", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe Media Encoder AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1200/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24051", "zdi_id": "ZDI-24-1200" }, { "cve": "CVE-2024-39382", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1199/advisory.json", "detail_path": "advisories/ZDI-24-1199", "id": "ZDI-24-1199", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe After Effects AVI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1199/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24048", "zdi_id": "ZDI-24-1199" }, { "cve": "CVE-2024-39385", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1198/advisory.json", "detail_path": "advisories/ZDI-24-1198", "id": "ZDI-24-1198", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe Premiere Pro AVI File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1198/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24053", "zdi_id": "ZDI-24-1198" }, { "cve": "CVE-2024-39378", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1197/advisory.json", "detail_path": "advisories/ZDI-24-1197", "id": "ZDI-24-1197", "kind": "published", "published_date": "2024-09-10", "status": "published", "title": "Adobe Audition AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1197/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24050", "zdi_id": "ZDI-24-1197" }, { "cve": "CVE-2024-45107", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-1196/advisory.json", "detail_path": "advisories/ZDI-24-1196", "id": "ZDI-24-1196", "kind": "published", "published_date": "2024-09-09", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-09-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1196/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24186", "zdi_id": "ZDI-24-1196" }, { "cve": "CVE-2024-6260", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1195/advisory.json", "detail_path": "advisories/ZDI-24-1195", "id": "ZDI-24-1195", "kind": "published", "published_date": "2024-09-05", "status": "published", "title": "Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1195/", "vendor": "Malwarebytes", "vendor_url": null, "zdi_can": "ZDI-CAN-22321", "zdi_id": "ZDI-24-1195" }, { "cve": "CVE-2024-39463", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1194/advisory.json", "detail_path": "advisories/ZDI-24-1194", "id": "ZDI-24-1194", "kind": "published", "published_date": "2024-09-05", "status": "published", "title": "Linux Kernel Plan 9 File System Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-24058", "zdi_id": "ZDI-24-1194" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1193/advisory.json", "detail_path": "advisories/ZDI-24-1193", "id": "ZDI-24-1193", "kind": "published", "published_date": "2024-09-05", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1193/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23810", "zdi_id": "ZDI-24-1193" }, { "cve": "CVE-2024-8360", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_ExtractFi...", "detail_json": "/data/advisories/ZDI-24-1192/advisory.json", "detail_path": "advisories/ZDI-24-1192", "id": "ZDI-24-1192", "kind": "published", "published_date": "2024-08-30", "status": "published", "title": "(0Day) Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1192/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-23421", "zdi_id": "ZDI-24-1192" }, { "cve": "CVE-2024-8359", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_FindFile...", "detail_json": "/data/advisories/ZDI-24-1191/advisory.json", "detail_path": "advisories/ZDI-24-1191", "id": "ZDI-24-1191", "kind": "published", "published_date": "2024-08-30", "status": "published", "title": "(0Day) Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1191/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-23420", "zdi_id": "ZDI-24-1191" }, { "cve": "CVE-2024-8358", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDATES_ExtractFile f...", "detail_json": "/data/advisories/ZDI-24-1190/advisory.json", "detail_path": "advisories/ZDI-24-1190", "id": "ZDI-24-1190", "kind": "published", "published_date": "2024-08-30", "status": "published", "title": "(0Day) Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1190/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-23422", "zdi_id": "ZDI-24-1190" }, { "cve": "CVE-2024-8357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-24-1189/advisory.json", "detail_path": "advisories/ZDI-24-1189", "id": "ZDI-24-1189", "kind": "published", "published_date": "2024-08-30", "status": "published", "title": "(0Day) Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1189/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-23759", "zdi_id": "ZDI-24-1189" }, { "cve": "CVE-2024-8356", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-1188/advisory.json", "detail_path": "advisories/ZDI-24-1188", "id": "ZDI-24-1188", "kind": "published", "published_date": "2024-08-30", "status": "published", "title": "(0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1188/", "vendor": "Visteon", "vendor_url": null, "zdi_can": "ZDI-CAN-23758", "zdi_id": "ZDI-24-1188" }, { "cve": "CVE-2024-6672", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specif...", "detail_json": "/data/advisories/ZDI-24-1187/advisory.json", "detail_path": "advisories/ZDI-24-1187", "id": "ZDI-24-1187", "kind": "published", "published_date": "2024-08-29", "status": "published", "title": "Progress Software WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability", "updated_date": "2024-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1187/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23667", "zdi_id": "ZDI-24-1187" }, { "cve": "CVE-2024-6671", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetStatistical...", "detail_json": "/data/advisories/ZDI-24-1186/advisory.json", "detail_path": "advisories/ZDI-24-1186", "id": "ZDI-24-1186", "kind": "published", "published_date": "2024-08-29", "status": "published", "title": "Progress Software WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability", "updated_date": "2024-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1186/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23662", "zdi_id": "ZDI-24-1186" }, { "cve": "CVE-2024-6670", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of HasErrors meth...", "detail_json": "/data/advisories/ZDI-24-1185/advisory.json", "detail_path": "advisories/ZDI-24-1185", "id": "ZDI-24-1185", "kind": "published", "published_date": "2024-08-29", "status": "published", "title": "Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability", "updated_date": "2024-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1185/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23660", "zdi_id": "ZDI-24-1185" }, { "cve": "CVE-2024-7744", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler module. The issue res...", "detail_json": "/data/advisories/ZDI-24-1184/advisory.json", "detail_path": "advisories/ZDI-24-1184", "id": "ZDI-24-1184", "kind": "published", "published_date": "2024-08-29", "status": "published", "title": "Progress Software WS_FTP Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1184/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-22322", "zdi_id": "ZDI-24-1184" }, { "cve": "CVE-2024-8255", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-1183/advisory.json", "detail_path": "advisories/ZDI-24-1183", "id": "ZDI-24-1183", "kind": "published", "published_date": "2024-08-29", "status": "published", "title": "Delta Electronics DTN Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1183/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22330", "zdi_id": "ZDI-24-1183" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-1182/advisory.json", "detail_path": "advisories/ZDI-24-1182", "id": "ZDI-24-1182", "kind": "published", "published_date": "2024-08-27", "status": "published", "title": "Linux Kernel Netfilter Conntrack Type Confusion Information Disclosure Vulnerability", "updated_date": "2024-08-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1182/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-24591", "zdi_id": "ZDI-24-1182" }, { "cve": null, "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected services of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AzureBlobRestAPI.dll module. The...", "detail_json": "/data/advisories/ZDI-24-1181/advisory.json", "detail_path": "advisories/ZDI-24-1181", "id": "ZDI-24-1181", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Axis Communications Autodesk Plugin Exposure of Sensitive Information Authentication Bypass Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1181/", "vendor": "Axis Communications", "vendor_url": null, "zdi_can": "ZDI-CAN-24830", "zdi_id": "ZDI-24-1181" }, { "cve": "CVE-2024-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1180/advisory.json", "detail_path": "advisories/ZDI-24-1180", "id": "ZDI-24-1180", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1180/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24061", "zdi_id": "ZDI-24-1180" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1179/advisory.json", "detail_path": "advisories/ZDI-24-1179", "id": "ZDI-24-1179", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1179/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24068", "zdi_id": "ZDI-24-1179" }, { "cve": "CVE-2024-21473", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple Qualcomm chipsets. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The...", "detail_json": "/data/advisories/ZDI-24-1178/advisory.json", "detail_path": "advisories/ZDI-24-1178", "id": "ZDI-24-1178", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Qualcomm Wi-Fi SON LDB Service Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1178/", "vendor": "Qualcomm Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-24083", "zdi_id": "ZDI-24-1178" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When in...", "detail_json": "/data/advisories/ZDI-24-1177/advisory.json", "detail_path": "advisories/ZDI-24-1177", "id": "ZDI-24-1177", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1177/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-24023", "zdi_id": "ZDI-24-1177" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Glue. When installed from the o...", "detail_json": "/data/advisories/ZDI-24-1176/advisory.json", "detail_path": "advisories/ZDI-24-1176", "id": "ZDI-24-1176", "kind": "published", "published_date": "2024-08-23", "status": "published", "title": "Amazon AWS aws-glue-with-s2s-vpn Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1176/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-23901", "zdi_id": "ZDI-24-1176" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1175/advisory.json", "detail_path": "advisories/ZDI-24-1175", "id": "ZDI-24-1175", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1175/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23812", "zdi_id": "ZDI-24-1175" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1174/advisory.json", "detail_path": "advisories/ZDI-24-1174", "id": "ZDI-24-1174", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1174/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23834", "zdi_id": "ZDI-24-1174" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1173/advisory.json", "detail_path": "advisories/ZDI-24-1173", "id": "ZDI-24-1173", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1173/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23833", "zdi_id": "ZDI-24-1173" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1172/advisory.json", "detail_path": "advisories/ZDI-24-1172", "id": "ZDI-24-1172", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1172/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23808", "zdi_id": "ZDI-24-1172" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1171/advisory.json", "detail_path": "advisories/ZDI-24-1171", "id": "ZDI-24-1171", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1171/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23806", "zdi_id": "ZDI-24-1171" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1170/advisory.json", "detail_path": "advisories/ZDI-24-1170", "id": "ZDI-24-1170", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1170/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23805", "zdi_id": "ZDI-24-1170" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1169/advisory.json", "detail_path": "advisories/ZDI-24-1169", "id": "ZDI-24-1169", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1169/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23804", "zdi_id": "ZDI-24-1169" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1168/advisory.json", "detail_path": "advisories/ZDI-24-1168", "id": "ZDI-24-1168", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1168/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23803", "zdi_id": "ZDI-24-1168" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1167/advisory.json", "detail_path": "advisories/ZDI-24-1167", "id": "ZDI-24-1167", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1167/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23802", "zdi_id": "ZDI-24-1167" }, { "cve": "CVE-2024-7502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1166/advisory.json", "detail_path": "advisories/ZDI-24-1166", "id": "ZDI-24-1166", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1166/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23801", "zdi_id": "ZDI-24-1166" }, { "cve": "CVE-2024-30372", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results fr...", "detail_json": "/data/advisories/ZDI-24-1165/advisory.json", "detail_path": "advisories/ZDI-24-1165", "id": "ZDI-24-1165", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1165/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-23609", "zdi_id": "ZDI-24-1165" }, { "cve": "CVE-2024-5581", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of prope...", "detail_json": "/data/advisories/ZDI-24-1164/advisory.json", "detail_path": "advisories/ZDI-24-1164", "id": "ZDI-24-1164", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1164/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-23453", "zdi_id": "ZDI-24-1164" }, { "cve": "CVE-2024-5580", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadFieldMatch method. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-24-1163/advisory.json", "detail_path": "advisories/ZDI-24-1163", "id": "ZDI-24-1163", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1163/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-23452", "zdi_id": "ZDI-24-1163" }, { "cve": "CVE-2024-5579", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the renderFieldMatch method. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-24-1162/advisory.json", "detail_path": "advisories/ZDI-24-1162", "id": "ZDI-24-1162", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1162/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-23451", "zdi_id": "ZDI-24-1162" }, { "cve": "CVE-2024-36960", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1161/advisory.json", "detail_path": "advisories/ZDI-24-1161", "id": "ZDI-24-1161", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Linux Kernel vmwgfx Driver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1161/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-23566", "zdi_id": "ZDI-24-1161" }, { "cve": "CVE-2024-40789", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1160/advisory.json", "detail_path": "advisories/ZDI-24-1160", "id": "ZDI-24-1160", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1160/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23730", "zdi_id": "ZDI-24-1160" }, { "cve": "CVE-2024-30377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1159/advisory.json", "detail_path": "advisories/ZDI-24-1159", "id": "ZDI-24-1159", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-12-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1159/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-23381", "zdi_id": "ZDI-24-1159" }, { "cve": "CVE-2024-7988", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ThinServer service. The issue...", "detail_json": "/data/advisories/ZDI-24-1158/advisory.json", "detail_path": "advisories/ZDI-24-1158", "id": "ZDI-24-1158", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1158/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24040", "zdi_id": "ZDI-24-1158" }, { "cve": "CVE-2024-7987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-24-1157/advisory.json", "detail_path": "advisories/ZDI-24-1157", "id": "ZDI-24-1157", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1157/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24006", "zdi_id": "ZDI-24-1157" }, { "cve": "CVE-2024-7986", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to read arbitrary files on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-24-1156/advisory.json", "detail_path": "advisories/ZDI-24-1156", "id": "ZDI-24-1156", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "Rockwell Automation ThinManager ThinServer Arbitrary File Read Information Disclosure Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1156/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-24002", "zdi_id": "ZDI-24-1156" }, { "cve": "CVE-2024-4712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1155/advisory.json", "detail_path": "advisories/ZDI-24-1155", "id": "ZDI-24-1155", "kind": "published", "published_date": "2024-08-22", "status": "published", "title": "PaperCut NG image-handler Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2024-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1155/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23859", "zdi_id": "ZDI-24-1155" }, { "cve": "CVE-2024-7795", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-24-1154/advisory.json", "detail_path": "advisories/ZDI-24-1154", "id": "ZDI-24-1154", "kind": "published", "published_date": "2024-08-20", "status": "published", "title": "Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1154/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-23384", "zdi_id": "ZDI-24-1154" }, { "cve": "CVE-2024-7305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1153/advisory.json", "detail_path": "advisories/ZDI-24-1153", "id": "ZDI-24-1153", "kind": "published", "published_date": "2024-08-20", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1153/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-24499", "zdi_id": "ZDI-24-1153" }, { "cve": "CVE-2024-3913", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall. The...", "detail_json": "/data/advisories/ZDI-24-1152/advisory.json", "detail_path": "advisories/ZDI-24-1152", "id": "ZDI-24-1152", "kind": "published", "published_date": "2024-08-20", "status": "published", "title": "Phoenix Contact CHARX SEC-3100 Improper Access Control Authentication Bypass Vulnerability", "updated_date": "2024-08-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1152/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23499", "zdi_id": "ZDI-24-1152" }, { "cve": "CVE-2024-37399", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, whi...", "detail_json": "/data/advisories/ZDI-24-1151/advisory.json", "detail_path": "advisories/ZDI-24-1151", "id": "ZDI-24-1151", "kind": "published", "published_date": "2024-08-15", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1151/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-24220", "zdi_id": "ZDI-24-1151" }, { "cve": "CVE-2024-38653", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improp...", "detail_json": "/data/advisories/ZDI-24-1150/advisory.json", "detail_path": "advisories/ZDI-24-1150", "id": "ZDI-24-1150", "kind": "published", "published_date": "2024-08-15", "status": "published", "title": "Ivanti Avalanche decodeToMap XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1150/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22083", "zdi_id": "ZDI-24-1150" }, { "cve": "CVE-2024-38652", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteSkin method. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-1149/advisory.json", "detail_path": "advisories/ZDI-24-1149", "id": "ZDI-24-1149", "kind": "published", "published_date": "2024-08-15", "status": "published", "title": "Ivanti Avalanche deleteSkin Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1149/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21401", "zdi_id": "ZDI-24-1149" }, { "cve": "CVE-2024-38171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1148/advisory.json", "detail_path": "advisories/ZDI-24-1148", "id": "ZDI-24-1148", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1148/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-24264", "zdi_id": "ZDI-24-1148" }, { "cve": "CVE-2024-38163", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1147/advisory.json", "detail_path": "advisories/ZDI-24-1147", "id": "ZDI-24-1147", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Microsoft Windows 10 WinREUpdateInstaller_2401B_amd64 Link Following Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1147/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23936", "zdi_id": "ZDI-24-1147" }, { "cve": "CVE-2024-38163", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1146/advisory.json", "detail_path": "advisories/ZDI-24-1146", "id": "ZDI-24-1146", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Microsoft Windows 10 WinREUpdateInstaller DLL Hijacking Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1146/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23934", "zdi_id": "ZDI-24-1146" }, { "cve": "CVE-2024-38169", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-1145/advisory.json", "detail_path": "advisories/ZDI-24-1145", "id": "ZDI-24-1145", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Microsoft Office Visio VSDX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1145/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23552", "zdi_id": "ZDI-24-1145" }, { "cve": "CVE-2024-39388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-1144/advisory.json", "detail_path": "advisories/ZDI-24-1144", "id": "ZDI-24-1144", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1144/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24055", "zdi_id": "ZDI-24-1144" }, { "cve": "CVE-2024-34124", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1143/advisory.json", "detail_path": "advisories/ZDI-24-1143", "id": "ZDI-24-1143", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1143/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24031", "zdi_id": "ZDI-24-1143" }, { "cve": "CVE-2024-20789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-1142/advisory.json", "detail_path": "advisories/ZDI-24-1142", "id": "ZDI-24-1142", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1142/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24030", "zdi_id": "ZDI-24-1142" }, { "cve": "CVE-2024-34125", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1141/advisory.json", "detail_path": "advisories/ZDI-24-1141", "id": "ZDI-24-1141", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1141/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24027", "zdi_id": "ZDI-24-1141" }, { "cve": "CVE-2024-34126", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1140/advisory.json", "detail_path": "advisories/ZDI-24-1140", "id": "ZDI-24-1140", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1140/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24028", "zdi_id": "ZDI-24-1140" }, { "cve": "CVE-2024-39386", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-1139/advisory.json", "detail_path": "advisories/ZDI-24-1139", "id": "ZDI-24-1139", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1139/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24057", "zdi_id": "ZDI-24-1139" }, { "cve": "CVE-2024-41840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-1138/advisory.json", "detail_path": "advisories/ZDI-24-1138", "id": "ZDI-24-1138", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Bridge JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1138/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24607", "zdi_id": "ZDI-24-1138" }, { "cve": "CVE-2024-39387", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-1137/advisory.json", "detail_path": "advisories/ZDI-24-1137", "id": "ZDI-24-1137", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Bridge AVI FIle Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1137/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24047", "zdi_id": "ZDI-24-1137" }, { "cve": "CVE-2024-39423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1136/advisory.json", "detail_path": "advisories/ZDI-24-1136", "id": "ZDI-24-1136", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1136/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24182", "zdi_id": "ZDI-24-1136" }, { "cve": "CVE-2024-39422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1135/advisory.json", "detail_path": "advisories/ZDI-24-1135", "id": "ZDI-24-1135", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1135/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24090", "zdi_id": "ZDI-24-1135" }, { "cve": "CVE-2024-39424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1134/advisory.json", "detail_path": "advisories/ZDI-24-1134", "id": "ZDI-24-1134", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1134/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24309", "zdi_id": "ZDI-24-1134" }, { "cve": "CVE-2024-41831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1133/advisory.json", "detail_path": "advisories/ZDI-24-1133", "id": "ZDI-24-1133", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1133/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24569", "zdi_id": "ZDI-24-1133" }, { "cve": "CVE-2024-41833", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-1132/advisory.json", "detail_path": "advisories/ZDI-24-1132", "id": "ZDI-24-1132", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1132/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24310", "zdi_id": "ZDI-24-1132" }, { "cve": "CVE-2024-41834", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-1131/advisory.json", "detail_path": "advisories/ZDI-24-1131", "id": "ZDI-24-1131", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1131/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24311", "zdi_id": "ZDI-24-1131" }, { "cve": "CVE-2024-39426", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1130/advisory.json", "detail_path": "advisories/ZDI-24-1130", "id": "ZDI-24-1130", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1130/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24312", "zdi_id": "ZDI-24-1130" }, { "cve": "CVE-2024-7448", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device....", "detail_json": "/data/advisories/ZDI-24-1129/advisory.json", "detail_path": "advisories/ZDI-24-1129", "id": "ZDI-24-1129", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1129/", "vendor": "Magnet Forensics", "vendor_url": null, "zdi_can": "ZDI-CAN-23964", "zdi_id": "ZDI-24-1129" }, { "cve": "CVE-2024-7399", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileFromMultipartFile method. The...", "detail_json": "/data/advisories/ZDI-24-1128/advisory.json", "detail_path": "advisories/ZDI-24-1128", "id": "ZDI-24-1128", "kind": "published", "published_date": "2024-12-09", "status": "published", "title": "Samsung MagicINFO 9 Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2025-03-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1128/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-23326", "zdi_id": "ZDI-24-1128" }, { "cve": "CVE-2024-7725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1127/advisory.json", "detail_path": "advisories/ZDI-24-1127", "id": "ZDI-24-1127", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1127/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23928", "zdi_id": "ZDI-24-1127" }, { "cve": "CVE-2024-7724", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1126/advisory.json", "detail_path": "advisories/ZDI-24-1126", "id": "ZDI-24-1126", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1126/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23900", "zdi_id": "ZDI-24-1126" }, { "cve": "CVE-2024-7723", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1125/advisory.json", "detail_path": "advisories/ZDI-24-1125", "id": "ZDI-24-1125", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1125/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23736", "zdi_id": "ZDI-24-1125" }, { "cve": "CVE-2024-7722", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1124/advisory.json", "detail_path": "advisories/ZDI-24-1124", "id": "ZDI-24-1124", "kind": "published", "published_date": "2024-08-13", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1124/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23702", "zdi_id": "ZDI-24-1124" }, { "cve": "CVE-2024-32765", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to make modifications to device configuration in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1123/advisory.json", "detail_path": "advisories/ZDI-24-1123", "id": "ZDI-24-1123", "kind": "published", "published_date": "2024-08-12", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Netmgr Endpoint Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1123/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22458", "zdi_id": "ZDI-24-1123" }, { "cve": "CVE-2024-27829", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1122/advisory.json", "detail_path": "advisories/ZDI-24-1122", "id": "ZDI-24-1122", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1122/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23588", "zdi_id": "ZDI-24-1122" }, { "cve": "CVE-2024-27829", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1121/advisory.json", "detail_path": "advisories/ZDI-24-1121", "id": "ZDI-24-1121", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1121/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23591", "zdi_id": "ZDI-24-1121" }, { "cve": "CVE-2024-27829", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1120/advisory.json", "detail_path": "advisories/ZDI-24-1120", "id": "ZDI-24-1120", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1120/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24130", "zdi_id": "ZDI-24-1120" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1119/advisory.json", "detail_path": "advisories/ZDI-24-1119", "id": "ZDI-24-1119", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1119/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24059", "zdi_id": "ZDI-24-1119" }, { "cve": "CVE-2024-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1118/advisory.json", "detail_path": "advisories/ZDI-24-1118", "id": "ZDI-24-1118", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1118/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24060", "zdi_id": "ZDI-24-1118" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1117/advisory.json", "detail_path": "advisories/ZDI-24-1117", "id": "ZDI-24-1117", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1117/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24063", "zdi_id": "ZDI-24-1117" }, { "cve": "CVE-2024-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1116/advisory.json", "detail_path": "advisories/ZDI-24-1116", "id": "ZDI-24-1116", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1116/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24066", "zdi_id": "ZDI-24-1116" }, { "cve": "CVE-2024-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1115/advisory.json", "detail_path": "advisories/ZDI-24-1115", "id": "ZDI-24-1115", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1115/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24069", "zdi_id": "ZDI-24-1115" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1114/advisory.json", "detail_path": "advisories/ZDI-24-1114", "id": "ZDI-24-1114", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1114/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24062", "zdi_id": "ZDI-24-1114" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1113/advisory.json", "detail_path": "advisories/ZDI-24-1113", "id": "ZDI-24-1113", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1113/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24064", "zdi_id": "ZDI-24-1113" }, { "cve": "CVE-2024-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-24-1112/advisory.json", "detail_path": "advisories/ZDI-24-1112", "id": "ZDI-24-1112", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1112/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24065", "zdi_id": "ZDI-24-1112" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1111/advisory.json", "detail_path": "advisories/ZDI-24-1111", "id": "ZDI-24-1111", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1111/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24067", "zdi_id": "ZDI-24-1111" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1110/advisory.json", "detail_path": "advisories/ZDI-24-1110", "id": "ZDI-24-1110", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1110/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24035", "zdi_id": "ZDI-24-1110" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1109/advisory.json", "detail_path": "advisories/ZDI-24-1109", "id": "ZDI-24-1109", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1109/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24037", "zdi_id": "ZDI-24-1109" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1108/advisory.json", "detail_path": "advisories/ZDI-24-1108", "id": "ZDI-24-1108", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1108/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24036", "zdi_id": "ZDI-24-1108" }, { "cve": "CVE-2024-27857", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1107/advisory.json", "detail_path": "advisories/ZDI-24-1107", "id": "ZDI-24-1107", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1107/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24038", "zdi_id": "ZDI-24-1107" }, { "cve": "CVE-2024-7601", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on...", "detail_json": "/data/advisories/ZDI-24-1106/advisory.json", "detail_path": "advisories/ZDI-24-1106", "id": "ZDI-24-1106", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1106/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25026", "zdi_id": "ZDI-24-1106" }, { "cve": "CVE-2024-7603", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which list...", "detail_json": "/data/advisories/ZDI-24-1105/advisory.json", "detail_path": "advisories/ZDI-24-1105", "id": "ZDI-24-1105", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1105/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25028", "zdi_id": "ZDI-24-1105" }, { "cve": "CVE-2024-7604", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on T...", "detail_json": "/data/advisories/ZDI-24-1104/advisory.json", "detail_path": "advisories/ZDI-24-1104", "id": "ZDI-24-1104", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1104/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25029", "zdi_id": "ZDI-24-1104" }, { "cve": "CVE-2024-7600", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on...", "detail_json": "/data/advisories/ZDI-24-1103/advisory.json", "detail_path": "advisories/ZDI-24-1103", "id": "ZDI-24-1103", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1103/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25025", "zdi_id": "ZDI-24-1103" }, { "cve": "CVE-2024-7602", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which li...", "detail_json": "/data/advisories/ZDI-24-1102/advisory.json", "detail_path": "advisories/ZDI-24-1102", "id": "ZDI-24-1102", "kind": "published", "published_date": "2024-08-08", "status": "published", "title": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1102/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-25027", "zdi_id": "ZDI-24-1102" }, { "cve": "CVE-2024-27802", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-1101/advisory.json", "detail_path": "advisories/ZDI-24-1101", "id": "ZDI-24-1101", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "Apple macOS Metal Framework KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1101/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22578", "zdi_id": "ZDI-24-1101" }, { "cve": "CVE-2024-7565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1100/advisory.json", "detail_path": "advisories/ZDI-24-1100", "id": "ZDI-24-1100", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1100/", "vendor": "SMARTBEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19060", "zdi_id": "ZDI-24-1100" }, { "cve": "CVE-2024-38856", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue...", "detail_json": "/data/advisories/ZDI-24-1099/advisory.json", "detail_path": "advisories/ZDI-24-1099", "id": "ZDI-24-1099", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "Apache OFBiz resolveURI Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1099/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-24775", "zdi_id": "ZDI-24-1099" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-24-1098/advisory.json", "detail_path": "advisories/ZDI-24-1098", "id": "ZDI-24-1098", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Windows Error Reporting Service Missing Authorization Arbitrary Process Termination Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1098/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22870", "zdi_id": "ZDI-24-1098" }, { "cve": null, "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileg...", "detail_json": "/data/advisories/ZDI-24-1097/advisory.json", "detail_path": "advisories/ZDI-24-1097", "id": "ZDI-24-1097", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1097/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22453", "zdi_id": "ZDI-24-1097" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1096/advisory.json", "detail_path": "advisories/ZDI-24-1096", "id": "ZDI-24-1096", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1096/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22344", "zdi_id": "ZDI-24-1096" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1095/advisory.json", "detail_path": "advisories/ZDI-24-1095", "id": "ZDI-24-1095", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1095/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22326", "zdi_id": "ZDI-24-1095" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1094/advisory.json", "detail_path": "advisories/ZDI-24-1094", "id": "ZDI-24-1094", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1094/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22291", "zdi_id": "ZDI-24-1094" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1093/advisory.json", "detail_path": "advisories/ZDI-24-1093", "id": "ZDI-24-1093", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1093/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22290", "zdi_id": "ZDI-24-1093" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1092/advisory.json", "detail_path": "advisories/ZDI-24-1092", "id": "ZDI-24-1092", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1092/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22289", "zdi_id": "ZDI-24-1092" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-24-1091/advisory.json", "detail_path": "advisories/ZDI-24-1091", "id": "ZDI-24-1091", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Windows DirectComposition Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1091/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20572", "zdi_id": "ZDI-24-1091" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-24-1090/advisory.json", "detail_path": "advisories/ZDI-24-1090", "id": "ZDI-24-1090", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Windows DirectComposition Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1090/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20571", "zdi_id": "ZDI-24-1090" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-1089/advisory.json", "detail_path": "advisories/ZDI-24-1089", "id": "ZDI-24-1089", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft Office Visio DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1089/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20166", "zdi_id": "ZDI-24-1089" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1088/advisory.json", "detail_path": "advisories/ZDI-24-1088", "id": "ZDI-24-1088", "kind": "published", "published_date": "2024-08-06", "status": "published", "title": "(0Day) Microsoft 3D Viewer GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1088/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19051", "zdi_id": "ZDI-24-1088" }, { "cve": "CVE-2024-7547", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1087/advisory.json", "detail_path": "advisories/ZDI-24-1087", "id": "ZDI-24-1087", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1087/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23460", "zdi_id": "ZDI-24-1087" }, { "cve": "CVE-2024-7546", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1086/advisory.json", "detail_path": "advisories/ZDI-24-1086", "id": "ZDI-24-1086", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1086/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23459", "zdi_id": "ZDI-24-1086" }, { "cve": "CVE-2024-7545", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1085/advisory.json", "detail_path": "advisories/ZDI-24-1085", "id": "ZDI-24-1085", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1085/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23458", "zdi_id": "ZDI-24-1085" }, { "cve": "CVE-2024-7544", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1084/advisory.json", "detail_path": "advisories/ZDI-24-1084", "id": "ZDI-24-1084", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1084/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23457", "zdi_id": "ZDI-24-1084" }, { "cve": "CVE-2024-7543", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1083/advisory.json", "detail_path": "advisories/ZDI-24-1083", "id": "ZDI-24-1083", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1083/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23456", "zdi_id": "ZDI-24-1083" }, { "cve": "CVE-2024-7542", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-24-1082/advisory.json", "detail_path": "advisories/ZDI-24-1082", "id": "ZDI-24-1082", "kind": "published", "published_date": "2025-12-10", "status": "published", "title": "(0Day) (Pwn2Own) oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1082/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23309", "zdi_id": "ZDI-24-1082" }, { "cve": "CVE-2024-7541", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-24-1081/advisory.json", "detail_path": "advisories/ZDI-24-1081", "id": "ZDI-24-1081", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) (Pwn2Own) oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1081/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23308", "zdi_id": "ZDI-24-1081" }, { "cve": "CVE-2024-7540", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-24-1080/advisory.json", "detail_path": "advisories/ZDI-24-1080", "id": "ZDI-24-1080", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) (Pwn2Own) oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1080/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23307", "zdi_id": "ZDI-24-1080" }, { "cve": "CVE-2024-7539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1079/advisory.json", "detail_path": "advisories/ZDI-24-1079", "id": "ZDI-24-1079", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) (Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1079/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23195", "zdi_id": "ZDI-24-1079" }, { "cve": "CVE-2024-7538", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-24-1078/advisory.json", "detail_path": "advisories/ZDI-24-1078", "id": "ZDI-24-1078", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) (Pwn2Own) oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2025-12-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1078/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23190", "zdi_id": "ZDI-24-1078" }, { "cve": "CVE-2024-7537", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue result...", "detail_json": "/data/advisories/ZDI-24-1077/advisory.json", "detail_path": "advisories/ZDI-24-1077", "id": "ZDI-24-1077", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "(0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1077/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-23157", "zdi_id": "ZDI-24-1077" }, { "cve": "CVE-2024-30082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1076/advisory.json", "detail_path": "advisories/ZDI-24-1076", "id": "ZDI-24-1076", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Windows Menu DC Color Space Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1076/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23414", "zdi_id": "ZDI-24-1076" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Reference for Office Products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installatio...", "detail_json": "/data/advisories/ZDI-24-1075/advisory.json", "detail_path": "advisories/ZDI-24-1075", "id": "ZDI-24-1075", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23296", "zdi_id": "ZDI-24-1075" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Gallery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of PowerShell Galler...", "detail_json": "/data/advisories/ZDI-24-1074/advisory.json", "detail_path": "advisories/ZDI-24-1074", "id": "ZDI-24-1074", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft PowerShell Gallery psg-prod-centralus Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1074/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23295", "zdi_id": "ZDI-24-1074" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of uAMQP. When installed from the...", "detail_json": "/data/advisories/ZDI-24-1073/advisory.json", "detail_path": "advisories/ZDI-24-1073", "id": "ZDI-24-1073", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure uAMQP azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1073/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23269", "zdi_id": "ZDI-24-1073" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft CameraTraps. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of CameraTraps. When instal...", "detail_json": "/data/advisories/ZDI-24-1072/advisory.json", "detail_path": "advisories/ZDI-24-1072", "id": "ZDI-24-1072", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft CameraTraps cameratracrsppftkje Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1072/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23258", "zdi_id": "ZDI-24-1072" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure GPT ALE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Generative Pre-trained...", "detail_json": "/data/advisories/ZDI-24-1071/advisory.json", "detail_path": "advisories/ZDI-24-1071", "id": "ZDI-24-1071", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure GPT ALE palantirdemoacr Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1071/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23234", "zdi_id": "ZDI-24-1071" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Partner Resources. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Partner Resources....", "detail_json": "/data/advisories/ZDI-24-1070/advisory.json", "detail_path": "advisories/ZDI-24-1070", "id": "ZDI-24-1070", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Partner Resources openhacks Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1070/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23075", "zdi_id": "ZDI-24-1070" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Technical Case Studies. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Technical Cas...", "detail_json": "/data/advisories/ZDI-24-1069/advisory.json", "detail_path": "advisories/ZDI-24-1069", "id": "ZDI-24-1069", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Technical Case Studies athena-dashboard Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1069/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23067", "zdi_id": "ZDI-24-1069" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to manipulate sample datasets on affected installations of ML.NET Samples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of ML.NET...", "detail_json": "/data/advisories/ZDI-24-1068/advisory.json", "detail_path": "advisories/ZDI-24-1068", "id": "ZDI-24-1068", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1068/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23066", "zdi_id": "ZDI-24-1068" }, { "cve": null, "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CollectSFData for Microsoft Azure. Authentication is not required to exploit this vulnerability. The issue results from a reference to a non-existent cloud resou...", "detail_json": "/data/advisories/ZDI-24-1067/advisory.json", "detail_path": "advisories/ZDI-24-1067", "id": "ZDI-24-1067", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure CollectSFData docs-analytics-eus Uncontrolled Search Path Element Impersonation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1067/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23055", "zdi_id": "ZDI-24-1067" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DataStoriesSamples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of DataSto...", "detail_json": "/data/advisories/ZDI-24-1066/advisory.json", "detail_path": "advisories/ZDI-24-1066", "id": "ZDI-24-1066", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure DataStoriesSamples machinelearningdatasets Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1066/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23054", "zdi_id": "ZDI-24-1066" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Availability Monitor for Kafka for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installatio...", "detail_json": "/data/advisories/ZDI-24-1065/advisory.json", "detail_path": "advisories/ZDI-24-1065", "id": "ZDI-24-1065", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure Availability Monitor for Kafka esnewdeveastdockerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1065/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23041", "zdi_id": "ZDI-24-1065" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft AirSim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AirSim. When installed from t...", "detail_json": "/data/advisories/ZDI-24-1064/advisory.json", "detail_path": "advisories/ZDI-24-1064", "id": "ZDI-24-1064", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft AirSim airsimci Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1064/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23029", "zdi_id": "ZDI-24-1064" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Reactor Workshops. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Reactor Workshops....", "detail_json": "/data/advisories/ZDI-24-1063/advisory.json", "detail_path": "advisories/ZDI-24-1063", "id": "ZDI-24-1063", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Reactor Workshops reactorworkshops Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1063/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23028", "zdi_id": "ZDI-24-1063" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Fluid Framework. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Fluid Framework. Whe...", "detail_json": "/data/advisories/ZDI-24-1062/advisory.json", "detail_path": "advisories/ZDI-24-1062", "id": "ZDI-24-1062", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Fluid Framework prague Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1062/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23027", "zdi_id": "ZDI-24-1062" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of What The Hack. When in...", "detail_json": "/data/advisories/ZDI-24-1061/advisory.json", "detail_path": "advisories/ZDI-24-1061", "id": "ZDI-24-1061", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1061/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23026", "zdi_id": "ZDI-24-1061" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Aztack for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Aztack. When instal...", "detail_json": "/data/advisories/ZDI-24-1060/advisory.json", "detail_path": "advisories/ZDI-24-1060", "id": "ZDI-24-1060", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure Aztack aztack1528763526 Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1060/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23023", "zdi_id": "ZDI-24-1060" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Azure Linux Automation for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azu...", "detail_json": "/data/advisories/ZDI-24-1059/advisory.json", "detail_path": "advisories/ZDI-24-1059", "id": "ZDI-24-1059", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure Linux Automation konkaciwestus1 Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1059/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23022", "zdi_id": "ZDI-24-1059" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NodeJS LogPoint for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of NodeJS Log...", "detail_json": "/data/advisories/ZDI-24-1058/advisory.json", "detail_path": "advisories/ZDI-24-1058", "id": "ZDI-24-1058", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1058/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23021", "zdi_id": "ZDI-24-1058" }, { "cve": "CVE-2024-7511", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-1057/advisory.json", "detail_path": "advisories/ZDI-24-1057", "id": "ZDI-24-1057", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1057/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-23000", "zdi_id": "ZDI-24-1057" }, { "cve": "CVE-2024-7510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1056/advisory.json", "detail_path": "advisories/ZDI-24-1056", "id": "ZDI-24-1056", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1056/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19631", "zdi_id": "ZDI-24-1056" }, { "cve": "CVE-2024-7509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-1055/advisory.json", "detail_path": "advisories/ZDI-24-1055", "id": "ZDI-24-1055", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1055/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19576", "zdi_id": "ZDI-24-1055" }, { "cve": "CVE-2024-7508", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-1054/advisory.json", "detail_path": "advisories/ZDI-24-1054", "id": "ZDI-24-1054", "kind": "published", "published_date": "2024-08-05", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1054/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19575", "zdi_id": "ZDI-24-1054" }, { "cve": "CVE-2024-23971", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...", "detail_json": "/data/advisories/ZDI-24-1053/advisory.json", "detail_path": "advisories/ZDI-24-1053", "id": "ZDI-24-1053", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex OCPP bswitch Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1053/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23317", "zdi_id": "ZDI-24-1053" }, { "cve": "CVE-2024-23970", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLO...", "detail_json": "/data/advisories/ZDI-24-1052/advisory.json", "detail_path": "advisories/ZDI-24-1052", "id": "ZDI-24-1052", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex Improper Certificate Validation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1052/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23229", "zdi_id": "ZDI-24-1052" }, { "cve": "CVE-2024-23969", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst...", "detail_json": "/data/advisories/ZDI-24-1051/advisory.json", "detail_path": "advisories/ZDI-24-1051", "id": "ZDI-24-1051", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1051/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23313", "zdi_id": "ZDI-24-1051" }, { "cve": "CVE-2024-23968", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetA...", "detail_json": "/data/advisories/ZDI-24-1050/advisory.json", "detail_path": "advisories/ZDI-24-1050", "id": "ZDI-24-1050", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1050/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23222", "zdi_id": "ZDI-24-1050" }, { "cve": "CVE-2024-23921", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp modu...", "detail_json": "/data/advisories/ZDI-24-1049/advisory.json", "detail_path": "advisories/ZDI-24-1049", "id": "ZDI-24-1049", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex wlanapp Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1049/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23300", "zdi_id": "ZDI-24-1049" }, { "cve": "CVE-2024-23920", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee mo...", "detail_json": "/data/advisories/ZDI-24-1048/advisory.json", "detail_path": "advisories/ZDI-24-1048", "id": "ZDI-24-1048", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) ChargePoint Home Flex onboardee Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2024-08-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1048/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-23150", "zdi_id": "ZDI-24-1048" }, { "cve": "CVE-2024-7392", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-24-1047/advisory.json", "detail_path": "advisories/ZDI-24-1047", "id": "ZDI-24-1047", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1047/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-21455", "zdi_id": "ZDI-24-1047" }, { "cve": "CVE-2024-7391", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi s...", "detail_json": "/data/advisories/ZDI-24-1046/advisory.json", "detail_path": "advisories/ZDI-24-1046", "id": "ZDI-24-1046", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1046/", "vendor": "ChargePoint", "vendor_url": null, "zdi_can": "ZDI-CAN-21454", "zdi_id": "ZDI-24-1046" }, { "cve": "CVE-2024-23928", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-1045/advisory.json", "detail_path": "advisories/ZDI-24-1045", "id": "ZDI-24-1045", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1045/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-23101", "zdi_id": "ZDI-24-1045" }, { "cve": "CVE-2024-23929", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-24-1044/advisory.json", "detail_path": "advisories/ZDI-24-1044", "id": "ZDI-24-1044", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1044/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-23301", "zdi_id": "ZDI-24-1044" }, { "cve": "CVE-2024-23930", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Media se...", "detail_json": "/data/advisories/ZDI-24-1043/advisory.json", "detail_path": "advisories/ZDI-24-1043", "id": "ZDI-24-1043", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions Denial-of-Service Vulnerability", "updated_date": "2025-03-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1043/", "vendor": "Pioneer", "vendor_url": null, "zdi_can": "ZDI-CAN-23302", "zdi_id": "ZDI-24-1043" }, { "cve": "CVE-2024-7253", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-1042/advisory.json", "detail_path": "advisories/ZDI-24-1042", "id": "ZDI-24-1042", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1042/", "vendor": "NoMachine", "vendor_url": null, "zdi_can": "ZDI-CAN-24039", "zdi_id": "ZDI-24-1042" }, { "cve": "CVE-2023-7261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1041/advisory.json", "detail_path": "advisories/ZDI-24-1041", "id": "ZDI-24-1041", "kind": "published", "published_date": "2024-08-01", "status": "published", "title": "Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1041/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-20781", "zdi_id": "ZDI-24-1041" }, { "cve": "CVE-2024-27877", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-1040/advisory.json", "detail_path": "advisories/ZDI-24-1040", "id": "ZDI-24-1040", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1040/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-24127", "zdi_id": "ZDI-24-1040" }, { "cve": "CVE-2024-8404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1039/advisory.json", "detail_path": "advisories/ZDI-24-1039", "id": "ZDI-24-1039", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability", "updated_date": "2025-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1039/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23757", "zdi_id": "ZDI-24-1039" }, { "cve": "CVE-2024-3037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-1038/advisory.json", "detail_path": "advisories/ZDI-24-1038", "id": "ZDI-24-1038", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "PaperCut NG pc-web-print Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1038/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-20972", "zdi_id": "ZDI-24-1038" }, { "cve": "CVE-2024-7352", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-1037/advisory.json", "detail_path": "advisories/ZDI-24-1037", "id": "ZDI-24-1037", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1037/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-23550", "zdi_id": "ZDI-24-1037" }, { "cve": "CVE-2024-6233", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-24-1036/advisory.json", "detail_path": "advisories/ZDI-24-1036", "id": "ZDI-24-1036", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1036/", "vendor": "Check Point", "vendor_url": null, "zdi_can": "ZDI-CAN-21677", "zdi_id": "ZDI-24-1036" }, { "cve": "CVE-2024-21371", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-1035/advisory.json", "detail_path": "advisories/ZDI-24-1035", "id": "ZDI-24-1035", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "Microsoft Windows NTFS Junction Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1035/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22668", "zdi_id": "ZDI-24-1035" }, { "cve": "CVE-2024-21164", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-1034/advisory.json", "detail_path": "advisories/ZDI-24-1034", "id": "ZDI-24-1034", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1034/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23673", "zdi_id": "ZDI-24-1034" }, { "cve": "CVE-2024-6122", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-1033/advisory.json", "detail_path": "advisories/ZDI-24-1033", "id": "ZDI-24-1033", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI FlexLogger Redis Server Incorrect Permission Assignment Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1033/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-23183", "zdi_id": "ZDI-24-1033" }, { "cve": "CVE-2024-6121", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-1032/advisory.json", "detail_path": "advisories/ZDI-24-1032", "id": "ZDI-24-1032", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI FlexLogger Redis Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1032/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21802", "zdi_id": "ZDI-24-1032" }, { "cve": "CVE-2024-6675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-1031/advisory.json", "detail_path": "advisories/ZDI-24-1031", "id": "ZDI-24-1031", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand NIVSPRJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1031/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21927", "zdi_id": "ZDI-24-1031" }, { "cve": "CVE-2024-6791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-1030/advisory.json", "detail_path": "advisories/ZDI-24-1030", "id": "ZDI-24-1030", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand VSMODEL File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1030/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22009", "zdi_id": "ZDI-24-1030" }, { "cve": "CVE-2024-6793", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in the DataLogging...", "detail_json": "/data/advisories/ZDI-24-1029/advisory.json", "detail_path": "advisories/ZDI-24-1029", "id": "ZDI-24-1029", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand DataLoggingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1029/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22068", "zdi_id": "ZDI-24-1029" }, { "cve": "CVE-2024-6794", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in the WaveformStr...", "detail_json": "/data/advisories/ZDI-24-1028/advisory.json", "detail_path": "advisories/ZDI-24-1028", "id": "ZDI-24-1028", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand WaveformStreamingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1028/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22069", "zdi_id": "ZDI-24-1028" }, { "cve": "CVE-2024-6806", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in the ProjectServ...", "detail_json": "/data/advisories/ZDI-24-1027/advisory.json", "detail_path": "advisories/ZDI-24-1027", "id": "ZDI-24-1027", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand ProjectServer OpenTool Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1027/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22106", "zdi_id": "ZDI-24-1027" }, { "cve": "CVE-2024-6806", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in the ProjectServ...", "detail_json": "/data/advisories/ZDI-24-1026/advisory.json", "detail_path": "advisories/ZDI-24-1026", "id": "ZDI-24-1026", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand ProjectServer Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1026/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22162", "zdi_id": "ZDI-24-1026" }, { "cve": "CVE-2024-6805", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IFileTransferServer component. The issue...", "detail_json": "/data/advisories/ZDI-24-1025/advisory.json", "detail_path": "advisories/ZDI-24-1025", "id": "ZDI-24-1025", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand IFileTransferServer Exposed Dangerous Method Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1025/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22070", "zdi_id": "ZDI-24-1025" }, { "cve": "CVE-2024-6805", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in t...", "detail_json": "/data/advisories/ZDI-24-1024/advisory.json", "detail_path": "advisories/ZDI-24-1024", "id": "ZDI-24-1024", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "NI VeriStand ProjectServer Exposed Dangerous Method Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1024/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22167", "zdi_id": "ZDI-24-1024" }, { "cve": "CVE-2024-41183", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-24-1023/advisory.json", "detail_path": "advisories/ZDI-24-1023", "id": "ZDI-24-1023", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "Trend Micro VPN Proxy One Pro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1023/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22717", "zdi_id": "ZDI-24-1023" }, { "cve": "CVE-2024-41183", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-24-1022/advisory.json", "detail_path": "advisories/ZDI-24-1022", "id": "ZDI-24-1022", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "Trend Micro VPN Proxy One Pro Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1022/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22716", "zdi_id": "ZDI-24-1022" }, { "cve": "CVE-2024-7564", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the get_response_json_result e...", "detail_json": "/data/advisories/ZDI-24-1021/advisory.json", "detail_path": "advisories/ZDI-24-1021", "id": "ZDI-24-1021", "kind": "published", "published_date": "2024-07-30", "status": "published", "title": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1021/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24680", "zdi_id": "ZDI-24-1021" }, { "cve": "CVE-2024-28992", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-1020/advisory.json", "detail_path": "advisories/ZDI-24-1020", "id": "ZDI-24-1020", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1020/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23514", "zdi_id": "ZDI-24-1020" }, { "cve": "CVE-2024-6222", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-24-1019/advisory.json", "detail_path": "advisories/ZDI-24-1019", "id": "ZDI-24-1019", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(Pwn2Own) Docker Desktop extension-manager Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1019/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-23779", "zdi_id": "ZDI-24-1019" }, { "cve": "CVE-2024-35880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-1018/advisory.json", "detail_path": "advisories/ZDI-24-1018", "id": "ZDI-24-1018", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(Pwn2Own) Linux Kernel io_uring Buffer List Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1018/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-23851", "zdi_id": "ZDI-24-1018" }, { "cve": "CVE-2024-7242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1017/advisory.json", "detail_path": "advisories/ZDI-24-1017", "id": "ZDI-24-1017", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1017/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23402", "zdi_id": "ZDI-24-1017" }, { "cve": "CVE-2024-7241", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1016/advisory.json", "detail_path": "advisories/ZDI-24-1016", "id": "ZDI-24-1016", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1016/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23375", "zdi_id": "ZDI-24-1016" }, { "cve": "CVE-2024-7245", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1015/advisory.json", "detail_path": "advisories/ZDI-24-1015", "id": "ZDI-24-1015", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1015/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23429", "zdi_id": "ZDI-24-1015" }, { "cve": "CVE-2024-7244", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1014/advisory.json", "detail_path": "advisories/ZDI-24-1014", "id": "ZDI-24-1014", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1014/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23428", "zdi_id": "ZDI-24-1014" }, { "cve": "CVE-2024-7243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-1013/advisory.json", "detail_path": "advisories/ZDI-24-1013", "id": "ZDI-24-1013", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1013/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-23413", "zdi_id": "ZDI-24-1013" }, { "cve": "CVE-2024-7240", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hos...", "detail_json": "/data/advisories/ZDI-24-1012/advisory.json", "detail_path": "advisories/ZDI-24-1012", "id": "ZDI-24-1012", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) F-Secure Total Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1012/", "vendor": "F-Secure", "vendor_url": null, "zdi_can": "ZDI-CAN-23005", "zdi_id": "ZDI-24-1012" }, { "cve": "CVE-2024-7238", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-1011/advisory.json", "detail_path": "advisories/ZDI-24-1011", "id": "ZDI-24-1011", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1011/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-22238", "zdi_id": "ZDI-24-1011" }, { "cve": "CVE-2024-7239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-1010/advisory.json", "detail_path": "advisories/ZDI-24-1010", "id": "ZDI-24-1010", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1010/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-22314", "zdi_id": "ZDI-24-1010" }, { "cve": "CVE-2024-7236", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-1009/advisory.json", "detail_path": "advisories/ZDI-24-1009", "id": "ZDI-24-1009", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1009/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-22942", "zdi_id": "ZDI-24-1009" }, { "cve": "CVE-2024-7234", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-1008/advisory.json", "detail_path": "advisories/ZDI-24-1008", "id": "ZDI-24-1008", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1008/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-22260", "zdi_id": "ZDI-24-1008" }, { "cve": "CVE-2024-7237", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-1007/advisory.json", "detail_path": "advisories/ZDI-24-1007", "id": "ZDI-24-1007", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1007/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-22960", "zdi_id": "ZDI-24-1007" }, { "cve": "CVE-2024-7235", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-1006/advisory.json", "detail_path": "advisories/ZDI-24-1006", "id": "ZDI-24-1006", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "AVG AntiVirus Free Link Following Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1006/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-22803", "zdi_id": "ZDI-24-1006" }, { "cve": "CVE-2024-7233", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-1005/advisory.json", "detail_path": "advisories/ZDI-24-1005", "id": "ZDI-24-1005", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1005/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-23731", "zdi_id": "ZDI-24-1005" }, { "cve": "CVE-2024-7232", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-1004/advisory.json", "detail_path": "advisories/ZDI-24-1004", "id": "ZDI-24-1004", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1004/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22963", "zdi_id": "ZDI-24-1004" }, { "cve": "CVE-2024-7227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-1003/advisory.json", "detail_path": "advisories/ZDI-24-1003", "id": "ZDI-24-1003", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1003/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22272", "zdi_id": "ZDI-24-1003" }, { "cve": "CVE-2024-7229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1002/advisory.json", "detail_path": "advisories/ZDI-24-1002", "id": "ZDI-24-1002", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1002/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22892", "zdi_id": "ZDI-24-1002" }, { "cve": "CVE-2024-7231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1001/advisory.json", "detail_path": "advisories/ZDI-24-1001", "id": "ZDI-24-1001", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1001/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22894", "zdi_id": "ZDI-24-1001" }, { "cve": "CVE-2024-7230", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-1000/advisory.json", "detail_path": "advisories/ZDI-24-1000", "id": "ZDI-24-1000", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1000/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22893", "zdi_id": "ZDI-24-1000" }, { "cve": "CVE-2024-7228", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-24-999/advisory.json", "detail_path": "advisories/ZDI-24-999", "id": "ZDI-24-999", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "(0Day) Avast Free Antivirus Link Following Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-999/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-22806", "zdi_id": "ZDI-24-999" }, { "cve": null, "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on KernelCI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability...", "detail_json": "/data/advisories/ZDI-24-998/advisory.json", "detail_path": "advisories/ZDI-24-998", "id": "ZDI-24-998", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "KernelCI SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-998/", "vendor": "KernelCI", "vendor_url": null, "zdi_can": "ZDI-CAN-22317", "zdi_id": "ZDI-24-998" }, { "cve": "CVE-2024-0565", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-997/advisory.json", "detail_path": "advisories/ZDI-24-997", "id": "ZDI-24-997", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Linux Kernel CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-997/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22869", "zdi_id": "ZDI-24-997" }, { "cve": "CVE-2023-52755", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd enabled...", "detail_json": "/data/advisories/ZDI-24-996/advisory.json", "detail_path": "advisories/ZDI-24-996", "id": "ZDI-24-996", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Linux Kernel ksmbd ACL Inheritance Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-996/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22271", "zdi_id": "ZDI-24-996" }, { "cve": "CVE-2023-39197", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DCCP protocol. The issue...", "detail_json": "/data/advisories/ZDI-24-995/advisory.json", "detail_path": "advisories/ZDI-24-995", "id": "ZDI-24-995", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Linux Kernel Netfilter Conntrack Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-995/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21202", "zdi_id": "ZDI-24-995" }, { "cve": "CVE-2023-39198", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-994/advisory.json", "detail_path": "advisories/ZDI-24-994", "id": "ZDI-24-994", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Linux Kernel QXL VGA Driver Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-994/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20940", "zdi_id": "ZDI-24-994" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the myapiendpoint.developer.azure-api.net...", "detail_json": "/data/advisories/ZDI-24-993/advisory.json", "detail_path": "advisories/ZDI-24-993", "id": "ZDI-24-993", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure myapiendpoint.developer.azure-api Improper Access Control Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-993/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23299", "zdi_id": "ZDI-24-993" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure VSTS CLI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure VSTS CLI. When...", "detail_json": "/data/advisories/ZDI-24-992/advisory.json", "detail_path": "advisories/ZDI-24-992", "id": "ZDI-24-992", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-992/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23542", "zdi_id": "ZDI-24-992" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure Arc Jumpstart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure Arc Jumpst...", "detail_json": "/data/advisories/ZDI-24-991/advisory.json", "detail_path": "advisories/ZDI-24-991", "id": "ZDI-24-991", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Arc Jumpstart Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-991/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23522", "zdi_id": "ZDI-24-991" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-990/advisory.json", "detail_path": "advisories/ZDI-24-990", "id": "ZDI-24-990", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-990/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19131", "zdi_id": "ZDI-24-990" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Container Network Management....", "detail_json": "/data/advisories/ZDI-24-989/advisory.json", "detail_path": "advisories/ZDI-24-989", "id": "ZDI-24-989", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Container Network Management sbidprod Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-989/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23298", "zdi_id": "ZDI-24-989" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of MQTT. When installed from the...", "detail_json": "/data/advisories/ZDI-24-988/advisory.json", "detail_path": "advisories/ZDI-24-988", "id": "ZDI-24-988", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure MQTT azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-988/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23268", "zdi_id": "ZDI-24-988" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Object Detection Solution Accelerator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation o...", "detail_json": "/data/advisories/ZDI-24-987/advisory.json", "detail_path": "advisories/ZDI-24-987", "id": "ZDI-24-987", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Object Detection Solution Accelerator csaddevamlacr Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-987/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23259", "zdi_id": "ZDI-24-987" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure IoT Edge Dev Tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure IoT Ed...", "detail_json": "/data/advisories/ZDI-24-986/advisory.json", "detail_path": "advisories/ZDI-24-986", "id": "ZDI-24-986", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure IoT Edge Dev Tool iotedgetoolscontainerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-986/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23235", "zdi_id": "ZDI-24-986" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Service Fabric for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Service Fab...", "detail_json": "/data/advisories/ZDI-24-985/advisory.json", "detail_path": "advisories/ZDI-24-985", "id": "ZDI-24-985", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Service Fabric servicefabricsdkstorage Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-985/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23050", "zdi_id": "ZDI-24-985" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-984/advisory.json", "detail_path": "advisories/ZDI-24-984", "id": "ZDI-24-984", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-984/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18535", "zdi_id": "ZDI-24-984" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Go Labs for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Go Labs. When inst...", "detail_json": "/data/advisories/ZDI-24-983/advisory.json", "detail_path": "advisories/ZDI-24-983", "id": "ZDI-24-983", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Go Labs microsoftgoproxy Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-983/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23036", "zdi_id": "ZDI-24-983" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to manipulate sample datasets on affected installations of SQL Workshop for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of SQL Works...", "detail_json": "/data/advisories/ZDI-24-982/advisory.json", "detail_path": "advisories/ZDI-24-982", "id": "ZDI-24-982", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure SQL Workshop azuremlsampleexperiments Uncontrolled Search Path Element Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-982/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23025", "zdi_id": "ZDI-24-982" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Azure Machine Learning Notebooks for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installat...", "detail_json": "/data/advisories/ZDI-24-981/advisory.json", "detail_path": "advisories/ZDI-24-981", "id": "ZDI-24-981", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Machine Learning Notebooks azuremlpackages Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-981/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23020", "zdi_id": "ZDI-24-981" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Forecasting Toolkit for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Foreca...", "detail_json": "/data/advisories/ZDI-24-980/advisory.json", "detail_path": "advisories/ZDI-24-980", "id": "ZDI-24-980", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Azure Machine Learning Forecasting Toolkit azuremlftkrelease Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-980/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23019", "zdi_id": "ZDI-24-980" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-979/advisory.json", "detail_path": "advisories/ZDI-24-979", "id": "ZDI-24-979", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Office Visio DXF File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-979/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19066", "zdi_id": "ZDI-24-979" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-978/advisory.json", "detail_path": "advisories/ZDI-24-978", "id": "ZDI-24-978", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft PC Manager Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-978/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22503", "zdi_id": "ZDI-24-978" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-24-977/advisory.json", "detail_path": "advisories/ZDI-24-977", "id": "ZDI-24-977", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Office Excel XLW File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-977/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22158", "zdi_id": "ZDI-24-977" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-976/advisory.json", "detail_path": "advisories/ZDI-24-976", "id": "ZDI-24-976", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Office PowerPoint GLB File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-976/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20982", "zdi_id": "ZDI-24-976" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-975/advisory.json", "detail_path": "advisories/ZDI-24-975", "id": "ZDI-24-975", "kind": "published", "published_date": "2024-07-29", "status": "published", "title": "Microsoft Excel FBX File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-975/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18381", "zdi_id": "ZDI-24-975" }, { "cve": "CVE-2024-6822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-974/advisory.json", "detail_path": "advisories/ZDI-24-974", "id": "ZDI-24-974", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-974/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23261", "zdi_id": "ZDI-24-974" }, { "cve": "CVE-2024-6821", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-973/advisory.json", "detail_path": "advisories/ZDI-24-973", "id": "ZDI-24-973", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-973/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23260", "zdi_id": "ZDI-24-973" }, { "cve": "CVE-2024-6820", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-972/advisory.json", "detail_path": "advisories/ZDI-24-972", "id": "ZDI-24-972", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-972/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23232", "zdi_id": "ZDI-24-972" }, { "cve": "CVE-2024-6819", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-971/advisory.json", "detail_path": "advisories/ZDI-24-971", "id": "ZDI-24-971", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-971/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23219", "zdi_id": "ZDI-24-971" }, { "cve": "CVE-2024-6818", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-970/advisory.json", "detail_path": "advisories/ZDI-24-970", "id": "ZDI-24-970", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-970/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23217", "zdi_id": "ZDI-24-970" }, { "cve": "CVE-2024-6817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-969/advisory.json", "detail_path": "advisories/ZDI-24-969", "id": "ZDI-24-969", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-969/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23216", "zdi_id": "ZDI-24-969" }, { "cve": "CVE-2024-6816", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-968/advisory.json", "detail_path": "advisories/ZDI-24-968", "id": "ZDI-24-968", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-968/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23214", "zdi_id": "ZDI-24-968" }, { "cve": "CVE-2024-6815", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-967/advisory.json", "detail_path": "advisories/ZDI-24-967", "id": "ZDI-24-967", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-967/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23159", "zdi_id": "ZDI-24-967" }, { "cve": "CVE-2024-5652", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-24-966/advisory.json", "detail_path": "advisories/ZDI-24-966", "id": "ZDI-24-966", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "Docker Desktop Daemon CLI External Control of File Path Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-966/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-23533", "zdi_id": "ZDI-24-966" }, { "cve": "CVE-2024-27829", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-24-965/advisory.json", "detail_path": "advisories/ZDI-24-965", "id": "ZDI-24-965", "kind": "published", "published_date": "2024-07-26", "status": "published", "title": "Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-965/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-23325", "zdi_id": "ZDI-24-965" }, { "cve": "CVE-2024-23147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-964/advisory.json", "detail_path": "advisories/ZDI-24-964", "id": "ZDI-24-964", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-964/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23904", "zdi_id": "ZDI-24-964" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-963/advisory.json", "detail_path": "advisories/ZDI-24-963", "id": "ZDI-24-963", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-963/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23840", "zdi_id": "ZDI-24-963" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-962/advisory.json", "detail_path": "advisories/ZDI-24-962", "id": "ZDI-24-962", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-962/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23830", "zdi_id": "ZDI-24-962" }, { "cve": "CVE-2024-23147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-961/advisory.json", "detail_path": "advisories/ZDI-24-961", "id": "ZDI-24-961", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-961/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23772", "zdi_id": "ZDI-24-961" }, { "cve": "CVE-2024-23152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-960/advisory.json", "detail_path": "advisories/ZDI-24-960", "id": "ZDI-24-960", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-960/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23846", "zdi_id": "ZDI-24-960" }, { "cve": "CVE-2024-37007", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-959/advisory.json", "detail_path": "advisories/ZDI-24-959", "id": "ZDI-24-959", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-959/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23839", "zdi_id": "ZDI-24-959" }, { "cve": "CVE-2024-37005", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-958/advisory.json", "detail_path": "advisories/ZDI-24-958", "id": "ZDI-24-958", "kind": "published", "published_date": "2024-07-25", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-958/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23829", "zdi_id": "ZDI-24-958" }, { "cve": "CVE-2024-7252", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-957/advisory.json", "detail_path": "advisories/ZDI-24-957", "id": "ZDI-24-957", "kind": "published", "published_date": "2024-07-23", "status": "published", "title": "(0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-957/", "vendor": "Comodo", "vendor_url": null, "zdi_can": "ZDI-CAN-22831", "zdi_id": "ZDI-24-957" }, { "cve": "CVE-2024-7251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-956/advisory.json", "detail_path": "advisories/ZDI-24-956", "id": "ZDI-24-956", "kind": "published", "published_date": "2024-07-23", "status": "published", "title": "(0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-956/", "vendor": "Comodo", "vendor_url": null, "zdi_can": "ZDI-CAN-22832", "zdi_id": "ZDI-24-956" }, { "cve": "CVE-2024-7250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-955/advisory.json", "detail_path": "advisories/ZDI-24-955", "id": "ZDI-24-955", "kind": "published", "published_date": "2024-07-23", "status": "published", "title": "(0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-955/", "vendor": "Comodo", "vendor_url": null, "zdi_can": "ZDI-CAN-22829", "zdi_id": "ZDI-24-955" }, { "cve": "CVE-2024-7249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-24-954/advisory.json", "detail_path": "advisories/ZDI-24-954", "id": "ZDI-24-954", "kind": "published", "published_date": "2024-07-23", "status": "published", "title": "(0Day) Comodo Firewall Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-954/", "vendor": "Comodo", "vendor_url": null, "zdi_can": "ZDI-CAN-21794", "zdi_id": "ZDI-24-954" }, { "cve": "CVE-2024-7248", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-953/advisory.json", "detail_path": "advisories/ZDI-24-953", "id": "ZDI-24-953", "kind": "published", "published_date": "2024-07-23", "status": "published", "title": "(0Day) Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-953/", "vendor": "Comodo", "vendor_url": null, "zdi_can": "ZDI-CAN-19055", "zdi_id": "ZDI-24-953" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-952/advisory.json", "detail_path": "advisories/ZDI-24-952", "id": "ZDI-24-952", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-952/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23926", "zdi_id": "ZDI-24-952" }, { "cve": "CVE-2024-39883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-951/advisory.json", "detail_path": "advisories/ZDI-24-951", "id": "ZDI-24-951", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-951/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23925", "zdi_id": "ZDI-24-951" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-950/advisory.json", "detail_path": "advisories/ZDI-24-950", "id": "ZDI-24-950", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-950/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23924", "zdi_id": "ZDI-24-950" }, { "cve": "CVE-2024-39883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-949/advisory.json", "detail_path": "advisories/ZDI-24-949", "id": "ZDI-24-949", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-949/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23923", "zdi_id": "ZDI-24-949" }, { "cve": "CVE-2024-39882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-948/advisory.json", "detail_path": "advisories/ZDI-24-948", "id": "ZDI-24-948", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-948/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23920", "zdi_id": "ZDI-24-948" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-947/advisory.json", "detail_path": "advisories/ZDI-24-947", "id": "ZDI-24-947", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-947/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23919", "zdi_id": "ZDI-24-947" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-946/advisory.json", "detail_path": "advisories/ZDI-24-946", "id": "ZDI-24-946", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-946/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23918", "zdi_id": "ZDI-24-946" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-945/advisory.json", "detail_path": "advisories/ZDI-24-945", "id": "ZDI-24-945", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-945/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23917", "zdi_id": "ZDI-24-945" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-944/advisory.json", "detail_path": "advisories/ZDI-24-944", "id": "ZDI-24-944", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-944/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23916", "zdi_id": "ZDI-24-944" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-943/advisory.json", "detail_path": "advisories/ZDI-24-943", "id": "ZDI-24-943", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-943/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23915", "zdi_id": "ZDI-24-943" }, { "cve": "CVE-2024-39882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-942/advisory.json", "detail_path": "advisories/ZDI-24-942", "id": "ZDI-24-942", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-942/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23914", "zdi_id": "ZDI-24-942" }, { "cve": "CVE-2024-39881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-941/advisory.json", "detail_path": "advisories/ZDI-24-941", "id": "ZDI-24-941", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-941/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23842", "zdi_id": "ZDI-24-941" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-940/advisory.json", "detail_path": "advisories/ZDI-24-940", "id": "ZDI-24-940", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-940/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23841", "zdi_id": "ZDI-24-940" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-939/advisory.json", "detail_path": "advisories/ZDI-24-939", "id": "ZDI-24-939", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-939/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23832", "zdi_id": "ZDI-24-939" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-938/advisory.json", "detail_path": "advisories/ZDI-24-938", "id": "ZDI-24-938", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-938/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23831", "zdi_id": "ZDI-24-938" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-937/advisory.json", "detail_path": "advisories/ZDI-24-937", "id": "ZDI-24-937", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-937/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23811", "zdi_id": "ZDI-24-937" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-936/advisory.json", "detail_path": "advisories/ZDI-24-936", "id": "ZDI-24-936", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-936/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23809", "zdi_id": "ZDI-24-936" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-935/advisory.json", "detail_path": "advisories/ZDI-24-935", "id": "ZDI-24-935", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-935/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23807", "zdi_id": "ZDI-24-935" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-934/advisory.json", "detail_path": "advisories/ZDI-24-934", "id": "ZDI-24-934", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-934/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23770", "zdi_id": "ZDI-24-934" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-933/advisory.json", "detail_path": "advisories/ZDI-24-933", "id": "ZDI-24-933", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-933/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23769", "zdi_id": "ZDI-24-933" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-932/advisory.json", "detail_path": "advisories/ZDI-24-932", "id": "ZDI-24-932", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-932/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23767", "zdi_id": "ZDI-24-932" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-931/advisory.json", "detail_path": "advisories/ZDI-24-931", "id": "ZDI-24-931", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-931/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23766", "zdi_id": "ZDI-24-931" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-930/advisory.json", "detail_path": "advisories/ZDI-24-930", "id": "ZDI-24-930", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-930/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23765", "zdi_id": "ZDI-24-930" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-929/advisory.json", "detail_path": "advisories/ZDI-24-929", "id": "ZDI-24-929", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-929/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23764", "zdi_id": "ZDI-24-929" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-928/advisory.json", "detail_path": "advisories/ZDI-24-928", "id": "ZDI-24-928", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-928/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23763", "zdi_id": "ZDI-24-928" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-927/advisory.json", "detail_path": "advisories/ZDI-24-927", "id": "ZDI-24-927", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-927/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23648", "zdi_id": "ZDI-24-927" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-926/advisory.json", "detail_path": "advisories/ZDI-24-926", "id": "ZDI-24-926", "kind": "published", "published_date": "2024-07-31", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-926/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23581", "zdi_id": "ZDI-24-926" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-925/advisory.json", "detail_path": "advisories/ZDI-24-925", "id": "ZDI-24-925", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-925/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23580", "zdi_id": "ZDI-24-925" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-924/advisory.json", "detail_path": "advisories/ZDI-24-924", "id": "ZDI-24-924", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-924/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23579", "zdi_id": "ZDI-24-924" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-923/advisory.json", "detail_path": "advisories/ZDI-24-923", "id": "ZDI-24-923", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-923/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23578", "zdi_id": "ZDI-24-923" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-922/advisory.json", "detail_path": "advisories/ZDI-24-922", "id": "ZDI-24-922", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 CMT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-922/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23577", "zdi_id": "ZDI-24-922" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-921/advisory.json", "detail_path": "advisories/ZDI-24-921", "id": "ZDI-24-921", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-921/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23576", "zdi_id": "ZDI-24-921" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-920/advisory.json", "detail_path": "advisories/ZDI-24-920", "id": "ZDI-24-920", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-920/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23575", "zdi_id": "ZDI-24-920" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-919/advisory.json", "detail_path": "advisories/ZDI-24-919", "id": "ZDI-24-919", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-919/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23574", "zdi_id": "ZDI-24-919" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-918/advisory.json", "detail_path": "advisories/ZDI-24-918", "id": "ZDI-24-918", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-918/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23573", "zdi_id": "ZDI-24-918" }, { "cve": "CVE-2024-39880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-917/advisory.json", "detail_path": "advisories/ZDI-24-917", "id": "ZDI-24-917", "kind": "published", "published_date": "2024-07-22", "status": "published", "title": "Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-917/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23572", "zdi_id": "ZDI-24-917" }, { "cve": "CVE-2024-23475", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AddReportResult meth...", "detail_json": "/data/advisories/ZDI-24-916/advisory.json", "detail_path": "advisories/ZDI-24-916", "id": "ZDI-24-916", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager AddReportResult Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-916/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23061", "zdi_id": "ZDI-24-916" }, { "cve": "CVE-2024-23472", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AddGeneratedReport m...", "detail_json": "/data/advisories/ZDI-24-915/advisory.json", "detail_path": "advisories/ZDI-24-915", "id": "ZDI-24-915", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager AddGeneratedReport Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-915/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23062", "zdi_id": "ZDI-24-915" }, { "cve": "CVE-2024-23474", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-914/advisory.json", "detail_path": "advisories/ZDI-24-914", "id": "ZDI-24-914", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-914/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23063", "zdi_id": "ZDI-24-914" }, { "cve": "CVE-2024-23468", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-913/advisory.json", "detail_path": "advisories/ZDI-24-913", "id": "ZDI-24-913", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-913/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23060", "zdi_id": "ZDI-24-913" }, { "cve": "CVE-2024-23469", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EndUpdate method. The issue r...", "detail_json": "/data/advisories/ZDI-24-912/advisory.json", "detail_path": "advisories/ZDI-24-912", "id": "ZDI-24-912", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager EndUpdate Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-912/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23039", "zdi_id": "ZDI-24-912" }, { "cve": "CVE-2024-23470", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserScriptHumster class. The...", "detail_json": "/data/advisories/ZDI-24-911/advisory.json", "detail_path": "advisories/ZDI-24-911", "id": "ZDI-24-911", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-911/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22712", "zdi_id": "ZDI-24-911" }, { "cve": "CVE-2024-23471", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CreateFile method. The issue...", "detail_json": "/data/advisories/ZDI-24-910/advisory.json", "detail_path": "advisories/ZDI-24-910", "id": "ZDI-24-910", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager CreateFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-910/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22711", "zdi_id": "ZDI-24-910" }, { "cve": "CVE-2024-23467", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExpandZipFile method. The iss...", "detail_json": "/data/advisories/ZDI-24-909/advisory.json", "detail_path": "advisories/ZDI-24-909", "id": "ZDI-24-909", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager ExpandZipFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-909/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22697", "zdi_id": "ZDI-24-909" }, { "cve": "CVE-2024-23466", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Connect method. The issue res...", "detail_json": "/data/advisories/ZDI-24-908/advisory.json", "detail_path": "advisories/ZDI-24-908", "id": "ZDI-24-908", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager Connect Method Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-908/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22681", "zdi_id": "ZDI-24-908" }, { "cve": "CVE-2024-23465", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangeHumster class. The issue...", "detail_json": "/data/advisories/ZDI-24-907/advisory.json", "detail_path": "advisories/ZDI-24-907", "id": "ZDI-24-907", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-907/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23053", "zdi_id": "ZDI-24-907" }, { "cve": "CVE-2024-28074", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createGlobalServerChannelInte...", "detail_json": "/data/advisories/ZDI-24-906/advisory.json", "detail_path": "advisories/ZDI-24-906", "id": "ZDI-24-906", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-906/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22554", "zdi_id": "ZDI-24-906" }, { "cve": "CVE-2024-28992", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-905/advisory.json", "detail_path": "advisories/ZDI-24-905", "id": "ZDI-24-905", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-905/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23515", "zdi_id": "ZDI-24-905" }, { "cve": "CVE-2024-6812", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-904/advisory.json", "detail_path": "advisories/ZDI-24-904", "id": "ZDI-24-904", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-904/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23273", "zdi_id": "ZDI-24-904" }, { "cve": "CVE-2024-6811", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-903/advisory.json", "detail_path": "advisories/ZDI-24-903", "id": "ZDI-24-903", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-903/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-24192", "zdi_id": "ZDI-24-903" }, { "cve": "CVE-2024-6813", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. Th...", "detail_json": "/data/advisories/ZDI-24-902/advisory.json", "detail_path": "advisories/ZDI-24-902", "id": "ZDI-24-902", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-902/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-23207", "zdi_id": "ZDI-24-902" }, { "cve": "CVE-2024-6814", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method....", "detail_json": "/data/advisories/ZDI-24-901/advisory.json", "detail_path": "advisories/ZDI-24-901", "id": "ZDI-24-901", "kind": "published", "published_date": "2024-07-18", "status": "published", "title": "NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-901/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-23399", "zdi_id": "ZDI-24-901" }, { "cve": "CVE-2024-27298", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue r...", "detail_json": "/data/advisories/ZDI-24-900/advisory.json", "detail_path": "advisories/ZDI-24-900", "id": "ZDI-24-900", "kind": "published", "published_date": "2024-07-16", "status": "published", "title": "Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-900/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-19105", "zdi_id": "ZDI-24-900" }, { "cve": "CVE-2024-39841", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the testServiceExistence function. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-899/advisory.json", "detail_path": "advisories/ZDI-24-899", "id": "ZDI-24-899", "kind": "published", "published_date": "2024-07-15", "status": "published", "title": "Centreon testServiceExistence SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-899/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-23078", "zdi_id": "ZDI-24-899" }, { "cve": "CVE-2024-2003", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the ESET Ser...", "detail_json": "/data/advisories/ZDI-24-898/advisory.json", "detail_path": "advisories/ZDI-24-898", "id": "ZDI-24-898", "kind": "published", "published_date": "2024-07-05", "status": "published", "title": "ESET Smart Security Premium Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-898/", "vendor": "ESET", "vendor_url": null, "zdi_can": "ZDI-CAN-23314", "zdi_id": "ZDI-24-898" }, { "cve": "CVE-2024-39753", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the client management functionality. The issue re...", "detail_json": "/data/advisories/ZDI-24-897/advisory.json", "detail_path": "advisories/ZDI-24-897", "id": "ZDI-24-897", "kind": "published", "published_date": "2024-07-05", "status": "published", "title": "Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-897/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22968", "zdi_id": "ZDI-24-897" }, { "cve": "CVE-2024-39309", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results fr...", "detail_json": "/data/advisories/ZDI-24-896/advisory.json", "detail_path": "advisories/ZDI-24-896", "id": "ZDI-24-896", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-896/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-23894", "zdi_id": "ZDI-24-896" }, { "cve": "CVE-2024-5008", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the APM module. The issue results from...", "detail_json": "/data/advisories/ZDI-24-895/advisory.json", "detail_path": "advisories/ZDI-24-895", "id": "ZDI-24-895", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-895/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-22319", "zdi_id": "ZDI-24-895" }, { "cve": "CVE-2024-4884", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommunityController class. The...", "detail_json": "/data/advisories/ZDI-24-894/advisory.json", "detail_path": "advisories/ZDI-24-894", "id": "ZDI-24-894", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-894/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23913", "zdi_id": "ZDI-24-894" }, { "cve": "CVE-2024-4885", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithou...", "detail_json": "/data/advisories/ZDI-24-893/advisory.json", "detail_path": "advisories/ZDI-24-893", "id": "ZDI-24-893", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-893/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24003", "zdi_id": "ZDI-24-893" }, { "cve": "CVE-2024-4883", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WriteDataFile method. The issue...", "detail_json": "/data/advisories/ZDI-24-892/advisory.json", "detail_path": "advisories/ZDI-24-892", "id": "ZDI-24-892", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-892/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23663", "zdi_id": "ZDI-24-892" }, { "cve": "CVE-2024-5016", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of OnMessage method....", "detail_json": "/data/advisories/ZDI-24-891/advisory.json", "detail_path": "advisories/ZDI-24-891", "id": "ZDI-24-891", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-891/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23668", "zdi_id": "ZDI-24-891" }, { "cve": "CVE-2024-5015", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the SessionControler c...", "detail_json": "/data/advisories/ZDI-24-890/advisory.json", "detail_path": "advisories/ZDI-24-890", "id": "ZDI-24-890", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-890/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23670", "zdi_id": "ZDI-24-890" }, { "cve": "CVE-2024-5013", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallController...", "detail_json": "/data/advisories/ZDI-24-889/advisory.json", "detail_path": "advisories/ZDI-24-889", "id": "ZDI-24-889", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold InstallController Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-889/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23869", "zdi_id": "ZDI-24-889" }, { "cve": "CVE-2024-5015", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetWindowsCredential me...", "detail_json": "/data/advisories/ZDI-24-888/advisory.json", "detail_path": "advisories/ZDI-24-888", "id": "ZDI-24-888", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-888/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23659", "zdi_id": "ZDI-24-888" }, { "cve": "CVE-2024-5014", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetASPReport method. The is...", "detail_json": "/data/advisories/ZDI-24-887/advisory.json", "detail_path": "advisories/ZDI-24-887", "id": "ZDI-24-887", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-887/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23564", "zdi_id": "ZDI-24-887" }, { "cve": "CVE-2024-5009", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local ma...", "detail_json": "/data/advisories/ZDI-24-886/advisory.json", "detail_path": "advisories/ZDI-24-886", "id": "ZDI-24-886", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-886/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-24004", "zdi_id": "ZDI-24-886" }, { "cve": "CVE-2024-5018", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LoadUsingBasePath metho...", "detail_json": "/data/advisories/ZDI-24-885/advisory.json", "detail_path": "advisories/ZDI-24-885", "id": "ZDI-24-885", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-885/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23760", "zdi_id": "ZDI-24-885" }, { "cve": "CVE-2024-5019", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of LoadC...", "detail_json": "/data/advisories/ZDI-24-884/advisory.json", "detail_path": "advisories/ZDI-24-884", "id": "ZDI-24-884", "kind": "published", "published_date": "2024-07-03", "status": "published", "title": "Progress Software WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-884/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23874", "zdi_id": "ZDI-24-884" }, { "cve": "CVE-2024-5762", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from...", "detail_json": "/data/advisories/ZDI-24-883/advisory.json", "detail_path": "advisories/ZDI-24-883", "id": "ZDI-24-883", "kind": "published", "published_date": "2024-06-26", "status": "published", "title": "Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-883/", "vendor": "Zen Cart", "vendor_url": null, "zdi_can": "ZDI-CAN-21408", "zdi_id": "ZDI-24-883" }, { "cve": "CVE-2024-37087", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the License Server....", "detail_json": "/data/advisories/ZDI-24-882/advisory.json", "detail_path": "advisories/ZDI-24-882", "id": "ZDI-24-882", "kind": "published", "published_date": "2024-06-25", "status": "published", "title": "VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-882/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20007", "zdi_id": "ZDI-24-882" }, { "cve": "CVE-2024-29206", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-24-881/advisory.json", "detail_path": "advisories/ZDI-24-881", "id": "ZDI-24-881", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks EV Station setDebugPortEnabled Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-881/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-23318", "zdi_id": "ZDI-24-881" }, { "cve": "CVE-2024-29207", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Ubiquiti Networks EV Station. User interaction is not required to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-24-880/advisory.json", "detail_path": "advisories/ZDI-24-880", "id": "ZDI-24-880", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks EV Station EVCLauncher Improper Certificate Validation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-880/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-23187", "zdi_id": "ZDI-24-880" }, { "cve": "CVE-2024-29208", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password change functio...", "detail_json": "/data/advisories/ZDI-24-879/advisory.json", "detail_path": "advisories/ZDI-24-879", "id": "ZDI-24-879", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks EV Station changeUserPassword Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-879/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-23186", "zdi_id": "ZDI-24-879" }, { "cve": "CVE-2024-23922", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updat...", "detail_json": "/data/advisories/ZDI-24-878/advisory.json", "detail_path": "advisories/ZDI-24-878", "id": "ZDI-24-878", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "Sony XAV-AX5500 Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-878/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-23319", "zdi_id": "ZDI-24-878" }, { "cve": "CVE-2024-23933", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Appl...", "detail_json": "/data/advisories/ZDI-24-877/advisory.json", "detail_path": "advisories/ZDI-24-877", "id": "ZDI-24-877", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-877/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-23238", "zdi_id": "ZDI-24-877" }, { "cve": "CVE-2024-23972", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted...", "detail_json": "/data/advisories/ZDI-24-876/advisory.json", "detail_path": "advisories/ZDI-24-876", "id": "ZDI-24-876", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-876/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-23185", "zdi_id": "ZDI-24-876" }, { "cve": "CVE-2024-23934", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-875/advisory.json", "detail_path": "advisories/ZDI-24-875", "id": "ZDI-24-875", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-875/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-22994", "zdi_id": "ZDI-24-875" }, { "cve": "CVE-2024-23922", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updat...", "detail_json": "/data/advisories/ZDI-24-874/advisory.json", "detail_path": "advisories/ZDI-24-874", "id": "ZDI-24-874", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-874/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-22939", "zdi_id": "ZDI-24-874" }, { "cve": "CVE-2024-23973", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests....", "detail_json": "/data/advisories/ZDI-24-873/advisory.json", "detail_path": "advisories/ZDI-24-873", "id": "ZDI-24-873", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-873/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23396", "zdi_id": "ZDI-24-873" }, { "cve": "CVE-2025-2838", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DN...", "detail_json": "/data/advisories/ZDI-24-872/advisory.json", "detail_path": "advisories/ZDI-24-872", "id": "ZDI-24-872", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2025-03-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-872/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23392", "zdi_id": "ZDI-24-872" }, { "cve": "CVE-2025-2837", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The...", "detail_json": "/data/advisories/ZDI-24-871/advisory.json", "detail_path": "advisories/ZDI-24-871", "id": "ZDI-24-871", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-03-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-871/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23245", "zdi_id": "ZDI-24-871" }, { "cve": "CVE-2024-24731", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_dow...", "detail_json": "/data/advisories/ZDI-24-870/advisory.json", "detail_path": "advisories/ZDI-24-870", "id": "ZDI-24-870", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS http_download Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-870/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23226", "zdi_id": "ZDI-24-870" }, { "cve": "CVE-2024-23937", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The i...", "detail_json": "/data/advisories/ZDI-24-869/advisory.json", "detail_path": "advisories/ZDI-24-869", "id": "ZDI-24-869", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-869/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23189", "zdi_id": "ZDI-24-869" }, { "cve": "CVE-2024-23938", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue res...", "detail_json": "/data/advisories/ZDI-24-868/advisory.json", "detail_path": "advisories/ZDI-24-868", "id": "ZDI-24-868", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-868/", "vendor": "Silicon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-23184", "zdi_id": "ZDI-24-868" }, { "cve": "CVE-2024-25994", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxUpdateAg...", "detail_json": "/data/advisories/ZDI-24-867/advisory.json", "detail_path": "advisories/ZDI-24-867", "id": "ZDI-24-867", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-867/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-24096", "zdi_id": "ZDI-24-867" }, { "cve": "CVE-2024-26004", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-24-866/advisory.json", "detail_path": "advisories/ZDI-24-866", "id": "ZDI-24-866", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 CANopenDevice Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-866/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-24095", "zdi_id": "ZDI-24-866" }, { "cve": "CVE-2024-25999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...", "detail_json": "/data/advisories/ZDI-24-865/advisory.json", "detail_path": "advisories/ZDI-24-865", "id": "ZDI-24-865", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "Phoenix Contact CHARX SEC-3100 charx_pack_logs Improper Input Validation Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-865/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-21407", "zdi_id": "ZDI-24-865" }, { "cve": "CVE-2024-25998", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of t...", "detail_json": "/data/advisories/ZDI-24-864/advisory.json", "detail_path": "advisories/ZDI-24-864", "id": "ZDI-24-864", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-864/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23320", "zdi_id": "ZDI-24-864" }, { "cve": "CVE-2024-26002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-24-863/advisory.json", "detail_path": "advisories/ZDI-24-863", "id": "ZDI-24-863", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-863/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23305", "zdi_id": "ZDI-24-863" }, { "cve": "CVE-2024-26001", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of J...", "detail_json": "/data/advisories/ZDI-24-862/advisory.json", "detail_path": "advisories/ZDI-24-862", "id": "ZDI-24-862", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 MQTT Protocol JSON Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-862/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23304", "zdi_id": "ZDI-24-862" }, { "cve": "CVE-2024-26005", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of C...", "detail_json": "/data/advisories/ZDI-24-861/advisory.json", "detail_path": "advisories/ZDI-24-861", "id": "ZDI-24-861", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 ClientSession Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-861/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23303", "zdi_id": "ZDI-24-861" }, { "cve": "CVE-2024-26003", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsi...", "detail_json": "/data/advisories/ZDI-24-860/advisory.json", "detail_path": "advisories/ZDI-24-860", "id": "ZDI-24-860", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 HomePlug Protocol Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-860/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23244", "zdi_id": "ZDI-24-860" }, { "cve": "CVE-2024-26000", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handl...", "detail_json": "/data/advisories/ZDI-24-859/advisory.json", "detail_path": "advisories/ZDI-24-859", "id": "ZDI-24-859", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 MTQQ Protocol JSON Parsing Type Confusion Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-859/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23239", "zdi_id": "ZDI-24-859" }, { "cve": "CVE-2024-26288", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementatio...", "detail_json": "/data/advisories/ZDI-24-858/advisory.json", "detail_path": "advisories/ZDI-24-858", "id": "ZDI-24-858", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-858/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23225", "zdi_id": "ZDI-24-858" }, { "cve": "CVE-2024-25996", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-24-857/advisory.json", "detail_path": "advisories/ZDI-24-857", "id": "ZDI-24-857", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Improper Access Control Firewall Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-857/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23221", "zdi_id": "ZDI-24-857" }, { "cve": "CVE-2024-25995", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemCo...", "detail_json": "/data/advisories/ZDI-24-856/advisory.json", "detail_path": "advisories/ZDI-24-856", "id": "ZDI-24-856", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Config Manager Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-856/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23158", "zdi_id": "ZDI-24-856" }, { "cve": "CVE-2024-25997", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to injection malicious content into log files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-24-855/advisory.json", "detail_path": "advisories/ZDI-24-855", "id": "ZDI-24-855", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Improper Log Output Neutralization Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-855/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23321", "zdi_id": "ZDI-24-855" }, { "cve": "CVE-2024-23957", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-854/advisory.json", "detail_path": "advisories/ZDI-24-854", "id": "ZDI-24-854", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-854/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-23241", "zdi_id": "ZDI-24-854" }, { "cve": "CVE-2024-23967", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-24-853/advisory.json", "detail_path": "advisories/ZDI-24-853", "id": "ZDI-24-853", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-853/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-23230", "zdi_id": "ZDI-24-853" }, { "cve": "CVE-2024-23958", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-24-852/advisory.json", "detail_path": "advisories/ZDI-24-852", "id": "ZDI-24-852", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-852/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-23196", "zdi_id": "ZDI-24-852" }, { "cve": "CVE-2024-23959", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Although authentication is required to exploit this vulnerability, the existing authenticati...", "detail_json": "/data/advisories/ZDI-24-851/advisory.json", "detail_path": "advisories/ZDI-24-851", "id": "ZDI-24-851", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-851/", "vendor": "Autel", "vendor_url": null, "zdi_can": "ZDI-CAN-23194", "zdi_id": "ZDI-24-851" }, { "cve": "CVE-2024-23963", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vu...", "detail_json": "/data/advisories/ZDI-24-850/advisory.json", "detail_path": "advisories/ZDI-24-850", "id": "ZDI-24-850", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-850/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23312", "zdi_id": "ZDI-24-850" }, { "cve": "CVE-2024-23961", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp func...", "detail_json": "/data/advisories/ZDI-24-849/advisory.json", "detail_path": "advisories/ZDI-24-849", "id": "ZDI-24-849", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-849/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23306", "zdi_id": "ZDI-24-849" }, { "cve": "CVE-2024-23935", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vu...", "detail_json": "/data/advisories/ZDI-24-848/advisory.json", "detail_path": "advisories/ZDI-24-848", "id": "ZDI-24-848", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-848/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23249", "zdi_id": "ZDI-24-848" }, { "cve": "CVE-2024-23962", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on T...", "detail_json": "/data/advisories/ZDI-24-847/advisory.json", "detail_path": "advisories/ZDI-24-847", "id": "ZDI-24-847", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 Missing Authentication Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-847/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23246", "zdi_id": "ZDI-24-847" }, { "cve": "CVE-2024-23924", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash fu...", "detail_json": "/data/advisories/ZDI-24-846/advisory.json", "detail_path": "advisories/ZDI-24-846", "id": "ZDI-24-846", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-846/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23105", "zdi_id": "ZDI-24-846" }, { "cve": "CVE-2024-23960", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metad...", "detail_json": "/data/advisories/ZDI-24-845/advisory.json", "detail_path": "advisories/ZDI-24-845", "id": "ZDI-24-845", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-845/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-23102", "zdi_id": "ZDI-24-845" }, { "cve": "CVE-2024-23923", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prh_l2_sar_data_ind function. T...", "detail_json": "/data/advisories/ZDI-24-844/advisory.json", "detail_path": "advisories/ZDI-24-844", "id": "ZDI-24-844", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-844/", "vendor": "Alpine", "vendor_url": null, "zdi_can": "ZDI-CAN-22945", "zdi_id": "ZDI-24-844" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the reset event. The issue...", "detail_json": "/data/advisories/ZDI-24-843/advisory.json", "detail_path": "advisories/ZDI-24-843", "id": "ZDI-24-843", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "Linux Kernel USB/IP VHCI Driver Race Condition Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-843/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22273", "zdi_id": "ZDI-24-843" }, { "cve": "CVE-2023-6200", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Route Information options....", "detail_json": "/data/advisories/ZDI-24-842/advisory.json", "detail_path": "advisories/ZDI-24-842", "id": "ZDI-24-842", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "Linux Kernel ICMPv6 Router Advertisement Race Condition Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-842/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22579", "zdi_id": "ZDI-24-842" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Zope Application Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the contentFilter...", "detail_json": "/data/advisories/ZDI-24-841/advisory.json", "detail_path": "advisories/ZDI-24-841", "id": "ZDI-24-841", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(0Day) Zope CMFCore Uncontrolled Resource Consumption Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-841/", "vendor": "Zope", "vendor_url": null, "zdi_can": "ZDI-CAN-21491", "zdi_id": "ZDI-24-841" }, { "cve": "CVE-2024-6249", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue r...", "detail_json": "/data/advisories/ZDI-24-840/advisory.json", "detail_path": "advisories/ZDI-24-840", "id": "ZDI-24-840", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-840/", "vendor": "Wyze", "vendor_url": null, "zdi_can": "ZDI-CAN-22419", "zdi_id": "ZDI-24-840" }, { "cve": "CVE-2024-6248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_action_batch endpoint of...", "detail_json": "/data/advisories/ZDI-24-839/advisory.json", "detail_path": "advisories/ZDI-24-839", "id": "ZDI-24-839", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-839/", "vendor": "Wyze", "vendor_url": null, "zdi_can": "ZDI-CAN-22393", "zdi_id": "ZDI-24-839" }, { "cve": "CVE-2024-6247", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSIDs embedded...", "detail_json": "/data/advisories/ZDI-24-838/advisory.json", "detail_path": "advisories/ZDI-24-838", "id": "ZDI-24-838", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-838/", "vendor": "Wyze", "vendor_url": null, "zdi_can": "ZDI-CAN-22337", "zdi_id": "ZDI-24-838" }, { "cve": "CVE-2024-6246", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module....", "detail_json": "/data/advisories/ZDI-24-837/advisory.json", "detail_path": "advisories/ZDI-24-837", "id": "ZDI-24-837", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-837/", "vendor": "Wyze", "vendor_url": null, "zdi_can": "ZDI-CAN-22310", "zdi_id": "ZDI-24-837" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 IP cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the server paramet...", "detail_json": "/data/advisories/ZDI-24-836/advisory.json", "detail_path": "advisories/ZDI-24-836", "id": "ZDI-24-836", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-836/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-22461", "zdi_id": "ZDI-24-836" }, { "cve": "CVE-2024-39352", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the update functionality. The is...", "detail_json": "/data/advisories/ZDI-24-835/advisory.json", "detail_path": "advisories/ZDI-24-835", "id": "ZDI-24-835", "kind": "published", "published_date": "2024-07-11", "status": "published", "title": "(Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-835/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-22460", "zdi_id": "ZDI-24-835" }, { "cve": "CVE-2024-39350", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-24-834/advisory.json", "detail_path": "advisories/ZDI-24-834", "id": "ZDI-24-834", "kind": "published", "published_date": "2024-07-11", "status": "published", "title": "(Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-834/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-22311", "zdi_id": "ZDI-24-834" }, { "cve": "CVE-2024-39349", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the synocam_param.cgi module. The...", "detail_json": "/data/advisories/ZDI-24-833/advisory.json", "detail_path": "advisories/ZDI-24-833", "id": "ZDI-24-833", "kind": "published", "published_date": "2024-07-11", "status": "published", "title": "(Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-833/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-22418", "zdi_id": "ZDI-24-833" }, { "cve": "CVE-2024-39347", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of...", "detail_json": "/data/advisories/ZDI-24-832/advisory.json", "detail_path": "advisories/ZDI-24-832", "id": "ZDI-24-832", "kind": "published", "published_date": "2024-07-11", "status": "published", "title": "(Pwn2Own) Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-832/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-22430", "zdi_id": "ZDI-24-832" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-831/advisory.json", "detail_path": "advisories/ZDI-24-831", "id": "ZDI-24-831", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S23 Galaxy Store Deeplink Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-831/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-22404", "zdi_id": "ZDI-24-831" }, { "cve": "CVE-2023-42581", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-830/advisory.json", "detail_path": "advisories/ZDI-24-830", "id": "ZDI-24-830", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S23 Instant Plays Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-830/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-22368", "zdi_id": "ZDI-24-830" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-829/advisory.json", "detail_path": "advisories/ZDI-24-829", "id": "ZDI-24-829", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S23 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-829/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-22409", "zdi_id": "ZDI-24-829" }, { "cve": "CVE-2023-42580", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-24-828/advisory.json", "detail_path": "advisories/ZDI-24-828", "id": "ZDI-24-828", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S23 instantgame Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-828/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-22441", "zdi_id": "ZDI-24-828" }, { "cve": "CVE-2024-32766", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-24-827/advisory.json", "detail_path": "advisories/ZDI-24-827", "id": "ZDI-24-827", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) QNAP TS-464 username Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-827/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22497", "zdi_id": "ZDI-24-827" }, { "cve": "CVE-2024-32766", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication logic. The issue results...", "detail_json": "/data/advisories/ZDI-24-826/advisory.json", "detail_path": "advisories/ZDI-24-826", "id": "ZDI-24-826", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Improper Validation Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-826/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22496", "zdi_id": "ZDI-24-826" }, { "cve": "CVE-2023-51364", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of log uploads. The issue r...", "detail_json": "/data/advisories/ZDI-24-825/advisory.json", "detail_path": "advisories/ZDI-24-825", "id": "ZDI-24-825", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Log Upload Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-825/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22463", "zdi_id": "ZDI-24-825" }, { "cve": "CVE-2024-27124", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of password reset r...", "detail_json": "/data/advisories/ZDI-24-824/advisory.json", "detail_path": "advisories/ZDI-24-824", "id": "ZDI-24-824", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Cloud Utility Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-824/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22462", "zdi_id": "ZDI-24-824" }, { "cve": "CVE-2024-32764", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_session action....", "detail_json": "/data/advisories/ZDI-24-823/advisory.json", "detail_path": "advisories/ZDI-24-823", "id": "ZDI-24-823", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) QNAP TS-464 TURN Server create_session Server-Side Request Forgery Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-823/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22422", "zdi_id": "ZDI-24-823" }, { "cve": "CVE-2024-0794", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro MFP 4301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...", "detail_json": "/data/advisories/ZDI-24-822/advisory.json", "detail_path": "advisories/ZDI-24-822", "id": "ZDI-24-822", "kind": "published", "published_date": "2024-06-21", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro MFP 4301fdw CFF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-822/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-22377", "zdi_id": "ZDI-24-822" }, { "cve": "CVE-2024-36886", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-24-821/advisory.json", "detail_path": "advisories/ZDI-24-821", "id": "ZDI-24-821", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-821/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-23852", "zdi_id": "ZDI-24-821" }, { "cve": "CVE-2024-6141", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-24-820/advisory.json", "detail_path": "advisories/ZDI-24-820", "id": "ZDI-24-820", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "Windscribe Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-820/", "vendor": "Windscribe", "vendor_url": null, "zdi_can": "ZDI-CAN-23441", "zdi_id": "ZDI-24-820" }, { "cve": "CVE-2024-5930", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-819/advisory.json", "detail_path": "advisories/ZDI-24-819", "id": "ZDI-24-819", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-819/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-22345", "zdi_id": "ZDI-24-819" }, { "cve": "CVE-2024-5929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-818/advisory.json", "detail_path": "advisories/ZDI-24-818", "id": "ZDI-24-818", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-818/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-22316", "zdi_id": "ZDI-24-818" }, { "cve": "CVE-2024-5928", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-817/advisory.json", "detail_path": "advisories/ZDI-24-817", "id": "ZDI-24-817", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-817/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-22315", "zdi_id": "ZDI-24-817" }, { "cve": "CVE-2024-30082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-816/advisory.json", "detail_path": "advisories/ZDI-24-816", "id": "ZDI-24-816", "kind": "published", "published_date": "2024-06-20", "status": "published", "title": "Microsoft Windows Menu DC Bitmap Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-816/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23370", "zdi_id": "ZDI-24-816" }, { "cve": "CVE-2024-3498", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is required to exploit this vulnerability. The specific flaw exists within the vsftpd daemon. The issue results fro...", "detail_json": "/data/advisories/ZDI-24-815/advisory.json", "detail_path": "advisories/ZDI-24-815", "id": "ZDI-24-815", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Toshiba e-STUDIO2518A vsftpd Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-815/", "vendor": "Toshiba", "vendor_url": null, "zdi_can": "ZDI-CAN-23111", "zdi_id": "ZDI-24-815" }, { "cve": "CVE-2024-3497", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The iss...", "detail_json": "/data/advisories/ZDI-24-814/advisory.json", "detail_path": "advisories/ZDI-24-814", "id": "ZDI-24-814", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-814/", "vendor": "Toshiba", "vendor_url": null, "zdi_can": "ZDI-CAN-23109", "zdi_id": "ZDI-24-814" }, { "cve": "CVE-2024-3496", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechani...", "detail_json": "/data/advisories/ZDI-24-813/advisory.json", "detail_path": "advisories/ZDI-24-813", "id": "ZDI-24-813", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Toshiba e-STUDIO2518A Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-813/", "vendor": "Toshiba", "vendor_url": null, "zdi_can": "ZDI-CAN-23108", "zdi_id": "ZDI-24-813" }, { "cve": "CVE-2021-40438", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST servi...", "detail_json": "/data/advisories/ZDI-24-812/advisory.json", "detail_path": "advisories/ZDI-24-812", "id": "ZDI-24-812", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-812/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-22691", "zdi_id": "ZDI-24-812" }, { "cve": "CVE-2023-50275", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterServic...", "detail_json": "/data/advisories/ZDI-24-811/advisory.json", "detail_path": "advisories/ZDI-24-811", "id": "ZDI-24-811", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-811/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-22455", "zdi_id": "ZDI-24-811" }, { "cve": "CVE-2023-50274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a l...", "detail_json": "/data/advisories/ZDI-24-810/advisory.json", "detail_path": "advisories/ZDI-24-810", "id": "ZDI-24-810", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-810/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-22454", "zdi_id": "ZDI-24-810" }, { "cve": "CVE-2024-6146", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue re...", "detail_json": "/data/advisories/ZDI-24-809/advisory.json", "detail_path": "advisories/ZDI-24-809", "id": "ZDI-24-809", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-809/", "vendor": "Actiontec", "vendor_url": null, "zdi_can": "ZDI-CAN-21418", "zdi_id": "ZDI-24-809" }, { "cve": "CVE-2024-6145", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. A crafted Co...", "detail_json": "/data/advisories/ZDI-24-808/advisory.json", "detail_path": "advisories/ZDI-24-808", "id": "ZDI-24-808", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-808/", "vendor": "Actiontec", "vendor_url": null, "zdi_can": "ZDI-CAN-21417", "zdi_id": "ZDI-24-808" }, { "cve": "CVE-2024-6144", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue re...", "detail_json": "/data/advisories/ZDI-24-807/advisory.json", "detail_path": "advisories/ZDI-24-807", "id": "ZDI-24-807", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-807/", "vendor": "Actiontec", "vendor_url": null, "zdi_can": "ZDI-CAN-21416", "zdi_id": "ZDI-24-807" }, { "cve": "CVE-2024-6143", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue re...", "detail_json": "/data/advisories/ZDI-24-806/advisory.json", "detail_path": "advisories/ZDI-24-806", "id": "ZDI-24-806", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-806/", "vendor": "Actiontec", "vendor_url": null, "zdi_can": "ZDI-CAN-21414", "zdi_id": "ZDI-24-806" }, { "cve": "CVE-2024-6142", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue re...", "detail_json": "/data/advisories/ZDI-24-805/advisory.json", "detail_path": "advisories/ZDI-24-805", "id": "ZDI-24-805", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-805/", "vendor": "Actiontec", "vendor_url": null, "zdi_can": "ZDI-CAN-21410", "zdi_id": "ZDI-24-805" }, { "cve": "CVE-2024-6154", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-804/advisory.json", "detail_path": "advisories/ZDI-24-804", "id": "ZDI-24-804", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-804/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-20450", "zdi_id": "ZDI-24-804" }, { "cve": "CVE-2024-6153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-24-803/advisory.json", "detail_path": "advisories/ZDI-24-803", "id": "ZDI-24-803", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-803/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-19481", "zdi_id": "ZDI-24-803" }, { "cve": "CVE-2024-6147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-802/advisory.json", "detail_path": "advisories/ZDI-24-802", "id": "ZDI-24-802", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-802/", "vendor": "Poly", "vendor_url": null, "zdi_can": "ZDI-CAN-18271", "zdi_id": "ZDI-24-802" }, { "cve": "CVE-2023-5622", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus Network Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-24-801/advisory.json", "detail_path": "advisories/ZDI-24-801", "id": "ZDI-24-801", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "Tenable Nessus Network Monitor Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-801/", "vendor": "Tenable", "vendor_url": null, "zdi_can": "ZDI-CAN-21959", "zdi_id": "ZDI-24-801" }, { "cve": "CVE-2024-23157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-800/advisory.json", "detail_path": "advisories/ZDI-24-800", "id": "ZDI-24-800", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-800/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23905", "zdi_id": "ZDI-24-800" }, { "cve": "CVE-2024-23156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-799/advisory.json", "detail_path": "advisories/ZDI-24-799", "id": "ZDI-24-799", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-799/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23897", "zdi_id": "ZDI-24-799" }, { "cve": "CVE-2024-23158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-798/advisory.json", "detail_path": "advisories/ZDI-24-798", "id": "ZDI-24-798", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD IGES File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-798/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23505", "zdi_id": "ZDI-24-798" }, { "cve": "CVE-2024-23152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-797/advisory.json", "detail_path": "advisories/ZDI-24-797", "id": "ZDI-24-797", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-797/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23464", "zdi_id": "ZDI-24-797" }, { "cve": "CVE-2024-23156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-796/advisory.json", "detail_path": "advisories/ZDI-24-796", "id": "ZDI-24-796", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-796/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23431", "zdi_id": "ZDI-24-796" }, { "cve": "CVE-2024-23153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-795/advisory.json", "detail_path": "advisories/ZDI-24-795", "id": "ZDI-24-795", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-795/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23426", "zdi_id": "ZDI-24-795" }, { "cve": "CVE-2024-23159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-794/advisory.json", "detail_path": "advisories/ZDI-24-794", "id": "ZDI-24-794", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD STP File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-794/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23409", "zdi_id": "ZDI-24-794" }, { "cve": "CVE-2024-23151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-793/advisory.json", "detail_path": "advisories/ZDI-24-793", "id": "ZDI-24-793", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-793/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23390", "zdi_id": "ZDI-24-793" }, { "cve": "CVE-2024-23150", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-792/advisory.json", "detail_path": "advisories/ZDI-24-792", "id": "ZDI-24-792", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-792/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23376", "zdi_id": "ZDI-24-792" }, { "cve": "CVE-2024-23152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-791/advisory.json", "detail_path": "advisories/ZDI-24-791", "id": "ZDI-24-791", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-791/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23369", "zdi_id": "ZDI-24-791" }, { "cve": "CVE-2024-23154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-790/advisory.json", "detail_path": "advisories/ZDI-24-790", "id": "ZDI-24-790", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-790/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23361", "zdi_id": "ZDI-24-790" }, { "cve": "CVE-2024-36999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-789/advisory.json", "detail_path": "advisories/ZDI-24-789", "id": "ZDI-24-789", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-789/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23359", "zdi_id": "ZDI-24-789" }, { "cve": "CVE-2024-23152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-788/advisory.json", "detail_path": "advisories/ZDI-24-788", "id": "ZDI-24-788", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-788/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23340", "zdi_id": "ZDI-24-788" }, { "cve": "CVE-2024-23155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-787/advisory.json", "detail_path": "advisories/ZDI-24-787", "id": "ZDI-24-787", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "(0Day) Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-787/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23335", "zdi_id": "ZDI-24-787" }, { "cve": "CVE-2023-39470", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The...", "detail_json": "/data/advisories/ZDI-24-786/advisory.json", "detail_path": "advisories/ZDI-24-786", "id": "ZDI-24-786", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-786/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-20965", "zdi_id": "ZDI-24-786" }, { "cve": "CVE-2024-1882", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut MF. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-24-785/advisory.json", "detail_path": "advisories/ZDI-24-785", "id": "ZDI-24-785", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut MF EmailRenderer Server-Side Template Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-785/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23481", "zdi_id": "ZDI-24-785" }, { "cve": "CVE-2024-1883", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-784/advisory.json", "detail_path": "advisories/ZDI-24-784", "id": "ZDI-24-784", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut MF handleServiceException Cross-Site Scripting Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-784/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23254", "zdi_id": "ZDI-24-784" }, { "cve": "CVE-2024-1884", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut MF. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pc-upconnector-service service, which list...", "detail_json": "/data/advisories/ZDI-24-783/advisory.json", "detail_path": "advisories/ZDI-24-783", "id": "ZDI-24-783", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut MF pc-upconnector-service Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-783/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23116", "zdi_id": "ZDI-24-783" }, { "cve": "CVE-2024-1222", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PrintDeployProxyController class. The issue results...", "detail_json": "/data/advisories/ZDI-24-782/advisory.json", "detail_path": "advisories/ZDI-24-782", "id": "ZDI-24-782", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut NG PrintDeployProxyController Incorrect Authorization Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-782/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-22812", "zdi_id": "ZDI-24-782" }, { "cve": "CVE-2024-1654", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateNextFileName method. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-781/advisory.json", "detail_path": "advisories/ZDI-24-781", "id": "ZDI-24-781", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut NG generateNextFileName Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-781/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-22328", "zdi_id": "ZDI-24-781" }, { "cve": "CVE-2024-1221", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-780/advisory.json", "detail_path": "advisories/ZDI-24-780", "id": "ZDI-24-780", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut NG upload Link Following Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-780/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-23074", "zdi_id": "ZDI-24-780" }, { "cve": "CVE-2024-1223", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a VendorKeys object. The issue res...", "detail_json": "/data/advisories/ZDI-24-779/advisory.json", "detail_path": "advisories/ZDI-24-779", "id": "ZDI-24-779", "kind": "published", "published_date": "2024-06-18", "status": "published", "title": "PaperCut NG VendorKeys Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-779/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-22165", "zdi_id": "ZDI-24-779" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of USB descriptors. The issue...", "detail_json": "/data/advisories/ZDI-24-778/advisory.json", "detail_path": "advisories/ZDI-24-778", "id": "ZDI-24-778", "kind": "published", "published_date": "2024-06-14", "status": "published", "title": "Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-778/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22042", "zdi_id": "ZDI-24-778" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd...", "detail_json": "/data/advisories/ZDI-24-777/advisory.json", "detail_path": "advisories/ZDI-24-777", "id": "ZDI-24-777", "kind": "published", "published_date": "2024-06-14", "status": "published", "title": "Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-777/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21826", "zdi_id": "ZDI-24-777" }, { "cve": "CVE-2024-21121", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-776/advisory.json", "detail_path": "advisories/ZDI-24-776", "id": "ZDI-24-776", "kind": "published", "published_date": "2024-06-14", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-776/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23777", "zdi_id": "ZDI-24-776" }, { "cve": "CVE-2024-23120", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-775/advisory.json", "detail_path": "advisories/ZDI-24-775", "id": "ZDI-24-775", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-775/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23838", "zdi_id": "ZDI-24-775" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-774/advisory.json", "detail_path": "advisories/ZDI-24-774", "id": "ZDI-24-774", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-774/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23725", "zdi_id": "ZDI-24-774" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-773/advisory.json", "detail_path": "advisories/ZDI-24-773", "id": "ZDI-24-773", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-773/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23724", "zdi_id": "ZDI-24-773" }, { "cve": "CVE-2024-23147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-772/advisory.json", "detail_path": "advisories/ZDI-24-772", "id": "ZDI-24-772", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-772/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23723", "zdi_id": "ZDI-24-772" }, { "cve": "CVE-2024-37005", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-771/advisory.json", "detail_path": "advisories/ZDI-24-771", "id": "ZDI-24-771", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-771/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23722", "zdi_id": "ZDI-24-771" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-770/advisory.json", "detail_path": "advisories/ZDI-24-770", "id": "ZDI-24-770", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-770/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23721", "zdi_id": "ZDI-24-770" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-769/advisory.json", "detail_path": "advisories/ZDI-24-769", "id": "ZDI-24-769", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-769/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23654", "zdi_id": "ZDI-24-769" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-768/advisory.json", "detail_path": "advisories/ZDI-24-768", "id": "ZDI-24-768", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-768/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23652", "zdi_id": "ZDI-24-768" }, { "cve": "CVE-2024-23120", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-767/advisory.json", "detail_path": "advisories/ZDI-24-767", "id": "ZDI-24-767", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-767/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23651", "zdi_id": "ZDI-24-767" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-766/advisory.json", "detail_path": "advisories/ZDI-24-766", "id": "ZDI-24-766", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-766/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23639", "zdi_id": "ZDI-24-766" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-765/advisory.json", "detail_path": "advisories/ZDI-24-765", "id": "ZDI-24-765", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-765/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23638", "zdi_id": "ZDI-24-765" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-764/advisory.json", "detail_path": "advisories/ZDI-24-764", "id": "ZDI-24-764", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-764/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23637", "zdi_id": "ZDI-24-764" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-763/advisory.json", "detail_path": "advisories/ZDI-24-763", "id": "ZDI-24-763", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-763/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23636", "zdi_id": "ZDI-24-763" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-762/advisory.json", "detail_path": "advisories/ZDI-24-762", "id": "ZDI-24-762", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-762/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23635", "zdi_id": "ZDI-24-762" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-761/advisory.json", "detail_path": "advisories/ZDI-24-761", "id": "ZDI-24-761", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-761/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23634", "zdi_id": "ZDI-24-761" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-760/advisory.json", "detail_path": "advisories/ZDI-24-760", "id": "ZDI-24-760", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-760/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23633", "zdi_id": "ZDI-24-760" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-759/advisory.json", "detail_path": "advisories/ZDI-24-759", "id": "ZDI-24-759", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-759/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23632", "zdi_id": "ZDI-24-759" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-758/advisory.json", "detail_path": "advisories/ZDI-24-758", "id": "ZDI-24-758", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-758/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23631", "zdi_id": "ZDI-24-758" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-757/advisory.json", "detail_path": "advisories/ZDI-24-757", "id": "ZDI-24-757", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-757/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23630", "zdi_id": "ZDI-24-757" }, { "cve": "CVE-2024-37004", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-756/advisory.json", "detail_path": "advisories/ZDI-24-756", "id": "ZDI-24-756", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-756/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23629", "zdi_id": "ZDI-24-756" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-755/advisory.json", "detail_path": "advisories/ZDI-24-755", "id": "ZDI-24-755", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-755/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23628", "zdi_id": "ZDI-24-755" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-754/advisory.json", "detail_path": "advisories/ZDI-24-754", "id": "ZDI-24-754", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-754/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23627", "zdi_id": "ZDI-24-754" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-753/advisory.json", "detail_path": "advisories/ZDI-24-753", "id": "ZDI-24-753", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-753/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23615", "zdi_id": "ZDI-24-753" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-752/advisory.json", "detail_path": "advisories/ZDI-24-752", "id": "ZDI-24-752", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-752/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23613", "zdi_id": "ZDI-24-752" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-751/advisory.json", "detail_path": "advisories/ZDI-24-751", "id": "ZDI-24-751", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-751/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23612", "zdi_id": "ZDI-24-751" }, { "cve": "CVE-2024-23147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-750/advisory.json", "detail_path": "advisories/ZDI-24-750", "id": "ZDI-24-750", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-750/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23611", "zdi_id": "ZDI-24-750" }, { "cve": "CVE-2024-37000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-749/advisory.json", "detail_path": "advisories/ZDI-24-749", "id": "ZDI-24-749", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-749/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23610", "zdi_id": "ZDI-24-749" }, { "cve": "CVE-2024-37000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-748/advisory.json", "detail_path": "advisories/ZDI-24-748", "id": "ZDI-24-748", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-748/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23560", "zdi_id": "ZDI-24-748" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-747/advisory.json", "detail_path": "advisories/ZDI-24-747", "id": "ZDI-24-747", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-747/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23559", "zdi_id": "ZDI-24-747" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-746/advisory.json", "detail_path": "advisories/ZDI-24-746", "id": "ZDI-24-746", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-746/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23535", "zdi_id": "ZDI-24-746" }, { "cve": "CVE-2024-23137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-745/advisory.json", "detail_path": "advisories/ZDI-24-745", "id": "ZDI-24-745", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-745/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23512", "zdi_id": "ZDI-24-745" }, { "cve": "CVE-2024-23149", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-744/advisory.json", "detail_path": "advisories/ZDI-24-744", "id": "ZDI-24-744", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDDRW File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-744/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23511", "zdi_id": "ZDI-24-744" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-743/advisory.json", "detail_path": "advisories/ZDI-24-743", "id": "ZDI-24-743", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-743/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23510", "zdi_id": "ZDI-24-743" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-742/advisory.json", "detail_path": "advisories/ZDI-24-742", "id": "ZDI-24-742", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-742/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23509", "zdi_id": "ZDI-24-742" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-741/advisory.json", "detail_path": "advisories/ZDI-24-741", "id": "ZDI-24-741", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-741/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23508", "zdi_id": "ZDI-24-741" }, { "cve": "CVE-2024-37000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-740/advisory.json", "detail_path": "advisories/ZDI-24-740", "id": "ZDI-24-740", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-740/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23507", "zdi_id": "ZDI-24-740" }, { "cve": "CVE-2024-23134", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-739/advisory.json", "detail_path": "advisories/ZDI-24-739", "id": "ZDI-24-739", "kind": "published", "published_date": "2024-06-17", "status": "published", "title": "Autodesk AutoCAD IGS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-739/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23506", "zdi_id": "ZDI-24-739" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-738/advisory.json", "detail_path": "advisories/ZDI-24-738", "id": "ZDI-24-738", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-738/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23497", "zdi_id": "ZDI-24-738" }, { "cve": "CVE-2024-37003", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-737/advisory.json", "detail_path": "advisories/ZDI-24-737", "id": "ZDI-24-737", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-737/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23496", "zdi_id": "ZDI-24-737" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-736/advisory.json", "detail_path": "advisories/ZDI-24-736", "id": "ZDI-24-736", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-736/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23495", "zdi_id": "ZDI-24-736" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-735/advisory.json", "detail_path": "advisories/ZDI-24-735", "id": "ZDI-24-735", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-735/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23494", "zdi_id": "ZDI-24-735" }, { "cve": "CVE-2024-23137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-734/advisory.json", "detail_path": "advisories/ZDI-24-734", "id": "ZDI-24-734", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-734/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23493", "zdi_id": "ZDI-24-734" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-733/advisory.json", "detail_path": "advisories/ZDI-24-733", "id": "ZDI-24-733", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-733/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23492", "zdi_id": "ZDI-24-733" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-732/advisory.json", "detail_path": "advisories/ZDI-24-732", "id": "ZDI-24-732", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-732/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23491", "zdi_id": "ZDI-24-732" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-731/advisory.json", "detail_path": "advisories/ZDI-24-731", "id": "ZDI-24-731", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-731/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23470", "zdi_id": "ZDI-24-731" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-730/advisory.json", "detail_path": "advisories/ZDI-24-730", "id": "ZDI-24-730", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-730/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23469", "zdi_id": "ZDI-24-730" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-729/advisory.json", "detail_path": "advisories/ZDI-24-729", "id": "ZDI-24-729", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-729/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23468", "zdi_id": "ZDI-24-729" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-728/advisory.json", "detail_path": "advisories/ZDI-24-728", "id": "ZDI-24-728", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-728/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23467", "zdi_id": "ZDI-24-728" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-727/advisory.json", "detail_path": "advisories/ZDI-24-727", "id": "ZDI-24-727", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-727/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23463", "zdi_id": "ZDI-24-727" }, { "cve": "CVE-2024-23142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-726/advisory.json", "detail_path": "advisories/ZDI-24-726", "id": "ZDI-24-726", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-726/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23455", "zdi_id": "ZDI-24-726" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-725/advisory.json", "detail_path": "advisories/ZDI-24-725", "id": "ZDI-24-725", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-725/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23432", "zdi_id": "ZDI-24-725" }, { "cve": "CVE-2024-23141", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-724/advisory.json", "detail_path": "advisories/ZDI-24-724", "id": "ZDI-24-724", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-724/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23430", "zdi_id": "ZDI-24-724" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-723/advisory.json", "detail_path": "advisories/ZDI-24-723", "id": "ZDI-24-723", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-723/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23427", "zdi_id": "ZDI-24-723" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-722/advisory.json", "detail_path": "advisories/ZDI-24-722", "id": "ZDI-24-722", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-722/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23425", "zdi_id": "ZDI-24-722" }, { "cve": "CVE-2024-37002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-721/advisory.json", "detail_path": "advisories/ZDI-24-721", "id": "ZDI-24-721", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-721/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23424", "zdi_id": "ZDI-24-721" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-720/advisory.json", "detail_path": "advisories/ZDI-24-720", "id": "ZDI-24-720", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-720/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23423", "zdi_id": "ZDI-24-720" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-719/advisory.json", "detail_path": "advisories/ZDI-24-719", "id": "ZDI-24-719", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-719/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23412", "zdi_id": "ZDI-24-719" }, { "cve": "CVE-2024-37000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-718/advisory.json", "detail_path": "advisories/ZDI-24-718", "id": "ZDI-24-718", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-718/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23411", "zdi_id": "ZDI-24-718" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-717/advisory.json", "detail_path": "advisories/ZDI-24-717", "id": "ZDI-24-717", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-717/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23410", "zdi_id": "ZDI-24-717" }, { "cve": "CVE-2024-37001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-716/advisory.json", "detail_path": "advisories/ZDI-24-716", "id": "ZDI-24-716", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-716/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23408", "zdi_id": "ZDI-24-716" }, { "cve": "CVE-2024-23142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-715/advisory.json", "detail_path": "advisories/ZDI-24-715", "id": "ZDI-24-715", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-715/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23407", "zdi_id": "ZDI-24-715" }, { "cve": "CVE-2024-23142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-714/advisory.json", "detail_path": "advisories/ZDI-24-714", "id": "ZDI-24-714", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-714/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23406", "zdi_id": "ZDI-24-714" }, { "cve": "CVE-2024-37006", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-713/advisory.json", "detail_path": "advisories/ZDI-24-713", "id": "ZDI-24-713", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPRODUCT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-713/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23404", "zdi_id": "ZDI-24-713" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-712/advisory.json", "detail_path": "advisories/ZDI-24-712", "id": "ZDI-24-712", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-712/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23395", "zdi_id": "ZDI-24-712" }, { "cve": "CVE-2024-23140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-711/advisory.json", "detail_path": "advisories/ZDI-24-711", "id": "ZDI-24-711", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-711/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23394", "zdi_id": "ZDI-24-711" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-710/advisory.json", "detail_path": "advisories/ZDI-24-710", "id": "ZDI-24-710", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-710/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23389", "zdi_id": "ZDI-24-710" }, { "cve": "CVE-2024-23147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-709/advisory.json", "detail_path": "advisories/ZDI-24-709", "id": "ZDI-24-709", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-709/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23380", "zdi_id": "ZDI-24-709" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-708/advisory.json", "detail_path": "advisories/ZDI-24-708", "id": "ZDI-24-708", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-708/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23379", "zdi_id": "ZDI-24-708" }, { "cve": "CVE-2024-23123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-707/advisory.json", "detail_path": "advisories/ZDI-24-707", "id": "ZDI-24-707", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-707/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23378", "zdi_id": "ZDI-24-707" }, { "cve": "CVE-2024-23128", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-706/advisory.json", "detail_path": "advisories/ZDI-24-706", "id": "ZDI-24-706", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-706/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23377", "zdi_id": "ZDI-24-706" }, { "cve": "CVE-2024-23142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-705/advisory.json", "detail_path": "advisories/ZDI-24-705", "id": "ZDI-24-705", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-705/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23365", "zdi_id": "ZDI-24-705" }, { "cve": "CVE-2024-23140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-704/advisory.json", "detail_path": "advisories/ZDI-24-704", "id": "ZDI-24-704", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-704/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23364", "zdi_id": "ZDI-24-704" }, { "cve": "CVE-2024-23145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-703/advisory.json", "detail_path": "advisories/ZDI-24-703", "id": "ZDI-24-703", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-703/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23363", "zdi_id": "ZDI-24-703" }, { "cve": "CVE-2024-23128", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-702/advisory.json", "detail_path": "advisories/ZDI-24-702", "id": "ZDI-24-702", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-702/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23362", "zdi_id": "ZDI-24-702" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-701/advisory.json", "detail_path": "advisories/ZDI-24-701", "id": "ZDI-24-701", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-701/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23360", "zdi_id": "ZDI-24-701" }, { "cve": "CVE-2024-23141", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-700/advisory.json", "detail_path": "advisories/ZDI-24-700", "id": "ZDI-24-700", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-700/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23352", "zdi_id": "ZDI-24-700" }, { "cve": "CVE-2024-23144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-699/advisory.json", "detail_path": "advisories/ZDI-24-699", "id": "ZDI-24-699", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-699/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23351", "zdi_id": "ZDI-24-699" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-698/advisory.json", "detail_path": "advisories/ZDI-24-698", "id": "ZDI-24-698", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-698/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23350", "zdi_id": "ZDI-24-698" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-697/advisory.json", "detail_path": "advisories/ZDI-24-697", "id": "ZDI-24-697", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-697/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23349", "zdi_id": "ZDI-24-697" }, { "cve": "CVE-2024-23143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-696/advisory.json", "detail_path": "advisories/ZDI-24-696", "id": "ZDI-24-696", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-696/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23348", "zdi_id": "ZDI-24-696" }, { "cve": "CVE-2024-23122", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-695/advisory.json", "detail_path": "advisories/ZDI-24-695", "id": "ZDI-24-695", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-695/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23347", "zdi_id": "ZDI-24-695" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-694/advisory.json", "detail_path": "advisories/ZDI-24-694", "id": "ZDI-24-694", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-694/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23346", "zdi_id": "ZDI-24-694" }, { "cve": "CVE-2024-23142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-693/advisory.json", "detail_path": "advisories/ZDI-24-693", "id": "ZDI-24-693", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-693/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23342", "zdi_id": "ZDI-24-693" }, { "cve": "CVE-2024-23144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-692/advisory.json", "detail_path": "advisories/ZDI-24-692", "id": "ZDI-24-692", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-692/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23341", "zdi_id": "ZDI-24-692" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-691/advisory.json", "detail_path": "advisories/ZDI-24-691", "id": "ZDI-24-691", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-691/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23339", "zdi_id": "ZDI-24-691" }, { "cve": "CVE-2024-23146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-690/advisory.json", "detail_path": "advisories/ZDI-24-690", "id": "ZDI-24-690", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-690/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23338", "zdi_id": "ZDI-24-690" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-689/advisory.json", "detail_path": "advisories/ZDI-24-689", "id": "ZDI-24-689", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-689/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23337", "zdi_id": "ZDI-24-689" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-688/advisory.json", "detail_path": "advisories/ZDI-24-688", "id": "ZDI-24-688", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-688/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23336", "zdi_id": "ZDI-24-688" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-687/advisory.json", "detail_path": "advisories/ZDI-24-687", "id": "ZDI-24-687", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-687/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23334", "zdi_id": "ZDI-24-687" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-686/advisory.json", "detail_path": "advisories/ZDI-24-686", "id": "ZDI-24-686", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-686/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23333", "zdi_id": "ZDI-24-686" }, { "cve": "CVE-2024-23157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-685/advisory.json", "detail_path": "advisories/ZDI-24-685", "id": "ZDI-24-685", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-685/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23332", "zdi_id": "ZDI-24-685" }, { "cve": "CVE-2024-23128", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-684/advisory.json", "detail_path": "advisories/ZDI-24-684", "id": "ZDI-24-684", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-684/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-23331", "zdi_id": "ZDI-24-684" }, { "cve": "CVE-2024-37003", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-683/advisory.json", "detail_path": "advisories/ZDI-24-683", "id": "ZDI-24-683", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-683/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-22302", "zdi_id": "ZDI-24-683" }, { "cve": "CVE-2024-35303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-682/advisory.json", "detail_path": "advisories/ZDI-24-682", "id": "ZDI-24-682", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Siemens Tecnomatix Plant Simulation MODEL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-682/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22958", "zdi_id": "ZDI-24-682" }, { "cve": "CVE-2024-37029", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-681/advisory.json", "detail_path": "advisories/ZDI-24-681", "id": "ZDI-24-681", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-681/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22747", "zdi_id": "ZDI-24-681" }, { "cve": "CVE-2024-37029", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-680/advisory.json", "detail_path": "advisories/ZDI-24-680", "id": "ZDI-24-680", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-680/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22813", "zdi_id": "ZDI-24-680" }, { "cve": "CVE-2024-37029", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-679/advisory.json", "detail_path": "advisories/ZDI-24-679", "id": "ZDI-24-679", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-679/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22875", "zdi_id": "ZDI-24-679" }, { "cve": "CVE-2024-37022", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-678/advisory.json", "detail_path": "advisories/ZDI-24-678", "id": "ZDI-24-678", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-678/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22746", "zdi_id": "ZDI-24-678" }, { "cve": "CVE-2024-5924", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-24-677/advisory.json", "detail_path": "advisories/ZDI-24-677", "id": "ZDI-24-677", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-677/", "vendor": "Dropbox", "vendor_url": null, "zdi_can": "ZDI-CAN-23991", "zdi_id": "ZDI-24-677" }, { "cve": "CVE-2024-5952", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The...", "detail_json": "/data/advisories/ZDI-24-676/advisory.json", "detail_path": "advisories/ZDI-24-676", "id": "ZDI-24-676", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-676/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23174", "zdi_id": "ZDI-24-676" }, { "cve": "CVE-2024-5951", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The...", "detail_json": "/data/advisories/ZDI-24-675/advisory.json", "detail_path": "advisories/ZDI-24-675", "id": "ZDI-24-675", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-675/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23173", "zdi_id": "ZDI-24-675" }, { "cve": "CVE-2024-5950", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of mult...", "detail_json": "/data/advisories/ZDI-24-674/advisory.json", "detail_path": "advisories/ZDI-24-674", "id": "ZDI-24-674", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-674/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23172", "zdi_id": "ZDI-24-674" }, { "cve": "CVE-2024-5949", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ha...", "detail_json": "/data/advisories/ZDI-24-673/advisory.json", "detail_path": "advisories/ZDI-24-673", "id": "ZDI-24-673", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-673/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23171", "zdi_id": "ZDI-24-673" }, { "cve": "CVE-2024-5948", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of mult...", "detail_json": "/data/advisories/ZDI-24-672/advisory.json", "detail_path": "advisories/ZDI-24-672", "id": "ZDI-24-672", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-672/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23170", "zdi_id": "ZDI-24-672" }, { "cve": "CVE-2024-5947", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-base...", "detail_json": "/data/advisories/ZDI-24-671/advisory.json", "detail_path": "advisories/ZDI-24-671", "id": "ZDI-24-671", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-671/", "vendor": "Deep Sea Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22679", "zdi_id": "ZDI-24-671" }, { "cve": "CVE-2024-30376", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-670/advisory.json", "detail_path": "advisories/ZDI-24-670", "id": "ZDI-24-670", "kind": "published", "published_date": "2024-06-13", "status": "published", "title": "(0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-670/", "vendor": "Famatech", "vendor_url": null, "zdi_can": "ZDI-CAN-20768", "zdi_id": "ZDI-24-670" }, { "cve": "CVE-2024-5876", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-669/advisory.json", "detail_path": "advisories/ZDI-24-669", "id": "ZDI-24-669", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-669/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23973", "zdi_id": "ZDI-24-669" }, { "cve": "CVE-2024-5875", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-668/advisory.json", "detail_path": "advisories/ZDI-24-668", "id": "ZDI-24-668", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-668/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23972", "zdi_id": "ZDI-24-668" }, { "cve": "CVE-2024-5874", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-667/advisory.json", "detail_path": "advisories/ZDI-24-667", "id": "ZDI-24-667", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-667/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23969", "zdi_id": "ZDI-24-667" }, { "cve": "CVE-2024-5877", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-666/advisory.json", "detail_path": "advisories/ZDI-24-666", "id": "ZDI-24-666", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-666/", "vendor": "IrfanView", "vendor_url": null, "zdi_can": "ZDI-CAN-23974", "zdi_id": "ZDI-24-666" }, { "cve": "CVE-2024-29944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code in the renderer process in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-24-665/advisory.json", "detail_path": "advisories/ZDI-24-665", "id": "ZDI-24-665", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-665/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-23848", "zdi_id": "ZDI-24-665" }, { "cve": "CVE-2024-29943", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-664/advisory.json", "detail_path": "advisories/ZDI-24-664", "id": "ZDI-24-664", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Mozilla Firefox SpiderMonkey JIT Compiler Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-664/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-23794", "zdi_id": "ZDI-24-664" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-663/advisory.json", "detail_path": "advisories/ZDI-24-663", "id": "ZDI-24-663", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-663/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23014", "zdi_id": "ZDI-24-663" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-662/advisory.json", "detail_path": "advisories/ZDI-24-662", "id": "ZDI-24-662", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-662/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23016", "zdi_id": "ZDI-24-662" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-661/advisory.json", "detail_path": "advisories/ZDI-24-661", "id": "ZDI-24-661", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-661/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23017", "zdi_id": "ZDI-24-661" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-660/advisory.json", "detail_path": "advisories/ZDI-24-660", "id": "ZDI-24-660", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-660/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23031", "zdi_id": "ZDI-24-660" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-659/advisory.json", "detail_path": "advisories/ZDI-24-659", "id": "ZDI-24-659", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-659/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23032", "zdi_id": "ZDI-24-659" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-658/advisory.json", "detail_path": "advisories/ZDI-24-658", "id": "ZDI-24-658", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-658/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23034", "zdi_id": "ZDI-24-658" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-657/advisory.json", "detail_path": "advisories/ZDI-24-657", "id": "ZDI-24-657", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-657/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23045", "zdi_id": "ZDI-24-657" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-656/advisory.json", "detail_path": "advisories/ZDI-24-656", "id": "ZDI-24-656", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-656/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23046", "zdi_id": "ZDI-24-656" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-655/advisory.json", "detail_path": "advisories/ZDI-24-655", "id": "ZDI-24-655", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft CMT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-655/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23047", "zdi_id": "ZDI-24-655" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-654/advisory.json", "detail_path": "advisories/ZDI-24-654", "id": "ZDI-24-654", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-654/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23048", "zdi_id": "ZDI-24-654" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-653/advisory.json", "detail_path": "advisories/ZDI-24-653", "id": "ZDI-24-653", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft TBK File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-653/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23068", "zdi_id": "ZDI-24-653" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-652/advisory.json", "detail_path": "advisories/ZDI-24-652", "id": "ZDI-24-652", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-652/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23079", "zdi_id": "ZDI-24-652" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-651/advisory.json", "detail_path": "advisories/ZDI-24-651", "id": "ZDI-24-651", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-651/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23085", "zdi_id": "ZDI-24-651" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-650/advisory.json", "detail_path": "advisories/ZDI-24-650", "id": "ZDI-24-650", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-650/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23080", "zdi_id": "ZDI-24-650" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-649/advisory.json", "detail_path": "advisories/ZDI-24-649", "id": "ZDI-24-649", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-649/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23081", "zdi_id": "ZDI-24-649" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-648/advisory.json", "detail_path": "advisories/ZDI-24-648", "id": "ZDI-24-648", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-648/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23142", "zdi_id": "ZDI-24-648" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-647/advisory.json", "detail_path": "advisories/ZDI-24-647", "id": "ZDI-24-647", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-647/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23143", "zdi_id": "ZDI-24-647" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-646/advisory.json", "detail_path": "advisories/ZDI-24-646", "id": "ZDI-24-646", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-646/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23165", "zdi_id": "ZDI-24-646" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-645/advisory.json", "detail_path": "advisories/ZDI-24-645", "id": "ZDI-24-645", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-645/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23166", "zdi_id": "ZDI-24-645" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-644/advisory.json", "detail_path": "advisories/ZDI-24-644", "id": "ZDI-24-644", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-644/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23167", "zdi_id": "ZDI-24-644" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-643/advisory.json", "detail_path": "advisories/ZDI-24-643", "id": "ZDI-24-643", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-643/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23175", "zdi_id": "ZDI-24-643" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-642/advisory.json", "detail_path": "advisories/ZDI-24-642", "id": "ZDI-24-642", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-642/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23168", "zdi_id": "ZDI-24-642" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-641/advisory.json", "detail_path": "advisories/ZDI-24-641", "id": "ZDI-24-641", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-641/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23176", "zdi_id": "ZDI-24-641" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-640/advisory.json", "detail_path": "advisories/ZDI-24-640", "id": "ZDI-24-640", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-640/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23177", "zdi_id": "ZDI-24-640" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-639/advisory.json", "detail_path": "advisories/ZDI-24-639", "id": "ZDI-24-639", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-639/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23169", "zdi_id": "ZDI-24-639" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-638/advisory.json", "detail_path": "advisories/ZDI-24-638", "id": "ZDI-24-638", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-638/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23178", "zdi_id": "ZDI-24-638" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-637/advisory.json", "detail_path": "advisories/ZDI-24-637", "id": "ZDI-24-637", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-637/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23179", "zdi_id": "ZDI-24-637" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-636/advisory.json", "detail_path": "advisories/ZDI-24-636", "id": "ZDI-24-636", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-636/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23134", "zdi_id": "ZDI-24-636" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-635/advisory.json", "detail_path": "advisories/ZDI-24-635", "id": "ZDI-24-635", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-635/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23135", "zdi_id": "ZDI-24-635" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-634/advisory.json", "detail_path": "advisories/ZDI-24-634", "id": "ZDI-24-634", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-634/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23136", "zdi_id": "ZDI-24-634" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-633/advisory.json", "detail_path": "advisories/ZDI-24-633", "id": "ZDI-24-633", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-633/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23087", "zdi_id": "ZDI-24-633" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-632/advisory.json", "detail_path": "advisories/ZDI-24-632", "id": "ZDI-24-632", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-632/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23084", "zdi_id": "ZDI-24-632" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-631/advisory.json", "detail_path": "advisories/ZDI-24-631", "id": "ZDI-24-631", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-631/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23083", "zdi_id": "ZDI-24-631" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-630/advisory.json", "detail_path": "advisories/ZDI-24-630", "id": "ZDI-24-630", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-630/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23082", "zdi_id": "ZDI-24-630" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-629/advisory.json", "detail_path": "advisories/ZDI-24-629", "id": "ZDI-24-629", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-629/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23137", "zdi_id": "ZDI-24-629" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-628/advisory.json", "detail_path": "advisories/ZDI-24-628", "id": "ZDI-24-628", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-628/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23138", "zdi_id": "ZDI-24-628" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-627/advisory.json", "detail_path": "advisories/ZDI-24-627", "id": "ZDI-24-627", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-627/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23139", "zdi_id": "ZDI-24-627" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-626/advisory.json", "detail_path": "advisories/ZDI-24-626", "id": "ZDI-24-626", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-626/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23140", "zdi_id": "ZDI-24-626" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-625/advisory.json", "detail_path": "advisories/ZDI-24-625", "id": "ZDI-24-625", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-625/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23141", "zdi_id": "ZDI-24-625" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-624/advisory.json", "detail_path": "advisories/ZDI-24-624", "id": "ZDI-24-624", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-624/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23144", "zdi_id": "ZDI-24-624" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-623/advisory.json", "detail_path": "advisories/ZDI-24-623", "id": "ZDI-24-623", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-623/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23132", "zdi_id": "ZDI-24-623" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-622/advisory.json", "detail_path": "advisories/ZDI-24-622", "id": "ZDI-24-622", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-622/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23133", "zdi_id": "ZDI-24-622" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-621/advisory.json", "detail_path": "advisories/ZDI-24-621", "id": "ZDI-24-621", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-621/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23088", "zdi_id": "ZDI-24-621" }, { "cve": "CVE-2024-4192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-620/advisory.json", "detail_path": "advisories/ZDI-24-620", "id": "ZDI-24-620", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-620/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-23086", "zdi_id": "ZDI-24-620" }, { "cve": "CVE-2024-5719", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-24-619/advisory.json", "detail_path": "advisories/ZDI-24-619", "id": "ZDI-24-619", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-619/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24167", "zdi_id": "ZDI-24-619" }, { "cve": "CVE-2024-5718", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster...", "detail_json": "/data/advisories/ZDI-24-618/advisory.json", "detail_path": "advisories/ZDI-24-618", "id": "ZDI-24-618", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-618/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24166", "zdi_id": "ZDI-24-618" }, { "cve": "CVE-2024-5717", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-24-617/advisory.json", "detail_path": "advisories/ZDI-24-617", "id": "ZDI-24-617", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-617/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24165", "zdi_id": "ZDI-24-617" }, { "cve": "CVE-2024-5716", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The i...", "detail_json": "/data/advisories/ZDI-24-616/advisory.json", "detail_path": "advisories/ZDI-24-616", "id": "ZDI-24-616", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-616/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24164", "zdi_id": "ZDI-24-616" }, { "cve": "CVE-2024-5721", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster...", "detail_json": "/data/advisories/ZDI-24-615/advisory.json", "detail_path": "advisories/ZDI-24-615", "id": "ZDI-24-615", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-615/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24169", "zdi_id": "ZDI-24-615" }, { "cve": "CVE-2024-5722", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue...", "detail_json": "/data/advisories/ZDI-24-614/advisory.json", "detail_path": "advisories/ZDI-24-614", "id": "ZDI-24-614", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-614/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24170", "zdi_id": "ZDI-24-614" }, { "cve": "CVE-2024-5720", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-24-613/advisory.json", "detail_path": "advisories/ZDI-24-613", "id": "ZDI-24-613", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-613/", "vendor": "Logsign", "vendor_url": null, "zdi_can": "ZDI-CAN-24168", "zdi_id": "ZDI-24-613" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-612/advisory.json", "detail_path": "advisories/ZDI-24-612", "id": "ZDI-24-612", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(0Day) Luxion KeyShot Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-612/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23163", "zdi_id": "ZDI-24-612" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-611/advisory.json", "detail_path": "advisories/ZDI-24-611", "id": "ZDI-24-611", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Luxion KeyShot Viewer X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-611/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-23124", "zdi_id": "ZDI-24-611" }, { "cve": "CVE-2023-52335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which li...", "detail_json": "/data/advisories/ZDI-24-610/advisory.json", "detail_path": "advisories/ZDI-24-610", "id": "ZDI-24-610", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-17863", "zdi_id": "ZDI-24-610" }, { "cve": "CVE-2024-30082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-609/advisory.json", "detail_path": "advisories/ZDI-24-609", "id": "ZDI-24-609", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Microsoft Windows Menu DC Pen Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-609/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23461", "zdi_id": "ZDI-24-609" }, { "cve": "CVE-2024-30082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-608/advisory.json", "detail_path": "advisories/ZDI-24-608", "id": "ZDI-24-608", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Microsoft Windows Menu DC Brush Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-608/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23462", "zdi_id": "ZDI-24-608" }, { "cve": "CVE-2024-30089", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-607/advisory.json", "detail_path": "advisories/ZDI-24-607", "id": "ZDI-24-607", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows mskssrv Driver Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-607/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23789", "zdi_id": "ZDI-24-607" }, { "cve": "CVE-2024-30088", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-606/advisory.json", "detail_path": "advisories/ZDI-24-606", "id": "ZDI-24-606", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtQueryInformationToken Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-606/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23449", "zdi_id": "ZDI-24-606" }, { "cve": "CVE-2024-30087", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-605/advisory.json", "detail_path": "advisories/ZDI-24-605", "id": "ZDI-24-605", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kfull Improper Input Validation Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-605/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23774", "zdi_id": "ZDI-24-605" }, { "cve": "CVE-2024-35250", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-604/advisory.json", "detail_path": "advisories/ZDI-24-604", "id": "ZDI-24-604", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows UnserializePropertySet Privilege Context Switching Error Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-604/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23788", "zdi_id": "ZDI-24-604" }, { "cve": "CVE-2024-30084", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-603/advisory.json", "detail_path": "advisories/ZDI-24-603", "id": "ZDI-24-603", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows UnserializePropertySet Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-603/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23773", "zdi_id": "ZDI-24-603" }, { "cve": "CVE-2024-30086", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-602/advisory.json", "detail_path": "advisories/ZDI-24-602", "id": "ZDI-24-602", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectComposition Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-602/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23791", "zdi_id": "ZDI-24-602" }, { "cve": "CVE-2024-30085", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-601/advisory.json", "detail_path": "advisories/ZDI-24-601", "id": "ZDI-24-601", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows cldflt Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-601/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23845", "zdi_id": "ZDI-24-601" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SchneiderUPS.exe deskto...", "detail_json": "/data/advisories/ZDI-24-600/advisory.json", "detail_path": "advisories/ZDI-24-600", "id": "ZDI-24-600", "kind": "published", "published_date": "2024-06-11", "status": "published", "title": "Schneider Electric APC Easy UPS Online startRun Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-08-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-600/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21034", "zdi_id": "ZDI-24-600" }, { "cve": "CVE-2024-34115", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-599/advisory.json", "detail_path": "advisories/ZDI-24-599", "id": "ZDI-24-599", "kind": "published", "published_date": "2024-06-11", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-599/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-24054", "zdi_id": "ZDI-24-599" }, { "cve": null, "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target syste...", "detail_json": "/data/advisories/ZDI-24-598/advisory.json", "detail_path": "advisories/ZDI-24-598", "id": "ZDI-24-598", "kind": "published", "published_date": "2024-06-11", "status": "published", "title": "(0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-598/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16220", "zdi_id": "ZDI-24-598" }, { "cve": "CVE-2024-5725", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the initCurveList function. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-24-597/advisory.json", "detail_path": "advisories/ZDI-24-597", "id": "ZDI-24-597", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Centreon initCurveList SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-597/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22683", "zdi_id": "ZDI-24-597" }, { "cve": "CVE-2024-32501", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHost_MC function. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-596/advisory.json", "detail_path": "advisories/ZDI-24-596", "id": "ZDI-24-596", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Centreon updateServiceHost_MC SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-596/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-23561", "zdi_id": "ZDI-24-596" }, { "cve": "CVE-2024-5723", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHost function. The issue results from the la...", "detail_json": "/data/advisories/ZDI-24-595/advisory.json", "detail_path": "advisories/ZDI-24-595", "id": "ZDI-24-595", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-595/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-23294", "zdi_id": "ZDI-24-595" }, { "cve": "CVE-2024-32639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-594/advisory.json", "detail_path": "advisories/ZDI-24-594", "id": "ZDI-24-594", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Siemens Tecnomatix Plant Simulation MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-594/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22974", "zdi_id": "ZDI-24-594" }, { "cve": "CVE-2023-31436", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-593/advisory.json", "detail_path": "advisories/ZDI-24-593", "id": "ZDI-24-593", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel Net Scheduler Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-593/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18568", "zdi_id": "ZDI-24-593" }, { "cve": "CVE-2023-39189", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-592/advisory.json", "detail_path": "advisories/ZDI-24-592", "id": "ZDI-24-592", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel nftables Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-592/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18745", "zdi_id": "ZDI-24-592" }, { "cve": "CVE-2023-42755", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-591/advisory.json", "detail_path": "advisories/ZDI-24-591", "id": "ZDI-24-591", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel RSVP Filter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-591/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18387", "zdi_id": "ZDI-24-591" }, { "cve": "CVE-2023-4458", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd...", "detail_json": "/data/advisories/ZDI-24-590/advisory.json", "detail_path": "advisories/ZDI-24-590", "id": "ZDI-24-590", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel ksmbd smb2_open Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-590/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21824", "zdi_id": "ZDI-24-590" }, { "cve": "CVE-2023-39180", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-24-589/advisory.json", "detail_path": "advisories/ZDI-24-589", "id": "ZDI-24-589", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel ksmbd Read Request Memory Leak Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-589/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21588", "zdi_id": "ZDI-24-589" }, { "cve": "CVE-2023-39179", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-588/advisory.json", "detail_path": "advisories/ZDI-24-588", "id": "ZDI-24-588", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel ksmbd Read Request Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-588/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21587", "zdi_id": "ZDI-24-588" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-587/advisory.json", "detail_path": "advisories/ZDI-24-587", "id": "ZDI-24-587", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel ksmbd SetInfo Request Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-587/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21598", "zdi_id": "ZDI-24-587" }, { "cve": "CVE-2023-39176", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-586/advisory.json", "detail_path": "advisories/ZDI-24-586", "id": "ZDI-24-586", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Linux Kernel ksmbd Transform Header Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-586/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21589", "zdi_id": "ZDI-24-586" }, { "cve": "CVE-2024-36473", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-24-585/advisory.json", "detail_path": "advisories/ZDI-24-585", "id": "ZDI-24-585", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "Trend Micro VPN Proxy One Pro Link Following Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22715", "zdi_id": "ZDI-24-585" }, { "cve": "CVE-2023-51635", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue result...", "detail_json": "/data/advisories/ZDI-24-584/advisory.json", "detail_path": "advisories/ZDI-24-584", "id": "ZDI-24-584", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-584/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19843", "zdi_id": "ZDI-24-584" }, { "cve": "CVE-2023-51634", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the do...", "detail_json": "/data/advisories/ZDI-24-583/advisory.json", "detail_path": "advisories/ZDI-24-583", "id": "ZDI-24-583", "kind": "published", "published_date": "2024-06-10", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-583/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19589", "zdi_id": "ZDI-24-583" }, { "cve": "CVE-2024-1167", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atttackers to disclose sensitive information on affected installations of SEW-EURODRIVE MOVITOOLS MotionStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-24-582/advisory.json", "detail_path": "advisories/ZDI-24-582", "id": "ZDI-24-582", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "SEW-EURODRIVE MOVITOOLS MotionStudio XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-582/", "vendor": "SEW-EURODRIVE", "vendor_url": null, "zdi_can": "ZDI-CAN-19094", "zdi_id": "ZDI-24-582" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulner...", "detail_json": "/data/advisories/ZDI-24-581/advisory.json", "detail_path": "advisories/ZDI-24-581", "id": "ZDI-24-581", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-581/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22281", "zdi_id": "ZDI-24-581" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Artifact Registry Container images. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default credential...", "detail_json": "/data/advisories/ZDI-24-580/advisory.json", "detail_path": "advisories/ZDI-24-580", "id": "ZDI-24-580", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22149", "zdi_id": "ZDI-24-580" }, { "cve": "CVE-2024-27836", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The sp...", "detail_json": "/data/advisories/ZDI-24-579/advisory.json", "detail_path": "advisories/ZDI-24-579", "id": "ZDI-24-579", "kind": "published", "published_date": "2024-06-12", "status": "published", "title": "Apple macOS PPM Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-579/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22309", "zdi_id": "ZDI-24-579" }, { "cve": "CVE-2024-23286", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-578/advisory.json", "detail_path": "advisories/ZDI-24-578", "id": "ZDI-24-578", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-578/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22897", "zdi_id": "ZDI-24-578" }, { "cve": "CVE-2024-37289", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-24-577/advisory.json", "detail_path": "advisories/ZDI-24-577", "id": "ZDI-24-577", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-577/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21599", "zdi_id": "ZDI-24-577" }, { "cve": "CVE-2024-32849", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-576/advisory.json", "detail_path": "advisories/ZDI-24-576", "id": "ZDI-24-576", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-576/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22269", "zdi_id": "ZDI-24-576" }, { "cve": "CVE-2024-36358", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-24-575/advisory.json", "detail_path": "advisories/ZDI-24-575", "id": "ZDI-24-575", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21461", "zdi_id": "ZDI-24-575" }, { "cve": "CVE-2024-36359", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP Inspection...", "detail_json": "/data/advisories/ZDI-24-574/advisory.json", "detail_path": "advisories/ZDI-24-574", "id": "ZDI-24-574", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-574/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21495", "zdi_id": "ZDI-24-574" }, { "cve": "CVE-2024-36307", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-24-573/advisory.json", "detail_path": "advisories/ZDI-24-573", "id": "ZDI-24-573", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-573/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22032", "zdi_id": "ZDI-24-573" }, { "cve": "CVE-2024-36305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-572/advisory.json", "detail_path": "advisories/ZDI-24-572", "id": "ZDI-24-572", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-572/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22693", "zdi_id": "ZDI-24-572" }, { "cve": "CVE-2024-36304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-571/advisory.json", "detail_path": "advisories/ZDI-24-571", "id": "ZDI-24-571", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-571/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22667", "zdi_id": "ZDI-24-571" }, { "cve": "CVE-2024-36303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-570/advisory.json", "detail_path": "advisories/ZDI-24-570", "id": "ZDI-24-570", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-570/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22481", "zdi_id": "ZDI-24-570" }, { "cve": "CVE-2024-36302", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-569/advisory.json", "detail_path": "advisories/ZDI-24-569", "id": "ZDI-24-569", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-569/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22039", "zdi_id": "ZDI-24-569" }, { "cve": "CVE-2024-36306", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...", "detail_json": "/data/advisories/ZDI-24-568/advisory.json", "detail_path": "advisories/ZDI-24-568", "id": "ZDI-24-568", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Trend Micro Apex One Damage Cleanup Engine Link Following Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-568/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-22038", "zdi_id": "ZDI-24-568" }, { "cve": "CVE-2024-0444", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-567/advisory.json", "detail_path": "advisories/ZDI-24-567", "id": "ZDI-24-567", "kind": "published", "published_date": "2024-06-05", "status": "published", "title": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-567/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-22873", "zdi_id": "ZDI-24-567" }, { "cve": "CVE-2024-30374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-566/advisory.json", "detail_path": "advisories/ZDI-24-566", "id": "ZDI-24-566", "kind": "published", "published_date": "2024-06-05", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-566/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22449", "zdi_id": "ZDI-24-566" }, { "cve": "CVE-2024-30375", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-565/advisory.json", "detail_path": "advisories/ZDI-24-565", "id": "ZDI-24-565", "kind": "published", "published_date": "2024-06-05", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-565/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22515", "zdi_id": "ZDI-24-565" }, { "cve": "CVE-2024-5597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-564/advisory.json", "detail_path": "advisories/ZDI-24-564", "id": "ZDI-24-564", "kind": "published", "published_date": "2024-06-05", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-564/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22748", "zdi_id": "ZDI-24-564" }, { "cve": "CVE-2024-5505", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The...", "detail_json": "/data/advisories/ZDI-24-563/advisory.json", "detail_path": "advisories/ZDI-24-563", "id": "ZDI-24-563", "kind": "published", "published_date": "2024-06-04", "status": "published", "title": "NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-563/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-22724", "zdi_id": "ZDI-24-563" }, { "cve": "CVE-2023-6234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The...", "detail_json": "/data/advisories/ZDI-24-562/advisory.json", "detail_path": "advisories/ZDI-24-562", "id": "ZDI-24-562", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Canon imageCLASS MF753Cdw setResource Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-562/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22557", "zdi_id": "ZDI-24-562" }, { "cve": "CVE-2024-4358", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Regis...", "detail_json": "/data/advisories/ZDI-24-561/advisory.json", "detail_path": "advisories/ZDI-24-561", "id": "ZDI-24-561", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Progress Software Telerik Reporting Register Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-561/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23879", "zdi_id": "ZDI-24-561" }, { "cve": "CVE-2023-50738", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `/usr/bin/hydra` service,...", "detail_json": "/data/advisories/ZDI-24-560/advisory.json", "detail_path": "advisories/ZDI-24-560", "id": "ZDI-24-560", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-560/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22550", "zdi_id": "ZDI-24-560" }, { "cve": "CVE-2024-1867", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-559/advisory.json", "detail_path": "advisories/ZDI-24-559", "id": "ZDI-24-559", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-559/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-22312", "zdi_id": "ZDI-24-559" }, { "cve": "CVE-2024-1868", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-24-558/advisory.json", "detail_path": "advisories/ZDI-24-558", "id": "ZDI-24-558", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-558/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-22313", "zdi_id": "ZDI-24-558" }, { "cve": "CVE-2024-30373", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-557/advisory.json", "detail_path": "advisories/ZDI-24-557", "id": "ZDI-24-557", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-557/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22092", "zdi_id": "ZDI-24-557" }, { "cve": "CVE-2024-5513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-556/advisory.json", "detail_path": "advisories/ZDI-24-556", "id": "ZDI-24-556", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-556/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22044", "zdi_id": "ZDI-24-556" }, { "cve": "CVE-2024-5512", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-555/advisory.json", "detail_path": "advisories/ZDI-24-555", "id": "ZDI-24-555", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-555/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22021", "zdi_id": "ZDI-24-555" }, { "cve": "CVE-2024-5511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-554/advisory.json", "detail_path": "advisories/ZDI-24-554", "id": "ZDI-24-554", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-554/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22020", "zdi_id": "ZDI-24-554" }, { "cve": "CVE-2024-5510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-553/advisory.json", "detail_path": "advisories/ZDI-24-553", "id": "ZDI-24-553", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-553/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22019", "zdi_id": "ZDI-24-553" }, { "cve": "CVE-2024-5307", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-552/advisory.json", "detail_path": "advisories/ZDI-24-552", "id": "ZDI-24-552", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-552/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22933", "zdi_id": "ZDI-24-552" }, { "cve": "CVE-2024-5306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-551/advisory.json", "detail_path": "advisories/ZDI-24-551", "id": "ZDI-24-551", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-551/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22930", "zdi_id": "ZDI-24-551" }, { "cve": "CVE-2024-5305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-550/advisory.json", "detail_path": "advisories/ZDI-24-550", "id": "ZDI-24-550", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-550/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22921", "zdi_id": "ZDI-24-550" }, { "cve": "CVE-2024-5304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-549/advisory.json", "detail_path": "advisories/ZDI-24-549", "id": "ZDI-24-549", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-549/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22920", "zdi_id": "ZDI-24-549" }, { "cve": "CVE-2024-5303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-548/advisory.json", "detail_path": "advisories/ZDI-24-548", "id": "ZDI-24-548", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-548/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22919", "zdi_id": "ZDI-24-548" }, { "cve": "CVE-2024-5302", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-547/advisory.json", "detail_path": "advisories/ZDI-24-547", "id": "ZDI-24-547", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-547/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22918", "zdi_id": "ZDI-24-547" }, { "cve": "CVE-2024-5301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-546/advisory.json", "detail_path": "advisories/ZDI-24-546", "id": "ZDI-24-546", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-546/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22917", "zdi_id": "ZDI-24-546" }, { "cve": "CVE-2024-5269", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messag...", "detail_json": "/data/advisories/ZDI-24-545/advisory.json", "detail_path": "advisories/ZDI-24-545", "id": "ZDI-24-545", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-545/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-22459", "zdi_id": "ZDI-24-545" }, { "cve": "CVE-2024-5268", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB...", "detail_json": "/data/advisories/ZDI-24-544/advisory.json", "detail_path": "advisories/ZDI-24-544", "id": "ZDI-24-544", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-544/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-22428", "zdi_id": "ZDI-24-544" }, { "cve": "CVE-2024-5267", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messag...", "detail_json": "/data/advisories/ZDI-24-543/advisory.json", "detail_path": "advisories/ZDI-24-543", "id": "ZDI-24-543", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-543/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-22384", "zdi_id": "ZDI-24-543" }, { "cve": "CVE-2024-5256", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB...", "detail_json": "/data/advisories/ZDI-24-542/advisory.json", "detail_path": "advisories/ZDI-24-542", "id": "ZDI-24-542", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-542/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-22336", "zdi_id": "ZDI-24-542" }, { "cve": "CVE-2024-5507", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-541/advisory.json", "detail_path": "advisories/ZDI-24-541", "id": "ZDI-24-541", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-541/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22266", "zdi_id": "ZDI-24-541" }, { "cve": "CVE-2024-5509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-540/advisory.json", "detail_path": "advisories/ZDI-24-540", "id": "ZDI-24-540", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-540/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22738", "zdi_id": "ZDI-24-540" }, { "cve": "CVE-2024-5508", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-539/advisory.json", "detail_path": "advisories/ZDI-24-539", "id": "ZDI-24-539", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-539/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22267", "zdi_id": "ZDI-24-539" }, { "cve": "CVE-2024-5506", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-538/advisory.json", "detail_path": "advisories/ZDI-24-538", "id": "ZDI-24-538", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-538/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22514", "zdi_id": "ZDI-24-538" }, { "cve": "CVE-2024-34579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-537/advisory.json", "detail_path": "advisories/ZDI-24-537", "id": "ZDI-24-537", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Alpha5 C5V File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-537/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21419", "zdi_id": "ZDI-24-537" }, { "cve": "CVE-2024-34579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-536/advisory.json", "detail_path": "advisories/ZDI-24-536", "id": "ZDI-24-536", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Alpha5 C5V File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-536/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21423", "zdi_id": "ZDI-24-536" }, { "cve": "CVE-2024-34171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-535/advisory.json", "detail_path": "advisories/ZDI-24-535", "id": "ZDI-24-535", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-535/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22908", "zdi_id": "ZDI-24-535" }, { "cve": "CVE-2024-34171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-534/advisory.json", "detail_path": "advisories/ZDI-24-534", "id": "ZDI-24-534", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-534/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22896", "zdi_id": "ZDI-24-534" }, { "cve": "CVE-2024-34171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-533/advisory.json", "detail_path": "advisories/ZDI-24-533", "id": "ZDI-24-533", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-533/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22874", "zdi_id": "ZDI-24-533" }, { "cve": "CVE-2024-34171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-532/advisory.json", "detail_path": "advisories/ZDI-24-532", "id": "ZDI-24-532", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-532/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22815", "zdi_id": "ZDI-24-532" }, { "cve": "CVE-2024-5271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-531/advisory.json", "detail_path": "advisories/ZDI-24-531", "id": "ZDI-24-531", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-531/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22814", "zdi_id": "ZDI-24-531" }, { "cve": "CVE-2024-34171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-24-530/advisory.json", "detail_path": "advisories/ZDI-24-530", "id": "ZDI-24-530", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-530/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22749", "zdi_id": "ZDI-24-530" }, { "cve": "CVE-2024-22269", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-24-529/advisory.json", "detail_path": "advisories/ZDI-24-529", "id": "ZDI-24-529", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-529/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23782", "zdi_id": "ZDI-24-529" }, { "cve": "CVE-2024-22270", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-24-528/advisory.json", "detail_path": "advisories/ZDI-24-528", "id": "ZDI-24-528", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-528/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23783", "zdi_id": "ZDI-24-528" }, { "cve": "CVE-2024-22267", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-24-527/advisory.json", "detail_path": "advisories/ZDI-24-527", "id": "ZDI-24-527", "kind": "published", "published_date": "2024-05-31", "status": "published", "title": "(Pwn2Own) VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-527/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23847", "zdi_id": "ZDI-24-527" }, { "cve": "CVE-2024-22267", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-24-526/advisory.json", "detail_path": "advisories/ZDI-24-526", "id": "ZDI-24-526", "kind": "published", "published_date": "2024-05-30", "status": "published", "title": "(Pwn2Own) VMware Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-526/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23844", "zdi_id": "ZDI-24-526" }, { "cve": "CVE-2024-30369", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-24-525/advisory.json", "detail_path": "advisories/ZDI-24-525", "id": "ZDI-24-525", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/", "vendor": "A10", "vendor_url": null, "zdi_can": "ZDI-CAN-22754", "zdi_id": "ZDI-24-525" }, { "cve": "CVE-2024-30368", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-524/advisory.json", "detail_path": "advisories/ZDI-24-524", "id": "ZDI-24-524", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-524/", "vendor": "A10", "vendor_url": null, "zdi_can": "ZDI-CAN-22517", "zdi_id": "ZDI-24-524" }, { "cve": "CVE-2024-28137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...", "detail_json": "/data/advisories/ZDI-24-523/advisory.json", "detail_path": "advisories/ZDI-24-523", "id": "ZDI-24-523", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "Phoenix Contact CHARX SEC-3100 Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-523/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-20923", "zdi_id": "ZDI-24-523" }, { "cve": "CVE-2024-28135", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...", "detail_json": "/data/advisories/ZDI-24-522/advisory.json", "detail_path": "advisories/ZDI-24-522", "id": "ZDI-24-522", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Filename Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-522/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23330", "zdi_id": "ZDI-24-522" }, { "cve": "CVE-2024-28136", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of t...", "detail_json": "/data/advisories/ZDI-24-521/advisory.json", "detail_path": "advisories/ZDI-24-521", "id": "ZDI-24-521", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP charx_pack_logs Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-521/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23391", "zdi_id": "ZDI-24-521" }, { "cve": "CVE-2024-28134", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration...", "detail_json": "/data/advisories/ZDI-24-520/advisory.json", "detail_path": "advisories/ZDI-24-520", "id": "ZDI-24-520", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-520/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23418", "zdi_id": "ZDI-24-520" }, { "cve": "CVE-2024-28133", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-24-519/advisory.json", "detail_path": "advisories/ZDI-24-519", "id": "ZDI-24-519", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-519/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-23419", "zdi_id": "ZDI-24-519" }, { "cve": "CVE-2024-4357", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-24-518/advisory.json", "detail_path": "advisories/ZDI-24-518", "id": "ZDI-24-518", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-518/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23880", "zdi_id": "ZDI-24-518" }, { "cve": "CVE-2024-4561", "cvss": 4.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the FaviconController class. Th...", "detail_json": "/data/advisories/ZDI-24-517/advisory.json", "detail_path": "advisories/ZDI-24-517", "id": "ZDI-24-517", "kind": "published", "published_date": "2024-05-29", "status": "published", "title": "Progress Software WhatsUp Gold FaviconController Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-517/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23353", "zdi_id": "ZDI-24-517" }, { "cve": "CVE-2024-4562", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the HttpContentActiveController...", "detail_json": "/data/advisories/ZDI-24-516/advisory.json", "detail_path": "advisories/ZDI-24-516", "id": "ZDI-24-516", "kind": "published", "published_date": "2024-05-28", "status": "published", "title": "Progress Software WhatsUp Gold HttpContentActiveController Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-516/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23447", "zdi_id": "ZDI-24-516" }, { "cve": "CVE-2024-5247", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The...", "detail_json": "/data/advisories/ZDI-24-515/advisory.json", "detail_path": "advisories/ZDI-24-515", "id": "ZDI-24-515", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-515/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-22951", "zdi_id": "ZDI-24-515" }, { "cve": "CVE-2024-29846", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetVulnerabilitiesDataTable method. The is...", "detail_json": "/data/advisories/ZDI-24-514/advisory.json", "detail_path": "advisories/ZDI-24-514", "id": "ZDI-24-514", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-514/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23549", "zdi_id": "ZDI-24-514" }, { "cve": "CVE-2024-29830", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesNameUniqueSQL method. The i...", "detail_json": "/data/advisories/ZDI-24-513/advisory.json", "detail_path": "advisories/ZDI-24-513", "id": "ZDI-24-513", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetLogFileRulesNameUniqueSQL SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-513/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23538", "zdi_id": "ZDI-24-513" }, { "cve": "CVE-2024-29829", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesSQL method. The issue resul...", "detail_json": "/data/advisories/ZDI-24-512/advisory.json", "detail_path": "advisories/ZDI-24-512", "id": "ZDI-24-512", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetLogFileRulesSQL SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-512/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23537", "zdi_id": "ZDI-24-512" }, { "cve": "CVE-2024-29828", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetRulesetsSQL method. The issue results f...", "detail_json": "/data/advisories/ZDI-24-511/advisory.json", "detail_path": "advisories/ZDI-24-511", "id": "ZDI-24-511", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetRulesetsSQL SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-511/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23536", "zdi_id": "ZDI-24-511" }, { "cve": "CVE-2024-29827", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatchProduc...", "detail_json": "/data/advisories/ZDI-24-510/advisory.json", "detail_path": "advisories/ZDI-24-510", "id": "ZDI-24-510", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetDBPatchProducts SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-510/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23517", "zdi_id": "ZDI-24-510" }, { "cve": "CVE-2024-29826", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatches met...", "detail_json": "/data/advisories/ZDI-24-509/advisory.json", "detail_path": "advisories/ZDI-24-509", "id": "ZDI-24-509", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-509/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23516", "zdi_id": "ZDI-24-509" }, { "cve": "CVE-2024-29825", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordBrokenApp...", "detail_json": "/data/advisories/ZDI-24-508/advisory.json", "detail_path": "advisories/ZDI-24-508", "id": "ZDI-24-508", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager RecordBrokenApp SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-508/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23484", "zdi_id": "ZDI-24-508" }, { "cve": "CVE-2024-29824", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp me...", "detail_json": "/data/advisories/ZDI-24-507/advisory.json", "detail_path": "advisories/ZDI-24-507", "id": "ZDI-24-507", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-507/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23482", "zdi_id": "ZDI-24-507" }, { "cve": "CVE-2024-29823", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBVulnerabili...", "detail_json": "/data/advisories/ZDI-24-506/advisory.json", "detail_path": "advisories/ZDI-24-506", "id": "ZDI-24-506", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager GetDBVulnerabilities SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-506/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23518", "zdi_id": "ZDI-24-506" }, { "cve": "CVE-2024-29822", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp me...", "detail_json": "/data/advisories/ZDI-24-505/advisory.json", "detail_path": "advisories/ZDI-24-505", "id": "ZDI-24-505", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-505/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23483", "zdi_id": "ZDI-24-505" }, { "cve": "CVE-2024-29848", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-504/advisory.json", "detail_path": "advisories/ZDI-24-504", "id": "ZDI-24-504", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-504/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-23525", "zdi_id": "ZDI-24-504" }, { "cve": "CVE-2024-5244", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to...", "detail_json": "/data/advisories/ZDI-24-503/advisory.json", "detail_path": "advisories/ZDI-24-503", "id": "ZDI-24-503", "kind": "published", "published_date": "2024-05-23", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22439", "zdi_id": "ZDI-24-503" }, { "cve": "CVE-2024-5243", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use th...", "detail_json": "/data/advisories/ZDI-24-502/advisory.json", "detail_path": "advisories/ZDI-24-502", "id": "ZDI-24-502", "kind": "published", "published_date": "2024-05-23", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22523", "zdi_id": "ZDI-24-502" }, { "cve": "CVE-2024-5242", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use th...", "detail_json": "/data/advisories/ZDI-24-501/advisory.json", "detail_path": "advisories/ZDI-24-501", "id": "ZDI-24-501", "kind": "published", "published_date": "2024-05-23", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22522", "zdi_id": "ZDI-24-501" }, { "cve": "CVE-2024-5228", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use th...", "detail_json": "/data/advisories/ZDI-24-500/advisory.json", "detail_path": "advisories/ZDI-24-500", "id": "ZDI-24-500", "kind": "published", "published_date": "2024-05-23", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22383", "zdi_id": "ZDI-24-500" }, { "cve": "CVE-2024-5227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a...", "detail_json": "/data/advisories/ZDI-24-499/advisory.json", "detail_path": "advisories/ZDI-24-499", "id": "ZDI-24-499", "kind": "published", "published_date": "2024-05-23", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22446", "zdi_id": "ZDI-24-499" }, { "cve": "CVE-2024-5247", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The...", "detail_json": "/data/advisories/ZDI-24-498/advisory.json", "detail_path": "advisories/ZDI-24-498", "id": "ZDI-24-498", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-498/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-22923", "zdi_id": "ZDI-24-498" }, { "cve": "CVE-2024-5246", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The i...", "detail_json": "/data/advisories/ZDI-24-497/advisory.json", "detail_path": "advisories/ZDI-24-497", "id": "ZDI-24-497", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-22868", "zdi_id": "ZDI-24-497" }, { "cve": "CVE-2024-5245", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-24-496/advisory.json", "detail_path": "advisories/ZDI-24-496", "id": "ZDI-24-496", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-496/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-22755", "zdi_id": "ZDI-24-496" }, { "cve": "CVE-2024-30037", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-495/advisory.json", "detail_path": "advisories/ZDI-24-495", "id": "ZDI-24-495", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "(Pwn2Own) Microsoft Windows CLFS Integer Underflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-495/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23790", "zdi_id": "ZDI-24-495" }, { "cve": "CVE-2024-22268", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workstation. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-24-494/advisory.json", "detail_path": "advisories/ZDI-24-494", "id": "ZDI-24-494", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "VMware Workstation SVGA Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-494/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-23490", "zdi_id": "ZDI-24-494" }, { "cve": "CVE-2024-30279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-493/advisory.json", "detail_path": "advisories/ZDI-24-493", "id": "ZDI-24-493", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-493/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22887", "zdi_id": "ZDI-24-493" }, { "cve": "CVE-2024-30280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-492/advisory.json", "detail_path": "advisories/ZDI-24-492", "id": "ZDI-24-492", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-492/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22867", "zdi_id": "ZDI-24-492" }, { "cve": "CVE-2024-4454", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-24-491/advisory.json", "detail_path": "advisories/ZDI-24-491", "id": "ZDI-24-491", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-491/", "vendor": "WithSecure", "vendor_url": null, "zdi_can": "ZDI-CAN-23035", "zdi_id": "ZDI-24-491" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-490/advisory.json", "detail_path": "advisories/ZDI-24-490", "id": "ZDI-24-490", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report Processing AddComboFile Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-490/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22364", "zdi_id": "ZDI-24-490" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-489/advisory.json", "detail_path": "advisories/ZDI-24-489", "id": "ZDI-24-489", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report File Open Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-489/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22465", "zdi_id": "ZDI-24-489" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-488/advisory.json", "detail_path": "advisories/ZDI-24-488", "id": "ZDI-24-488", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report TextFile Open Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-488/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22358", "zdi_id": "ZDI-24-488" }, { "cve": "CVE-2024-5040", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-487/advisory.json", "detail_path": "advisories/ZDI-24-487", "id": "ZDI-24-487", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report STRING READFROMFILE Path Traversal Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-487/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22468", "zdi_id": "ZDI-24-487" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-486/advisory.json", "detail_path": "advisories/ZDI-24-486", "id": "ZDI-24-486", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report STRING WRITETOFILE Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-486/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22467", "zdi_id": "ZDI-24-486" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-485/advisory.json", "detail_path": "advisories/ZDI-24-485", "id": "ZDI-24-485", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report TextFile OpenWithoutMemory Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-485/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22469", "zdi_id": "ZDI-24-485" }, { "cve": "CVE-2024-5040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-484/advisory.json", "detail_path": "advisories/ZDI-24-484", "id": "ZDI-24-484", "kind": "published", "published_date": "2024-05-22", "status": "published", "title": "LAquis SCADA LGX Report Table Save Path Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-484/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-22470", "zdi_id": "ZDI-24-484" }, { "cve": "CVE-2024-30310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-483/advisory.json", "detail_path": "advisories/ZDI-24-483", "id": "ZDI-24-483", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-483/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23327", "zdi_id": "ZDI-24-483" }, { "cve": "CVE-2024-34094", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-482/advisory.json", "detail_path": "advisories/ZDI-24-482", "id": "ZDI-24-482", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-482/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23474", "zdi_id": "ZDI-24-482" }, { "cve": "CVE-2024-34095", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-481/advisory.json", "detail_path": "advisories/ZDI-24-481", "id": "ZDI-24-481", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-481/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23475", "zdi_id": "ZDI-24-481" }, { "cve": "CVE-2024-34096", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-480/advisory.json", "detail_path": "advisories/ZDI-24-480", "id": "ZDI-24-480", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-480/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23472", "zdi_id": "ZDI-24-480" }, { "cve": "CVE-2024-30284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-479/advisory.json", "detail_path": "advisories/ZDI-24-479", "id": "ZDI-24-479", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-479/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23466", "zdi_id": "ZDI-24-479" }, { "cve": "CVE-2024-34097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-478/advisory.json", "detail_path": "advisories/ZDI-24-478", "id": "ZDI-24-478", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-478/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23473", "zdi_id": "ZDI-24-478" }, { "cve": "CVE-2024-34101", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-477/advisory.json", "detail_path": "advisories/ZDI-24-477", "id": "ZDI-24-477", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-477/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23614", "zdi_id": "ZDI-24-477" }, { "cve": "CVE-2023-51365", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HLS_tmp parameter prov...", "detail_json": "/data/advisories/ZDI-24-476/advisory.json", "detail_path": "advisories/ZDI-24-476", "id": "ZDI-24-476", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 HLS_tmp Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-476/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22407", "zdi_id": "ZDI-24-476" }, { "cve": "CVE-2023-51364", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue...", "detail_json": "/data/advisories/ZDI-24-475/advisory.json", "detail_path": "advisories/ZDI-24-475", "id": "ZDI-24-475", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-475/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22410", "zdi_id": "ZDI-24-475" }, { "cve": "CVE-2024-32766", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privWizard.cgi endpoint. The issue result...", "detail_json": "/data/advisories/ZDI-24-474/advisory.json", "detail_path": "advisories/ZDI-24-474", "id": "ZDI-24-474", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Exposed Dangerous Method Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-474/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22495", "zdi_id": "ZDI-24-474" }, { "cve": "CVE-2024-27124", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-24-473/advisory.json", "detail_path": "advisories/ZDI-24-473", "id": "ZDI-24-473", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Authentication Service Improper Certificate Validation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-473/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22378", "zdi_id": "ZDI-24-473" }, { "cve": "CVE-2024-32764", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device's localhost interface, which can be accomplished using a malicio...", "detail_json": "/data/advisories/ZDI-24-472/advisory.json", "detail_path": "advisories/ZDI-24-472", "id": "ZDI-24-472", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-472/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22457", "zdi_id": "ZDI-24-472" }, { "cve": "CVE-2024-21901", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-24-471/advisory.json", "detail_path": "advisories/ZDI-24-471", "id": "ZDI-24-471", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-471/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22494", "zdi_id": "ZDI-24-471" }, { "cve": "CVE-2024-21899", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to make arbitrary changes to configuration on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privWizard API endpoi...", "detail_json": "/data/advisories/ZDI-24-470/advisory.json", "detail_path": "advisories/ZDI-24-470", "id": "ZDI-24-470", "kind": "published", "published_date": "2024-05-19", "status": "published", "title": "(Pwn2Own) QNAP TS-464 QR Code Device CRLF Injection Arbitrary Configuration Change Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-470/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-22493", "zdi_id": "ZDI-24-470" }, { "cve": "CVE-2023-51636", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-469/advisory.json", "detail_path": "advisories/ZDI-24-469", "id": "ZDI-24-469", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Avira Prime Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-469/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-21600", "zdi_id": "ZDI-24-469" }, { "cve": "CVE-2023-51637", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the DICOM service, whic...", "detail_json": "/data/advisories/ZDI-24-468/advisory.json", "detail_path": "advisories/ZDI-24-468", "id": "ZDI-24-468", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-468/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21579", "zdi_id": "ZDI-24-468" }, { "cve": "CVE-2024-4453", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-467/advisory.json", "detail_path": "advisories/ZDI-24-467", "id": "ZDI-24-467", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-23896", "zdi_id": "ZDI-24-467" }, { "cve": "CVE-2024-32066", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-466/advisory.json", "detail_path": "advisories/ZDI-24-466", "id": "ZDI-24-466", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-466/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21578", "zdi_id": "ZDI-24-466" }, { "cve": "CVE-2024-32059", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-465/advisory.json", "detail_path": "advisories/ZDI-24-465", "id": "ZDI-24-465", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-465/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21564", "zdi_id": "ZDI-24-465" }, { "cve": "CVE-2024-32061", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-464/advisory.json", "detail_path": "advisories/ZDI-24-464", "id": "ZDI-24-464", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-464/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21566", "zdi_id": "ZDI-24-464" }, { "cve": "CVE-2024-32062", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-463/advisory.json", "detail_path": "advisories/ZDI-24-463", "id": "ZDI-24-463", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-463/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21568", "zdi_id": "ZDI-24-463" }, { "cve": "CVE-2024-32063", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-462/advisory.json", "detail_path": "advisories/ZDI-24-462", "id": "ZDI-24-462", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-462/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21573", "zdi_id": "ZDI-24-462" }, { "cve": "CVE-2024-32064", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-461/advisory.json", "detail_path": "advisories/ZDI-24-461", "id": "ZDI-24-461", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-461/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21575", "zdi_id": "ZDI-24-461" }, { "cve": "CVE-2024-32065", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-460/advisory.json", "detail_path": "advisories/ZDI-24-460", "id": "ZDI-24-460", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-460/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21577", "zdi_id": "ZDI-24-460" }, { "cve": "CVE-2024-32060", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-459/advisory.json", "detail_path": "advisories/ZDI-24-459", "id": "ZDI-24-459", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-459/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21565", "zdi_id": "ZDI-24-459" }, { "cve": "CVE-2024-32057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-458/advisory.json", "detail_path": "advisories/ZDI-24-458", "id": "ZDI-24-458", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-458/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21562", "zdi_id": "ZDI-24-458" }, { "cve": "CVE-2024-32058", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-457/advisory.json", "detail_path": "advisories/ZDI-24-457", "id": "ZDI-24-457", "kind": "published", "published_date": "2024-05-17", "status": "published", "title": "Siemens Simcenter Femap IGS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-457/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21563", "zdi_id": "ZDI-24-457" }, { "cve": "CVE-2024-4044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-24-456/advisory.json", "detail_path": "advisories/ZDI-24-456", "id": "ZDI-24-456", "kind": "published", "published_date": "2024-05-15", "status": "published", "title": "NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-456/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21906", "zdi_id": "ZDI-24-456" }, { "cve": "CVE-2024-28075", "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-24-455/advisory.json", "detail_path": "advisories/ZDI-24-455", "id": "ZDI-24-455", "kind": "published", "published_date": "2024-05-15", "status": "published", "title": "SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-455/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23500", "zdi_id": "ZDI-24-455" }, { "cve": "CVE-2024-23473", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ in...", "detail_json": "/data/advisories/ZDI-24-454/advisory.json", "detail_path": "advisories/ZDI-24-454", "id": "ZDI-24-454", "kind": "published", "published_date": "2024-05-15", "status": "published", "title": "SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-454/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-23059", "zdi_id": "ZDI-24-454" }, { "cve": "CVE-2024-30043", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the BaseXmlDataSource class. Due to the i...", "detail_json": "/data/advisories/ZDI-24-453/advisory.json", "detail_path": "advisories/ZDI-24-453", "id": "ZDI-24-453", "kind": "published", "published_date": "2024-05-14", "status": "published", "title": "Microsoft SharePoint BaseXmlDataSource XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-453/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23586", "zdi_id": "ZDI-24-453" }, { "cve": "CVE-2024-30034", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-24-452/advisory.json", "detail_path": "advisories/ZDI-24-452", "id": "ZDI-24-452", "kind": "published", "published_date": "2024-05-14", "status": "published", "title": "Microsoft Windows cldflt Type Confusion Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-452/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22417", "zdi_id": "ZDI-24-452" }, { "cve": "CVE-2024-30033", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-451/advisory.json", "detail_path": "advisories/ZDI-24-451", "id": "ZDI-24-451", "kind": "published", "published_date": "2024-05-14", "status": "published", "title": "Microsoft Windows Search Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-451/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22907", "zdi_id": "ZDI-24-451" }, { "cve": "CVE-2024-5299", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-24-450/advisory.json", "detail_path": "advisories/ZDI-24-450", "id": "ZDI-24-450", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21828", "zdi_id": "ZDI-24-450" }, { "cve": "CVE-2024-5298", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-24-449/advisory.json", "detail_path": "advisories/ZDI-24-449", "id": "ZDI-24-449", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-449/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21842", "zdi_id": "ZDI-24-449" }, { "cve": "CVE-2024-5297", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-24-448/advisory.json", "detail_path": "advisories/ZDI-24-448", "id": "ZDI-24-448", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-448/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21821", "zdi_id": "ZDI-24-448" }, { "cve": "CVE-2024-5296", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-c...", "detail_json": "/data/advisories/ZDI-24-447/advisory.json", "detail_path": "advisories/ZDI-24-447", "id": "ZDI-24-447", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-447/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21991", "zdi_id": "ZDI-24-447" }, { "cve": "CVE-2024-5295", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening...", "detail_json": "/data/advisories/ZDI-24-446/advisory.json", "detail_path": "advisories/ZDI-24-446", "id": "ZDI-24-446", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-446/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21294", "zdi_id": "ZDI-24-446" }, { "cve": "CVE-2024-5294", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi progr...", "detail_json": "/data/advisories/ZDI-24-445/advisory.json", "detail_path": "advisories/ZDI-24-445", "id": "ZDI-24-445", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-445/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21668", "zdi_id": "ZDI-24-445" }, { "cve": "CVE-2024-5293", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP...", "detail_json": "/data/advisories/ZDI-24-444/advisory.json", "detail_path": "advisories/ZDI-24-444", "id": "ZDI-24-444", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21853", "zdi_id": "ZDI-24-444" }, { "cve": "CVE-2024-5292", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-443/advisory.json", "detail_path": "advisories/ZDI-24-443", "id": "ZDI-24-443", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-443/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21426", "zdi_id": "ZDI-24-443" }, { "cve": "CVE-2024-5291", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which li...", "detail_json": "/data/advisories/ZDI-24-442/advisory.json", "detail_path": "advisories/ZDI-24-442", "id": "ZDI-24-442", "kind": "published", "published_date": "2024-05-24", "status": "published", "title": "(0Day) D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-442/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21235", "zdi_id": "ZDI-24-442" }, { "cve": "CVE-2024-1595", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-441/advisory.json", "detail_path": "advisories/ZDI-24-441", "id": "ZDI-24-441", "kind": "published", "published_date": "2024-05-13", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-441/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21884", "zdi_id": "ZDI-24-441" }, { "cve": "CVE-2023-46604", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache ActiveMQ bro...", "detail_json": "/data/advisories/ZDI-24-440/advisory.json", "detail_path": "advisories/ZDI-24-440", "id": "ZDI-24-440", "kind": "published", "published_date": "2024-05-13", "status": "published", "title": "Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-440/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22502", "zdi_id": "ZDI-24-440" }, { "cve": "CVE-2023-24948", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specifi...", "detail_json": "/data/advisories/ZDI-24-439/advisory.json", "detail_path": "advisories/ZDI-24-439", "id": "ZDI-24-439", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-439/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20464", "zdi_id": "ZDI-24-439" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-438/advisory.json", "detail_path": "advisories/ZDI-24-438", "id": "ZDI-24-438", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-438/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22618", "zdi_id": "ZDI-24-438" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-437/advisory.json", "detail_path": "advisories/ZDI-24-437", "id": "ZDI-24-437", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-437/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22619", "zdi_id": "ZDI-24-437" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-436/advisory.json", "detail_path": "advisories/ZDI-24-436", "id": "ZDI-24-436", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-436/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22620", "zdi_id": "ZDI-24-436" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-435/advisory.json", "detail_path": "advisories/ZDI-24-435", "id": "ZDI-24-435", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-435/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22624", "zdi_id": "ZDI-24-435" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-434/advisory.json", "detail_path": "advisories/ZDI-24-434", "id": "ZDI-24-434", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-434/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22625", "zdi_id": "ZDI-24-434" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdme eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-24-433/advisory.json", "detail_path": "advisories/ZDI-24-433", "id": "ZDI-24-433", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-433/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22621", "zdi_id": "ZDI-24-433" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-432/advisory.json", "detail_path": "advisories/ZDI-24-432", "id": "ZDI-24-432", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-432/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22616", "zdi_id": "ZDI-24-432" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-431/advisory.json", "detail_path": "advisories/ZDI-24-431", "id": "ZDI-24-431", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-431/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22623", "zdi_id": "ZDI-24-431" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-430/advisory.json", "detail_path": "advisories/ZDI-24-430", "id": "ZDI-24-430", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-430/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22617", "zdi_id": "ZDI-24-430" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-429/advisory.json", "detail_path": "advisories/ZDI-24-429", "id": "ZDI-24-429", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-429/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22622", "zdi_id": "ZDI-24-429" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-428/advisory.json", "detail_path": "advisories/ZDI-24-428", "id": "ZDI-24-428", "kind": "published", "published_date": "2024-05-09", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-428/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22615", "zdi_id": "ZDI-24-428" }, { "cve": "CVE-2024-30306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-427/advisory.json", "detail_path": "advisories/ZDI-24-427", "id": "ZDI-24-427", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-427/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23106", "zdi_id": "ZDI-24-427" }, { "cve": "CVE-2024-30302", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-24-426/advisory.json", "detail_path": "advisories/ZDI-24-426", "id": "ZDI-24-426", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-426/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23077", "zdi_id": "ZDI-24-426" }, { "cve": "CVE-2024-30303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-425/advisory.json", "detail_path": "advisories/ZDI-24-425", "id": "ZDI-24-425", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-425/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23044", "zdi_id": "ZDI-24-425" }, { "cve": "CVE-2024-30305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-424/advisory.json", "detail_path": "advisories/ZDI-24-424", "id": "ZDI-24-424", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-424/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23043", "zdi_id": "ZDI-24-424" }, { "cve": "CVE-2024-30301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-423/advisory.json", "detail_path": "advisories/ZDI-24-423", "id": "ZDI-24-423", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-423/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23042", "zdi_id": "ZDI-24-423" }, { "cve": "CVE-2024-30304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-422/advisory.json", "detail_path": "advisories/ZDI-24-422", "id": "ZDI-24-422", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-422/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-23040", "zdi_id": "ZDI-24-422" }, { "cve": "CVE-2024-29011", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ECMClientAuthenticator class. T...", "detail_json": "/data/advisories/ZDI-24-421/advisory.json", "detail_path": "advisories/ZDI-24-421", "id": "ZDI-24-421", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-421/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-23521", "zdi_id": "ZDI-24-421" }, { "cve": "CVE-2024-29010", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-24-420/advisory.json", "detail_path": "advisories/ZDI-24-420", "id": "ZDI-24-420", "kind": "published", "published_date": "2024-05-07", "status": "published", "title": "SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-420/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-22675", "zdi_id": "ZDI-24-420" }, { "cve": "CVE-2024-4406", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-419/advisory.json", "detail_path": "advisories/ZDI-24-419", "id": "ZDI-24-419", "kind": "published", "published_date": "2024-05-01", "status": "published", "title": "(Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-419/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-22332", "zdi_id": "ZDI-24-419" }, { "cve": "CVE-2024-4405", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-418/advisory.json", "detail_path": "advisories/ZDI-24-418", "id": "ZDI-24-418", "kind": "published", "published_date": "2024-05-01", "status": "published", "title": "(Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-418/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-22379", "zdi_id": "ZDI-24-418" }, { "cve": "CVE-2023-26322", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-24-417/advisory.json", "detail_path": "advisories/ZDI-24-417", "id": "ZDI-24-417", "kind": "published", "published_date": "2024-05-01", "status": "published", "title": "Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-417/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-22559", "zdi_id": "ZDI-24-417" }, { "cve": "CVE-2023-51633", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue result...", "detail_json": "/data/advisories/ZDI-24-416/advisory.json", "detail_path": "advisories/ZDI-24-416", "id": "ZDI-24-416", "kind": "published", "published_date": "2024-04-29", "status": "published", "title": "Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-20731", "zdi_id": "ZDI-24-416" }, { "cve": "CVE-2024-21113", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-415/advisory.json", "detail_path": "advisories/ZDI-24-415", "id": "ZDI-24-415", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-415/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23775", "zdi_id": "ZDI-24-415" }, { "cve": "CVE-2024-21112", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-24-414/advisory.json", "detail_path": "advisories/ZDI-24-414", "id": "ZDI-24-414", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-414/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23787", "zdi_id": "ZDI-24-414" }, { "cve": "CVE-2024-21115", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-413/advisory.json", "detail_path": "advisories/ZDI-24-413", "id": "ZDI-24-413", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-413/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23796", "zdi_id": "ZDI-24-413" }, { "cve": "CVE-2024-21114", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-24-412/advisory.json", "detail_path": "advisories/ZDI-24-412", "id": "ZDI-24-412", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-412/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23797", "zdi_id": "ZDI-24-412" }, { "cve": "CVE-2024-21121", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-411/advisory.json", "detail_path": "advisories/ZDI-24-411", "id": "ZDI-24-411", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-411/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23798", "zdi_id": "ZDI-24-411" }, { "cve": "CVE-2024-21116", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-24-410/advisory.json", "detail_path": "advisories/ZDI-24-410", "id": "ZDI-24-410", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "Oracle VirtualBox vboxdrv Improper Privilege Management Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-410/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23403", "zdi_id": "ZDI-24-410" }, { "cve": "CVE-2024-21110", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. In add...", "detail_json": "/data/advisories/ZDI-24-409/advisory.json", "detail_path": "advisories/ZDI-24-409", "id": "ZDI-24-409", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-409/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23388", "zdi_id": "ZDI-24-409" }, { "cve": "CVE-2024-21109", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vboxwebsrv service. The issue result...", "detail_json": "/data/advisories/ZDI-24-408/advisory.json", "detail_path": "advisories/ZDI-24-408", "id": "ZDI-24-408", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "Oracle VirtualBox Web Service Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-408/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-23076", "zdi_id": "ZDI-24-408" }, { "cve": "CVE-2024-31083", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-407/advisory.json", "detail_path": "advisories/ZDI-24-407", "id": "ZDI-24-407", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "X.Org Server ProcRenderAddGlyphs Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-407/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22880", "zdi_id": "ZDI-24-407" }, { "cve": "CVE-2023-48633", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-406/advisory.json", "detail_path": "advisories/ZDI-24-406", "id": "ZDI-24-406", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-406/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22173", "zdi_id": "ZDI-24-406" }, { "cve": "CVE-2023-50739", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens...", "detail_json": "/data/advisories/ZDI-24-405/advisory.json", "detail_path": "advisories/ZDI-24-405", "id": "ZDI-24-405", "kind": "published", "published_date": "2024-04-26", "status": "published", "title": "Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-405/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22549", "zdi_id": "ZDI-24-405" }, { "cve": "CVE-2024-23264", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal Framework library is required to exploit this vulnerability but attack vectors may vary depending on the implemen...", "detail_json": "/data/advisories/ZDI-24-404/advisory.json", "detail_path": "advisories/ZDI-24-404", "id": "ZDI-24-404", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Apple macOS Metal Framework PVR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-404/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22327", "zdi_id": "ZDI-24-404" }, { "cve": "CVE-2024-1800", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Report Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The is...", "detail_json": "/data/advisories/ZDI-24-403/advisory.json", "detail_path": "advisories/ZDI-24-403", "id": "ZDI-24-403", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Progress Software Telerik Report Server ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-403/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23903", "zdi_id": "ZDI-24-403" }, { "cve": "CVE-2024-1856", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue...", "detail_json": "/data/advisories/ZDI-24-402/advisory.json", "detail_path": "advisories/ZDI-24-402", "id": "ZDI-24-402", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Progress Software Telerik Reporting ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-402/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23902", "zdi_id": "ZDI-24-402" }, { "cve": "CVE-2024-1801", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-401/advisory.json", "detail_path": "advisories/ZDI-24-401", "id": "ZDI-24-401", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Progress Software Telerik Reporting ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-401/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-23001", "zdi_id": "ZDI-24-401" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft uAMQP for Python. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of uAMQP for Python. W...", "detail_json": "/data/advisories/ZDI-24-400/advisory.json", "detail_path": "advisories/ZDI-24-400", "id": "ZDI-24-400", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Microsoft uAMQP for Python azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-400/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23558", "zdi_id": "ZDI-24-400" }, { "cve": "CVE-2024-29991", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a mali...", "detail_json": "/data/advisories/ZDI-24-399/advisory.json", "detail_path": "advisories/ZDI-24-399", "id": "ZDI-24-399", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Microsoft Windows MHT File Mark-Of-The-Web Bypass Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-399/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22547", "zdi_id": "ZDI-24-399" }, { "cve": "CVE-2023-50260", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of IP address arguments. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-398/advisory.json", "detail_path": "advisories/ZDI-24-398", "id": "ZDI-24-398", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Wazuh Active Response Module Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-398/", "vendor": "Wazuh", "vendor_url": null, "zdi_can": "ZDI-CAN-22560", "zdi_id": "ZDI-24-398" }, { "cve": "CVE-2024-32038", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Analysis Engine service, which listens on TCP port 1514...", "detail_json": "/data/advisories/ZDI-24-397/advisory.json", "detail_path": "advisories/ZDI-24-397", "id": "ZDI-24-397", "kind": "published", "published_date": "2024-04-25", "status": "published", "title": "Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-397/", "vendor": "Wazuh", "vendor_url": null, "zdi_can": "ZDI-CAN-22475", "zdi_id": "ZDI-24-397" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ODSP for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of ODSP. When installed...", "detail_json": "/data/advisories/ZDI-24-396/advisory.json", "detail_path": "advisories/ZDI-24-396", "id": "ZDI-24-396", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-396/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23024", "zdi_id": "ZDI-24-396" }, { "cve": "CVE-2024-27984", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the DELKEY command. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-24-395/advisory.json", "detail_path": "advisories/ZDI-24-395", "id": "ZDI-24-395", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLInfoRailService DELKEY Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-395/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22810", "zdi_id": "ZDI-24-395" }, { "cve": "CVE-2024-27978", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens o...", "detail_json": "/data/advisories/ZDI-24-394/advisory.json", "detail_path": "advisories/ZDI-24-394", "id": "ZDI-24-394", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-394/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22990", "zdi_id": "ZDI-24-394" }, { "cve": "CVE-2024-27977", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-393/advisory.json", "detail_path": "advisories/ZDI-24-393", "id": "ZDI-24-393", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-393/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22989", "zdi_id": "ZDI-24-393" }, { "cve": "CVE-2024-27976", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-392/advisory.json", "detail_path": "advisories/ZDI-24-392", "id": "ZDI-24-392", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-392/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22988", "zdi_id": "ZDI-24-392" }, { "cve": "CVE-2024-27975", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-391/advisory.json", "detail_path": "advisories/ZDI-24-391", "id": "ZDI-24-391", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-391/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22987", "zdi_id": "ZDI-24-391" }, { "cve": "CVE-2024-25000", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-390/advisory.json", "detail_path": "advisories/ZDI-24-390", "id": "ZDI-24-390", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-390/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22986", "zdi_id": "ZDI-24-390" }, { "cve": "CVE-2024-24999", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-389/advisory.json", "detail_path": "advisories/ZDI-24-389", "id": "ZDI-24-389", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-389/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22985", "zdi_id": "ZDI-24-389" }, { "cve": "CVE-2024-24998", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-388/advisory.json", "detail_path": "advisories/ZDI-24-388", "id": "ZDI-24-388", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-388/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22984", "zdi_id": "ZDI-24-388" }, { "cve": "CVE-2024-24997", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-387/advisory.json", "detail_path": "advisories/ZDI-24-387", "id": "ZDI-24-387", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-387/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22950", "zdi_id": "ZDI-24-387" }, { "cve": "CVE-2024-24996", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-24-386/advisory.json", "detail_path": "advisories/ZDI-24-386", "id": "ZDI-24-386", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-386/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22940", "zdi_id": "ZDI-24-386" }, { "cve": "CVE-2024-24995", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the doInTransaction method. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-385/advisory.json", "detail_path": "advisories/ZDI-24-385", "id": "ZDI-24-385", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche doInTransaction Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-385/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22885", "zdi_id": "ZDI-24-385" }, { "cve": "CVE-2024-24994", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the extractZipEntry method. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-384/advisory.json", "detail_path": "advisories/ZDI-24-384", "id": "ZDI-24-384", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche extractZipEntry Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-384/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22866", "zdi_id": "ZDI-24-384" }, { "cve": "CVE-2024-24993", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the InstallPackageThread class. The issue results fro...", "detail_json": "/data/advisories/ZDI-24-383/advisory.json", "detail_path": "advisories/ZDI-24-383", "id": "ZDI-24-383", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche InstallPackageThread Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-383/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22865", "zdi_id": "ZDI-24-383" }, { "cve": "CVE-2024-24992", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getAdhocFilePath method. The issue results from t...", "detail_json": "/data/advisories/ZDI-24-382/advisory.json", "detail_path": "advisories/ZDI-24-382", "id": "ZDI-24-382", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche getAdhocFilePath Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-382/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22854", "zdi_id": "ZDI-24-382" }, { "cve": "CVE-2024-24991", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens o...", "detail_json": "/data/advisories/ZDI-24-381/advisory.json", "detail_path": "advisories/ZDI-24-381", "id": "ZDI-24-381", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-381/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22839", "zdi_id": "ZDI-24-381" }, { "cve": "CVE-2024-23535", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the copyFile method. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-24-380/advisory.json", "detail_path": "advisories/ZDI-24-380", "id": "ZDI-24-380", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche copyFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-380/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22836", "zdi_id": "ZDI-24-380" }, { "cve": "CVE-2024-23534", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getMasterAdhocCollectionsPath method. The issue r...", "detail_json": "/data/advisories/ZDI-24-379/advisory.json", "detail_path": "advisories/ZDI-24-379", "id": "ZDI-24-379", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche getMasterAdhocCollectionsPath Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-379/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22835", "zdi_id": "ZDI-24-379" }, { "cve": "CVE-2024-23532", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 177...", "detail_json": "/data/advisories/ZDI-24-378/advisory.json", "detail_path": "advisories/ZDI-24-378", "id": "ZDI-24-378", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-378/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22827", "zdi_id": "ZDI-24-378" }, { "cve": "CVE-2024-23533", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-377/advisory.json", "detail_path": "advisories/ZDI-24-377", "id": "ZDI-24-377", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-377/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22826", "zdi_id": "ZDI-24-377" }, { "cve": "CVE-2024-23531", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information or create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-24-376/advisory.json", "detail_path": "advisories/ZDI-24-376", "id": "ZDI-24-376", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLInfoRailService Integer Overflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-376/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22756", "zdi_id": "ZDI-24-376" }, { "cve": "CVE-2024-23530", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-375/advisory.json", "detail_path": "advisories/ZDI-24-375", "id": "ZDI-24-375", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-375/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22703", "zdi_id": "ZDI-24-375" }, { "cve": "CVE-2024-23529", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-374/advisory.json", "detail_path": "advisories/ZDI-24-374", "id": "ZDI-24-374", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-374/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22702", "zdi_id": "ZDI-24-374" }, { "cve": "CVE-2024-23528", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-373/advisory.json", "detail_path": "advisories/ZDI-24-373", "id": "ZDI-24-373", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-373/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22701", "zdi_id": "ZDI-24-373" }, { "cve": "CVE-2024-23527", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-372/advisory.json", "detail_path": "advisories/ZDI-24-372", "id": "ZDI-24-372", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-372/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22700", "zdi_id": "ZDI-24-372" }, { "cve": "CVE-2024-23526", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on...", "detail_json": "/data/advisories/ZDI-24-371/advisory.json", "detail_path": "advisories/ZDI-24-371", "id": "ZDI-24-371", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-371/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22699", "zdi_id": "ZDI-24-371" }, { "cve": "CVE-2024-22061", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-370/advisory.json", "detail_path": "advisories/ZDI-24-370", "id": "ZDI-24-370", "kind": "published", "published_date": "2024-04-23", "status": "published", "title": "Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-370/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22682", "zdi_id": "ZDI-24-370" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Google cAdvisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API endpoint, which listens on TC...", "detail_json": "/data/advisories/ZDI-24-369/advisory.json", "detail_path": "advisories/ZDI-24-369", "id": "ZDI-24-369", "kind": "published", "published_date": "2024-04-22", "status": "published", "title": "Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-369/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-22648", "zdi_id": "ZDI-24-369" }, { "cve": "CVE-2023-50186", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-368/advisory.json", "detail_path": "advisories/ZDI-24-368", "id": "ZDI-24-368", "kind": "published", "published_date": "2024-04-19", "status": "published", "title": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-368/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-22300", "zdi_id": "ZDI-24-368" }, { "cve": "CVE-2024-3159", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-24-367/advisory.json", "detail_path": "advisories/ZDI-24-367", "id": "ZDI-24-367", "kind": "published", "published_date": "2024-04-15", "status": "published", "title": "(Pwn2Own) Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-367/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-23785", "zdi_id": "ZDI-24-367" }, { "cve": "CVE-2024-2887", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-24-366/advisory.json", "detail_path": "advisories/ZDI-24-366", "id": "ZDI-24-366", "kind": "published", "published_date": "2024-04-15", "status": "published", "title": "(Pwn2Own) Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-366/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-23792", "zdi_id": "ZDI-24-366" }, { "cve": "CVE-2024-3914", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-365/advisory.json", "detail_path": "advisories/ZDI-24-365", "id": "ZDI-24-365", "kind": "published", "published_date": "2024-04-15", "status": "published", "title": "(Pwn2Own) Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-365/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23799", "zdi_id": "ZDI-24-365" }, { "cve": "CVE-2024-27889", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-364/advisory.json", "detail_path": "advisories/ZDI-24-364", "id": "ZDI-24-364", "kind": "published", "published_date": "2024-04-09", "status": "published", "title": "Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-364/", "vendor": "Arista", "vendor_url": null, "zdi_can": "ZDI-CAN-21954", "zdi_id": "ZDI-24-364" }, { "cve": "CVE-2024-26158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-363/advisory.json", "detail_path": "advisories/ZDI-24-363", "id": "ZDI-24-363", "kind": "published", "published_date": "2024-04-09", "status": "published", "title": "Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-363/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22924", "zdi_id": "ZDI-24-363" }, { "cve": "CVE-2024-20685", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure Private 5G Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Init...", "detail_json": "/data/advisories/ZDI-24-362/advisory.json", "detail_path": "advisories/ZDI-24-362", "id": "ZDI-24-362", "kind": "published", "published_date": "2024-04-09", "status": "published", "title": "Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-362/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23397", "zdi_id": "ZDI-24-362" }, { "cve": "CVE-2024-29988", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...", "detail_json": "/data/advisories/ZDI-24-361/advisory.json", "detail_path": "advisories/ZDI-24-361", "id": "ZDI-24-361", "kind": "published", "published_date": "2024-04-09", "status": "published", "title": "Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-361/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23943", "zdi_id": "ZDI-24-361" }, { "cve": "CVE-2024-31138", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-360/advisory.json", "detail_path": "advisories/ZDI-24-360", "id": "ZDI-24-360", "kind": "published", "published_date": "2024-04-01", "status": "published", "title": "JetBrains TeamCity AgentDistributionSettingsController Cross-Site Scripting Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-360/", "vendor": "JetBrains", "vendor_url": null, "zdi_can": "ZDI-CAN-23446", "zdi_id": "ZDI-24-360" }, { "cve": "CVE-2024-2658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Flexera Software FlexNet Publisher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-24-359/advisory.json", "detail_path": "advisories/ZDI-24-359", "id": "ZDI-24-359", "kind": "published", "published_date": "2024-04-01", "status": "published", "title": "Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-359/", "vendor": "Flexera Software", "vendor_url": null, "zdi_can": "ZDI-CAN-22591", "zdi_id": "ZDI-24-359" }, { "cve": "CVE-2024-2818", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of label descriptions. By sending a...", "detail_json": "/data/advisories/ZDI-24-358/advisory.json", "detail_path": "advisories/ZDI-24-358", "id": "ZDI-24-358", "kind": "published", "published_date": "2024-04-01", "status": "published", "title": "GitLab Label Description Uncontrolled Resource Consumption Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-358/", "vendor": "GitLab", "vendor_url": null, "zdi_can": "ZDI-CAN-21883", "zdi_id": "ZDI-24-358" }, { "cve": "CVE-2024-30370", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicio...", "detail_json": "/data/advisories/ZDI-24-357/advisory.json", "detail_path": "advisories/ZDI-24-357", "id": "ZDI-24-357", "kind": "published", "published_date": "2024-04-01", "status": "published", "title": "RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-357/", "vendor": "RARLAB", "vendor_url": null, "zdi_can": "ZDI-CAN-23156", "zdi_id": "ZDI-24-357" }, { "cve": "CVE-2024-27907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-356/advisory.json", "detail_path": "advisories/ZDI-24-356", "id": "ZDI-24-356", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-356/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22051", "zdi_id": "ZDI-24-356" }, { "cve": "CVE-2023-6175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-24-355/advisory.json", "detail_path": "advisories/ZDI-24-355", "id": "ZDI-24-355", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Wireshark NetScreen File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-355/", "vendor": "Wireshark", "vendor_url": null, "zdi_can": "ZDI-CAN-22164", "zdi_id": "ZDI-24-355" }, { "cve": "CVE-2024-2229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Design - Ecodial. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-24-354/advisory.json", "detail_path": "advisories/ZDI-24-354", "id": "ZDI-24-354", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Schneider Electric EcoStruxure Power Design - Ecodial BinSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-354/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21032", "zdi_id": "ZDI-24-354" }, { "cve": "CVE-2024-0860", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which list...", "detail_json": "/data/advisories/ZDI-24-353/advisory.json", "detail_path": "advisories/ZDI-24-353", "id": "ZDI-24-353", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Softing edgeConnector Siemens Cleartext Transmission of Credentials Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-353/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20492", "zdi_id": "ZDI-24-353" }, { "cve": "CVE-2023-38126", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeConnector Siemens. Authentication is required to exploit this vulnerability. In the case of a network-adjacent attacker, the existing authentication...", "detail_json": "/data/advisories/ZDI-24-352/advisory.json", "detail_path": "advisories/ZDI-24-352", "id": "ZDI-24-352", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Softing edgeConnector Siemens Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-352/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-21225", "zdi_id": "ZDI-24-352" }, { "cve": "CVE-2024-23479", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFileStreamLocal method. T...", "detail_json": "/data/advisories/ZDI-24-351/advisory.json", "detail_path": "advisories/ZDI-24-351", "id": "ZDI-24-351", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "SolarWinds Access Rights Manager OpenFileStreamLocal Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-351/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22695", "zdi_id": "ZDI-24-351" }, { "cve": "CVE-2023-40057", "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-24-350/advisory.json", "detail_path": "advisories/ZDI-24-350", "id": "ZDI-24-350", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "SolarWinds Access Rights Manager JsonSerializationHelper Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-350/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22531", "zdi_id": "ZDI-24-350" }, { "cve": "CVE-2024-23476", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue re...", "detail_json": "/data/advisories/ZDI-24-349/advisory.json", "detail_path": "advisories/ZDI-24-349", "id": "ZDI-24-349", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-349/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22713", "zdi_id": "ZDI-24-349" }, { "cve": "CVE-2024-23477", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the openServerFileStream method....", "detail_json": "/data/advisories/ZDI-24-348/advisory.json", "detail_path": "advisories/ZDI-24-348", "id": "ZDI-24-348", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "SolarWinds Access Rights Manager openServerFileStream Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-348/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22739", "zdi_id": "ZDI-24-348" }, { "cve": "CVE-2024-23478", "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the JsonSerializationBinder class. Th...", "detail_json": "/data/advisories/ZDI-24-347/advisory.json", "detail_path": "advisories/ZDI-24-347", "id": "ZDI-24-347", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-347/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22416", "zdi_id": "ZDI-24-347" }, { "cve": "CVE-2024-30371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-346/advisory.json", "detail_path": "advisories/ZDI-24-346", "id": "ZDI-24-346", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-346/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23355", "zdi_id": "ZDI-24-346" }, { "cve": "CVE-2024-30367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-345/advisory.json", "detail_path": "advisories/ZDI-24-345", "id": "ZDI-24-345", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-345/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23013", "zdi_id": "ZDI-24-345" }, { "cve": "CVE-2024-30366", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-344/advisory.json", "detail_path": "advisories/ZDI-24-344", "id": "ZDI-24-344", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-344/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23002", "zdi_id": "ZDI-24-344" }, { "cve": "CVE-2024-30365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-343/advisory.json", "detail_path": "advisories/ZDI-24-343", "id": "ZDI-24-343", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-343/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22947", "zdi_id": "ZDI-24-343" }, { "cve": "CVE-2024-30363", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-342/advisory.json", "detail_path": "advisories/ZDI-24-342", "id": "ZDI-24-342", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-342/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23008", "zdi_id": "ZDI-24-342" }, { "cve": "CVE-2024-30364", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-341/advisory.json", "detail_path": "advisories/ZDI-24-341", "id": "ZDI-24-341", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-341/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-23009", "zdi_id": "ZDI-24-341" }, { "cve": "CVE-2024-30360", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-340/advisory.json", "detail_path": "advisories/ZDI-24-340", "id": "ZDI-24-340", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-340/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22797", "zdi_id": "ZDI-24-340" }, { "cve": "CVE-2024-30362", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-339/advisory.json", "detail_path": "advisories/ZDI-24-339", "id": "ZDI-24-339", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-339/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22798", "zdi_id": "ZDI-24-339" }, { "cve": "CVE-2024-30361", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-338/advisory.json", "detail_path": "advisories/ZDI-24-338", "id": "ZDI-24-338", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-338/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22877", "zdi_id": "ZDI-24-338" }, { "cve": "CVE-2024-30355", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-337/advisory.json", "detail_path": "advisories/ZDI-24-337", "id": "ZDI-24-337", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-337/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22809", "zdi_id": "ZDI-24-337" }, { "cve": "CVE-2024-30356", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-336/advisory.json", "detail_path": "advisories/ZDI-24-336", "id": "ZDI-24-336", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-336/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22811", "zdi_id": "ZDI-24-336" }, { "cve": "CVE-2024-30352", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-335/advisory.json", "detail_path": "advisories/ZDI-24-335", "id": "ZDI-24-335", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-335/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22800", "zdi_id": "ZDI-24-335" }, { "cve": "CVE-2024-30353", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-334/advisory.json", "detail_path": "advisories/ZDI-24-334", "id": "ZDI-24-334", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-334/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22807", "zdi_id": "ZDI-24-334" }, { "cve": "CVE-2024-30350", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-333/advisory.json", "detail_path": "advisories/ZDI-24-333", "id": "ZDI-24-333", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-333/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22708", "zdi_id": "ZDI-24-333" }, { "cve": "CVE-2024-30354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-332/advisory.json", "detail_path": "advisories/ZDI-24-332", "id": "ZDI-24-332", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-332/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22808", "zdi_id": "ZDI-24-332" }, { "cve": "CVE-2024-30357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-331/advisory.json", "detail_path": "advisories/ZDI-24-331", "id": "ZDI-24-331", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-331/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22818", "zdi_id": "ZDI-24-331" }, { "cve": "CVE-2024-30358", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-330/advisory.json", "detail_path": "advisories/ZDI-24-330", "id": "ZDI-24-330", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-330/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22821", "zdi_id": "ZDI-24-330" }, { "cve": "CVE-2024-30359", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-329/advisory.json", "detail_path": "advisories/ZDI-24-329", "id": "ZDI-24-329", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-329/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22888", "zdi_id": "ZDI-24-329" }, { "cve": "CVE-2024-30351", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-328/advisory.json", "detail_path": "advisories/ZDI-24-328", "id": "ZDI-24-328", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-328/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22799", "zdi_id": "ZDI-24-328" }, { "cve": "CVE-2024-30347", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-327/advisory.json", "detail_path": "advisories/ZDI-24-327", "id": "ZDI-24-327", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-327/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22910", "zdi_id": "ZDI-24-327" }, { "cve": "CVE-2024-30348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-326/advisory.json", "detail_path": "advisories/ZDI-24-326", "id": "ZDI-24-326", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-326/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22911", "zdi_id": "ZDI-24-326" }, { "cve": "CVE-2024-30349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-325/advisory.json", "detail_path": "advisories/ZDI-24-325", "id": "ZDI-24-325", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-325/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22912", "zdi_id": "ZDI-24-325" }, { "cve": "CVE-2024-30346", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-324/advisory.json", "detail_path": "advisories/ZDI-24-324", "id": "ZDI-24-324", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-324/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22745", "zdi_id": "ZDI-24-324" }, { "cve": "CVE-2024-30345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-323/advisory.json", "detail_path": "advisories/ZDI-24-323", "id": "ZDI-24-323", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-323/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22742", "zdi_id": "ZDI-24-323" }, { "cve": "CVE-2024-30342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-322/advisory.json", "detail_path": "advisories/ZDI-24-322", "id": "ZDI-24-322", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-322/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22720", "zdi_id": "ZDI-24-322" }, { "cve": "CVE-2024-30340", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-321/advisory.json", "detail_path": "advisories/ZDI-24-321", "id": "ZDI-24-321", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-321/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22707", "zdi_id": "ZDI-24-321" }, { "cve": "CVE-2024-30344", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-320/advisory.json", "detail_path": "advisories/ZDI-24-320", "id": "ZDI-24-320", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-320/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22733", "zdi_id": "ZDI-24-320" }, { "cve": "CVE-2024-30338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-319/advisory.json", "detail_path": "advisories/ZDI-24-319", "id": "ZDI-24-319", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-319/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22705", "zdi_id": "ZDI-24-319" }, { "cve": "CVE-2024-30337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-318/advisory.json", "detail_path": "advisories/ZDI-24-318", "id": "ZDI-24-318", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-318/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22704", "zdi_id": "ZDI-24-318" }, { "cve": "CVE-2024-30339", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-317/advisory.json", "detail_path": "advisories/ZDI-24-317", "id": "ZDI-24-317", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-317/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22706", "zdi_id": "ZDI-24-317" }, { "cve": "CVE-2024-30343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-316/advisory.json", "detail_path": "advisories/ZDI-24-316", "id": "ZDI-24-316", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-316/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22721", "zdi_id": "ZDI-24-316" }, { "cve": "CVE-2024-30341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-315/advisory.json", "detail_path": "advisories/ZDI-24-315", "id": "ZDI-24-315", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-315/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22709", "zdi_id": "ZDI-24-315" }, { "cve": "CVE-2024-30325", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-314/advisory.json", "detail_path": "advisories/ZDI-24-314", "id": "ZDI-24-314", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-314/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22592", "zdi_id": "ZDI-24-314" }, { "cve": "CVE-2024-30326", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-313/advisory.json", "detail_path": "advisories/ZDI-24-313", "id": "ZDI-24-313", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-313/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22593", "zdi_id": "ZDI-24-313" }, { "cve": "CVE-2024-30328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-312/advisory.json", "detail_path": "advisories/ZDI-24-312", "id": "ZDI-24-312", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-312/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22633", "zdi_id": "ZDI-24-312" }, { "cve": "CVE-2024-30327", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-311/advisory.json", "detail_path": "advisories/ZDI-24-311", "id": "ZDI-24-311", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-311/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22632", "zdi_id": "ZDI-24-311" }, { "cve": "CVE-2024-30329", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-310/advisory.json", "detail_path": "advisories/ZDI-24-310", "id": "ZDI-24-310", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-310/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22634", "zdi_id": "ZDI-24-310" }, { "cve": "CVE-2024-30330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-309/advisory.json", "detail_path": "advisories/ZDI-24-309", "id": "ZDI-24-309", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-309/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22636", "zdi_id": "ZDI-24-309" }, { "cve": "CVE-2024-30331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-308/advisory.json", "detail_path": "advisories/ZDI-24-308", "id": "ZDI-24-308", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-308/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22637", "zdi_id": "ZDI-24-308" }, { "cve": "CVE-2024-30333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-307/advisory.json", "detail_path": "advisories/ZDI-24-307", "id": "ZDI-24-307", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-307/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22639", "zdi_id": "ZDI-24-307" }, { "cve": "CVE-2024-30334", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-306/advisory.json", "detail_path": "advisories/ZDI-24-306", "id": "ZDI-24-306", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-306/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22640", "zdi_id": "ZDI-24-306" }, { "cve": "CVE-2024-30332", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-305/advisory.json", "detail_path": "advisories/ZDI-24-305", "id": "ZDI-24-305", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-305/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22638", "zdi_id": "ZDI-24-305" }, { "cve": "CVE-2024-30335", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-304/advisory.json", "detail_path": "advisories/ZDI-24-304", "id": "ZDI-24-304", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-304/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22641", "zdi_id": "ZDI-24-304" }, { "cve": "CVE-2024-30336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-303/advisory.json", "detail_path": "advisories/ZDI-24-303", "id": "ZDI-24-303", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-303/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22642", "zdi_id": "ZDI-24-303" }, { "cve": "CVE-2024-30324", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-302/advisory.json", "detail_path": "advisories/ZDI-24-302", "id": "ZDI-24-302", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-302/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22576", "zdi_id": "ZDI-24-302" }, { "cve": "CVE-2024-30323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-301/advisory.json", "detail_path": "advisories/ZDI-24-301", "id": "ZDI-24-301", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-301/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22501", "zdi_id": "ZDI-24-301" }, { "cve": "CVE-2024-30322", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-300/advisory.json", "detail_path": "advisories/ZDI-24-300", "id": "ZDI-24-300", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-300/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22499", "zdi_id": "ZDI-24-300" }, { "cve": "CVE-2023-52628", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-299/advisory.json", "detail_path": "advisories/ZDI-24-299", "id": "ZDI-24-299", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Linux Kernel nft_exthdr_ipv6_eval Stack-based Buffer Overflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-299/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21951", "zdi_id": "ZDI-24-299" }, { "cve": "CVE-2023-52628", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-298/advisory.json", "detail_path": "advisories/ZDI-24-298", "id": "ZDI-24-298", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-298/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21950", "zdi_id": "ZDI-24-298" }, { "cve": "CVE-2023-52628", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-297/advisory.json", "detail_path": "advisories/ZDI-24-297", "id": "ZDI-24-297", "kind": "published", "published_date": "2024-03-28", "status": "published", "title": "Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-297/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21961", "zdi_id": "ZDI-24-297" }, { "cve": "CVE-2024-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-296/advisory.json", "detail_path": "advisories/ZDI-24-296", "id": "ZDI-24-296", "kind": "published", "published_date": "2024-03-27", "status": "published", "title": "Autodesk DWG TrueView DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-296/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-22587", "zdi_id": "ZDI-24-296" }, { "cve": "CVE-2024-23139", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-24-295/advisory.json", "detail_path": "advisories/ZDI-24-295", "id": "ZDI-24-295", "kind": "published", "published_date": "2024-03-27", "status": "published", "title": "Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-295/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-21341", "zdi_id": "ZDI-24-295" }, { "cve": "CVE-2024-26199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-24-294/advisory.json", "detail_path": "advisories/ZDI-24-294", "id": "ZDI-24-294", "kind": "published", "published_date": "2024-03-13", "status": "published", "title": "Microsoft Office Performance Monitor Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-294/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23146", "zdi_id": "ZDI-24-294" }, { "cve": "CVE-2024-21411", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-293/advisory.json", "detail_path": "advisories/ZDI-24-293", "id": "ZDI-24-293", "kind": "published", "published_date": "2024-03-13", "status": "published", "title": "Microsoft Skype Protection Mechanism Failure Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-293/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22552", "zdi_id": "ZDI-24-293" }, { "cve": "CVE-2024-20745", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-292/advisory.json", "detail_path": "advisories/ZDI-24-292", "id": "ZDI-24-292", "kind": "published", "published_date": "2024-03-13", "status": "published", "title": "Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-292/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22671", "zdi_id": "ZDI-24-292" }, { "cve": "CVE-2024-20752", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-291/advisory.json", "detail_path": "advisories/ZDI-24-291", "id": "ZDI-24-291", "kind": "published", "published_date": "2024-03-13", "status": "published", "title": "Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-291/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22653", "zdi_id": "ZDI-24-291" }, { "cve": "CVE-2024-23609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-290/advisory.json", "detail_path": "advisories/ZDI-24-290", "id": "ZDI-24-290", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-290/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22159", "zdi_id": "ZDI-24-290" }, { "cve": "CVE-2024-23612", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-289/advisory.json", "detail_path": "advisories/ZDI-24-289", "id": "ZDI-24-289", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-289/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21996", "zdi_id": "ZDI-24-289" }, { "cve": "CVE-2024-23611", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-288/advisory.json", "detail_path": "advisories/ZDI-24-288", "id": "ZDI-24-288", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-288/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21987", "zdi_id": "ZDI-24-288" }, { "cve": "CVE-2024-23610", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-287/advisory.json", "detail_path": "advisories/ZDI-24-287", "id": "ZDI-24-287", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-287/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21985", "zdi_id": "ZDI-24-287" }, { "cve": "CVE-2024-23608", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-286/advisory.json", "detail_path": "advisories/ZDI-24-286", "id": "ZDI-24-286", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-286/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21984", "zdi_id": "ZDI-24-286" }, { "cve": "CVE-2024-23609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-285/advisory.json", "detail_path": "advisories/ZDI-24-285", "id": "ZDI-24-285", "kind": "published", "published_date": "2024-03-12", "status": "published", "title": "NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-285/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-22141", "zdi_id": "ZDI-24-285" }, { "cve": "CVE-2024-20765", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-284/advisory.json", "detail_path": "advisories/ZDI-24-284", "id": "ZDI-24-284", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-284/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22674", "zdi_id": "ZDI-24-284" }, { "cve": "CVE-2024-23257", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-24-283/advisory.json", "detail_path": "advisories/ZDI-24-283", "id": "ZDI-24-283", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Apple macOS JP2 Image Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2025-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-283/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22250", "zdi_id": "ZDI-24-283" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-282/advisory.json", "detail_path": "advisories/ZDI-24-282", "id": "ZDI-24-282", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-282/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22371", "zdi_id": "ZDI-24-282" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-281/advisory.json", "detail_path": "advisories/ZDI-24-281", "id": "ZDI-24-281", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-281/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22367", "zdi_id": "ZDI-24-281" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-280/advisory.json", "detail_path": "advisories/ZDI-24-280", "id": "ZDI-24-280", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-280/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22370", "zdi_id": "ZDI-24-280" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-279/advisory.json", "detail_path": "advisories/ZDI-24-279", "id": "ZDI-24-279", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-279/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22372", "zdi_id": "ZDI-24-279" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-24-278/advisory.json", "detail_path": "advisories/ZDI-24-278", "id": "ZDI-24-278", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-278/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22490", "zdi_id": "ZDI-24-278" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-277/advisory.json", "detail_path": "advisories/ZDI-24-277", "id": "ZDI-24-277", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-277/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22373", "zdi_id": "ZDI-24-277" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-24-276/advisory.json", "detail_path": "advisories/ZDI-24-276", "id": "ZDI-24-276", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-276/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22491", "zdi_id": "ZDI-24-276" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-275/advisory.json", "detail_path": "advisories/ZDI-24-275", "id": "ZDI-24-275", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-275/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22489", "zdi_id": "ZDI-24-275" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-274/advisory.json", "detail_path": "advisories/ZDI-24-274", "id": "ZDI-24-274", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings Viewer STL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-274/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22590", "zdi_id": "ZDI-24-274" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-273/advisory.json", "detail_path": "advisories/ZDI-24-273", "id": "ZDI-24-273", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-273/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22723", "zdi_id": "ZDI-24-273" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-272/advisory.json", "detail_path": "advisories/ZDI-24-272", "id": "ZDI-24-272", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SAT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-272/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22857", "zdi_id": "ZDI-24-272" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-271/advisory.json", "detail_path": "advisories/ZDI-24-271", "id": "ZDI-24-271", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-271/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22846", "zdi_id": "ZDI-24-271" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-270/advisory.json", "detail_path": "advisories/ZDI-24-270", "id": "ZDI-24-270", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings STP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-270/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22847", "zdi_id": "ZDI-24-270" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-269/advisory.json", "detail_path": "advisories/ZDI-24-269", "id": "ZDI-24-269", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-269/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22848", "zdi_id": "ZDI-24-269" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-268/advisory.json", "detail_path": "advisories/ZDI-24-268", "id": "ZDI-24-268", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-268/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22849", "zdi_id": "ZDI-24-268" }, { "cve": "CVE-2024-3299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-267/advisory.json", "detail_path": "advisories/ZDI-24-267", "id": "ZDI-24-267", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SLDDRW File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-267/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22850", "zdi_id": "ZDI-24-267" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-266/advisory.json", "detail_path": "advisories/ZDI-24-266", "id": "ZDI-24-266", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-266/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22851", "zdi_id": "ZDI-24-266" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-265/advisory.json", "detail_path": "advisories/ZDI-24-265", "id": "ZDI-24-265", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SAT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-265/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22852", "zdi_id": "ZDI-24-265" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-264/advisory.json", "detail_path": "advisories/ZDI-24-264", "id": "ZDI-24-264", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-264/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22853", "zdi_id": "ZDI-24-264" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-263/advisory.json", "detail_path": "advisories/ZDI-24-263", "id": "ZDI-24-263", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SAT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-263/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22855", "zdi_id": "ZDI-24-263" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-262/advisory.json", "detail_path": "advisories/ZDI-24-262", "id": "ZDI-24-262", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-262/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22856", "zdi_id": "ZDI-24-262" }, { "cve": "CVE-2024-3299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-261/advisory.json", "detail_path": "advisories/ZDI-24-261", "id": "ZDI-24-261", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-261/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22858", "zdi_id": "ZDI-24-261" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-260/advisory.json", "detail_path": "advisories/ZDI-24-260", "id": "ZDI-24-260", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-260/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22859", "zdi_id": "ZDI-24-260" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-259/advisory.json", "detail_path": "advisories/ZDI-24-259", "id": "ZDI-24-259", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings IPT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-259/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22860", "zdi_id": "ZDI-24-259" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-258/advisory.json", "detail_path": "advisories/ZDI-24-258", "id": "ZDI-24-258", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings CATPART File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-258/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22862", "zdi_id": "ZDI-24-258" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-257/advisory.json", "detail_path": "advisories/ZDI-24-257", "id": "ZDI-24-257", "kind": "published", "published_date": "2024-03-11", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings X_B File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-257/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22863", "zdi_id": "ZDI-24-257" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-256/advisory.json", "detail_path": "advisories/ZDI-24-256", "id": "ZDI-24-256", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings CATPART File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-256/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22861", "zdi_id": "ZDI-24-256" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-255/advisory.json", "detail_path": "advisories/ZDI-24-255", "id": "ZDI-24-255", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings X_T File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-255/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22864", "zdi_id": "ZDI-24-255" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-254/advisory.json", "detail_path": "advisories/ZDI-24-254", "id": "ZDI-24-254", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-254/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22841", "zdi_id": "ZDI-24-254" }, { "cve": "CVE-2024-3299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-253/advisory.json", "detail_path": "advisories/ZDI-24-253", "id": "ZDI-24-253", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-253/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22843", "zdi_id": "ZDI-24-253" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-252/advisory.json", "detail_path": "advisories/ZDI-24-252", "id": "ZDI-24-252", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-252/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22844", "zdi_id": "ZDI-24-252" }, { "cve": "CVE-2024-1847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-251/advisory.json", "detail_path": "advisories/ZDI-24-251", "id": "ZDI-24-251", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-251/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22842", "zdi_id": "ZDI-24-251" }, { "cve": "CVE-2024-3298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-250/advisory.json", "detail_path": "advisories/ZDI-24-250", "id": "ZDI-24-250", "kind": "published", "published_date": "2024-03-08", "status": "published", "title": "Dassault Syst\u00e8mes eDrawings DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-250/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-22845", "zdi_id": "ZDI-24-250" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-249/advisory.json", "detail_path": "advisories/ZDI-24-249", "id": "ZDI-24-249", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-249/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21918", "zdi_id": "ZDI-24-249" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-248/advisory.json", "detail_path": "advisories/ZDI-24-248", "id": "ZDI-24-248", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt IGS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-248/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21917", "zdi_id": "ZDI-24-248" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-247/advisory.json", "detail_path": "advisories/ZDI-24-247", "id": "ZDI-24-247", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-247/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21740", "zdi_id": "ZDI-24-247" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-246/advisory.json", "detail_path": "advisories/ZDI-24-246", "id": "ZDI-24-246", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-246/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21741", "zdi_id": "ZDI-24-246" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-245/advisory.json", "detail_path": "advisories/ZDI-24-245", "id": "ZDI-24-245", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-245/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21732", "zdi_id": "ZDI-24-245" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-244/advisory.json", "detail_path": "advisories/ZDI-24-244", "id": "ZDI-24-244", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-244/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21746", "zdi_id": "ZDI-24-244" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-243/advisory.json", "detail_path": "advisories/ZDI-24-243", "id": "ZDI-24-243", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-243/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21523", "zdi_id": "ZDI-24-243" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-242/advisory.json", "detail_path": "advisories/ZDI-24-242", "id": "ZDI-24-242", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-242/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21729", "zdi_id": "ZDI-24-242" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-241/advisory.json", "detail_path": "advisories/ZDI-24-241", "id": "ZDI-24-241", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-241/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21730", "zdi_id": "ZDI-24-241" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-240/advisory.json", "detail_path": "advisories/ZDI-24-240", "id": "ZDI-24-240", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-240/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21728", "zdi_id": "ZDI-24-240" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-239/advisory.json", "detail_path": "advisories/ZDI-24-239", "id": "ZDI-24-239", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-239/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21535", "zdi_id": "ZDI-24-239" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-238/advisory.json", "detail_path": "advisories/ZDI-24-238", "id": "ZDI-24-238", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-238/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21745", "zdi_id": "ZDI-24-238" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-237/advisory.json", "detail_path": "advisories/ZDI-24-237", "id": "ZDI-24-237", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-237/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21738", "zdi_id": "ZDI-24-237" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-236/advisory.json", "detail_path": "advisories/ZDI-24-236", "id": "ZDI-24-236", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-236/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21735", "zdi_id": "ZDI-24-236" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-235/advisory.json", "detail_path": "advisories/ZDI-24-235", "id": "ZDI-24-235", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-235/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21744", "zdi_id": "ZDI-24-235" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-234/advisory.json", "detail_path": "advisories/ZDI-24-234", "id": "ZDI-24-234", "kind": "published", "published_date": "2024-03-05", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt STP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-234/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21553", "zdi_id": "ZDI-24-234" }, { "cve": "CVE-2024-1941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-233/advisory.json", "detail_path": "advisories/ZDI-24-233", "id": "ZDI-24-233", "kind": "published", "published_date": "2024-03-04", "status": "published", "title": "Delta Electronics CNCSoft-B DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-233/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22789", "zdi_id": "ZDI-24-233" }, { "cve": "CVE-2024-27334", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-232/advisory.json", "detail_path": "advisories/ZDI-24-232", "id": "ZDI-24-232", "kind": "published", "published_date": "2024-03-04", "status": "published", "title": "Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-232/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21978", "zdi_id": "ZDI-24-232" }, { "cve": "CVE-2024-27339", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-231/advisory.json", "detail_path": "advisories/ZDI-24-231", "id": "ZDI-24-231", "kind": "published", "published_date": "2024-03-04", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-231/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22925", "zdi_id": "ZDI-24-231" }, { "cve": "CVE-2024-27337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-230/advisory.json", "detail_path": "advisories/ZDI-24-230", "id": "ZDI-24-230", "kind": "published", "published_date": "2024-03-04", "status": "published", "title": "Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-230/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22033", "zdi_id": "ZDI-24-230" }, { "cve": "CVE-2023-52440", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-24-229/advisory.json", "detail_path": "advisories/ZDI-24-229", "id": "ZDI-24-229", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Linux Kernel ksmbd Session Key Exchange Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-229/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21940", "zdi_id": "ZDI-24-229" }, { "cve": "CVE-2023-52441", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-228/advisory.json", "detail_path": "advisories/ZDI-24-228", "id": "ZDI-24-228", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Linux Kernel ksmbd Negotiate Request Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-228/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21541", "zdi_id": "ZDI-24-228" }, { "cve": "CVE-2023-52442", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-24-227/advisory.json", "detail_path": "advisories/ZDI-24-227", "id": "ZDI-24-227", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Linux Kernel ksmbd Chained Request Improper Input Validation Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-227/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21506", "zdi_id": "ZDI-24-227" }, { "cve": "CVE-2024-27346", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-226/advisory.json", "detail_path": "advisories/ZDI-24-226", "id": "ZDI-24-226", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-226/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22934", "zdi_id": "ZDI-24-226" }, { "cve": "CVE-2024-27345", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-225/advisory.json", "detail_path": "advisories/ZDI-24-225", "id": "ZDI-24-225", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-225/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22932", "zdi_id": "ZDI-24-225" }, { "cve": "CVE-2024-27344", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-224/advisory.json", "detail_path": "advisories/ZDI-24-224", "id": "ZDI-24-224", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-224/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22931", "zdi_id": "ZDI-24-224" }, { "cve": "CVE-2024-27343", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-223/advisory.json", "detail_path": "advisories/ZDI-24-223", "id": "ZDI-24-223", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-223/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22929", "zdi_id": "ZDI-24-223" }, { "cve": "CVE-2024-27342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-222/advisory.json", "detail_path": "advisories/ZDI-24-222", "id": "ZDI-24-222", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-222/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22928", "zdi_id": "ZDI-24-222" }, { "cve": "CVE-2024-27341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-221/advisory.json", "detail_path": "advisories/ZDI-24-221", "id": "ZDI-24-221", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-221/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22927", "zdi_id": "ZDI-24-221" }, { "cve": "CVE-2024-27340", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-220/advisory.json", "detail_path": "advisories/ZDI-24-220", "id": "ZDI-24-220", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-220/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22926", "zdi_id": "ZDI-24-220" }, { "cve": "CVE-2024-27338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-219/advisory.json", "detail_path": "advisories/ZDI-24-219", "id": "ZDI-24-219", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-219/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22588", "zdi_id": "ZDI-24-219" }, { "cve": "CVE-2024-27336", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-218/advisory.json", "detail_path": "advisories/ZDI-24-218", "id": "ZDI-24-218", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-218/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22022", "zdi_id": "ZDI-24-218" }, { "cve": "CVE-2024-27335", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-217/advisory.json", "detail_path": "advisories/ZDI-24-217", "id": "ZDI-24-217", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-217/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22018", "zdi_id": "ZDI-24-217" }, { "cve": "CVE-2024-27333", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-216/advisory.json", "detail_path": "advisories/ZDI-24-216", "id": "ZDI-24-216", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-216/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21976", "zdi_id": "ZDI-24-216" }, { "cve": "CVE-2024-0692", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Security Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the AMF des...", "detail_json": "/data/advisories/ZDI-24-215/advisory.json", "detail_path": "advisories/ZDI-24-215", "id": "ZDI-24-215", "kind": "published", "published_date": "2024-03-01", "status": "published", "title": "SolarWinds Security Event Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-215/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22955", "zdi_id": "ZDI-24-215" }, { "cve": "CVE-2024-1156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-214/advisory.json", "detail_path": "advisories/ZDI-24-214", "id": "ZDI-24-214", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-214/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21775", "zdi_id": "ZDI-24-214" }, { "cve": "CVE-2024-1155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-213/advisory.json", "detail_path": "advisories/ZDI-24-213", "id": "ZDI-24-213", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger userservices Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-213/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21773", "zdi_id": "ZDI-24-213" }, { "cve": "CVE-2024-1155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-212/advisory.json", "detail_path": "advisories/ZDI-24-212", "id": "ZDI-24-212", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger TagHistorian Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-212/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21939", "zdi_id": "ZDI-24-212" }, { "cve": "CVE-2024-1155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-211/advisory.json", "detail_path": "advisories/ZDI-24-211", "id": "ZDI-24-211", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger DocumentManager Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-211/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21938", "zdi_id": "ZDI-24-211" }, { "cve": "CVE-2024-1155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-210/advisory.json", "detail_path": "advisories/ZDI-24-210", "id": "ZDI-24-210", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger SkylineService Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-210/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21941", "zdi_id": "ZDI-24-210" }, { "cve": "CVE-2024-1155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-24-209/advisory.json", "detail_path": "advisories/ZDI-24-209", "id": "ZDI-24-209", "kind": "published", "published_date": "2024-02-28", "status": "published", "title": "NI FlexLogger ServiceRegistry Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-209/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21772", "zdi_id": "ZDI-24-209" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MCR VSTS CLI for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of MCR VSTS CLI....", "detail_json": "/data/advisories/ZDI-24-208/advisory.json", "detail_path": "advisories/ZDI-24-208", "id": "ZDI-24-208", "kind": "published", "published_date": "2024-02-26", "status": "published", "title": "Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-208/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23012", "zdi_id": "ZDI-24-208" }, { "cve": "CVE-2023-42902", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must receive a malicious image file that is written to the local files...", "detail_json": "/data/advisories/ZDI-24-207/advisory.json", "detail_path": "advisories/ZDI-24-207", "id": "ZDI-24-207", "kind": "published", "published_date": "2024-02-26", "status": "published", "title": "Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-207/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-22261", "zdi_id": "ZDI-24-207" }, { "cve": "CVE-2023-42888", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-24-206/advisory.json", "detail_path": "advisories/ZDI-24-206", "id": "ZDI-24-206", "kind": "published", "published_date": "2024-02-26", "status": "published", "title": "Apple macOS ImageIO MPO Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-206/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21769", "zdi_id": "ZDI-24-206" }, { "cve": "CVE-2024-27327", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-24-205/advisory.json", "detail_path": "advisories/ZDI-24-205", "id": "ZDI-24-205", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-205/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22277", "zdi_id": "ZDI-24-205" }, { "cve": "CVE-2024-27326", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-204/advisory.json", "detail_path": "advisories/ZDI-24-204", "id": "ZDI-24-204", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-204/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22276", "zdi_id": "ZDI-24-204" }, { "cve": "CVE-2024-27325", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-203/advisory.json", "detail_path": "advisories/ZDI-24-203", "id": "ZDI-24-203", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-203/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22275", "zdi_id": "ZDI-24-203" }, { "cve": "CVE-2024-27328", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-202/advisory.json", "detail_path": "advisories/ZDI-24-202", "id": "ZDI-24-202", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-202/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22280", "zdi_id": "ZDI-24-202" }, { "cve": "CVE-2024-27331", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-201/advisory.json", "detail_path": "advisories/ZDI-24-201", "id": "ZDI-24-201", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-201/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22287", "zdi_id": "ZDI-24-201" }, { "cve": "CVE-2024-27329", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-200/advisory.json", "detail_path": "advisories/ZDI-24-200", "id": "ZDI-24-200", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-200/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22285", "zdi_id": "ZDI-24-200" }, { "cve": "CVE-2024-27330", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-199/advisory.json", "detail_path": "advisories/ZDI-24-199", "id": "ZDI-24-199", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-199/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22286", "zdi_id": "ZDI-24-199" }, { "cve": "CVE-2024-27323", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue...", "detail_json": "/data/advisories/ZDI-24-198/advisory.json", "detail_path": "advisories/ZDI-24-198", "id": "ZDI-24-198", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-198/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22224", "zdi_id": "ZDI-24-198" }, { "cve": "CVE-2024-27332", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-197/advisory.json", "detail_path": "advisories/ZDI-24-197", "id": "ZDI-24-197", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-197/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22288", "zdi_id": "ZDI-24-197" }, { "cve": "CVE-2024-27324", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-24-196/advisory.json", "detail_path": "advisories/ZDI-24-196", "id": "ZDI-24-196", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-196/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22270", "zdi_id": "ZDI-24-196" }, { "cve": "CVE-2024-26592", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists wit...", "detail_json": "/data/advisories/ZDI-24-195/advisory.json", "detail_path": "advisories/ZDI-24-195", "id": "ZDI-24-195", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "Linux Kernel ksmbd TCP Connection Race Condition Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-195/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22991", "zdi_id": "ZDI-24-195" }, { "cve": "CVE-2024-26594", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-24-194/advisory.json", "detail_path": "advisories/ZDI-24-194", "id": "ZDI-24-194", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "Linux Kernel ksmbd Mech Token Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-194/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-22890", "zdi_id": "ZDI-24-194" }, { "cve": "CVE-2024-1863", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP requests on port 3000. Wh...", "detail_json": "/data/advisories/ZDI-24-193/advisory.json", "detail_path": "advisories/ZDI-24-193", "id": "ZDI-24-193", "kind": "published", "published_date": "2024-02-23", "status": "published", "title": "Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-193/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21539", "zdi_id": "ZDI-24-193" }, { "cve": "CVE-2024-0865", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-24-192/advisory.json", "detail_path": "advisories/ZDI-24-192", "id": "ZDI-24-192", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-192/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22161", "zdi_id": "ZDI-24-192" }, { "cve": "CVE-2024-0865", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-24-191/advisory.json", "detail_path": "advisories/ZDI-24-191", "id": "ZDI-24-191", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-191/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-22087", "zdi_id": "ZDI-24-191" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-190/advisory.json", "detail_path": "advisories/ZDI-24-190", "id": "ZDI-24-190", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-190/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-18983", "zdi_id": "ZDI-24-190" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-189/advisory.json", "detail_path": "advisories/ZDI-24-189", "id": "ZDI-24-189", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-189/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-18984", "zdi_id": "ZDI-24-189" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-188/advisory.json", "detail_path": "advisories/ZDI-24-188", "id": "ZDI-24-188", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-188/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19114", "zdi_id": "ZDI-24-188" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-187/advisory.json", "detail_path": "advisories/ZDI-24-187", "id": "ZDI-24-187", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-187/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19112", "zdi_id": "ZDI-24-187" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-186/advisory.json", "detail_path": "advisories/ZDI-24-186", "id": "ZDI-24-186", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-186/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-19115", "zdi_id": "ZDI-24-186" }, { "cve": "CVE-2023-50233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific fla...", "detail_json": "/data/advisories/ZDI-24-185/advisory.json", "detail_path": "advisories/ZDI-24-185", "id": "ZDI-24-185", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-185/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-22029", "zdi_id": "ZDI-24-185" }, { "cve": "CVE-2023-50232", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific fla...", "detail_json": "/data/advisories/ZDI-24-184/advisory.json", "detail_path": "advisories/ZDI-24-184", "id": "ZDI-24-184", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-184/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-22028", "zdi_id": "ZDI-24-184" }, { "cve": "CVE-2024-23946", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results...", "detail_json": "/data/advisories/ZDI-24-183/advisory.json", "detail_path": "advisories/ZDI-24-183", "id": "ZDI-24-183", "kind": "published", "published_date": "2024-02-21", "status": "published", "title": "Apache OFBiz createRegister Error Message Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-183/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-23030", "zdi_id": "ZDI-24-183" }, { "cve": "CVE-2024-0353", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-24-182/advisory.json", "detail_path": "advisories/ZDI-24-182", "id": "ZDI-24-182", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "ESET Smart Security Premium ekrn Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-182/", "vendor": "ESET", "vendor_url": null, "zdi_can": "ZDI-CAN-22323", "zdi_id": "ZDI-24-182" }, { "cve": "CVE-2024-24925", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-181/advisory.json", "detail_path": "advisories/ZDI-24-181", "id": "ZDI-24-181", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-181/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22060", "zdi_id": "ZDI-24-181" }, { "cve": "CVE-2024-24924", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-180/advisory.json", "detail_path": "advisories/ZDI-24-180", "id": "ZDI-24-180", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-180/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22059", "zdi_id": "ZDI-24-180" }, { "cve": "CVE-2024-24923", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-179/advisory.json", "detail_path": "advisories/ZDI-24-179", "id": "ZDI-24-179", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-179/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22055", "zdi_id": "ZDI-24-179" }, { "cve": "CVE-2024-24922", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-178/advisory.json", "detail_path": "advisories/ZDI-24-178", "id": "ZDI-24-178", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-178/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21715", "zdi_id": "ZDI-24-178" }, { "cve": "CVE-2024-24921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-177/advisory.json", "detail_path": "advisories/ZDI-24-177", "id": "ZDI-24-177", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-177/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21712", "zdi_id": "ZDI-24-177" }, { "cve": "CVE-2024-24920", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-176/advisory.json", "detail_path": "advisories/ZDI-24-176", "id": "ZDI-24-176", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-176/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21710", "zdi_id": "ZDI-24-176" }, { "cve": "CVE-2024-23798", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-175/advisory.json", "detail_path": "advisories/ZDI-24-175", "id": "ZDI-24-175", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-175/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22783", "zdi_id": "ZDI-24-175" }, { "cve": "CVE-2024-23797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-174/advisory.json", "detail_path": "advisories/ZDI-24-174", "id": "ZDI-24-174", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-174/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22763", "zdi_id": "ZDI-24-174" }, { "cve": "CVE-2024-23796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-173/advisory.json", "detail_path": "advisories/ZDI-24-173", "id": "ZDI-24-173", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-173/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22759", "zdi_id": "ZDI-24-173" }, { "cve": "CVE-2024-23795", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-24-172/advisory.json", "detail_path": "advisories/ZDI-24-172", "id": "ZDI-24-172", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-172/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-22758", "zdi_id": "ZDI-24-172" }, { "cve": "CVE-2023-50395", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. The issue results f...", "detail_json": "/data/advisories/ZDI-24-171/advisory.json", "detail_path": "advisories/ZDI-24-171", "id": "ZDI-24-171", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-171/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21894", "zdi_id": "ZDI-24-171" }, { "cve": "CVE-2023-35188", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendCreatePrimary method. The issue re...", "detail_json": "/data/advisories/ZDI-24-170/advisory.json", "detail_path": "advisories/ZDI-24-170", "id": "ZDI-24-170", "kind": "published", "published_date": "2024-02-15", "status": "published", "title": "SolarWinds Orion Platform AppendCreatePrimary SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-170/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21895", "zdi_id": "ZDI-24-170" }, { "cve": "CVE-2024-20739", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-169/advisory.json", "detail_path": "advisories/ZDI-24-169", "id": "ZDI-24-169", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-169/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22647", "zdi_id": "ZDI-24-169" }, { "cve": "CVE-2024-20728", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-24-168/advisory.json", "detail_path": "advisories/ZDI-24-168", "id": "ZDI-24-168", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-168/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22727", "zdi_id": "ZDI-24-168" }, { "cve": "CVE-2024-20734", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-167/advisory.json", "detail_path": "advisories/ZDI-24-167", "id": "ZDI-24-167", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-167/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22516", "zdi_id": "ZDI-24-167" }, { "cve": "CVE-2024-20736", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-166/advisory.json", "detail_path": "advisories/ZDI-24-166", "id": "ZDI-24-166", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-166/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22822", "zdi_id": "ZDI-24-166" }, { "cve": "CVE-2024-21412", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...", "detail_json": "/data/advisories/ZDI-24-165/advisory.json", "detail_path": "advisories/ZDI-24-165", "id": "ZDI-24-165", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-165/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-23100", "zdi_id": "ZDI-24-165" }, { "cve": "CVE-2024-21379", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-164/advisory.json", "detail_path": "advisories/ZDI-24-164", "id": "ZDI-24-164", "kind": "published", "published_date": "2024-02-13", "status": "published", "title": "Microsoft Office Word PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-164/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21970", "zdi_id": "ZDI-24-164" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-163/advisory.json", "detail_path": "advisories/ZDI-24-163", "id": "ZDI-24-163", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-163/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20875", "zdi_id": "ZDI-24-163" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-162/advisory.json", "detail_path": "advisories/ZDI-24-162", "id": "ZDI-24-162", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD X_T File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-162/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20874", "zdi_id": "ZDI-24-162" }, { "cve": "CVE-2024-23123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-161/advisory.json", "detail_path": "advisories/ZDI-24-161", "id": "ZDI-24-161", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-161/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20873", "zdi_id": "ZDI-24-161" }, { "cve": "CVE-2024-23136", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-160/advisory.json", "detail_path": "advisories/ZDI-24-160", "id": "ZDI-24-160", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-160/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20879", "zdi_id": "ZDI-24-160" }, { "cve": "CVE-2024-23135", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-159/advisory.json", "detail_path": "advisories/ZDI-24-159", "id": "ZDI-24-159", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-159/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20880", "zdi_id": "ZDI-24-159" }, { "cve": "CVE-2024-23134", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-158/advisory.json", "detail_path": "advisories/ZDI-24-158", "id": "ZDI-24-158", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD IGES File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-158/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20962", "zdi_id": "ZDI-24-158" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-157/advisory.json", "detail_path": "advisories/ZDI-24-157", "id": "ZDI-24-157", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-157/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20961", "zdi_id": "ZDI-24-157" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-156/advisory.json", "detail_path": "advisories/ZDI-24-156", "id": "ZDI-24-156", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-156/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20960", "zdi_id": "ZDI-24-156" }, { "cve": "CVE-2024-23134", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-155/advisory.json", "detail_path": "advisories/ZDI-24-155", "id": "ZDI-24-155", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD IGS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-155/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20959", "zdi_id": "ZDI-24-155" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-154/advisory.json", "detail_path": "advisories/ZDI-24-154", "id": "ZDI-24-154", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-154/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20958", "zdi_id": "ZDI-24-154" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-153/advisory.json", "detail_path": "advisories/ZDI-24-153", "id": "ZDI-24-153", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-153/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20957", "zdi_id": "ZDI-24-153" }, { "cve": "CVE-2024-23132", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-152/advisory.json", "detail_path": "advisories/ZDI-24-152", "id": "ZDI-24-152", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-152/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20956", "zdi_id": "ZDI-24-152" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-151/advisory.json", "detail_path": "advisories/ZDI-24-151", "id": "ZDI-24-151", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-151/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20955", "zdi_id": "ZDI-24-151" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-150/advisory.json", "detail_path": "advisories/ZDI-24-150", "id": "ZDI-24-150", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-150/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20954", "zdi_id": "ZDI-24-150" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-149/advisory.json", "detail_path": "advisories/ZDI-24-149", "id": "ZDI-24-149", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-149/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20953", "zdi_id": "ZDI-24-149" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-148/advisory.json", "detail_path": "advisories/ZDI-24-148", "id": "ZDI-24-148", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-148/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20952", "zdi_id": "ZDI-24-148" }, { "cve": "CVE-2024-23126", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-147/advisory.json", "detail_path": "advisories/ZDI-24-147", "id": "ZDI-24-147", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-147/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20951", "zdi_id": "ZDI-24-147" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-146/advisory.json", "detail_path": "advisories/ZDI-24-146", "id": "ZDI-24-146", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-146/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20950", "zdi_id": "ZDI-24-146" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-145/advisory.json", "detail_path": "advisories/ZDI-24-145", "id": "ZDI-24-145", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-145/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20948", "zdi_id": "ZDI-24-145" }, { "cve": "CVE-2024-23122", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-144/advisory.json", "detail_path": "advisories/ZDI-24-144", "id": "ZDI-24-144", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-144/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20947", "zdi_id": "ZDI-24-144" }, { "cve": "CVE-2024-23121", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-143/advisory.json", "detail_path": "advisories/ZDI-24-143", "id": "ZDI-24-143", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-143/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20946", "zdi_id": "ZDI-24-143" }, { "cve": "CVE-2024-23137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-142/advisory.json", "detail_path": "advisories/ZDI-24-142", "id": "ZDI-24-142", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-142/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20945", "zdi_id": "ZDI-24-142" }, { "cve": "CVE-2024-23124", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-141/advisory.json", "detail_path": "advisories/ZDI-24-141", "id": "ZDI-24-141", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-141/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20905", "zdi_id": "ZDI-24-141" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-140/advisory.json", "detail_path": "advisories/ZDI-24-140", "id": "ZDI-24-140", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-140/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20885", "zdi_id": "ZDI-24-140" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-139/advisory.json", "detail_path": "advisories/ZDI-24-139", "id": "ZDI-24-139", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-139/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20863", "zdi_id": "ZDI-24-139" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-138/advisory.json", "detail_path": "advisories/ZDI-24-138", "id": "ZDI-24-138", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-138/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20862", "zdi_id": "ZDI-24-138" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-137/advisory.json", "detail_path": "advisories/ZDI-24-137", "id": "ZDI-24-137", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-137/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20861", "zdi_id": "ZDI-24-137" }, { "cve": "CVE-2024-23128", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-136/advisory.json", "detail_path": "advisories/ZDI-24-136", "id": "ZDI-24-136", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-136/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20860", "zdi_id": "ZDI-24-136" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-135/advisory.json", "detail_path": "advisories/ZDI-24-135", "id": "ZDI-24-135", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-135/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20900", "zdi_id": "ZDI-24-135" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-134/advisory.json", "detail_path": "advisories/ZDI-24-134", "id": "ZDI-24-134", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-134/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20899", "zdi_id": "ZDI-24-134" }, { "cve": "CVE-2024-23130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-133/advisory.json", "detail_path": "advisories/ZDI-24-133", "id": "ZDI-24-133", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-133/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20898", "zdi_id": "ZDI-24-133" }, { "cve": "CVE-2024-23129", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-132/advisory.json", "detail_path": "advisories/ZDI-24-132", "id": "ZDI-24-132", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-132/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20896", "zdi_id": "ZDI-24-132" }, { "cve": "CVE-2024-23123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-131/advisory.json", "detail_path": "advisories/ZDI-24-131", "id": "ZDI-24-131", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-131/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20895", "zdi_id": "ZDI-24-131" }, { "cve": "CVE-2024-23131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-130/advisory.json", "detail_path": "advisories/ZDI-24-130", "id": "ZDI-24-130", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-130/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20894", "zdi_id": "ZDI-24-130" }, { "cve": "CVE-2024-23128", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-129/advisory.json", "detail_path": "advisories/ZDI-24-129", "id": "ZDI-24-129", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-129/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20893", "zdi_id": "ZDI-24-129" }, { "cve": "CVE-2024-23127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-128/advisory.json", "detail_path": "advisories/ZDI-24-128", "id": "ZDI-24-128", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-128/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20859", "zdi_id": "ZDI-24-128" }, { "cve": "CVE-2024-23125", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-127/advisory.json", "detail_path": "advisories/ZDI-24-127", "id": "ZDI-24-127", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-127/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20858", "zdi_id": "ZDI-24-127" }, { "cve": "CVE-2024-23120", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-126/advisory.json", "detail_path": "advisories/ZDI-24-126", "id": "ZDI-24-126", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-126/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20878", "zdi_id": "ZDI-24-126" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-125/advisory.json", "detail_path": "advisories/ZDI-24-125", "id": "ZDI-24-125", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-125/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20876", "zdi_id": "ZDI-24-125" }, { "cve": "CVE-2024-0446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-124/advisory.json", "detail_path": "advisories/ZDI-24-124", "id": "ZDI-24-124", "kind": "published", "published_date": "2024-02-12", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-124/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20877", "zdi_id": "ZDI-24-124" }, { "cve": "CVE-2023-6816", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-123/advisory.json", "detail_path": "advisories/ZDI-24-123", "id": "ZDI-24-123", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "X.Org Server DeviceFocusEvent Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-123/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22664", "zdi_id": "ZDI-24-123" }, { "cve": "CVE-2023-6816", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-122/advisory.json", "detail_path": "advisories/ZDI-24-122", "id": "ZDI-24-122", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "X.Org Server XIQueryPointer Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-122/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22665", "zdi_id": "ZDI-24-122" }, { "cve": "CVE-2024-0229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-121/advisory.json", "detail_path": "advisories/ZDI-24-121", "id": "ZDI-24-121", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "X.Org Server DeliverStateNotifyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-121/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22678", "zdi_id": "ZDI-24-121" }, { "cve": "CVE-2024-21885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-120/advisory.json", "detail_path": "advisories/ZDI-24-120", "id": "ZDI-24-120", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-120/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22744", "zdi_id": "ZDI-24-120" }, { "cve": "CVE-2024-21886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-119/advisory.json", "detail_path": "advisories/ZDI-24-119", "id": "ZDI-24-119", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-119/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22840", "zdi_id": "ZDI-24-119" }, { "cve": "CVE-2024-0637", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateDirectory function. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-24-118/advisory.json", "detail_path": "advisories/ZDI-24-118", "id": "ZDI-24-118", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-118/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22294", "zdi_id": "ZDI-24-118" }, { "cve": "CVE-2024-23115", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateGroups function. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-24-117/advisory.json", "detail_path": "advisories/ZDI-24-117", "id": "ZDI-24-117", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon updateGroups SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-117/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22295", "zdi_id": "ZDI-24-117" }, { "cve": "CVE-2024-23116", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation function. The issue results from the la...", "detail_json": "/data/advisories/ZDI-24-116/advisory.json", "detail_path": "advisories/ZDI-24-116", "id": "ZDI-24-116", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-116/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22296", "zdi_id": "ZDI-24-116" }, { "cve": "CVE-2024-23117", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactServiceCommands function. The issue results...", "detail_json": "/data/advisories/ZDI-24-115/advisory.json", "detail_path": "advisories/ZDI-24-115", "id": "ZDI-24-115", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-115/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22297", "zdi_id": "ZDI-24-115" }, { "cve": "CVE-2024-23118", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommands function. The issue results fro...", "detail_json": "/data/advisories/ZDI-24-114/advisory.json", "detail_path": "advisories/ZDI-24-114", "id": "ZDI-24-114", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-114/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22298", "zdi_id": "ZDI-24-114" }, { "cve": "CVE-2024-23119", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the insertGraphTemplate function. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-113/advisory.json", "detail_path": "advisories/ZDI-24-113", "id": "ZDI-24-113", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-113/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-22339", "zdi_id": "ZDI-24-113" }, { "cve": "CVE-2023-52334", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user...", "detail_json": "/data/advisories/ZDI-24-112/advisory.json", "detail_path": "advisories/ZDI-24-112", "id": "ZDI-24-112", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-112/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22507", "zdi_id": "ZDI-24-112" }, { "cve": "CVE-2023-51638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-111/advisory.json", "detail_path": "advisories/ZDI-24-111", "id": "ZDI-24-111", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-111/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22360", "zdi_id": "ZDI-24-111" }, { "cve": "CVE-2023-51639", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-110/advisory.json", "detail_path": "advisories/ZDI-24-110", "id": "ZDI-24-110", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-110/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22361", "zdi_id": "ZDI-24-110" }, { "cve": "CVE-2023-51646", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-109/advisory.json", "detail_path": "advisories/ZDI-24-109", "id": "ZDI-24-109", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-109/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22527", "zdi_id": "ZDI-24-109" }, { "cve": "CVE-2023-51647", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-108/advisory.json", "detail_path": "advisories/ZDI-24-108", "id": "ZDI-24-108", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-108/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22528", "zdi_id": "ZDI-24-108" }, { "cve": "CVE-2023-51640", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-107/advisory.json", "detail_path": "advisories/ZDI-24-107", "id": "ZDI-24-107", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-107/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22504", "zdi_id": "ZDI-24-107" }, { "cve": "CVE-2023-51641", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a...", "detail_json": "/data/advisories/ZDI-24-106/advisory.json", "detail_path": "advisories/ZDI-24-106", "id": "ZDI-24-106", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-106/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22505", "zdi_id": "ZDI-24-106" }, { "cve": "CVE-2023-51642", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a...", "detail_json": "/data/advisories/ZDI-24-105/advisory.json", "detail_path": "advisories/ZDI-24-105", "id": "ZDI-24-105", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-105/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22506", "zdi_id": "ZDI-24-105" }, { "cve": "CVE-2023-52333", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a...", "detail_json": "/data/advisories/ZDI-24-104/advisory.json", "detail_path": "advisories/ZDI-24-104", "id": "ZDI-24-104", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra saveFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-104/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22548", "zdi_id": "ZDI-24-104" }, { "cve": "CVE-2023-51643", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-103/advisory.json", "detail_path": "advisories/ZDI-24-103", "id": "ZDI-24-103", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-103/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22510", "zdi_id": "ZDI-24-103" }, { "cve": "CVE-2023-51644", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improp...", "detail_json": "/data/advisories/ZDI-24-102/advisory.json", "detail_path": "advisories/ZDI-24-102", "id": "ZDI-24-102", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-102/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22512", "zdi_id": "ZDI-24-102" }, { "cve": "CVE-2023-51645", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-24-101/advisory.json", "detail_path": "advisories/ZDI-24-101", "id": "ZDI-24-101", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-101/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22513", "zdi_id": "ZDI-24-101" }, { "cve": "CVE-2023-52332", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serveMathJaxLibraries method. The issue result...", "detail_json": "/data/advisories/ZDI-24-100/advisory.json", "detail_path": "advisories/ZDI-24-100", "id": "ZDI-24-100", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-100/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22532", "zdi_id": "ZDI-24-100" }, { "cve": "CVE-2023-51648", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a...", "detail_json": "/data/advisories/ZDI-24-099/advisory.json", "detail_path": "advisories/ZDI-24-099", "id": "ZDI-24-099", "kind": "published", "published_date": "2024-02-09", "status": "published", "title": "Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-099/", "vendor": "Allegra", "vendor_url": null, "zdi_can": "ZDI-CAN-22530", "zdi_id": "ZDI-24-099" }, { "cve": "CVE-2023-7032", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili...", "detail_json": "/data/advisories/ZDI-24-098/advisory.json", "detail_path": "advisories/ZDI-24-098", "id": "ZDI-24-098", "kind": "published", "published_date": "2024-02-08", "status": "published", "title": "Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-098/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21065", "zdi_id": "ZDI-24-098" }, { "cve": "CVE-2023-42463", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the proce...", "detail_json": "/data/advisories/ZDI-24-097/advisory.json", "detail_path": "advisories/ZDI-24-097", "id": "ZDI-24-097", "kind": "published", "published_date": "2024-02-08", "status": "published", "title": "Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-097/", "vendor": "Wazuh", "vendor_url": null, "zdi_can": "ZDI-CAN-22015", "zdi_id": "ZDI-24-097" }, { "cve": "CVE-2024-20953", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Product Lifecycle Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExportServlet. The issue resul...", "detail_json": "/data/advisories/ZDI-24-096/advisory.json", "detail_path": "advisories/ZDI-24-096", "id": "ZDI-24-096", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "Oracle Product Lifecycle Management ExportServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-096/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-21848", "zdi_id": "ZDI-24-096" }, { "cve": "CVE-2024-0244", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of fax j...", "detail_json": "/data/advisories/ZDI-24-095/advisory.json", "detail_path": "advisories/ZDI-24-095", "id": "ZDI-24-095", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "Canon imageCLASS MF753Cdw Fax Job Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-095/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22658", "zdi_id": "ZDI-24-095" }, { "cve": "CVE-2023-6234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The...", "detail_json": "/data/advisories/ZDI-24-094/advisory.json", "detail_path": "advisories/ZDI-24-094", "id": "ZDI-24-094", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw CADM setResource Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-094/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22533", "zdi_id": "ZDI-24-094" }, { "cve": "CVE-2023-6233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the s...", "detail_json": "/data/advisories/ZDI-24-093/advisory.json", "detail_path": "advisories/ZDI-24-093", "id": "ZDI-24-093", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw SLP service-url Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-093/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22389", "zdi_id": "ZDI-24-093" }, { "cve": "CVE-2023-6232", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Au...", "detail_json": "/data/advisories/ZDI-24-092/advisory.json", "detail_path": "advisories/ZDI-24-092", "id": "ZDI-24-092", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-092/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22386", "zdi_id": "ZDI-24-092" }, { "cve": "CVE-2023-6231", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Probe...", "detail_json": "/data/advisories/ZDI-24-091/advisory.json", "detail_path": "advisories/ZDI-24-091", "id": "ZDI-24-091", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw Probe message Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-091/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22381", "zdi_id": "ZDI-24-091" }, { "cve": "CVE-2023-6230", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Au...", "detail_json": "/data/advisories/ZDI-24-090/advisory.json", "detail_path": "advisories/ZDI-24-090", "id": "ZDI-24-090", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-090/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22391", "zdi_id": "ZDI-24-090" }, { "cve": "CVE-2023-6229", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The...", "detail_json": "/data/advisories/ZDI-24-089/advisory.json", "detail_path": "advisories/ZDI-24-089", "id": "ZDI-24-089", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF753Cdw CADM rmSetFileName Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-089/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-22403", "zdi_id": "ZDI-24-089" }, { "cve": "CVE-2023-22819", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTS...", "detail_json": "/data/advisories/ZDI-24-088/advisory.json", "detail_path": "advisories/ZDI-24-088", "id": "ZDI-24-088", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-088/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-22440", "zdi_id": "ZDI-24-088" }, { "cve": "CVE-2023-22817", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK s...", "detail_json": "/data/advisories/ZDI-24-087/advisory.json", "detail_path": "advisories/ZDI-24-087", "id": "ZDI-24-087", "kind": "published", "published_date": "2024-02-06", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-087/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-22456", "zdi_id": "ZDI-24-087" }, { "cve": "CVE-2024-1180", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the a...", "detail_json": "/data/advisories/ZDI-24-086/advisory.json", "detail_path": "advisories/ZDI-24-086", "id": "ZDI-24-086", "kind": "published", "published_date": "2024-02-05", "status": "published", "title": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22227", "zdi_id": "ZDI-24-086" }, { "cve": "CVE-2024-1179", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options...", "detail_json": "/data/advisories/ZDI-24-085/advisory.json", "detail_path": "advisories/ZDI-24-085", "id": "ZDI-24-085", "kind": "published", "published_date": "2024-02-05", "status": "published", "title": "(Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22420", "zdi_id": "ZDI-24-085" }, { "cve": "CVE-2023-50737", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authent...", "detail_json": "/data/advisories/ZDI-24-084/advisory.json", "detail_path": "advisories/ZDI-24-084", "id": "ZDI-24-084", "kind": "published", "published_date": "2024-01-31", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe Missing Authentication Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-084/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22520", "zdi_id": "ZDI-24-084" }, { "cve": "CVE-2023-50736", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript dat...", "detail_json": "/data/advisories/ZDI-24-083/advisory.json", "detail_path": "advisories/ZDI-24-083", "id": "ZDI-24-083", "kind": "published", "published_date": "2024-01-31", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe PostScript File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-083/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22445", "zdi_id": "ZDI-24-083" }, { "cve": "CVE-2023-50735", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PDF files. The issue res...", "detail_json": "/data/advisories/ZDI-24-082/advisory.json", "detail_path": "advisories/ZDI-24-082", "id": "ZDI-24-082", "kind": "published", "published_date": "2024-01-31", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-082/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22443", "zdi_id": "ZDI-24-082" }, { "cve": "CVE-2023-50734", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the make42charstring method....", "detail_json": "/data/advisories/ZDI-24-081/advisory.json", "detail_path": "advisories/ZDI-24-081", "id": "ZDI-24-081", "kind": "published", "published_date": "2024-01-31", "status": "published", "title": "(Pwn2Own) Lexmark CX331adwe make42charstring Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-081/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-22380", "zdi_id": "ZDI-24-081" }, { "cve": "CVE-2023-41178", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit...", "detail_json": "/data/advisories/ZDI-24-080/advisory.json", "detail_path": "advisories/ZDI-24-080", "id": "ZDI-24-080", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-080/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20806", "zdi_id": "ZDI-24-080" }, { "cve": "CVE-2023-41177", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit...", "detail_json": "/data/advisories/ZDI-24-079/advisory.json", "detail_path": "advisories/ZDI-24-079", "id": "ZDI-24-079", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-079/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20805", "zdi_id": "ZDI-24-079" }, { "cve": "CVE-2023-41176", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit...", "detail_json": "/data/advisories/ZDI-24-078/advisory.json", "detail_path": "advisories/ZDI-24-078", "id": "ZDI-24-078", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-078/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20804", "zdi_id": "ZDI-24-078" }, { "cve": "CVE-2023-52324", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of uploaded ZIP files. The iss...", "detail_json": "/data/advisories/ZDI-24-077/advisory.json", "detail_path": "advisories/ZDI-24-077", "id": "ZDI-24-077", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Apex Central Unrestricted File Upload Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-077/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20803", "zdi_id": "ZDI-24-077" }, { "cve": "CVE-2023-52338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-24-076/advisory.json", "detail_path": "advisories/ZDI-24-076", "id": "ZDI-24-076", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21780", "zdi_id": "ZDI-24-076" }, { "cve": "CVE-2023-52337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-24-075/advisory.json", "detail_path": "advisories/ZDI-24-075", "id": "ZDI-24-075", "kind": "published", "published_date": "2024-01-19", "status": "published", "title": "Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16568", "zdi_id": "ZDI-24-075" }, { "cve": "CVE-2023-52329", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-074/advisory.json", "detail_path": "advisories/ZDI-24-074", "id": "ZDI-24-074", "kind": "published", "published_date": "2024-01-18", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-074/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18868", "zdi_id": "ZDI-24-074" }, { "cve": "CVE-2023-51630", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-24-073/advisory.json", "detail_path": "advisories/ZDI-24-073", "id": "ZDI-24-073", "kind": "published", "published_date": "2024-01-15", "status": "published", "title": "Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-073/", "vendor": "Paessler", "vendor_url": null, "zdi_can": "ZDI-CAN-21182", "zdi_id": "ZDI-24-073" }, { "cve": "CVE-2024-21473", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The...", "detail_json": "/data/advisories/ZDI-24-072/advisory.json", "detail_path": "advisories/ZDI-24-072", "id": "ZDI-24-072", "kind": "published", "published_date": "2024-01-15", "status": "published", "title": "Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-072/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19708", "zdi_id": "ZDI-24-072" }, { "cve": "CVE-2023-46804", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue r...", "detail_json": "/data/advisories/ZDI-24-071/advisory.json", "detail_path": "advisories/ZDI-24-071", "id": "ZDI-24-071", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Integer Underflow Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-071/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22643", "zdi_id": "ZDI-24-071" }, { "cve": "CVE-2023-46223", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-070/advisory.json", "detail_path": "advisories/ZDI-24-070", "id": "ZDI-24-070", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-070/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22582", "zdi_id": "ZDI-24-070" }, { "cve": "CVE-2023-46222", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-069/advisory.json", "detail_path": "advisories/ZDI-24-069", "id": "ZDI-24-069", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-069/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22581", "zdi_id": "ZDI-24-069" }, { "cve": "CVE-2023-46221", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-068/advisory.json", "detail_path": "advisories/ZDI-24-068", "id": "ZDI-24-068", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-068/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22580", "zdi_id": "ZDI-24-068" }, { "cve": "CVE-2023-46803", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue r...", "detail_json": "/data/advisories/ZDI-24-067/advisory.json", "detail_path": "advisories/ZDI-24-067", "id": "ZDI-24-067", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Divide By Zero Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-067/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22544", "zdi_id": "ZDI-24-067" }, { "cve": "CVE-2023-46220", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-066/advisory.json", "detail_path": "advisories/ZDI-24-066", "id": "ZDI-24-066", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-066/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22553", "zdi_id": "ZDI-24-066" }, { "cve": "CVE-2023-46258", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-065/advisory.json", "detail_path": "advisories/ZDI-24-065", "id": "ZDI-24-065", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-065/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22586", "zdi_id": "ZDI-24-065" }, { "cve": "CVE-2023-46257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-064/advisory.json", "detail_path": "advisories/ZDI-24-064", "id": "ZDI-24-064", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-064/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22585", "zdi_id": "ZDI-24-064" }, { "cve": "CVE-2023-46225", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-063/advisory.json", "detail_path": "advisories/ZDI-24-063", "id": "ZDI-24-063", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-063/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22584", "zdi_id": "ZDI-24-063" }, { "cve": "CVE-2023-46224", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-062/advisory.json", "detail_path": "advisories/ZDI-24-062", "id": "ZDI-24-062", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-062/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22583", "zdi_id": "ZDI-24-062" }, { "cve": "CVE-2023-46259", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from th...", "detail_json": "/data/advisories/ZDI-24-061/advisory.json", "detail_path": "advisories/ZDI-24-061", "id": "ZDI-24-061", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_FC Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-061/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21972", "zdi_id": "ZDI-24-061" }, { "cve": "CVE-2023-46260", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue r...", "detail_json": "/data/advisories/ZDI-24-060/advisory.json", "detail_path": "advisories/ZDI-24-060", "id": "ZDI-24-060", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLAvalancheService TV_NL Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-060/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21992", "zdi_id": "ZDI-24-060" }, { "cve": "CVE-2023-46261", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService. The issue results from the...", "detail_json": "/data/advisories/ZDI-24-059/advisory.json", "detail_path": "advisories/ZDI-24-059", "id": "ZDI-24-059", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-059/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22000", "zdi_id": "ZDI-24-059" }, { "cve": "CVE-2021-22962", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the allowPassThrough method. The issue r...", "detail_json": "/data/advisories/ZDI-24-058/advisory.json", "detail_path": "advisories/ZDI-24-058", "id": "ZDI-24-058", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-058/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21953", "zdi_id": "ZDI-24-058" }, { "cve": "CVE-2023-46266", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue result...", "detail_json": "/data/advisories/ZDI-24-057/advisory.json", "detail_path": "advisories/ZDI-24-057", "id": "ZDI-24-057", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-057/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21943", "zdi_id": "ZDI-24-057" }, { "cve": "CVE-2023-46263", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-056/advisory.json", "detail_path": "advisories/ZDI-24-056", "id": "ZDI-24-056", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-056/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21952", "zdi_id": "ZDI-24-056" }, { "cve": "CVE-2023-46264", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-24-055/advisory.json", "detail_path": "advisories/ZDI-24-055", "id": "ZDI-24-055", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-055/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-22001", "zdi_id": "ZDI-24-055" }, { "cve": "CVE-2023-46265", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decode method. Due to the improper re...", "detail_json": "/data/advisories/ZDI-24-054/advisory.json", "detail_path": "advisories/ZDI-24-054", "id": "ZDI-24-054", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-054/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21458", "zdi_id": "ZDI-24-054" }, { "cve": "CVE-2023-46262", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validateAMCWSConnection method. The i...", "detail_json": "/data/advisories/ZDI-24-053/advisory.json", "detail_path": "advisories/ZDI-24-053", "id": "ZDI-24-053", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-053/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21406", "zdi_id": "ZDI-24-053" }, { "cve": "CVE-2023-52331", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. T...", "detail_json": "/data/advisories/ZDI-24-052/advisory.json", "detail_path": "advisories/ZDI-24-052", "id": "ZDI-24-052", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-052/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21888", "zdi_id": "ZDI-24-052" }, { "cve": "CVE-2023-52330", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the Policy Management functionality. The issue r...", "detail_json": "/data/advisories/ZDI-24-051/advisory.json", "detail_path": "advisories/ZDI-24-051", "id": "ZDI-24-051", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-051/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21447", "zdi_id": "ZDI-24-051" }, { "cve": "CVE-2023-51631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-050/advisory.json", "detail_path": "advisories/ZDI-24-050", "id": "ZDI-24-050", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-050/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21675", "zdi_id": "ZDI-24-050" }, { "cve": "CVE-2023-51629", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the O...", "detail_json": "/data/advisories/ZDI-24-049/advisory.json", "detail_path": "advisories/ZDI-24-049", "id": "ZDI-24-049", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-049/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21492", "zdi_id": "ZDI-24-049" }, { "cve": "CVE-2023-51628", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-24-048/advisory.json", "detail_path": "advisories/ZDI-24-048", "id": "ZDI-24-048", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-048/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21322", "zdi_id": "ZDI-24-048" }, { "cve": "CVE-2023-51627", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-24-047/advisory.json", "detail_path": "advisories/ZDI-24-047", "id": "ZDI-24-047", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-047/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21321", "zdi_id": "ZDI-24-047" }, { "cve": "CVE-2023-51626", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Autho...", "detail_json": "/data/advisories/ZDI-24-046/advisory.json", "detail_path": "advisories/ZDI-24-046", "id": "ZDI-24-046", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-046/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21320", "zdi_id": "ZDI-24-046" }, { "cve": "CVE-2023-51625", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-24-045/advisory.json", "detail_path": "advisories/ZDI-24-045", "id": "ZDI-24-045", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-045/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21319", "zdi_id": "ZDI-24-045" }, { "cve": "CVE-2023-51624", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Autho...", "detail_json": "/data/advisories/ZDI-24-044/advisory.json", "detail_path": "advisories/ZDI-24-044", "id": "ZDI-24-044", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-044/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20072", "zdi_id": "ZDI-24-044" }, { "cve": "CVE-2023-51623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-043/advisory.json", "detail_path": "advisories/ZDI-24-043", "id": "ZDI-24-043", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-043/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21673", "zdi_id": "ZDI-24-043" }, { "cve": "CVE-2023-51622", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-042/advisory.json", "detail_path": "advisories/ZDI-24-042", "id": "ZDI-24-042", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-042/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21672", "zdi_id": "ZDI-24-042" }, { "cve": "CVE-2023-51621", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-041/advisory.json", "detail_path": "advisories/ZDI-24-041", "id": "ZDI-24-041", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-041/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21670", "zdi_id": "ZDI-24-041" }, { "cve": "CVE-2023-51620", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-040/advisory.json", "detail_path": "advisories/ZDI-24-040", "id": "ZDI-24-040", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-040/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21669", "zdi_id": "ZDI-24-040" }, { "cve": "CVE-2023-51619", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-039/advisory.json", "detail_path": "advisories/ZDI-24-039", "id": "ZDI-24-039", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-039/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21667", "zdi_id": "ZDI-24-039" }, { "cve": "CVE-2023-51618", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-038/advisory.json", "detail_path": "advisories/ZDI-24-038", "id": "ZDI-24-038", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-038/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21595", "zdi_id": "ZDI-24-038" }, { "cve": "CVE-2023-51617", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-037/advisory.json", "detail_path": "advisories/ZDI-24-037", "id": "ZDI-24-037", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-037/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21594", "zdi_id": "ZDI-24-037" }, { "cve": "CVE-2023-51616", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-036/advisory.json", "detail_path": "advisories/ZDI-24-036", "id": "ZDI-24-036", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-036/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21593", "zdi_id": "ZDI-24-036" }, { "cve": "CVE-2023-51615", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-035/advisory.json", "detail_path": "advisories/ZDI-24-035", "id": "ZDI-24-035", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-035/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21592", "zdi_id": "ZDI-24-035" }, { "cve": "CVE-2023-51614", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-034/advisory.json", "detail_path": "advisories/ZDI-24-034", "id": "ZDI-24-034", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-034/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21591", "zdi_id": "ZDI-24-034" }, { "cve": "CVE-2023-51613", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles...", "detail_json": "/data/advisories/ZDI-24-033/advisory.json", "detail_path": "advisories/ZDI-24-033", "id": "ZDI-24-033", "kind": "published", "published_date": "2024-01-11", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-033/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21590", "zdi_id": "ZDI-24-033" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-24-032/advisory.json", "detail_path": "advisories/ZDI-24-032", "id": "ZDI-24-032", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Foxit PDF Reader Doc Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-032/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22109", "zdi_id": "ZDI-24-032" }, { "cve": "CVE-2024-21310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Only systems...", "detail_json": "/data/advisories/ZDI-24-031/advisory.json", "detail_path": "advisories/ZDI-24-031", "id": "ZDI-24-031", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Microsoft Windows cldflt Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-031/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22126", "zdi_id": "ZDI-24-031" }, { "cve": "CVE-2024-20677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-24-030/advisory.json", "detail_path": "advisories/ZDI-24-030", "id": "ZDI-24-030", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Microsoft Office Word FBX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21445", "zdi_id": "ZDI-24-030" }, { "cve": "CVE-2023-52093", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-029/advisory.json", "detail_path": "advisories/ZDI-24-029", "id": "ZDI-24-029", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex One Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-029/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21860", "zdi_id": "ZDI-24-029" }, { "cve": "CVE-2023-52094", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-028/advisory.json", "detail_path": "advisories/ZDI-24-028", "id": "ZDI-24-028", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-028/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21896", "zdi_id": "ZDI-24-028" }, { "cve": "CVE-2023-52091", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-027/advisory.json", "detail_path": "advisories/ZDI-24-027", "id": "ZDI-24-027", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-027/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21522", "zdi_id": "ZDI-24-027" }, { "cve": "CVE-2023-52090", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-026/advisory.json", "detail_path": "advisories/ZDI-24-026", "id": "ZDI-24-026", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-026/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21425", "zdi_id": "ZDI-24-026" }, { "cve": "CVE-2023-52092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-24-025/advisory.json", "detail_path": "advisories/ZDI-24-025", "id": "ZDI-24-025", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-025/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21346", "zdi_id": "ZDI-24-025" }, { "cve": "CVE-2023-52325", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. Th...", "detail_json": "/data/advisories/ZDI-24-024/advisory.json", "detail_path": "advisories/ZDI-24-024", "id": "ZDI-24-024", "kind": "published", "published_date": "2024-01-10", "status": "published", "title": "Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-024/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21327", "zdi_id": "ZDI-24-024" }, { "cve": "CVE-2023-52326", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-023/advisory.json", "detail_path": "advisories/ZDI-24-023", "id": "ZDI-24-023", "kind": "published", "published_date": "2024-01-16", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-023/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18873", "zdi_id": "ZDI-24-023" }, { "cve": "CVE-2023-52327", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-022/advisory.json", "detail_path": "advisories/ZDI-24-022", "id": "ZDI-24-022", "kind": "published", "published_date": "2024-01-16", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-022/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18869", "zdi_id": "ZDI-24-022" }, { "cve": "CVE-2023-52328", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-021/advisory.json", "detail_path": "advisories/ZDI-24-021", "id": "ZDI-24-021", "kind": "published", "published_date": "2024-01-16", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-021/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18870", "zdi_id": "ZDI-24-021" }, { "cve": "CVE-2023-6546", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-24-020/advisory.json", "detail_path": "advisories/ZDI-24-020", "id": "ZDI-24-020", "kind": "published", "published_date": "2024-01-09", "status": "published", "title": "Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-020/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20527", "zdi_id": "ZDI-24-020" }, { "cve": "CVE-2023-44430", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-24-019/advisory.json", "detail_path": "advisories/ZDI-24-019", "id": "ZDI-24-019", "kind": "published", "published_date": "2024-01-08", "status": "published", "title": "Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-019/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-19067", "zdi_id": "ZDI-24-019" }, { "cve": "CVE-2023-50223", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExtendedDocumentCodec class. The iss...", "detail_json": "/data/advisories/ZDI-24-018/advisory.json", "detail_path": "advisories/ZDI-24-018", "id": "ZDI-24-018", "kind": "published", "published_date": "2024-01-05", "status": "published", "title": "Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-018/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-22127", "zdi_id": "ZDI-24-018" }, { "cve": "CVE-2023-50222", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific fla...", "detail_json": "/data/advisories/ZDI-24-017/advisory.json", "detail_path": "advisories/ZDI-24-017", "id": "ZDI-24-017", "kind": "published", "published_date": "2024-01-05", "status": "published", "title": "Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-017/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-22067", "zdi_id": "ZDI-24-017" }, { "cve": "CVE-2023-50221", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific fla...", "detail_json": "/data/advisories/ZDI-24-016/advisory.json", "detail_path": "advisories/ZDI-24-016", "id": "ZDI-24-016", "kind": "published", "published_date": "2024-01-05", "status": "published", "title": "Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-016/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-21926", "zdi_id": "ZDI-24-016" }, { "cve": "CVE-2023-50220", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element class. The issue resul...", "detail_json": "/data/advisories/ZDI-24-015/advisory.json", "detail_path": "advisories/ZDI-24-015", "id": "ZDI-24-015", "kind": "published", "published_date": "2024-01-05", "status": "published", "title": "Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-015/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-21801", "zdi_id": "ZDI-24-015" }, { "cve": "CVE-2023-50219", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The issue results fr...", "detail_json": "/data/advisories/ZDI-24-014/advisory.json", "detail_path": "advisories/ZDI-24-014", "id": "ZDI-24-014", "kind": "published", "published_date": "2024-01-05", "status": "published", "title": "Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-014/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-21625", "zdi_id": "ZDI-24-014" }, { "cve": "CVE-2023-4235", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-24-013/advisory.json", "detail_path": "advisories/ZDI-24-013", "id": "ZDI-24-013", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-013/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-21016", "zdi_id": "ZDI-24-013" }, { "cve": "CVE-2023-5367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-012/advisory.json", "detail_path": "advisories/ZDI-24-012", "id": "ZDI-24-012", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "X.Org Server ProcXIChangeProperty Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-012/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22153", "zdi_id": "ZDI-24-012" }, { "cve": "CVE-2023-6377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-011/advisory.json", "detail_path": "advisories/ZDI-24-011", "id": "ZDI-24-011", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "X.Org Server RecalculateMasterButtons Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-011/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22412", "zdi_id": "ZDI-24-011" }, { "cve": "CVE-2023-6377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-24-010/advisory.json", "detail_path": "advisories/ZDI-24-010", "id": "ZDI-24-010", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "X.Org Server DeepCopyPointerClasses Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-010/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22413", "zdi_id": "ZDI-24-010" }, { "cve": "CVE-2023-6478", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-24-009/advisory.json", "detail_path": "advisories/ZDI-24-009", "id": "ZDI-24-009", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "X.Org Server RRChangeOutputProperty Integer Overflow Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-009/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-22561", "zdi_id": "ZDI-24-009" }, { "cve": "CVE-2023-40058", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ in...", "detail_json": "/data/advisories/ZDI-24-008/advisory.json", "detail_path": "advisories/ZDI-24-008", "id": "ZDI-24-008", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "SolarWinds Access Rights Manager Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-008/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-22753", "zdi_id": "ZDI-24-008" }, { "cve": "CVE-2023-51569", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-007/advisory.json", "detail_path": "advisories/ZDI-24-007", "id": "ZDI-24-007", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-007/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22016", "zdi_id": "ZDI-24-007" }, { "cve": "CVE-2023-51567", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-006/advisory.json", "detail_path": "advisories/ZDI-24-006", "id": "ZDI-24-006", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-006/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21988", "zdi_id": "ZDI-24-006" }, { "cve": "CVE-2023-51568", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-005/advisory.json", "detail_path": "advisories/ZDI-24-005", "id": "ZDI-24-005", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-005/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21990", "zdi_id": "ZDI-24-005" }, { "cve": "CVE-2023-51566", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-004/advisory.json", "detail_path": "advisories/ZDI-24-004", "id": "ZDI-24-004", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF OXPS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-004/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21980", "zdi_id": "ZDI-24-004" }, { "cve": "CVE-2023-51565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-003/advisory.json", "detail_path": "advisories/ZDI-24-003", "id": "ZDI-24-003", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-003/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21975", "zdi_id": "ZDI-24-003" }, { "cve": "CVE-2023-51564", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-24-002/advisory.json", "detail_path": "advisories/ZDI-24-002", "id": "ZDI-24-002", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-002/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21606", "zdi_id": "ZDI-24-002" }, { "cve": "CVE-2023-51563", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-24-001/advisory.json", "detail_path": "advisories/ZDI-24-001", "id": "ZDI-24-001", "kind": "published", "published_date": "2024-01-04", "status": "published", "title": "Kofax Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-001/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20573", "zdi_id": "ZDI-24-001" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1914/advisory.json", "detail_path": "advisories/ZDI-23-1914", "id": "ZDI-23-1914", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "Google Chromium JIT Compilation Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1914/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-21536", "zdi_id": "ZDI-23-1914" }, { "cve": "CVE-2023-51612", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1913/advisory.json", "detail_path": "advisories/ZDI-23-1913", "id": "ZDI-23-1913", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "(0Day) Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1913/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21837", "zdi_id": "ZDI-23-1913" }, { "cve": "CVE-2023-51611", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1912/advisory.json", "detail_path": "advisories/ZDI-23-1912", "id": "ZDI-23-1912", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "(0Day) Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1912/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21836", "zdi_id": "ZDI-23-1912" }, { "cve": "CVE-2023-51610", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1911/advisory.json", "detail_path": "advisories/ZDI-23-1911", "id": "ZDI-23-1911", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "(0Day) Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1911/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21835", "zdi_id": "ZDI-23-1911" }, { "cve": "CVE-2023-51609", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1910/advisory.json", "detail_path": "advisories/ZDI-23-1910", "id": "ZDI-23-1910", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "(0Day) Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1910/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21834", "zdi_id": "ZDI-23-1910" }, { "cve": "CVE-2023-51608", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1909/advisory.json", "detail_path": "advisories/ZDI-23-1909", "id": "ZDI-23-1909", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) Kofax Power PDF J2K File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1909/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21833", "zdi_id": "ZDI-23-1909" }, { "cve": "CVE-2023-51607", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1908/advisory.json", "detail_path": "advisories/ZDI-23-1908", "id": "ZDI-23-1908", "kind": "published", "published_date": "2024-06-06", "status": "published", "title": "(0Day) Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1908/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21829", "zdi_id": "ZDI-23-1908" }, { "cve": "CVE-2023-51606", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1907/advisory.json", "detail_path": "advisories/ZDI-23-1907", "id": "ZDI-23-1907", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1907/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21759", "zdi_id": "ZDI-23-1907" }, { "cve": "CVE-2023-51597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1906/advisory.json", "detail_path": "advisories/ZDI-23-1906", "id": "ZDI-23-1906", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1906/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21755", "zdi_id": "ZDI-23-1906" }, { "cve": "CVE-2023-51592", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The spec...", "detail_json": "/data/advisories/ZDI-23-1905/advisory.json", "detail_path": "advisories/ZDI-23-1905", "id": "ZDI-23-1905", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20854", "zdi_id": "ZDI-23-1905" }, { "cve": "CVE-2023-51589", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The spec...", "detail_json": "/data/advisories/ZDI-23-1904/advisory.json", "detail_path": "advisories/ZDI-23-1904", "id": "ZDI-23-1904", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20853", "zdi_id": "ZDI-23-1904" }, { "cve": "CVE-2023-51580", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The spec...", "detail_json": "/data/advisories/ZDI-23-1903/advisory.json", "detail_path": "advisories/ZDI-23-1903", "id": "ZDI-23-1903", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20852", "zdi_id": "ZDI-23-1903" }, { "cve": "CVE-2023-51596", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-23-1902/advisory.json", "detail_path": "advisories/ZDI-23-1902", "id": "ZDI-23-1902", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1902/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20939", "zdi_id": "ZDI-23-1902" }, { "cve": "CVE-2023-51594", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific...", "detail_json": "/data/advisories/ZDI-23-1901/advisory.json", "detail_path": "advisories/ZDI-23-1901", "id": "ZDI-23-1901", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20937", "zdi_id": "ZDI-23-1901" }, { "cve": "CVE-2023-44431", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific fla...", "detail_json": "/data/advisories/ZDI-23-1900/advisory.json", "detail_path": "advisories/ZDI-23-1900", "id": "ZDI-23-1900", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "(0Day) BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-19909", "zdi_id": "ZDI-23-1900" }, { "cve": "CVE-2023-29460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-23-1899/advisory.json", "detail_path": "advisories/ZDI-23-1899", "id": "ZDI-23-1899", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1899/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-19748", "zdi_id": "ZDI-23-1899" }, { "cve": "CVE-2023-29460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-23-1898/advisory.json", "detail_path": "advisories/ZDI-23-1898", "id": "ZDI-23-1898", "kind": "published", "published_date": "2023-12-21", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1898/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-19750", "zdi_id": "ZDI-23-1898" }, { "cve": "CVE-2023-51595", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The i...", "detail_json": "/data/advisories/ZDI-23-1897/advisory.json", "detail_path": "advisories/ZDI-23-1897", "id": "ZDI-23-1897", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1897/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22163", "zdi_id": "ZDI-23-1897" }, { "cve": "CVE-2023-51593", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue re...", "detail_json": "/data/advisories/ZDI-23-1896/advisory.json", "detail_path": "advisories/ZDI-23-1896", "id": "ZDI-23-1896", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1896/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22095", "zdi_id": "ZDI-23-1896" }, { "cve": "CVE-2023-51591", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due t...", "detail_json": "/data/advisories/ZDI-23-1895/advisory.json", "detail_path": "advisories/ZDI-23-1895", "id": "ZDI-23-1895", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1895/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22081", "zdi_id": "ZDI-23-1895" }, { "cve": "CVE-2023-51590", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue re...", "detail_json": "/data/advisories/ZDI-23-1894/advisory.json", "detail_path": "advisories/ZDI-23-1894", "id": "ZDI-23-1894", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1894/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22080", "zdi_id": "ZDI-23-1894" }, { "cve": "CVE-2023-51588", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-23-1893/advisory.json", "detail_path": "advisories/ZDI-23-1893", "id": "ZDI-23-1893", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1893/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22075", "zdi_id": "ZDI-23-1893" }, { "cve": "CVE-2023-51587", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getModbusPassword method. Th...", "detail_json": "/data/advisories/ZDI-23-1892/advisory.json", "detail_path": "advisories/ZDI-23-1892", "id": "ZDI-23-1892", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1892/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22073", "zdi_id": "ZDI-23-1892" }, { "cve": "CVE-2023-51586", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectEventConfig method. The is...", "detail_json": "/data/advisories/ZDI-23-1891/advisory.json", "detail_path": "advisories/ZDI-23-1891", "id": "ZDI-23-1891", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1891/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22072", "zdi_id": "ZDI-23-1891" }, { "cve": "CVE-2023-51585", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specifi...", "detail_json": "/data/advisories/ZDI-23-1890/advisory.json", "detail_path": "advisories/ZDI-23-1890", "id": "ZDI-23-1890", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1890/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22071", "zdi_id": "ZDI-23-1890" }, { "cve": "CVE-2023-51584", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specifi...", "detail_json": "/data/advisories/ZDI-23-1889/advisory.json", "detail_path": "advisories/ZDI-23-1889", "id": "ZDI-23-1889", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1889/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22065", "zdi_id": "ZDI-23-1889" }, { "cve": "CVE-2023-51583", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpsScheduler class. The issue result...", "detail_json": "/data/advisories/ZDI-23-1888/advisory.json", "detail_path": "advisories/ZDI-23-1888", "id": "ZDI-23-1888", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1888/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22036", "zdi_id": "ZDI-23-1888" }, { "cve": "CVE-2023-51582", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LinuxMonitorConsole class. The issue...", "detail_json": "/data/advisories/ZDI-23-1887/advisory.json", "detail_path": "advisories/ZDI-23-1887", "id": "ZDI-23-1887", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1887/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22035", "zdi_id": "ZDI-23-1887" }, { "cve": "CVE-2023-51581", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MacMonitorConsole class. The issue r...", "detail_json": "/data/advisories/ZDI-23-1886/advisory.json", "detail_path": "advisories/ZDI-23-1886", "id": "ZDI-23-1886", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1886/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22034", "zdi_id": "ZDI-23-1886" }, { "cve": "CVE-2023-51579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-1885/advisory.json", "detail_path": "advisories/ZDI-23-1885", "id": "ZDI-23-1885", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1885/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22025", "zdi_id": "ZDI-23-1885" }, { "cve": "CVE-2023-51578", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class....", "detail_json": "/data/advisories/ZDI-23-1884/advisory.json", "detail_path": "advisories/ZDI-23-1884", "id": "ZDI-23-1884", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1884/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22024", "zdi_id": "ZDI-23-1884" }, { "cve": "CVE-2023-51577", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-1883/advisory.json", "detail_path": "advisories/ZDI-23-1883", "id": "ZDI-23-1883", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1883/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22023", "zdi_id": "ZDI-23-1883" }, { "cve": "CVE-2023-51576", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI interface, which listens on TCP...", "detail_json": "/data/advisories/ZDI-23-1882/advisory.json", "detail_path": "advisories/ZDI-23-1882", "id": "ZDI-23-1882", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1882/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22012", "zdi_id": "ZDI-23-1882" }, { "cve": "CVE-2023-51575", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1881/advisory.json", "detail_path": "advisories/ZDI-23-1881", "id": "ZDI-23-1881", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1881/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22011", "zdi_id": "ZDI-23-1881" }, { "cve": "CVE-2023-51574", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The iss...", "detail_json": "/data/advisories/ZDI-23-1880/advisory.json", "detail_path": "advisories/ZDI-23-1880", "id": "ZDI-23-1880", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1880/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-22010", "zdi_id": "ZDI-23-1880" }, { "cve": "CVE-2023-51573", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword function. T...", "detail_json": "/data/advisories/ZDI-23-1879/advisory.json", "detail_path": "advisories/ZDI-23-1879", "id": "ZDI-23-1879", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1879/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-21203", "zdi_id": "ZDI-23-1879" }, { "cve": "CVE-2023-51572", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP function. The...", "detail_json": "/data/advisories/ZDI-23-1878/advisory.json", "detail_path": "advisories/ZDI-23-1878", "id": "ZDI-23-1878", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1878/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-21163", "zdi_id": "ZDI-23-1878" }, { "cve": "CVE-2023-51571", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketService modu...", "detail_json": "/data/advisories/ZDI-23-1877/advisory.json", "detail_path": "advisories/ZDI-23-1877", "id": "ZDI-23-1877", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-21162", "zdi_id": "ZDI-23-1877" }, { "cve": "CVE-2023-51570", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI interface, which listens on...", "detail_json": "/data/advisories/ZDI-23-1876/advisory.json", "detail_path": "advisories/ZDI-23-1876", "id": "ZDI-23-1876", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1876/", "vendor": "Voltronic Power", "vendor_url": null, "zdi_can": "ZDI-CAN-21012", "zdi_id": "ZDI-23-1876" }, { "cve": "CVE-2023-51562", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1875/advisory.json", "detail_path": "advisories/ZDI-23-1875", "id": "ZDI-23-1875", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1875/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22500", "zdi_id": "ZDI-23-1875" }, { "cve": "CVE-2023-51560", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1874/advisory.json", "detail_path": "advisories/ZDI-23-1874", "id": "ZDI-23-1874", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1874/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22259", "zdi_id": "ZDI-23-1874" }, { "cve": "CVE-2023-51551", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1873/advisory.json", "detail_path": "advisories/ZDI-23-1873", "id": "ZDI-23-1873", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1873/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22003", "zdi_id": "ZDI-23-1873" }, { "cve": "CVE-2023-51559", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1872/advisory.json", "detail_path": "advisories/ZDI-23-1872", "id": "ZDI-23-1872", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1872/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22258", "zdi_id": "ZDI-23-1872" }, { "cve": "CVE-2023-51558", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1871/advisory.json", "detail_path": "advisories/ZDI-23-1871", "id": "ZDI-23-1871", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1871/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22257", "zdi_id": "ZDI-23-1871" }, { "cve": "CVE-2023-51557", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1870/advisory.json", "detail_path": "advisories/ZDI-23-1870", "id": "ZDI-23-1870", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1870/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22256", "zdi_id": "ZDI-23-1870" }, { "cve": "CVE-2023-51556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1869/advisory.json", "detail_path": "advisories/ZDI-23-1869", "id": "ZDI-23-1869", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1869/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22255", "zdi_id": "ZDI-23-1869" }, { "cve": "CVE-2023-51555", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1868/advisory.json", "detail_path": "advisories/ZDI-23-1868", "id": "ZDI-23-1868", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1868/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22254", "zdi_id": "ZDI-23-1868" }, { "cve": "CVE-2023-51553", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1867/advisory.json", "detail_path": "advisories/ZDI-23-1867", "id": "ZDI-23-1867", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1867/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22110", "zdi_id": "ZDI-23-1867" }, { "cve": "CVE-2023-51554", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1866/advisory.json", "detail_path": "advisories/ZDI-23-1866", "id": "ZDI-23-1866", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader Signature Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1866/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22122", "zdi_id": "ZDI-23-1866" }, { "cve": "CVE-2023-51552", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1865/advisory.json", "detail_path": "advisories/ZDI-23-1865", "id": "ZDI-23-1865", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1865/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22007", "zdi_id": "ZDI-23-1865" }, { "cve": "CVE-2023-51550", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1864/advisory.json", "detail_path": "advisories/ZDI-23-1864", "id": "ZDI-23-1864", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1864/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21870", "zdi_id": "ZDI-23-1864" }, { "cve": "CVE-2023-51549", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1863/advisory.json", "detail_path": "advisories/ZDI-23-1863", "id": "ZDI-23-1863", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1863/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21867", "zdi_id": "ZDI-23-1863" }, { "cve": "CVE-2023-51561", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1862/advisory.json", "detail_path": "advisories/ZDI-23-1862", "id": "ZDI-23-1862", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1862/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22283", "zdi_id": "ZDI-23-1862" }, { "cve": "CVE-2023-2794", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-23-1861/advisory.json", "detail_path": "advisories/ZDI-23-1861", "id": "ZDI-23-1861", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1861/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-20971", "zdi_id": "ZDI-23-1861" }, { "cve": "CVE-2023-4232", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-23-1860/advisory.json", "detail_path": "advisories/ZDI-23-1860", "id": "ZDI-23-1860", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1860/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-21014", "zdi_id": "ZDI-23-1860" }, { "cve": "CVE-2023-4233", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-23-1859/advisory.json", "detail_path": "advisories/ZDI-23-1859", "id": "ZDI-23-1859", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1859/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-20996", "zdi_id": "ZDI-23-1859" }, { "cve": "CVE-2023-4234", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-23-1858/advisory.json", "detail_path": "advisories/ZDI-23-1858", "id": "ZDI-23-1858", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1858/", "vendor": "oFono", "vendor_url": null, "zdi_can": "ZDI-CAN-21015", "zdi_id": "ZDI-23-1858" }, { "cve": "CVE-2023-50235", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1857/advisory.json", "detail_path": "advisories/ZDI-23-1857", "id": "ZDI-23-1857", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1857/", "vendor": "Hancom", "vendor_url": null, "zdi_can": "ZDI-CAN-20387", "zdi_id": "ZDI-23-1857" }, { "cve": "CVE-2023-50234", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1856/advisory.json", "detail_path": "advisories/ZDI-23-1856", "id": "ZDI-23-1856", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1856/", "vendor": "Hancom", "vendor_url": null, "zdi_can": "ZDI-CAN-20386", "zdi_id": "ZDI-23-1856" }, { "cve": "CVE-2023-51598", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1855/advisory.json", "detail_path": "advisories/ZDI-23-1855", "id": "ZDI-23-1855", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1855/", "vendor": "Hancom", "vendor_url": null, "zdi_can": "ZDI-CAN-20384", "zdi_id": "ZDI-23-1855" }, { "cve": "CVE-2023-51605", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-23-1854/advisory.json", "detail_path": "advisories/ZDI-23-1854", "id": "ZDI-23-1854", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1854/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18644", "zdi_id": "ZDI-23-1854" }, { "cve": "CVE-2023-51604", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-23-1853/advisory.json", "detail_path": "advisories/ZDI-23-1853", "id": "ZDI-23-1853", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1853/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18593", "zdi_id": "ZDI-23-1853" }, { "cve": "CVE-2023-51603", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1852/advisory.json", "detail_path": "advisories/ZDI-23-1852", "id": "ZDI-23-1852", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1852/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18592", "zdi_id": "ZDI-23-1852" }, { "cve": "CVE-2023-51602", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-23-1851/advisory.json", "detail_path": "advisories/ZDI-23-1851", "id": "ZDI-23-1851", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1851/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18591", "zdi_id": "ZDI-23-1851" }, { "cve": "CVE-2023-51601", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-23-1850/advisory.json", "detail_path": "advisories/ZDI-23-1850", "id": "ZDI-23-1850", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1850/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18563", "zdi_id": "ZDI-23-1850" }, { "cve": "CVE-2023-51600", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-23-1849/advisory.json", "detail_path": "advisories/ZDI-23-1849", "id": "ZDI-23-1849", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1849/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18456", "zdi_id": "ZDI-23-1849" }, { "cve": "CVE-2023-51599", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1848/advisory.json", "detail_path": "advisories/ZDI-23-1848", "id": "ZDI-23-1848", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "(0Day) Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1848/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-18412", "zdi_id": "ZDI-23-1848" }, { "cve": "CVE-2023-50231", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel met...", "detail_json": "/data/advisories/ZDI-23-1847/advisory.json", "detail_path": "advisories/ZDI-23-1847", "id": "ZDI-23-1847", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1847/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-21838", "zdi_id": "ZDI-23-1847" }, { "cve": "CVE-2023-50196", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1846/advisory.json", "detail_path": "advisories/ZDI-23-1846", "id": "ZDI-23-1846", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1846/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21800", "zdi_id": "ZDI-23-1846" }, { "cve": "CVE-2023-50195", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1845/advisory.json", "detail_path": "advisories/ZDI-23-1845", "id": "ZDI-23-1845", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1845/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21799", "zdi_id": "ZDI-23-1845" }, { "cve": "CVE-2023-50194", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1844/advisory.json", "detail_path": "advisories/ZDI-23-1844", "id": "ZDI-23-1844", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1844/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21788", "zdi_id": "ZDI-23-1844" }, { "cve": "CVE-2023-50193", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1843/advisory.json", "detail_path": "advisories/ZDI-23-1843", "id": "ZDI-23-1843", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1843/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21787", "zdi_id": "ZDI-23-1843" }, { "cve": "CVE-2023-50192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1842/advisory.json", "detail_path": "advisories/ZDI-23-1842", "id": "ZDI-23-1842", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1842/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21786", "zdi_id": "ZDI-23-1842" }, { "cve": "CVE-2023-50191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1841/advisory.json", "detail_path": "advisories/ZDI-23-1841", "id": "ZDI-23-1841", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1841/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21785", "zdi_id": "ZDI-23-1841" }, { "cve": "CVE-2023-50190", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1840/advisory.json", "detail_path": "advisories/ZDI-23-1840", "id": "ZDI-23-1840", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1840/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21784", "zdi_id": "ZDI-23-1840" }, { "cve": "CVE-2023-50189", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1839/advisory.json", "detail_path": "advisories/ZDI-23-1839", "id": "ZDI-23-1839", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1839/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-21783", "zdi_id": "ZDI-23-1839" }, { "cve": "CVE-2023-50188", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1838/advisory.json", "detail_path": "advisories/ZDI-23-1838", "id": "ZDI-23-1838", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1838/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-20792", "zdi_id": "ZDI-23-1838" }, { "cve": "CVE-2023-50187", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1837/advisory.json", "detail_path": "advisories/ZDI-23-1837", "id": "ZDI-23-1837", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1837/", "vendor": "Trimble", "vendor_url": null, "zdi_can": "ZDI-CAN-20789", "zdi_id": "ZDI-23-1837" }, { "cve": "CVE-2023-44452", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1836/advisory.json", "detail_path": "advisories/ZDI-23-1836", "id": "ZDI-23-1836", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1836/", "vendor": "Linux Mint", "vendor_url": null, "zdi_can": "ZDI-CAN-22132", "zdi_id": "ZDI-23-1836" }, { "cve": "CVE-2023-44451", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1835/advisory.json", "detail_path": "advisories/ZDI-23-1835", "id": "ZDI-23-1835", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1835/", "vendor": "Linux Mint", "vendor_url": null, "zdi_can": "ZDI-CAN-21897", "zdi_id": "ZDI-23-1835" }, { "cve": "CVE-2022-32250", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1834/advisory.json", "detail_path": "advisories/ZDI-23-1834", "id": "ZDI-23-1834", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1834/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17442", "zdi_id": "ZDI-23-1834" }, { "cve": "CVE-2023-50217", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1833/advisory.json", "detail_path": "advisories/ZDI-23-1833", "id": "ZDI-23-1833", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1833/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21811", "zdi_id": "ZDI-23-1833" }, { "cve": "CVE-2023-50216", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1832/advisory.json", "detail_path": "advisories/ZDI-23-1832", "id": "ZDI-23-1832", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1832/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21810", "zdi_id": "ZDI-23-1832" }, { "cve": "CVE-2023-50215", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1831/advisory.json", "detail_path": "advisories/ZDI-23-1831", "id": "ZDI-23-1831", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1831/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21809", "zdi_id": "ZDI-23-1831" }, { "cve": "CVE-2023-50214", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1830/advisory.json", "detail_path": "advisories/ZDI-23-1830", "id": "ZDI-23-1830", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1830/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21808", "zdi_id": "ZDI-23-1830" }, { "cve": "CVE-2023-50213", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1829/advisory.json", "detail_path": "advisories/ZDI-23-1829", "id": "ZDI-23-1829", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1829/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21807", "zdi_id": "ZDI-23-1829" }, { "cve": "CVE-2023-50212", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening o...", "detail_json": "/data/advisories/ZDI-23-1828/advisory.json", "detail_path": "advisories/ZDI-23-1828", "id": "ZDI-23-1828", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1828/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21664", "zdi_id": "ZDI-23-1828" }, { "cve": "CVE-2023-50211", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1827/advisory.json", "detail_path": "advisories/ZDI-23-1827", "id": "ZDI-23-1827", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1827/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21663", "zdi_id": "ZDI-23-1827" }, { "cve": "CVE-2023-50210", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1826/advisory.json", "detail_path": "advisories/ZDI-23-1826", "id": "ZDI-23-1826", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1826/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21662", "zdi_id": "ZDI-23-1826" }, { "cve": "CVE-2023-50209", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening...", "detail_json": "/data/advisories/ZDI-23-1825/advisory.json", "detail_path": "advisories/ZDI-23-1825", "id": "ZDI-23-1825", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1825/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21442", "zdi_id": "ZDI-23-1825" }, { "cve": "CVE-2023-50208", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1824/advisory.json", "detail_path": "advisories/ZDI-23-1824", "id": "ZDI-23-1824", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1824/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21441", "zdi_id": "ZDI-23-1824" }, { "cve": "CVE-2023-50207", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1823/advisory.json", "detail_path": "advisories/ZDI-23-1823", "id": "ZDI-23-1823", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1823/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21300", "zdi_id": "ZDI-23-1823" }, { "cve": "CVE-2023-50206", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1822/advisory.json", "detail_path": "advisories/ZDI-23-1822", "id": "ZDI-23-1822", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1822/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21299", "zdi_id": "ZDI-23-1822" }, { "cve": "CVE-2023-50205", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1821/advisory.json", "detail_path": "advisories/ZDI-23-1821", "id": "ZDI-23-1821", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1821/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21298", "zdi_id": "ZDI-23-1821" }, { "cve": "CVE-2023-50204", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening...", "detail_json": "/data/advisories/ZDI-23-1820/advisory.json", "detail_path": "advisories/ZDI-23-1820", "id": "ZDI-23-1820", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1820/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21297", "zdi_id": "ZDI-23-1820" }, { "cve": "CVE-2023-50203", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1819/advisory.json", "detail_path": "advisories/ZDI-23-1819", "id": "ZDI-23-1819", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1819/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21296", "zdi_id": "ZDI-23-1819" }, { "cve": "CVE-2023-50202", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening...", "detail_json": "/data/advisories/ZDI-23-1818/advisory.json", "detail_path": "advisories/ZDI-23-1818", "id": "ZDI-23-1818", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1818/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21295", "zdi_id": "ZDI-23-1818" }, { "cve": "CVE-2023-50201", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1817/advisory.json", "detail_path": "advisories/ZDI-23-1817", "id": "ZDI-23-1817", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1817/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21289", "zdi_id": "ZDI-23-1817" }, { "cve": "CVE-2023-50200", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP po...", "detail_json": "/data/advisories/ZDI-23-1816/advisory.json", "detail_path": "advisories/ZDI-23-1816", "id": "ZDI-23-1816", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1816/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21288", "zdi_id": "ZDI-23-1816" }, { "cve": "CVE-2023-50199", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP por...", "detail_json": "/data/advisories/ZDI-23-1815/advisory.json", "detail_path": "advisories/ZDI-23-1815", "id": "ZDI-23-1815", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1815/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21287", "zdi_id": "ZDI-23-1815" }, { "cve": "CVE-2023-50198", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening...", "detail_json": "/data/advisories/ZDI-23-1814/advisory.json", "detail_path": "advisories/ZDI-23-1814", "id": "ZDI-23-1814", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1814/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21286", "zdi_id": "ZDI-23-1814" }, { "cve": "CVE-2023-50218", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke class. The issue result...", "detail_json": "/data/advisories/ZDI-23-1813/advisory.json", "detail_path": "advisories/ZDI-23-1813", "id": "ZDI-23-1813", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2024-01-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1813/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-21624", "zdi_id": "ZDI-23-1813" }, { "cve": "CVE-2023-50230", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-23-1812/advisory.json", "detail_path": "advisories/ZDI-23-1812", "id": "ZDI-23-1812", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1812/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20938", "zdi_id": "ZDI-23-1812" }, { "cve": "CVE-2023-50229", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-23-1811/advisory.json", "detail_path": "advisories/ZDI-23-1811", "id": "ZDI-23-1811", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1811/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-20936", "zdi_id": "ZDI-23-1811" }, { "cve": "CVE-2023-4135", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-1810/advisory.json", "detail_path": "advisories/ZDI-23-1810", "id": "ZDI-23-1810", "kind": "published", "published_date": "2023-12-20", "status": "published", "title": "QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1810/", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-21521", "zdi_id": "ZDI-23-1810" }, { "cve": "CVE-2023-50225", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue r...", "detail_json": "/data/advisories/ZDI-23-1809/advisory.json", "detail_path": "advisories/ZDI-23-1809", "id": "ZDI-23-1809", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21819", "zdi_id": "ZDI-23-1809" }, { "cve": "CVE-2023-50224", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, whi...", "detail_json": "/data/advisories/ZDI-23-1808/advisory.json", "detail_path": "advisories/ZDI-23-1808", "id": "ZDI-23-1808", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1808/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19899", "zdi_id": "ZDI-23-1808" }, { "cve": "CVE-2023-5574", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1807/advisory.json", "detail_path": "advisories/ZDI-23-1807", "id": "ZDI-23-1807", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "X.Org Server Damage Object Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1807/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-21213", "zdi_id": "ZDI-23-1807" }, { "cve": "CVE-2023-5380", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1806/advisory.json", "detail_path": "advisories/ZDI-23-1806", "id": "ZDI-23-1806", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "X.Org Server Window Object Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1806/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-21608", "zdi_id": "ZDI-23-1806" }, { "cve": "CVE-2023-50226", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-1805/advisory.json", "detail_path": "advisories/ZDI-23-1805", "id": "ZDI-23-1805", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1805/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-21227", "zdi_id": "ZDI-23-1805" }, { "cve": "CVE-2023-50227", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1804/advisory.json", "detail_path": "advisories/ZDI-23-1804", "id": "ZDI-23-1804", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1804/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-21260", "zdi_id": "ZDI-23-1804" }, { "cve": "CVE-2023-50228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-1803/advisory.json", "detail_path": "advisories/ZDI-23-1803", "id": "ZDI-23-1803", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1803/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-21817", "zdi_id": "ZDI-23-1803" }, { "cve": "CVE-2022-43555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1802/advisory.json", "detail_path": "advisories/ZDI-23-1802", "id": "ZDI-23-1802", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1802/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-19503", "zdi_id": "ZDI-23-1802" }, { "cve": "CVE-2022-43554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1801/advisory.json", "detail_path": "advisories/ZDI-23-1801", "id": "ZDI-23-1801", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1801/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-19502", "zdi_id": "ZDI-23-1801" }, { "cve": "CVE-2023-41725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1800/advisory.json", "detail_path": "advisories/ZDI-23-1800", "id": "ZDI-23-1800", "kind": "published", "published_date": "2023-12-19", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1800/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21006", "zdi_id": "ZDI-23-1800" }, { "cve": "CVE-2023-41726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1799/advisory.json", "detail_path": "advisories/ZDI-23-1799", "id": "ZDI-23-1799", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1799/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21231", "zdi_id": "ZDI-23-1799" }, { "cve": "CVE-2023-6006", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1798/advisory.json", "detail_path": "advisories/ZDI-23-1798", "id": "ZDI-23-1798", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1798/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-21500", "zdi_id": "ZDI-23-1798" }, { "cve": "CVE-2023-5402", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TransferCommand command. The...", "detail_json": "/data/advisories/ZDI-23-1797/advisory.json", "detail_path": "advisories/ZDI-23-1797", "id": "ZDI-23-1797", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Schneider Electric C-Bus Toolkit TransferCommand Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1797/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21115", "zdi_id": "ZDI-23-1797" }, { "cve": "CVE-2023-5399", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileCommand command. The issu...", "detail_json": "/data/advisories/ZDI-23-1796/advisory.json", "detail_path": "advisories/ZDI-23-1796", "id": "ZDI-23-1796", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Schneider Electric C-Bus Toolkit FileCommand Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1796/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21129", "zdi_id": "ZDI-23-1796" }, { "cve": "CVE-2023-5391", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetFilt...", "detail_json": "/data/advisories/ZDI-23-1795/advisory.json", "detail_path": "advisories/ZDI-23-1795", "id": "ZDI-23-1795", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1795/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21035", "zdi_id": "ZDI-23-1795" }, { "cve": "CVE-2023-6407", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to ex...", "detail_json": "/data/advisories/ZDI-23-1794/advisory.json", "detail_path": "advisories/ZDI-23-1794", "id": "ZDI-23-1794", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1794/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21370", "zdi_id": "ZDI-23-1794" }, { "cve": "CVE-2023-5944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1793/advisory.json", "detail_path": "advisories/ZDI-23-1793", "id": "ZDI-23-1793", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1793/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-18920", "zdi_id": "ZDI-23-1793" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1792/advisory.json", "detail_path": "advisories/ZDI-23-1792", "id": "ZDI-23-1792", "kind": "published", "published_date": "2023-12-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1792/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21865", "zdi_id": "ZDI-23-1792" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1791/advisory.json", "detail_path": "advisories/ZDI-23-1791", "id": "ZDI-23-1791", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Excel SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1791/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18968", "zdi_id": "ZDI-23-1791" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1790/advisory.json", "detail_path": "advisories/ZDI-23-1790", "id": "ZDI-23-1790", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1790/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19241", "zdi_id": "ZDI-23-1790" }, { "cve": "CVE-2023-33146", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1789/advisory.json", "detail_path": "advisories/ZDI-23-1789", "id": "ZDI-23-1789", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1789/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20358", "zdi_id": "ZDI-23-1789" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1788/advisory.json", "detail_path": "advisories/ZDI-23-1788", "id": "ZDI-23-1788", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1788/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19177", "zdi_id": "ZDI-23-1788" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1787/advisory.json", "detail_path": "advisories/ZDI-23-1787", "id": "ZDI-23-1787", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1787/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19178", "zdi_id": "ZDI-23-1787" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1786/advisory.json", "detail_path": "advisories/ZDI-23-1786", "id": "ZDI-23-1786", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Word SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1786/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18056", "zdi_id": "ZDI-23-1786" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1785/advisory.json", "detail_path": "advisories/ZDI-23-1785", "id": "ZDI-23-1785", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1785/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18514", "zdi_id": "ZDI-23-1785" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1784/advisory.json", "detail_path": "advisories/ZDI-23-1784", "id": "ZDI-23-1784", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Microsoft Word SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1784/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18976", "zdi_id": "ZDI-23-1784" }, { "cve": "CVE-2023-48632", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1783/advisory.json", "detail_path": "advisories/ZDI-23-1783", "id": "ZDI-23-1783", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1783/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22172", "zdi_id": "ZDI-23-1783" }, { "cve": "CVE-2023-48635", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1782/advisory.json", "detail_path": "advisories/ZDI-23-1782", "id": "ZDI-23-1782", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe After Effects AEP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1782/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22174", "zdi_id": "ZDI-23-1782" }, { "cve": "CVE-2023-48634", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1781/advisory.json", "detail_path": "advisories/ZDI-23-1781", "id": "ZDI-23-1781", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1781/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22175", "zdi_id": "ZDI-23-1781" }, { "cve": "CVE-2023-47078", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1780/advisory.json", "detail_path": "advisories/ZDI-23-1780", "id": "ZDI-23-1780", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-02-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1780/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22249", "zdi_id": "ZDI-23-1780" }, { "cve": "CVE-2023-47062", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1779/advisory.json", "detail_path": "advisories/ZDI-23-1779", "id": "ZDI-23-1779", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1779/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22284", "zdi_id": "ZDI-23-1779" }, { "cve": "CVE-2023-47079", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1778/advisory.json", "detail_path": "advisories/ZDI-23-1778", "id": "ZDI-23-1778", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1778/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22279", "zdi_id": "ZDI-23-1778" }, { "cve": "CVE-2023-47061", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1777/advisory.json", "detail_path": "advisories/ZDI-23-1777", "id": "ZDI-23-1777", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1777/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22278", "zdi_id": "ZDI-23-1777" }, { "cve": "CVE-2023-44362", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1776/advisory.json", "detail_path": "advisories/ZDI-23-1776", "id": "ZDI-23-1776", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1776/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21791", "zdi_id": "ZDI-23-1776" }, { "cve": "CVE-2023-47074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-1775/advisory.json", "detail_path": "advisories/ZDI-23-1775", "id": "ZDI-23-1775", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Illustrator JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2024-02-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1775/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21812", "zdi_id": "ZDI-23-1775" }, { "cve": "CVE-2023-47075", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-1774/advisory.json", "detail_path": "advisories/ZDI-23-1774", "id": "ZDI-23-1774", "kind": "published", "published_date": "2023-12-14", "status": "published", "title": "Adobe Illustrator JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1774/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22006", "zdi_id": "ZDI-23-1774" }, { "cve": "CVE-2023-50197", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-23-1773/advisory.json", "detail_path": "advisories/ZDI-23-1773", "id": "ZDI-23-1773", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "(0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1773/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-21845", "zdi_id": "ZDI-23-1773" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The specific flaw exists within the interface to the ChatGPT-Vision Data model. The issue...", "detail_json": "/data/advisories/ZDI-23-1772/advisory.json", "detail_path": "advisories/ZDI-23-1772", "id": "ZDI-23-1772", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "(0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1772/", "vendor": "OpenAI", "vendor_url": null, "zdi_can": "ZDI-CAN-22660", "zdi_id": "ZDI-23-1772" }, { "cve": "CVE-2022-26804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1771/advisory.json", "detail_path": "advisories/ZDI-23-1771", "id": "ZDI-23-1771", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1771/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19120", "zdi_id": "ZDI-23-1771" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1770/advisory.json", "detail_path": "advisories/ZDI-23-1770", "id": "ZDI-23-1770", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1770/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19176", "zdi_id": "ZDI-23-1770" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1769/advisory.json", "detail_path": "advisories/ZDI-23-1769", "id": "ZDI-23-1769", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "Microsoft Skype Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1769/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19099", "zdi_id": "ZDI-23-1769" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1768/advisory.json", "detail_path": "advisories/ZDI-23-1768", "id": "ZDI-23-1768", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "Microsoft Word SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1768/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19625", "zdi_id": "ZDI-23-1768" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-1767/advisory.json", "detail_path": "advisories/ZDI-23-1767", "id": "ZDI-23-1767", "kind": "published", "published_date": "2023-12-13", "status": "published", "title": "Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1767/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20812", "zdi_id": "ZDI-23-1767" }, { "cve": "CVE-2023-46271", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to reach critical functions on affected installations of Extreme Networks AP410C routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ah_webui service,...", "detail_json": "/data/advisories/ZDI-23-1766/advisory.json", "detail_path": "advisories/ZDI-23-1766", "id": "ZDI-23-1766", "kind": "published", "published_date": "2023-12-12", "status": "published", "title": "Extreme Networks AP410C ah_webui Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1766/", "vendor": "Extreme Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-20530", "zdi_id": "ZDI-23-1766" }, { "cve": "CVE-2023-46272", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Extreme Networks routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ah_auth service, which list...", "detail_json": "/data/advisories/ZDI-23-1765/advisory.json", "detail_path": "advisories/ZDI-23-1765", "id": "ZDI-23-1765", "kind": "published", "published_date": "2023-12-12", "status": "published", "title": "Extreme Networks HiveOS ah_auth Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1765/", "vendor": "Extreme Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-20728", "zdi_id": "ZDI-23-1765" }, { "cve": "CVE-2023-28134", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-23-1764/advisory.json", "detail_path": "advisories/ZDI-23-1764", "id": "ZDI-23-1764", "kind": "published", "published_date": "2023-12-12", "status": "published", "title": "Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1764/", "vendor": "Check Point", "vendor_url": null, "zdi_can": "ZDI-CAN-19062", "zdi_id": "ZDI-23-1764" }, { "cve": "CVE-2023-42826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specif...", "detail_json": "/data/advisories/ZDI-23-1763/advisory.json", "detail_path": "advisories/ZDI-23-1763", "id": "ZDI-23-1763", "kind": "published", "published_date": "2023-12-07", "status": "published", "title": "Apple macOS Hydra Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1763/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21505", "zdi_id": "ZDI-23-1763" }, { "cve": "CVE-2023-40056", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the VimChartInfo class. The issue results fr...", "detail_json": "/data/advisories/ZDI-23-1762/advisory.json", "detail_path": "advisories/ZDI-23-1762", "id": "ZDI-23-1762", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "SolarWinds Orion Platform VimChartInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1762/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21962", "zdi_id": "ZDI-23-1762" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1761/advisory.json", "detail_path": "advisories/ZDI-23-1761", "id": "ZDI-23-1761", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1761/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22563", "zdi_id": "ZDI-23-1761" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1760/advisory.json", "detail_path": "advisories/ZDI-23-1760", "id": "ZDI-23-1760", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1760/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22567", "zdi_id": "ZDI-23-1760" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1759/advisory.json", "detail_path": "advisories/ZDI-23-1759", "id": "ZDI-23-1759", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1759/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22562", "zdi_id": "ZDI-23-1759" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1758/advisory.json", "detail_path": "advisories/ZDI-23-1758", "id": "ZDI-23-1758", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1758/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22564", "zdi_id": "ZDI-23-1758" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1757/advisory.json", "detail_path": "advisories/ZDI-23-1757", "id": "ZDI-23-1757", "kind": "published", "published_date": "2023-12-05", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1757/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22568", "zdi_id": "ZDI-23-1757" }, { "cve": "CVE-2023-47279", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PlayWaveFil...", "detail_json": "/data/advisories/ZDI-23-1756/advisory.json", "detail_path": "advisories/ZDI-23-1756", "id": "ZDI-23-1756", "kind": "published", "published_date": "2023-11-30", "status": "published", "title": "Delta Electronics InfraSuite Device Master PlayWaveFile Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1756/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-22013", "zdi_id": "ZDI-23-1756" }, { "cve": "CVE-2023-39226", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RunScript method. T...", "detail_json": "/data/advisories/ZDI-23-1755/advisory.json", "detail_path": "advisories/ZDI-23-1755", "id": "ZDI-23-1755", "kind": "published", "published_date": "2023-11-30", "status": "published", "title": "Delta Electronics InfraSuite Device Master RunScript Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1755/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21859", "zdi_id": "ZDI-23-1755" }, { "cve": "CVE-2023-47207", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect...", "detail_json": "/data/advisories/ZDI-23-1754/advisory.json", "detail_path": "advisories/ZDI-23-1754", "id": "ZDI-23-1754", "kind": "published", "published_date": "2023-11-30", "status": "published", "title": "Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1754/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21771", "zdi_id": "ZDI-23-1754" }, { "cve": "CVE-2023-47207", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gateway serv...", "detail_json": "/data/advisories/ZDI-23-1753/advisory.json", "detail_path": "advisories/ZDI-23-1753", "id": "ZDI-23-1753", "kind": "published", "published_date": "2023-11-30", "status": "published", "title": "Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1753/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21770", "zdi_id": "ZDI-23-1753" }, { "cve": "CVE-2023-46690", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploadMedia function. T...", "detail_json": "/data/advisories/ZDI-23-1752/advisory.json", "detail_path": "advisories/ZDI-23-1752", "id": "ZDI-23-1752", "kind": "published", "published_date": "2023-11-30", "status": "published", "title": "Delta Electronics InfraSuite Device Master UploadMedia Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1752/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21707", "zdi_id": "ZDI-23-1752" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1751/advisory.json", "detail_path": "advisories/ZDI-23-1751", "id": "ZDI-23-1751", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1751/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22600", "zdi_id": "ZDI-23-1751" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1750/advisory.json", "detail_path": "advisories/ZDI-23-1750", "id": "ZDI-23-1750", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1750/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22599", "zdi_id": "ZDI-23-1750" }, { "cve": "CVE-2023-44371", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1749/advisory.json", "detail_path": "advisories/ZDI-23-1749", "id": "ZDI-23-1749", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1749/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22566", "zdi_id": "ZDI-23-1749" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1748/advisory.json", "detail_path": "advisories/ZDI-23-1748", "id": "ZDI-23-1748", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1748/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22292", "zdi_id": "ZDI-23-1748" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1747/advisory.json", "detail_path": "advisories/ZDI-23-1747", "id": "ZDI-23-1747", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1747/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22612", "zdi_id": "ZDI-23-1747" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1746/advisory.json", "detail_path": "advisories/ZDI-23-1746", "id": "ZDI-23-1746", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1746/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22601", "zdi_id": "ZDI-23-1746" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1745/advisory.json", "detail_path": "advisories/ZDI-23-1745", "id": "ZDI-23-1745", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1745/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22598", "zdi_id": "ZDI-23-1745" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1744/advisory.json", "detail_path": "advisories/ZDI-23-1744", "id": "ZDI-23-1744", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1744/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22597", "zdi_id": "ZDI-23-1744" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1743/advisory.json", "detail_path": "advisories/ZDI-23-1743", "id": "ZDI-23-1743", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1743/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22602", "zdi_id": "ZDI-23-1743" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1742/advisory.json", "detail_path": "advisories/ZDI-23-1742", "id": "ZDI-23-1742", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1742/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22603", "zdi_id": "ZDI-23-1742" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1741/advisory.json", "detail_path": "advisories/ZDI-23-1741", "id": "ZDI-23-1741", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1741/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22605", "zdi_id": "ZDI-23-1741" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1740/advisory.json", "detail_path": "advisories/ZDI-23-1740", "id": "ZDI-23-1740", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1740/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22604", "zdi_id": "ZDI-23-1740" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1739/advisory.json", "detail_path": "advisories/ZDI-23-1739", "id": "ZDI-23-1739", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1739/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22606", "zdi_id": "ZDI-23-1739" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1738/advisory.json", "detail_path": "advisories/ZDI-23-1738", "id": "ZDI-23-1738", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1738/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22607", "zdi_id": "ZDI-23-1738" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1737/advisory.json", "detail_path": "advisories/ZDI-23-1737", "id": "ZDI-23-1737", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1737/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22608", "zdi_id": "ZDI-23-1737" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1736/advisory.json", "detail_path": "advisories/ZDI-23-1736", "id": "ZDI-23-1736", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1736/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22609", "zdi_id": "ZDI-23-1736" }, { "cve": "CVE-2023-40152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1735/advisory.json", "detail_path": "advisories/ZDI-23-1735", "id": "ZDI-23-1735", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1735/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21212", "zdi_id": "ZDI-23-1735" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1734/advisory.json", "detail_path": "advisories/ZDI-23-1734", "id": "ZDI-23-1734", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1734/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21214", "zdi_id": "ZDI-23-1734" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1733/advisory.json", "detail_path": "advisories/ZDI-23-1733", "id": "ZDI-23-1733", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1733/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21304", "zdi_id": "ZDI-23-1733" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1732/advisory.json", "detail_path": "advisories/ZDI-23-1732", "id": "ZDI-23-1732", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1732/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21303", "zdi_id": "ZDI-23-1732" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1731/advisory.json", "detail_path": "advisories/ZDI-23-1731", "id": "ZDI-23-1731", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1731/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21302", "zdi_id": "ZDI-23-1731" }, { "cve": "CVE-2023-5299", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-1730/advisory.json", "detail_path": "advisories/ZDI-23-1730", "id": "ZDI-23-1730", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1730/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21224", "zdi_id": "ZDI-23-1730" }, { "cve": "CVE-2023-40152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1729/advisory.json", "detail_path": "advisories/ZDI-23-1729", "id": "ZDI-23-1729", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1729/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21238", "zdi_id": "ZDI-23-1729" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1728/advisory.json", "detail_path": "advisories/ZDI-23-1728", "id": "ZDI-23-1728", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1728/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21236", "zdi_id": "ZDI-23-1728" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1727/advisory.json", "detail_path": "advisories/ZDI-23-1727", "id": "ZDI-23-1727", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1727/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21176", "zdi_id": "ZDI-23-1727" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1726/advisory.json", "detail_path": "advisories/ZDI-23-1726", "id": "ZDI-23-1726", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1726/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21178", "zdi_id": "ZDI-23-1726" }, { "cve": "CVE-2023-40152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1725/advisory.json", "detail_path": "advisories/ZDI-23-1725", "id": "ZDI-23-1725", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1725/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21211", "zdi_id": "ZDI-23-1725" }, { "cve": "CVE-2023-40152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1724/advisory.json", "detail_path": "advisories/ZDI-23-1724", "id": "ZDI-23-1724", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1724/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21210", "zdi_id": "ZDI-23-1724" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1723/advisory.json", "detail_path": "advisories/ZDI-23-1723", "id": "ZDI-23-1723", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1723/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21175", "zdi_id": "ZDI-23-1723" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1722/advisory.json", "detail_path": "advisories/ZDI-23-1722", "id": "ZDI-23-1722", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1722/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21174", "zdi_id": "ZDI-23-1722" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1721/advisory.json", "detail_path": "advisories/ZDI-23-1721", "id": "ZDI-23-1721", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1721/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21215", "zdi_id": "ZDI-23-1721" }, { "cve": "CVE-2023-35127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1720/advisory.json", "detail_path": "advisories/ZDI-23-1720", "id": "ZDI-23-1720", "kind": "published", "published_date": "2023-11-27", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1720/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-21121", "zdi_id": "ZDI-23-1720" }, { "cve": "CVE-2023-48646", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Recovery Manager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getEscapedValue method. The iss...", "detail_json": "/data/advisories/ZDI-23-1719/advisory.json", "detail_path": "advisories/ZDI-23-1719", "id": "ZDI-23-1719", "kind": "published", "published_date": "2023-11-22", "status": "published", "title": "ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1719/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-21173", "zdi_id": "ZDI-23-1719" }, { "cve": "CVE-2023-44450", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNodesByTopologyMapSea...", "detail_json": "/data/advisories/ZDI-23-1718/advisory.json", "detail_path": "advisories/ZDI-23-1718", "id": "ZDI-23-1718", "kind": "published", "published_date": "2023-11-20", "status": "published", "title": "NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1718/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-21858", "zdi_id": "ZDI-23-1718" }, { "cve": "CVE-2023-44449", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. T...", "detail_json": "/data/advisories/ZDI-23-1717/advisory.json", "detail_path": "advisories/ZDI-23-1717", "id": "ZDI-23-1717", "kind": "published", "published_date": "2023-11-20", "status": "published", "title": "NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1717/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-21875", "zdi_id": "ZDI-23-1717" }, { "cve": "CVE-2025-0412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1716/advisory.json", "detail_path": "advisories/ZDI-23-1716", "id": "ZDI-23-1716", "kind": "published", "published_date": "2023-11-16", "status": "published", "title": "Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2025-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1716/", "vendor": "Luxion", "vendor_url": null, "zdi_can": "ZDI-CAN-22139", "zdi_id": "ZDI-23-1716" }, { "cve": "CVE-2023-38333", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Applications Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1715/advisory.json", "detail_path": "advisories/ZDI-23-1715", "id": "ZDI-23-1715", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "ManageEngine Applications Manager SingleSignOn Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1715/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-21226", "zdi_id": "ZDI-23-1715" }, { "cve": "CVE-2023-44325", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1714/advisory.json", "detail_path": "advisories/ZDI-23-1714", "id": "ZDI-23-1714", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1714/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21666", "zdi_id": "ZDI-23-1714" }, { "cve": "CVE-2023-44337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1713/advisory.json", "detail_path": "advisories/ZDI-23-1713", "id": "ZDI-23-1713", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1713/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21509", "zdi_id": "ZDI-23-1713" }, { "cve": "CVE-2023-44338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1712/advisory.json", "detail_path": "advisories/ZDI-23-1712", "id": "ZDI-23-1712", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1712/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21493", "zdi_id": "ZDI-23-1712" }, { "cve": "CVE-2023-44340", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1711/advisory.json", "detail_path": "advisories/ZDI-23-1711", "id": "ZDI-23-1711", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1711/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21424", "zdi_id": "ZDI-23-1711" }, { "cve": "CVE-2023-44339", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1710/advisory.json", "detail_path": "advisories/ZDI-23-1710", "id": "ZDI-23-1710", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm value Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1710/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21422", "zdi_id": "ZDI-23-1710" }, { "cve": "CVE-2023-44361", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1709/advisory.json", "detail_path": "advisories/ZDI-23-1709", "id": "ZDI-23-1709", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Doc Object Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1709/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-22041", "zdi_id": "ZDI-23-1709" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1708/advisory.json", "detail_path": "advisories/ZDI-23-1708", "id": "ZDI-23-1708", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1708/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21999", "zdi_id": "ZDI-23-1708" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1707/advisory.json", "detail_path": "advisories/ZDI-23-1707", "id": "ZDI-23-1707", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1707/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21998", "zdi_id": "ZDI-23-1707" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1706/advisory.json", "detail_path": "advisories/ZDI-23-1706", "id": "ZDI-23-1706", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1706/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21989", "zdi_id": "ZDI-23-1706" }, { "cve": "CVE-2023-44358", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1705/advisory.json", "detail_path": "advisories/ZDI-23-1705", "id": "ZDI-23-1705", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1705/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21971", "zdi_id": "ZDI-23-1705" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1704/advisory.json", "detail_path": "advisories/ZDI-23-1704", "id": "ZDI-23-1704", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1704/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21957", "zdi_id": "ZDI-23-1704" }, { "cve": "CVE-2023-44356", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1703/advisory.json", "detail_path": "advisories/ZDI-23-1703", "id": "ZDI-23-1703", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1703/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21956", "zdi_id": "ZDI-23-1703" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1702/advisory.json", "detail_path": "advisories/ZDI-23-1702", "id": "ZDI-23-1702", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1702/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21955", "zdi_id": "ZDI-23-1702" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1701/advisory.json", "detail_path": "advisories/ZDI-23-1701", "id": "ZDI-23-1701", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1701/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21949", "zdi_id": "ZDI-23-1701" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1700/advisory.json", "detail_path": "advisories/ZDI-23-1700", "id": "ZDI-23-1700", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1700/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21947", "zdi_id": "ZDI-23-1700" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1699/advisory.json", "detail_path": "advisories/ZDI-23-1699", "id": "ZDI-23-1699", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1699/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21946", "zdi_id": "ZDI-23-1699" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1698/advisory.json", "detail_path": "advisories/ZDI-23-1698", "id": "ZDI-23-1698", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1698/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21945", "zdi_id": "ZDI-23-1698" }, { "cve": "CVE-2023-44359", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1697/advisory.json", "detail_path": "advisories/ZDI-23-1697", "id": "ZDI-23-1697", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1697/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21936", "zdi_id": "ZDI-23-1697" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1696/advisory.json", "detail_path": "advisories/ZDI-23-1696", "id": "ZDI-23-1696", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1696/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21935", "zdi_id": "ZDI-23-1696" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1695/advisory.json", "detail_path": "advisories/ZDI-23-1695", "id": "ZDI-23-1695", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1695/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21934", "zdi_id": "ZDI-23-1695" }, { "cve": "CVE-2023-44371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1694/advisory.json", "detail_path": "advisories/ZDI-23-1694", "id": "ZDI-23-1694", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1694/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21933", "zdi_id": "ZDI-23-1694" }, { "cve": "CVE-2023-44371", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1693/advisory.json", "detail_path": "advisories/ZDI-23-1693", "id": "ZDI-23-1693", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1693/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21932", "zdi_id": "ZDI-23-1693" }, { "cve": "CVE-2023-44365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1692/advisory.json", "detail_path": "advisories/ZDI-23-1692", "id": "ZDI-23-1692", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1692/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21931", "zdi_id": "ZDI-23-1692" }, { "cve": "CVE-2023-44357", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1691/advisory.json", "detail_path": "advisories/ZDI-23-1691", "id": "ZDI-23-1691", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1691/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21930", "zdi_id": "ZDI-23-1691" }, { "cve": "CVE-2023-44367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1690/advisory.json", "detail_path": "advisories/ZDI-23-1690", "id": "ZDI-23-1690", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1690/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21929", "zdi_id": "ZDI-23-1690" }, { "cve": "CVE-2023-44366", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1689/advisory.json", "detail_path": "advisories/ZDI-23-1689", "id": "ZDI-23-1689", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1689/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21928", "zdi_id": "ZDI-23-1689" }, { "cve": "CVE-2023-44348", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1688/advisory.json", "detail_path": "advisories/ZDI-23-1688", "id": "ZDI-23-1688", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1688/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21925", "zdi_id": "ZDI-23-1688" }, { "cve": "CVE-2023-44360", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1687/advisory.json", "detail_path": "advisories/ZDI-23-1687", "id": "ZDI-23-1687", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1687/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21882", "zdi_id": "ZDI-23-1687" }, { "cve": "CVE-2023-44326", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1686/advisory.json", "detail_path": "advisories/ZDI-23-1686", "id": "ZDI-23-1686", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1686/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21866", "zdi_id": "ZDI-23-1686" }, { "cve": "CVE-2023-44329", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1685/advisory.json", "detail_path": "advisories/ZDI-23-1685", "id": "ZDI-23-1685", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1685/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21798", "zdi_id": "ZDI-23-1685" }, { "cve": "CVE-2023-44328", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1684/advisory.json", "detail_path": "advisories/ZDI-23-1684", "id": "ZDI-23-1684", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Bridge MP4 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1684/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21797", "zdi_id": "ZDI-23-1684" }, { "cve": "CVE-2023-44327", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1683/advisory.json", "detail_path": "advisories/ZDI-23-1683", "id": "ZDI-23-1683", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Bridge MP4 File Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1683/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21793", "zdi_id": "ZDI-23-1683" }, { "cve": "CVE-2023-47060", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1682/advisory.json", "detail_path": "advisories/ZDI-23-1682", "id": "ZDI-23-1682", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro MP4 File Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1682/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21792", "zdi_id": "ZDI-23-1682" }, { "cve": "CVE-2023-47059", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1681/advisory.json", "detail_path": "advisories/ZDI-23-1681", "id": "ZDI-23-1681", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1681/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21767", "zdi_id": "ZDI-23-1681" }, { "cve": "CVE-2023-47058", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1680/advisory.json", "detail_path": "advisories/ZDI-23-1680", "id": "ZDI-23-1680", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1680/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21766", "zdi_id": "ZDI-23-1680" }, { "cve": "CVE-2023-47055", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1679/advisory.json", "detail_path": "advisories/ZDI-23-1679", "id": "ZDI-23-1679", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro M4A File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1679/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21765", "zdi_id": "ZDI-23-1679" }, { "cve": "CVE-2023-47057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1678/advisory.json", "detail_path": "advisories/ZDI-23-1678", "id": "ZDI-23-1678", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1678/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21764", "zdi_id": "ZDI-23-1678" }, { "cve": "CVE-2023-47056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1677/advisory.json", "detail_path": "advisories/ZDI-23-1677", "id": "ZDI-23-1677", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1677/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21763", "zdi_id": "ZDI-23-1677" }, { "cve": "CVE-2023-47073", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1676/advisory.json", "detail_path": "advisories/ZDI-23-1676", "id": "ZDI-23-1676", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1676/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21709", "zdi_id": "ZDI-23-1676" }, { "cve": "CVE-2023-47070", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1675/advisory.json", "detail_path": "advisories/ZDI-23-1675", "id": "ZDI-23-1675", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1675/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21708", "zdi_id": "ZDI-23-1675" }, { "cve": "CVE-2023-47067", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1674/advisory.json", "detail_path": "advisories/ZDI-23-1674", "id": "ZDI-23-1674", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1674/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21706", "zdi_id": "ZDI-23-1674" }, { "cve": "CVE-2023-47066", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1673/advisory.json", "detail_path": "advisories/ZDI-23-1673", "id": "ZDI-23-1673", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1673/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21705", "zdi_id": "ZDI-23-1673" }, { "cve": "CVE-2023-47071", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1672/advisory.json", "detail_path": "advisories/ZDI-23-1672", "id": "ZDI-23-1672", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1672/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21704", "zdi_id": "ZDI-23-1672" }, { "cve": "CVE-2023-47069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1671/advisory.json", "detail_path": "advisories/ZDI-23-1671", "id": "ZDI-23-1671", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1671/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21703", "zdi_id": "ZDI-23-1671" }, { "cve": "CVE-2023-47068", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1670/advisory.json", "detail_path": "advisories/ZDI-23-1670", "id": "ZDI-23-1670", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1670/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21702", "zdi_id": "ZDI-23-1670" }, { "cve": "CVE-2023-47072", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1669/advisory.json", "detail_path": "advisories/ZDI-23-1669", "id": "ZDI-23-1669", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe After Effects MP4 File Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1669/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21790", "zdi_id": "ZDI-23-1669" }, { "cve": "CVE-2023-47044", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1668/advisory.json", "detail_path": "advisories/ZDI-23-1668", "id": "ZDI-23-1668", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Media Encoder MP4 File Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1668/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21789", "zdi_id": "ZDI-23-1668" }, { "cve": "CVE-2023-47043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1667/advisory.json", "detail_path": "advisories/ZDI-23-1667", "id": "ZDI-23-1667", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1667/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21699", "zdi_id": "ZDI-23-1667" }, { "cve": "CVE-2023-47040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1666/advisory.json", "detail_path": "advisories/ZDI-23-1666", "id": "ZDI-23-1666", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1666/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21698", "zdi_id": "ZDI-23-1666" }, { "cve": "CVE-2023-47041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1665/advisory.json", "detail_path": "advisories/ZDI-23-1665", "id": "ZDI-23-1665", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1665/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21697", "zdi_id": "ZDI-23-1665" }, { "cve": "CVE-2023-47042", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1664/advisory.json", "detail_path": "advisories/ZDI-23-1664", "id": "ZDI-23-1664", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1664/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21696", "zdi_id": "ZDI-23-1664" }, { "cve": "CVE-2023-47054", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1663/advisory.json", "detail_path": "advisories/ZDI-23-1663", "id": "ZDI-23-1663", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1663/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21782", "zdi_id": "ZDI-23-1663" }, { "cve": "CVE-2023-47049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1662/advisory.json", "detail_path": "advisories/ZDI-23-1662", "id": "ZDI-23-1662", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1662/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21690", "zdi_id": "ZDI-23-1662" }, { "cve": "CVE-2023-47053", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1661/advisory.json", "detail_path": "advisories/ZDI-23-1661", "id": "ZDI-23-1661", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1661/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21689", "zdi_id": "ZDI-23-1661" }, { "cve": "CVE-2023-47048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1660/advisory.json", "detail_path": "advisories/ZDI-23-1660", "id": "ZDI-23-1660", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1660/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21688", "zdi_id": "ZDI-23-1660" }, { "cve": "CVE-2023-47052", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1659/advisory.json", "detail_path": "advisories/ZDI-23-1659", "id": "ZDI-23-1659", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1659/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21687", "zdi_id": "ZDI-23-1659" }, { "cve": "CVE-2023-47050", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1658/advisory.json", "detail_path": "advisories/ZDI-23-1658", "id": "ZDI-23-1658", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1658/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21686", "zdi_id": "ZDI-23-1658" }, { "cve": "CVE-2023-47047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1657/advisory.json", "detail_path": "advisories/ZDI-23-1657", "id": "ZDI-23-1657", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1657/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21685", "zdi_id": "ZDI-23-1657" }, { "cve": "CVE-2023-47046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1656/advisory.json", "detail_path": "advisories/ZDI-23-1656", "id": "ZDI-23-1656", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1656/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21684", "zdi_id": "ZDI-23-1656" }, { "cve": "CVE-2023-47051", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1655/advisory.json", "detail_path": "advisories/ZDI-23-1655", "id": "ZDI-23-1655", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe Audition MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1655/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21683", "zdi_id": "ZDI-23-1655" }, { "cve": "CVE-2023-44324", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe FrameMaker Publishing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Login method. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1654/advisory.json", "detail_path": "advisories/ZDI-23-1654", "id": "ZDI-23-1654", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1654/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21344", "zdi_id": "ZDI-23-1654" }, { "cve": "CVE-2023-22274", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateCommandStream method. Due...", "detail_json": "/data/advisories/ZDI-23-1653/advisory.json", "detail_path": "advisories/ZDI-23-1653", "id": "ZDI-23-1653", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1653/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21305", "zdi_id": "ZDI-23-1653" }, { "cve": "CVE-2023-22273", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the OnPublishFile method. The issue results from...", "detail_json": "/data/advisories/ZDI-23-1652/advisory.json", "detail_path": "advisories/ZDI-23-1652", "id": "ZDI-23-1652", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1652/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21307", "zdi_id": "ZDI-23-1652" }, { "cve": "CVE-2023-22268", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the getRHSGroupsForRoles method. The iss...", "detail_json": "/data/advisories/ZDI-23-1651/advisory.json", "detail_path": "advisories/ZDI-23-1651", "id": "ZDI-23-1651", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1651/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21308", "zdi_id": "ZDI-23-1651" }, { "cve": "CVE-2023-22272", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method....", "detail_json": "/data/advisories/ZDI-23-1650/advisory.json", "detail_path": "advisories/ZDI-23-1650", "id": "ZDI-23-1650", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1650/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21309", "zdi_id": "ZDI-23-1650" }, { "cve": "CVE-2023-22275", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetNewUserId method. The issue r...", "detail_json": "/data/advisories/ZDI-23-1649/advisory.json", "detail_path": "advisories/ZDI-23-1649", "id": "ZDI-23-1649", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1649/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21306", "zdi_id": "ZDI-23-1649" }, { "cve": "CVE-2023-44429", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1648/advisory.json", "detail_path": "advisories/ZDI-23-1648", "id": "ZDI-23-1648", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1648/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-22226", "zdi_id": "ZDI-23-1648" }, { "cve": "CVE-2023-44446", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1647/advisory.json", "detail_path": "advisories/ZDI-23-1647", "id": "ZDI-23-1647", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1647/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-22299", "zdi_id": "ZDI-23-1647" }, { "cve": "CVE-2023-38181", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition or relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of...", "detail_json": "/data/advisories/ZDI-23-1646/advisory.json", "detail_path": "advisories/ZDI-23-1646", "id": "ZDI-23-1646", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Exchange GsmWriter Deserialization of Untrusted Data NTLM Relay Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1646/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21462", "zdi_id": "ZDI-23-1646" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1645/advisory.json", "detail_path": "advisories/ZDI-23-1645", "id": "ZDI-23-1645", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21861", "zdi_id": "ZDI-23-1645" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1644/advisory.json", "detail_path": "advisories/ZDI-23-1644", "id": "ZDI-23-1644", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStretchBltROP Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1644/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21864", "zdi_id": "ZDI-23-1644" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1643/advisory.json", "detail_path": "advisories/ZDI-23-1643", "id": "ZDI-23-1643", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStretchBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1643/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21863", "zdi_id": "ZDI-23-1643" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1642/advisory.json", "detail_path": "advisories/ZDI-23-1642", "id": "ZDI-23-1642", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvPlgBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1642/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21681", "zdi_id": "ZDI-23-1642" }, { "cve": "CVE-2023-36039", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the SerializationTypeConverter class. The issue res...", "detail_json": "/data/advisories/ZDI-23-1641/advisory.json", "detail_path": "advisories/ZDI-23-1641", "id": "ZDI-23-1641", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Exchange FederationTrust Deserialization of Untrusted Data NTLM Relay Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1641/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22002", "zdi_id": "ZDI-23-1641" }, { "cve": "CVE-2023-36050", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information or relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the Serialization...", "detail_json": "/data/advisories/ZDI-23-1640/advisory.json", "detail_path": "advisories/ZDI-23-1640", "id": "ZDI-23-1640", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Exchange TransportConfigContainer Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1640/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21958", "zdi_id": "ZDI-23-1640" }, { "cve": "CVE-2023-36049", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create or delete arbitrary files on FTP servers implemented using affected versions of Microsoft .NET. Interaction with the .NET framework is required to exploit this vulnerability but attack vectors may vary depe...", "detail_json": "/data/advisories/ZDI-23-1639/advisory.json", "detail_path": "advisories/ZDI-23-1639", "id": "ZDI-23-1639", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21960", "zdi_id": "ZDI-23-1639" }, { "cve": "CVE-2023-36045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1638/advisory.json", "detail_path": "advisories/ZDI-23-1638", "id": "ZDI-23-1638", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Office Word FBX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1638/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21843", "zdi_id": "ZDI-23-1638" }, { "cve": "CVE-2023-36035", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the IsUNCPath method. The issue results from the la...", "detail_json": "/data/advisories/ZDI-23-1637/advisory.json", "detail_path": "advisories/ZDI-23-1637", "id": "ZDI-23-1637", "kind": "published", "published_date": "2023-11-15", "status": "published", "title": "Microsoft Exchange IsUNCPath Improper Input Validation NTLM Relay Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1637/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21983", "zdi_id": "ZDI-23-1637" }, { "cve": "CVE-2023-44445", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results...", "detail_json": "/data/advisories/ZDI-23-1636/advisory.json", "detail_path": "advisories/ZDI-23-1636", "id": "ZDI-23-1636", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1636/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19058", "zdi_id": "ZDI-23-1636" }, { "cve": "CVE-2023-5068", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1635/advisory.json", "detail_path": "advisories/ZDI-23-1635", "id": "ZDI-23-1635", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Delta Electronics DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1635/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21400", "zdi_id": "ZDI-23-1635" }, { "cve": "CVE-2023-41033", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1634/advisory.json", "detail_path": "advisories/ZDI-23-1634", "id": "ZDI-23-1634", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1634/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21266", "zdi_id": "ZDI-23-1634" }, { "cve": "CVE-2023-41032", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1633/advisory.json", "detail_path": "advisories/ZDI-23-1633", "id": "ZDI-23-1633", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1633/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21263", "zdi_id": "ZDI-23-1633" }, { "cve": "CVE-2023-38070", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1632/advisory.json", "detail_path": "advisories/ZDI-23-1632", "id": "ZDI-23-1632", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1632/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20818", "zdi_id": "ZDI-23-1632" }, { "cve": "CVE-2023-38071", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1631/advisory.json", "detail_path": "advisories/ZDI-23-1631", "id": "ZDI-23-1631", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1631/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20824", "zdi_id": "ZDI-23-1631" }, { "cve": "CVE-2023-38072", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1630/advisory.json", "detail_path": "advisories/ZDI-23-1630", "id": "ZDI-23-1630", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1630/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20825", "zdi_id": "ZDI-23-1630" }, { "cve": "CVE-2023-38073", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1629/advisory.json", "detail_path": "advisories/ZDI-23-1629", "id": "ZDI-23-1629", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1629/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20826", "zdi_id": "ZDI-23-1629" }, { "cve": "CVE-2023-38074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1628/advisory.json", "detail_path": "advisories/ZDI-23-1628", "id": "ZDI-23-1628", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1628/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20840", "zdi_id": "ZDI-23-1628" }, { "cve": "CVE-2023-38076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1627/advisory.json", "detail_path": "advisories/ZDI-23-1627", "id": "ZDI-23-1627", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1627/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21041", "zdi_id": "ZDI-23-1627" }, { "cve": "CVE-2023-38075", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1626/advisory.json", "detail_path": "advisories/ZDI-23-1626", "id": "ZDI-23-1626", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1626/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20842", "zdi_id": "ZDI-23-1626" }, { "cve": "CVE-2023-44448", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the file libcmm.so. The issue res...", "detail_json": "/data/advisories/ZDI-23-1625/advisory.json", "detail_path": "advisories/ZDI-23-1625", "id": "ZDI-23-1625", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1625/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-22262", "zdi_id": "ZDI-23-1625" }, { "cve": "CVE-2023-39471", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue...", "detail_json": "/data/advisories/ZDI-23-1624/advisory.json", "detail_path": "advisories/ZDI-23-1624", "id": "ZDI-23-1624", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-12-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1624/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21825", "zdi_id": "ZDI-23-1624" }, { "cve": "CVE-2023-44447", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, wh...", "detail_json": "/data/advisories/ZDI-23-1623/advisory.json", "detail_path": "advisories/ZDI-23-1623", "id": "ZDI-23-1623", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21529", "zdi_id": "ZDI-23-1623" }, { "cve": "CVE-2023-5136", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI DIAdem. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-1622/advisory.json", "detail_path": "advisories/ZDI-23-1622", "id": "ZDI-23-1622", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "NI DIAdem GPX File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1622/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21871", "zdi_id": "ZDI-23-1622" }, { "cve": "CVE-2023-47202", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-1621/advisory.json", "detail_path": "advisories/ZDI-23-1621", "id": "ZDI-23-1621", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Local File Inclusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1621/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21460", "zdi_id": "ZDI-23-1621" }, { "cve": "CVE-2023-47199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1620/advisory.json", "detail_path": "advisories/ZDI-23-1620", "id": "ZDI-23-1620", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1620/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21665", "zdi_id": "ZDI-23-1620" }, { "cve": "CVE-2023-47198", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1619/advisory.json", "detail_path": "advisories/ZDI-23-1619", "id": "ZDI-23-1619", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1619/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21382", "zdi_id": "ZDI-23-1619" }, { "cve": "CVE-2023-47200", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1618/advisory.json", "detail_path": "advisories/ZDI-23-1618", "id": "ZDI-23-1618", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1618/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21383", "zdi_id": "ZDI-23-1618" }, { "cve": "CVE-2023-47196", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1617/advisory.json", "detail_path": "advisories/ZDI-23-1617", "id": "ZDI-23-1617", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1617/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21380", "zdi_id": "ZDI-23-1617" }, { "cve": "CVE-2023-47197", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1616/advisory.json", "detail_path": "advisories/ZDI-23-1616", "id": "ZDI-23-1616", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1616/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21381", "zdi_id": "ZDI-23-1616" }, { "cve": "CVE-2023-47195", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1615/advisory.json", "detail_path": "advisories/ZDI-23-1615", "id": "ZDI-23-1615", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1615/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21368", "zdi_id": "ZDI-23-1615" }, { "cve": "CVE-2023-47194", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1614/advisory.json", "detail_path": "advisories/ZDI-23-1614", "id": "ZDI-23-1614", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1614/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21367", "zdi_id": "ZDI-23-1614" }, { "cve": "CVE-2023-47201", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1613/advisory.json", "detail_path": "advisories/ZDI-23-1613", "id": "ZDI-23-1613", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1613/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21378", "zdi_id": "ZDI-23-1613" }, { "cve": "CVE-2023-47193", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1612/advisory.json", "detail_path": "advisories/ZDI-23-1612", "id": "ZDI-23-1612", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1612/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-21366", "zdi_id": "ZDI-23-1612" }, { "cve": "CVE-2023-47192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-1611/advisory.json", "detail_path": "advisories/ZDI-23-1611", "id": "ZDI-23-1611", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1611/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20220", "zdi_id": "ZDI-23-1611" }, { "cve": "CVE-2023-44433", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1610/advisory.json", "detail_path": "advisories/ZDI-23-1610", "id": "ZDI-23-1610", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1610/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21977", "zdi_id": "ZDI-23-1610" }, { "cve": "CVE-2023-44434", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1609/advisory.json", "detail_path": "advisories/ZDI-23-1609", "id": "ZDI-23-1609", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Kofax Power PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1609/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21979", "zdi_id": "ZDI-23-1609" }, { "cve": "CVE-2023-44436", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1608/advisory.json", "detail_path": "advisories/ZDI-23-1608", "id": "ZDI-23-1608", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1608/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22045", "zdi_id": "ZDI-23-1608" }, { "cve": "CVE-2023-44435", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1607/advisory.json", "detail_path": "advisories/ZDI-23-1607", "id": "ZDI-23-1607", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1607/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-22040", "zdi_id": "ZDI-23-1607" }, { "cve": "CVE-2023-44432", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1606/advisory.json", "detail_path": "advisories/ZDI-23-1606", "id": "ZDI-23-1606", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1606/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21584", "zdi_id": "ZDI-23-1606" }, { "cve": "CVE-2023-42856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-23-1605/advisory.json", "detail_path": "advisories/ZDI-23-1605", "id": "ZDI-23-1605", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1605/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21358", "zdi_id": "ZDI-23-1605" }, { "cve": "CVE-2023-42856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-23-1604/advisory.json", "detail_path": "advisories/ZDI-23-1604", "id": "ZDI-23-1604", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Apple macOS Hydra Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1604/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21692", "zdi_id": "ZDI-23-1604" }, { "cve": "CVE-2023-42856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-23-1603/advisory.json", "detail_path": "advisories/ZDI-23-1603", "id": "ZDI-23-1603", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Apple macOS Hydra Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1603/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21502", "zdi_id": "ZDI-23-1603" }, { "cve": "CVE-2023-42856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-23-1602/advisory.json", "detail_path": "advisories/ZDI-23-1602", "id": "ZDI-23-1602", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1602/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21504", "zdi_id": "ZDI-23-1602" }, { "cve": "CVE-2023-42856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-23-1601/advisory.json", "detail_path": "advisories/ZDI-23-1601", "id": "ZDI-23-1601", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Apple macOS Hydra Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1601/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21518", "zdi_id": "ZDI-23-1601" }, { "cve": "CVE-2023-35796", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEMA Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1600/advisory.json", "detail_path": "advisories/ZDI-23-1600", "id": "ZDI-23-1600", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Siemens SINEMA Server sysLocation Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1600/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19823", "zdi_id": "ZDI-23-1600" }, { "cve": "CVE-2023-30912", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1599/advisory.json", "detail_path": "advisories/ZDI-23-1599", "id": "ZDI-23-1599", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1599/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-21806", "zdi_id": "ZDI-23-1599" }, { "cve": "CVE-2023-44440", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1598/advisory.json", "detail_path": "advisories/ZDI-23-1598", "id": "ZDI-23-1598", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1598/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21680", "zdi_id": "ZDI-23-1598" }, { "cve": "CVE-2023-44439", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1597/advisory.json", "detail_path": "advisories/ZDI-23-1597", "id": "ZDI-23-1597", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1597/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21679", "zdi_id": "ZDI-23-1597" }, { "cve": "CVE-2023-44438", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1596/advisory.json", "detail_path": "advisories/ZDI-23-1596", "id": "ZDI-23-1596", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1596/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21678", "zdi_id": "ZDI-23-1596" }, { "cve": "CVE-2023-44437", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1595/advisory.json", "detail_path": "advisories/ZDI-23-1595", "id": "ZDI-23-1595", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1595/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-21540", "zdi_id": "ZDI-23-1595" }, { "cve": "CVE-2023-44442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-23-1594/advisory.json", "detail_path": "advisories/ZDI-23-1594", "id": "ZDI-23-1594", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1594/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-22094", "zdi_id": "ZDI-23-1594" }, { "cve": "CVE-2023-44443", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-23-1593/advisory.json", "detail_path": "advisories/ZDI-23-1593", "id": "ZDI-23-1593", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1593/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-22096", "zdi_id": "ZDI-23-1593" }, { "cve": "CVE-2023-44441", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-23-1592/advisory.json", "detail_path": "advisories/ZDI-23-1592", "id": "ZDI-23-1592", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1592/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-22093", "zdi_id": "ZDI-23-1592" }, { "cve": "CVE-2023-44444", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-23-1591/advisory.json", "detail_path": "advisories/ZDI-23-1591", "id": "ZDI-23-1591", "kind": "published", "published_date": "2023-11-14", "status": "published", "title": "GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1591/", "vendor": "GIMP", "vendor_url": null, "zdi_can": "ZDI-CAN-22097", "zdi_id": "ZDI-23-1591" }, { "cve": "CVE-2023-34048", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC prot...", "detail_json": "/data/advisories/ZDI-23-1590/advisory.json", "detail_path": "advisories/ZDI-23-1590", "id": "ZDI-23-1590", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "VMware vCenter Server Appliance DCE/RPC Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1590/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-21893", "zdi_id": "ZDI-23-1590" }, { "cve": "CVE-2023-34044", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-23-1589/advisory.json", "detail_path": "advisories/ZDI-23-1589", "id": "ZDI-23-1589", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "VMware Workstation UHCI Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1589/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-21512", "zdi_id": "ZDI-23-1589" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulner...", "detail_json": "/data/advisories/ZDI-23-1588/advisory.json", "detail_path": "advisories/ZDI-23-1588", "id": "ZDI-23-1588", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1588/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22282", "zdi_id": "ZDI-23-1588" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1587/advisory.json", "detail_path": "advisories/ZDI-23-1587", "id": "ZDI-23-1587", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1587/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21862", "zdi_id": "ZDI-23-1587" }, { "cve": "CVE-2023-33227", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SaveResultsToFile method....", "detail_json": "/data/advisories/ZDI-23-1586/advisory.json", "detail_path": "advisories/ZDI-23-1586", "id": "ZDI-23-1586", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "SolarWinds Network Configuration Manager SaveResultsToFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1586/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21220", "zdi_id": "ZDI-23-1586" }, { "cve": "CVE-2023-33226", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExportConfigs method. The...", "detail_json": "/data/advisories/ZDI-23-1585/advisory.json", "detail_path": "advisories/ZDI-23-1585", "id": "ZDI-23-1585", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "SolarWinds Network Configuration Manager ExportConfigs Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1585/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21223", "zdi_id": "ZDI-23-1585" }, { "cve": "CVE-2023-40062", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue...", "detail_json": "/data/advisories/ZDI-23-1584/advisory.json", "detail_path": "advisories/ZDI-23-1584", "id": "ZDI-23-1584", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1584/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21839", "zdi_id": "ZDI-23-1584" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromium-based browsers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-1583/advisory.json", "detail_path": "advisories/ZDI-23-1583", "id": "ZDI-23-1583", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "Google Chromium Vulkan SwiftShader Double Free Remote Code Execution Vulnerability", "updated_date": "2023-11-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1583/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-22148", "zdi_id": "ZDI-23-1583" }, { "cve": "CVE-2023-5847", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-23-1582/advisory.json", "detail_path": "advisories/ZDI-23-1582", "id": "ZDI-23-1582", "kind": "published", "published_date": "2023-11-06", "status": "published", "title": "Tenable Nessus Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1582/", "vendor": "Tenable", "vendor_url": null, "zdi_can": "ZDI-CAN-21965", "zdi_id": "ZDI-23-1582" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the CreateAttachmentFromUri method. The iss...", "detail_json": "/data/advisories/ZDI-23-1581/advisory.json", "detail_path": "advisories/ZDI-23-1581", "id": "ZDI-23-1581", "kind": "published", "published_date": "2023-11-02", "status": "published", "title": "(0Day) Microsoft Exchange CreateAttachmentFromUri Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1581/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22101", "zdi_id": "ZDI-23-1581" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DownloadDataFromOfficeMarketPlace metho...", "detail_json": "/data/advisories/ZDI-23-1580/advisory.json", "detail_path": "advisories/ZDI-23-1580", "id": "ZDI-23-1580", "kind": "published", "published_date": "2023-11-02", "status": "published", "title": "(0Day) Microsoft Exchange DownloadDataFromOfficeMarketPlace Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22100", "zdi_id": "ZDI-23-1580" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DownloadDataFromUri method. The issue r...", "detail_json": "/data/advisories/ZDI-23-1579/advisory.json", "detail_path": "advisories/ZDI-23-1579", "id": "ZDI-23-1579", "kind": "published", "published_date": "2023-11-02", "status": "published", "title": "(0Day) Microsoft Exchange DownloadDataFromUri Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1579/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22090", "zdi_id": "ZDI-23-1579" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the ChainedSerializationBinder class. The issue res...", "detail_json": "/data/advisories/ZDI-23-1578/advisory.json", "detail_path": "advisories/ZDI-23-1578", "id": "ZDI-23-1578", "kind": "published", "published_date": "2023-11-02", "status": "published", "title": "(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1578/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22079", "zdi_id": "ZDI-23-1578" }, { "cve": "CVE-2023-45601", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1577/advisory.json", "detail_path": "advisories/ZDI-23-1577", "id": "ZDI-23-1577", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation IGS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1577/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21290", "zdi_id": "ZDI-23-1577" }, { "cve": "CVE-2023-45204", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1576/advisory.json", "detail_path": "advisories/ZDI-23-1576", "id": "ZDI-23-1576", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation IGS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1576/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21268", "zdi_id": "ZDI-23-1576" }, { "cve": "CVE-2023-37376", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1575/advisory.json", "detail_path": "advisories/ZDI-23-1575", "id": "ZDI-23-1575", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation STP File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1575/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21051", "zdi_id": "ZDI-23-1575" }, { "cve": "CVE-2023-37374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1574/advisory.json", "detail_path": "advisories/ZDI-23-1574", "id": "ZDI-23-1574", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation STP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1574/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21054", "zdi_id": "ZDI-23-1574" }, { "cve": "CVE-2023-37375", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1573/advisory.json", "detail_path": "advisories/ZDI-23-1573", "id": "ZDI-23-1573", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1573/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21060", "zdi_id": "ZDI-23-1573" }, { "cve": "CVE-2023-38679", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1572/advisory.json", "detail_path": "advisories/ZDI-23-1572", "id": "ZDI-23-1572", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1572/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21106", "zdi_id": "ZDI-23-1572" }, { "cve": "CVE-2023-38681", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1571/advisory.json", "detail_path": "advisories/ZDI-23-1571", "id": "ZDI-23-1571", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation IGS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1571/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21270", "zdi_id": "ZDI-23-1571" }, { "cve": "CVE-2023-38680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1570/advisory.json", "detail_path": "advisories/ZDI-23-1570", "id": "ZDI-23-1570", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1570/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21132", "zdi_id": "ZDI-23-1570" }, { "cve": "CVE-2021-27044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1569/advisory.json", "detail_path": "advisories/ZDI-23-1569", "id": "ZDI-23-1569", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "Siemens Solid Edge Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1569/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-18490", "zdi_id": "ZDI-23-1569" }, { "cve": "CVE-2023-4601", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Measurement & Automation Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of response data...", "detail_json": "/data/advisories/ZDI-23-1568/advisory.json", "detail_path": "advisories/ZDI-23-1568", "id": "ZDI-23-1568", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "NI Measurement & Automation Explorer Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1568/", "vendor": "NI", "vendor_url": null, "zdi_can": "ZDI-CAN-21354", "zdi_id": "ZDI-23-1568" }, { "cve": "CVE-2023-35187", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenClientUpdateFile method....", "detail_json": "/data/advisories/ZDI-23-1567/advisory.json", "detail_path": "advisories/ZDI-23-1567", "id": "ZDI-23-1567", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1567/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21119", "zdi_id": "ZDI-23-1567" }, { "cve": "CVE-2023-35186", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetParameterFormTemplateWithSelec...", "detail_json": "/data/advisories/ZDI-23-1566/advisory.json", "detail_path": "advisories/ZDI-23-1566", "id": "ZDI-23-1566", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1566/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21376", "zdi_id": "ZDI-23-1566" }, { "cve": "CVE-2023-35185", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue re...", "detail_json": "/data/advisories/ZDI-23-1565/advisory.json", "detail_path": "advisories/ZDI-23-1565", "id": "ZDI-23-1565", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1565/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21120", "zdi_id": "ZDI-23-1565" }, { "cve": "CVE-2023-35182", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createGlobalServerChannelInte...", "detail_json": "/data/advisories/ZDI-23-1564/advisory.json", "detail_path": "advisories/ZDI-23-1564", "id": "ZDI-23-1564", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1564/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21113", "zdi_id": "ZDI-23-1564" }, { "cve": "CVE-2023-35184", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteAction method. The issue r...", "detail_json": "/data/advisories/ZDI-23-1563/advisory.json", "detail_path": "advisories/ZDI-23-1563", "id": "ZDI-23-1563", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1563/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21385", "zdi_id": "ZDI-23-1563" }, { "cve": "CVE-2023-35183", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-23-1562/advisory.json", "detail_path": "advisories/ZDI-23-1562", "id": "ZDI-23-1562", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1562/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21374", "zdi_id": "ZDI-23-1562" }, { "cve": "CVE-2023-35181", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-23-1561/advisory.json", "detail_path": "advisories/ZDI-23-1561", "id": "ZDI-23-1561", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1561/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21373", "zdi_id": "ZDI-23-1561" }, { "cve": "CVE-2023-35180", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the deserialization of JSON data sent...", "detail_json": "/data/advisories/ZDI-23-1560/advisory.json", "detail_path": "advisories/ZDI-23-1560", "id": "ZDI-23-1560", "kind": "published", "published_date": "2023-10-19", "status": "published", "title": "SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1560/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21375", "zdi_id": "ZDI-23-1560" }, { "cve": "CVE-2023-41373", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of F5 BIG-IP OS. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of prop...", "detail_json": "/data/advisories/ZDI-23-1559/advisory.json", "detail_path": "advisories/ZDI-23-1559", "id": "ZDI-23-1559", "kind": "published", "published_date": "2023-10-18", "status": "published", "title": "F5 BIG-IP OS unzip Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1559/", "vendor": "F5", "vendor_url": null, "zdi_can": "ZDI-CAN-21463", "zdi_id": "ZDI-23-1559" }, { "cve": "CVE-2023-37248", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1558/advisory.json", "detail_path": "advisories/ZDI-23-1558", "id": "ZDI-23-1558", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Siemens Tecnomatix Plant Simulation PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1558/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21155", "zdi_id": "ZDI-23-1558" }, { "cve": "CVE-2023-37246", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1557/advisory.json", "detail_path": "advisories/ZDI-23-1557", "id": "ZDI-23-1557", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Siemens Tecnomatix Plant Simulation PRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1557/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21109", "zdi_id": "ZDI-23-1557" }, { "cve": "CVE-2023-37247", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1556/advisory.json", "detail_path": "advisories/ZDI-23-1556", "id": "ZDI-23-1556", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Siemens Tecnomatix Plant Simulation PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1556/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-21138", "zdi_id": "ZDI-23-1556" }, { "cve": "CVE-2023-38159", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1555/advisory.json", "detail_path": "advisories/ZDI-23-1555", "id": "ZDI-23-1555", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows DirectX GpuMmu Race Condition Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1555/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21605", "zdi_id": "ZDI-23-1555" }, { "cve": "CVE-2023-36731", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1554/advisory.json", "detail_path": "advisories/ZDI-23-1554", "id": "ZDI-23-1554", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows bStretch Improper Input Validation Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1554/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21342", "zdi_id": "ZDI-23-1554" }, { "cve": "CVE-2023-36732", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1553/advisory.json", "detail_path": "advisories/ZDI-23-1553", "id": "ZDI-23-1553", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows DEVLOCKBLTOBJ Race Condition Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1553/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21427", "zdi_id": "ZDI-23-1553" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1552/advisory.json", "detail_path": "advisories/ZDI-23-1552", "id": "ZDI-23-1552", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvPlgBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1552/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21248", "zdi_id": "ZDI-23-1552" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1551/advisory.json", "detail_path": "advisories/ZDI-23-1551", "id": "ZDI-23-1551", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvStretchBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1551/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21250", "zdi_id": "ZDI-23-1551" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1550/advisory.json", "detail_path": "advisories/ZDI-23-1550", "id": "ZDI-23-1550", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvBitBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1550/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21249", "zdi_id": "ZDI-23-1550" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1549/advisory.json", "detail_path": "advisories/ZDI-23-1549", "id": "ZDI-23-1549", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvStretchBltROP Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1549/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21251", "zdi_id": "ZDI-23-1549" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1548/advisory.json", "detail_path": "advisories/ZDI-23-1548", "id": "ZDI-23-1548", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvCopyBits Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1548/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21209", "zdi_id": "ZDI-23-1548" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1547/advisory.json", "detail_path": "advisories/ZDI-23-1547", "id": "ZDI-23-1547", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvStretchBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1547/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21207", "zdi_id": "ZDI-23-1547" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1546/advisory.json", "detail_path": "advisories/ZDI-23-1546", "id": "ZDI-23-1546", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvStretchBltROP Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1546/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21208", "zdi_id": "ZDI-23-1546" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1545/advisory.json", "detail_path": "advisories/ZDI-23-1545", "id": "ZDI-23-1545", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows IsSurfaceLockable Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1545/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21161", "zdi_id": "ZDI-23-1545" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1544/advisory.json", "detail_path": "advisories/ZDI-23-1544", "id": "ZDI-23-1544", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvPlgBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1544/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21204", "zdi_id": "ZDI-23-1544" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1543/advisory.json", "detail_path": "advisories/ZDI-23-1543", "id": "ZDI-23-1543", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvBitBlt Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1543/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21205", "zdi_id": "ZDI-23-1543" }, { "cve": "CVE-2023-36594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally...", "detail_json": "/data/advisories/ZDI-23-1542/advisory.json", "detail_path": "advisories/ZDI-23-1542", "id": "ZDI-23-1542", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Microsoft Windows UMPDDrvCopyBits Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1542/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21206", "zdi_id": "ZDI-23-1542" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. An attacker must first obtain the ability to execute script within the application window in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1541/advisory.json", "detail_path": "advisories/ZDI-23-1541", "id": "ZDI-23-1541", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "(Pwn2Own) Microsoft Teams Incorrect Privilege Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1541/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20751", "zdi_id": "ZDI-23-1541" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1540/advisory.json", "detail_path": "advisories/ZDI-23-1540", "id": "ZDI-23-1540", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "(Pwn2Own) Microsoft Teams Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1540/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20720", "zdi_id": "ZDI-23-1540" }, { "cve": "CVE-2023-26370", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1539/advisory.json", "detail_path": "advisories/ZDI-23-1539", "id": "ZDI-23-1539", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1539/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21257", "zdi_id": "ZDI-23-1539" }, { "cve": "CVE-2023-38217", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1538/advisory.json", "detail_path": "advisories/ZDI-23-1538", "id": "ZDI-23-1538", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1538/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21403", "zdi_id": "ZDI-23-1538" }, { "cve": "CVE-2023-38216", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1537/advisory.json", "detail_path": "advisories/ZDI-23-1537", "id": "ZDI-23-1537", "kind": "published", "published_date": "2023-10-11", "status": "published", "title": "Adobe Bridge Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1537/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21404", "zdi_id": "ZDI-23-1537" }, { "cve": "CVE-2023-42127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1536/advisory.json", "detail_path": "advisories/ZDI-23-1536", "id": "ZDI-23-1536", "kind": "published", "published_date": "2023-10-06", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1536/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21585", "zdi_id": "ZDI-23-1536" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1535/advisory.json", "detail_path": "advisories/ZDI-23-1535", "id": "ZDI-23-1535", "kind": "published", "published_date": "2023-10-06", "status": "published", "title": "Microsoft Windows UMPDDrvStretchBltROP Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1535/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21007", "zdi_id": "ZDI-23-1535" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1534/advisory.json", "detail_path": "advisories/ZDI-23-1534", "id": "ZDI-23-1534", "kind": "published", "published_date": "2023-10-06", "status": "published", "title": "Microsoft Windows UMPDDrvLineTo Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1534/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21029", "zdi_id": "ZDI-23-1534" }, { "cve": "CVE-2023-42128", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device....", "detail_json": "/data/advisories/ZDI-23-1533/advisory.json", "detail_path": "advisories/ZDI-23-1533", "id": "ZDI-23-1533", "kind": "published", "published_date": "2023-10-06", "status": "published", "title": "Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1533/", "vendor": "Magnet Forensics", "vendor_url": null, "zdi_can": "ZDI-CAN-21255", "zdi_id": "ZDI-23-1533" }, { "cve": "CVE-2023-28323", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ProcessEPMAuthToken method. The issue...", "detail_json": "/data/advisories/ZDI-23-1532/advisory.json", "detail_path": "advisories/ZDI-23-1532", "id": "ZDI-23-1532", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Ivanti Endpoint Manager ProcessEPMAuthToken Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1532/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21852", "zdi_id": "ZDI-23-1532" }, { "cve": "CVE-2022-3214", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics DIAEnergie. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Hand...", "detail_json": "/data/advisories/ZDI-23-1531/advisory.json", "detail_path": "advisories/ZDI-23-1531", "id": "ZDI-23-1531", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Delta Electronics DIAEnergie HandlerUploadCalendar Use Of Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1531/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-18855", "zdi_id": "ZDI-23-1531" }, { "cve": "CVE-2022-3214", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics DIAEnergie. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Hand...", "detail_json": "/data/advisories/ZDI-23-1530/advisory.json", "detail_path": "advisories/ZDI-23-1530", "id": "ZDI-23-1530", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Delta Electronics DIAEnergie HandlerUploadTag Use Of Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1530/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-18853", "zdi_id": "ZDI-23-1530" }, { "cve": "CVE-2022-3214", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics DIAEnergie. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Hand...", "detail_json": "/data/advisories/ZDI-23-1529/advisory.json", "detail_path": "advisories/ZDI-23-1529", "id": "ZDI-23-1529", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Delta Electronics DIAEnergie HandlerUploadCarbon Use Of Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1529/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-18857", "zdi_id": "ZDI-23-1529" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on Microsoft PC Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this v...", "detail_json": "/data/advisories/ZDI-23-1528/advisory.json", "detail_path": "advisories/ZDI-23-1528", "id": "ZDI-23-1528", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1528/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22264", "zdi_id": "ZDI-23-1528" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on Microsoft PC Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this v...", "detail_json": "/data/advisories/ZDI-23-1527/advisory.json", "detail_path": "advisories/ZDI-23-1527", "id": "ZDI-23-1527", "kind": "published", "published_date": "2023-10-05", "status": "published", "title": "Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1527/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-22263", "zdi_id": "ZDI-23-1527" }, { "cve": "CVE-2023-44428", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1526/advisory.json", "detail_path": "advisories/ZDI-23-1526", "id": "ZDI-23-1526", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1526/", "vendor": "MuseScore", "vendor_url": null, "zdi_can": "ZDI-CAN-20769", "zdi_id": "ZDI-23-1526" }, { "cve": "CVE-2023-44427", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1525/advisory.json", "detail_path": "advisories/ZDI-23-1525", "id": "ZDI-23-1525", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1525/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21222", "zdi_id": "ZDI-23-1525" }, { "cve": "CVE-2023-44426", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1524/advisory.json", "detail_path": "advisories/ZDI-23-1524", "id": "ZDI-23-1524", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1524/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21160", "zdi_id": "ZDI-23-1524" }, { "cve": "CVE-2023-44425", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1523/advisory.json", "detail_path": "advisories/ZDI-23-1523", "id": "ZDI-23-1523", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1523/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21159", "zdi_id": "ZDI-23-1523" }, { "cve": "CVE-2023-44424", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1522/advisory.json", "detail_path": "advisories/ZDI-23-1522", "id": "ZDI-23-1522", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1522/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21158", "zdi_id": "ZDI-23-1522" }, { "cve": "CVE-2023-44423", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1521/advisory.json", "detail_path": "advisories/ZDI-23-1521", "id": "ZDI-23-1521", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1521/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21157", "zdi_id": "ZDI-23-1521" }, { "cve": "CVE-2023-44422", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1520/advisory.json", "detail_path": "advisories/ZDI-23-1520", "id": "ZDI-23-1520", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1520/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21102", "zdi_id": "ZDI-23-1520" }, { "cve": "CVE-2023-44421", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1519/advisory.json", "detail_path": "advisories/ZDI-23-1519", "id": "ZDI-23-1519", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1519/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21101", "zdi_id": "ZDI-23-1519" }, { "cve": "CVE-2023-44420", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi executable. The iss...", "detail_json": "/data/advisories/ZDI-23-1518/advisory.json", "detail_path": "advisories/ZDI-23-1518", "id": "ZDI-23-1518", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1518/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21100", "zdi_id": "ZDI-23-1518" }, { "cve": "CVE-2023-44419", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which hand...", "detail_json": "/data/advisories/ZDI-23-1517/advisory.json", "detail_path": "advisories/ZDI-23-1517", "id": "ZDI-23-1517", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1517/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20774", "zdi_id": "ZDI-23-1517" }, { "cve": "CVE-2023-44418", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which hand...", "detail_json": "/data/advisories/ZDI-23-1516/advisory.json", "detail_path": "advisories/ZDI-23-1516", "id": "ZDI-23-1516", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DIR-X3260 Prog.cgi Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1516/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20727", "zdi_id": "ZDI-23-1516" }, { "cve": "CVE-2023-44417", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1515/advisory.json", "detail_path": "advisories/ZDI-23-1515", "id": "ZDI-23-1515", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-2622 DDP Set IPv4 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1515/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20091", "zdi_id": "ZDI-23-1515" }, { "cve": "CVE-2023-44416", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 2...", "detail_json": "/data/advisories/ZDI-23-1514/advisory.json", "detail_path": "advisories/ZDI-23-1514", "id": "ZDI-23-1514", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1514/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20051", "zdi_id": "ZDI-23-1514" }, { "cve": "CVE-2023-44415", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which...", "detail_json": "/data/advisories/ZDI-23-1513/advisory.json", "detail_path": "advisories/ZDI-23-1513", "id": "ZDI-23-1513", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1513/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19946", "zdi_id": "ZDI-23-1513" }, { "cve": "CVE-2023-44414", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1512/advisory.json", "detail_path": "advisories/ZDI-23-1512", "id": "ZDI-23-1512", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1512/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19573", "zdi_id": "ZDI-23-1512" }, { "cve": "CVE-2023-44413", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the shutdown_coreserver action. The is...", "detail_json": "/data/advisories/ZDI-23-1511/advisory.json", "detail_path": "advisories/ZDI-23-1511", "id": "ZDI-23-1511", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1511/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19572", "zdi_id": "ZDI-23-1511" }, { "cve": "CVE-2023-44412", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the imprope...", "detail_json": "/data/advisories/ZDI-23-1510/advisory.json", "detail_path": "advisories/ZDI-23-1510", "id": "ZDI-23-1510", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1510/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19571", "zdi_id": "ZDI-23-1510" }, { "cve": "CVE-2023-44411", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a ha...", "detail_json": "/data/advisories/ZDI-23-1509/advisory.json", "detail_path": "advisories/ZDI-23-1509", "id": "ZDI-23-1509", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1509/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19553", "zdi_id": "ZDI-23-1509" }, { "cve": "CVE-2023-44410", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers method. The issue results from the lack of pr...", "detail_json": "/data/advisories/ZDI-23-1508/advisory.json", "detail_path": "advisories/ZDI-23-1508", "id": "ZDI-23-1508", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1508/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19535", "zdi_id": "ZDI-23-1508" }, { "cve": "CVE-2023-44409", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1507/advisory.json", "detail_path": "advisories/ZDI-23-1507", "id": "ZDI-23-1507", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1507/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18838", "zdi_id": "ZDI-23-1507" }, { "cve": "CVE-2023-44408", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1506/advisory.json", "detail_path": "advisories/ZDI-23-1506", "id": "ZDI-23-1506", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1506/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18827", "zdi_id": "ZDI-23-1506" }, { "cve": "CVE-2023-44407", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1505/advisory.json", "detail_path": "advisories/ZDI-23-1505", "id": "ZDI-23-1505", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1505/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18826", "zdi_id": "ZDI-23-1505" }, { "cve": "CVE-2023-44406", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1504/advisory.json", "detail_path": "advisories/ZDI-23-1504", "id": "ZDI-23-1504", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1504/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18825", "zdi_id": "ZDI-23-1504" }, { "cve": "CVE-2023-44405", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1503/advisory.json", "detail_path": "advisories/ZDI-23-1503", "id": "ZDI-23-1503", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1503/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18824", "zdi_id": "ZDI-23-1503" }, { "cve": "CVE-2023-44404", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1502/advisory.json", "detail_path": "advisories/ZDI-23-1502", "id": "ZDI-23-1502", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1502/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18823", "zdi_id": "ZDI-23-1502" }, { "cve": "CVE-2023-44403", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1501/advisory.json", "detail_path": "advisories/ZDI-23-1501", "id": "ZDI-23-1501", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "(0Day) D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1501/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18822", "zdi_id": "ZDI-23-1501" }, { "cve": "CVE-2023-39365", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-23-1500/advisory.json", "detail_path": "advisories/ZDI-23-1500", "id": "ZDI-23-1500", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "Cacti graph_view SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1500/", "vendor": "Cacti", "vendor_url": null, "zdi_can": "ZDI-CAN-20767", "zdi_id": "ZDI-23-1500" }, { "cve": "CVE-2023-39365", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability. The specific flaw exists within the link endpoint. The issue results from the lack of proper val...", "detail_json": "/data/advisories/ZDI-23-1499/advisory.json", "detail_path": "advisories/ZDI-23-1499", "id": "ZDI-23-1499", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "Cacti link Local File Inclusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1499/", "vendor": "Cacti", "vendor_url": null, "zdi_can": "ZDI-CAN-21001", "zdi_id": "ZDI-23-1499" }, { "cve": "CVE-2023-42131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1498/advisory.json", "detail_path": "advisories/ZDI-23-1498", "id": "ZDI-23-1498", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1498/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17827", "zdi_id": "ZDI-23-1498" }, { "cve": "CVE-2022-26773", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1497/advisory.json", "detail_path": "advisories/ZDI-23-1497", "id": "ZDI-23-1497", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "Apple iTunes Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1497/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16895", "zdi_id": "ZDI-23-1497" }, { "cve": "CVE-2023-42130", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileMgmtExport class. The issue results f...", "detail_json": "/data/advisories/ZDI-23-1496/advisory.json", "detail_path": "advisories/ZDI-23-1496", "id": "ZDI-23-1496", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1496/", "vendor": "A10", "vendor_url": null, "zdi_can": "ZDI-CAN-17905", "zdi_id": "ZDI-23-1496" }, { "cve": "CVE-2023-42129", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the ShowTechDownloadView class. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1495/advisory.json", "detail_path": "advisories/ZDI-23-1495", "id": "ZDI-23-1495", "kind": "published", "published_date": "2023-10-04", "status": "published", "title": "A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1495/", "vendor": "A10", "vendor_url": null, "zdi_can": "ZDI-CAN-17899", "zdi_id": "ZDI-23-1495" }, { "cve": "CVE-2023-38600", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-1494/advisory.json", "detail_path": "advisories/ZDI-23-1494", "id": "ZDI-23-1494", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "Apple Safari TypedArray copyWithin Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1494/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21167", "zdi_id": "ZDI-23-1494" }, { "cve": "CVE-2023-42126", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-23-1493/advisory.json", "detail_path": "advisories/ZDI-23-1493", "id": "ZDI-23-1493", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2023-12-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-20694", "zdi_id": "ZDI-23-1493" }, { "cve": "CVE-2023-39194", "cvss": 3.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-1492/advisory.json", "detail_path": "advisories/ZDI-23-1492", "id": "ZDI-23-1492", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "Linux Kernel XFRM Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-10-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1492/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18111", "zdi_id": "ZDI-23-1492" }, { "cve": "CVE-2023-39193", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-1491/advisory.json", "detail_path": "advisories/ZDI-23-1491", "id": "ZDI-23-1491", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "Linux Kernel Netfilter Xtables Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1491/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18866", "zdi_id": "ZDI-23-1491" }, { "cve": "CVE-2023-39192", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-1490/advisory.json", "detail_path": "advisories/ZDI-23-1490", "id": "ZDI-23-1490", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "Linux Kernel Netfilter Xtables Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1490/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18408", "zdi_id": "ZDI-23-1490" }, { "cve": "CVE-2023-39191", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-23-1489/advisory.json", "detail_path": "advisories/ZDI-23-1489", "id": "ZDI-23-1489", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1489/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-19399", "zdi_id": "ZDI-23-1489" }, { "cve": "CVE-2023-38743", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the installServiceWithCredentials function...", "detail_json": "/data/advisories/ZDI-23-1488/advisory.json", "detail_path": "advisories/ZDI-23-1488", "id": "ZDI-23-1488", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "ManageEngine ADManager Plus installServiceWithCredentials Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1488/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-21010", "zdi_id": "ZDI-23-1488" }, { "cve": "CVE-2023-42107", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1487/advisory.json", "detail_path": "advisories/ZDI-23-1487", "id": "ZDI-23-1487", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1487/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22134", "zdi_id": "ZDI-23-1487" }, { "cve": "CVE-2023-42106", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1486/advisory.json", "detail_path": "advisories/ZDI-23-1486", "id": "ZDI-23-1486", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1486/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22133", "zdi_id": "ZDI-23-1486" }, { "cve": "CVE-2023-42112", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1485/advisory.json", "detail_path": "advisories/ZDI-23-1485", "id": "ZDI-23-1485", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1485/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22146", "zdi_id": "ZDI-23-1485" }, { "cve": "CVE-2023-42109", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1484/advisory.json", "detail_path": "advisories/ZDI-23-1484", "id": "ZDI-23-1484", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1484/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22136", "zdi_id": "ZDI-23-1484" }, { "cve": "CVE-2023-42108", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1483/advisory.json", "detail_path": "advisories/ZDI-23-1483", "id": "ZDI-23-1483", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1483/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22135", "zdi_id": "ZDI-23-1483" }, { "cve": "CVE-2023-42110", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1482/advisory.json", "detail_path": "advisories/ZDI-23-1482", "id": "ZDI-23-1482", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1482/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22137", "zdi_id": "ZDI-23-1482" }, { "cve": "CVE-2023-42111", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1481/advisory.json", "detail_path": "advisories/ZDI-23-1481", "id": "ZDI-23-1481", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1481/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22138", "zdi_id": "ZDI-23-1481" }, { "cve": "CVE-2023-42113", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1480/advisory.json", "detail_path": "advisories/ZDI-23-1480", "id": "ZDI-23-1480", "kind": "published", "published_date": "2023-09-29", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1480/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22147", "zdi_id": "ZDI-23-1480" }, { "cve": "CVE-2023-42122", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1479/advisory.json", "detail_path": "advisories/ZDI-23-1479", "id": "ZDI-23-1479", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1479/", "vendor": "Control Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-21079", "zdi_id": "ZDI-23-1479" }, { "cve": "CVE-2023-42121", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authentication within the...", "detail_json": "/data/advisories/ZDI-23-1478/advisory.json", "detail_path": "advisories/ZDI-23-1478", "id": "ZDI-23-1478", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Control Web Panel Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1478/", "vendor": "Control Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-20582", "zdi_id": "ZDI-23-1478" }, { "cve": "CVE-2023-42120", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the dns_zone_editor module. The issue results from t...", "detail_json": "/data/advisories/ZDI-23-1477/advisory.json", "detail_path": "advisories/ZDI-23-1477", "id": "ZDI-23-1477", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1477/", "vendor": "Control Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-20581", "zdi_id": "ZDI-23-1477" }, { "cve": "CVE-2023-42123", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the mysql_manager module. The issue results from the...", "detail_json": "/data/advisories/ZDI-23-1476/advisory.json", "detail_path": "advisories/ZDI-23-1476", "id": "ZDI-23-1476", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1476/", "vendor": "Control Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-21080", "zdi_id": "ZDI-23-1476" }, { "cve": "CVE-2023-42125", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-1475/advisory.json", "detail_path": "advisories/ZDI-23-1475", "id": "ZDI-23-1475", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability", "updated_date": "2023-10-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1475/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-20383", "zdi_id": "ZDI-23-1475" }, { "cve": "CVE-2023-42124", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-1474/advisory.json", "detail_path": "advisories/ZDI-23-1474", "id": "ZDI-23-1474", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability", "updated_date": "2023-10-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1474/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-20178", "zdi_id": "ZDI-23-1474" }, { "cve": "CVE-2023-42119", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-23-1473/advisory.json", "detail_path": "advisories/ZDI-23-1473", "id": "ZDI-23-1473", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1473/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17643", "zdi_id": "ZDI-23-1473" }, { "cve": "CVE-2023-42118", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF...", "detail_json": "/data/advisories/ZDI-23-1472/advisory.json", "detail_path": "advisories/ZDI-23-1472", "id": "ZDI-23-1472", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17578", "zdi_id": "ZDI-23-1472" }, { "cve": "CVE-2023-42117", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. Th...", "detail_json": "/data/advisories/ZDI-23-1471/advisory.json", "detail_path": "advisories/ZDI-23-1471", "id": "ZDI-23-1471", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1471/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17554", "zdi_id": "ZDI-23-1471" }, { "cve": "CVE-2023-42116", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results fr...", "detail_json": "/data/advisories/ZDI-23-1470/advisory.json", "detail_path": "advisories/ZDI-23-1470", "id": "ZDI-23-1470", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1470/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17515", "zdi_id": "ZDI-23-1470" }, { "cve": "CVE-2023-42115", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. Th...", "detail_json": "/data/advisories/ZDI-23-1469/advisory.json", "detail_path": "advisories/ZDI-23-1469", "id": "ZDI-23-1469", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1469/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17434", "zdi_id": "ZDI-23-1469" }, { "cve": "CVE-2023-42114", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue re...", "detail_json": "/data/advisories/ZDI-23-1468/advisory.json", "detail_path": "advisories/ZDI-23-1468", "id": "ZDI-23-1468", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "(0Day) Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1468/", "vendor": "Exim", "vendor_url": null, "zdi_can": "ZDI-CAN-17433", "zdi_id": "ZDI-23-1468" }, { "cve": null, "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1467/advisory.json", "detail_path": "advisories/ZDI-23-1467", "id": "ZDI-23-1467", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Mozilla Firefox JIT Boolean Conversion Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1467/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-18594", "zdi_id": "ZDI-23-1467" }, { "cve": "CVE-2022-35825", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1466/advisory.json", "detail_path": "advisories/ZDI-23-1466", "id": "ZDI-23-1466", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1466/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18380", "zdi_id": "ZDI-23-1466" }, { "cve": "CVE-2022-35825", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1465/advisory.json", "detail_path": "advisories/ZDI-23-1465", "id": "ZDI-23-1465", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1465/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18378", "zdi_id": "ZDI-23-1465" }, { "cve": "CVE-2022-35825", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1464/advisory.json", "detail_path": "advisories/ZDI-23-1464", "id": "ZDI-23-1464", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1464/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18377", "zdi_id": "ZDI-23-1464" }, { "cve": "CVE-2022-35825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1463/advisory.json", "detail_path": "advisories/ZDI-23-1463", "id": "ZDI-23-1463", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1463/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18375", "zdi_id": "ZDI-23-1463" }, { "cve": "CVE-2022-35825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1462/advisory.json", "detail_path": "advisories/ZDI-23-1462", "id": "ZDI-23-1462", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1462/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18363", "zdi_id": "ZDI-23-1462" }, { "cve": "CVE-2022-35825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1461/advisory.json", "detail_path": "advisories/ZDI-23-1461", "id": "ZDI-23-1461", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1461/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18362", "zdi_id": "ZDI-23-1461" }, { "cve": "CVE-2022-35825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1460/advisory.json", "detail_path": "advisories/ZDI-23-1460", "id": "ZDI-23-1460", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1460/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18361", "zdi_id": "ZDI-23-1460" }, { "cve": "CVE-2022-35825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1459/advisory.json", "detail_path": "advisories/ZDI-23-1459", "id": "ZDI-23-1459", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "Microsoft Visual Studio DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1459/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18321", "zdi_id": "ZDI-23-1459" }, { "cve": "CVE-2023-40476", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1458/advisory.json", "detail_path": "advisories/ZDI-23-1458", "id": "ZDI-23-1458", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1458/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-21768", "zdi_id": "ZDI-23-1458" }, { "cve": "CVE-2023-40475", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1457/advisory.json", "detail_path": "advisories/ZDI-23-1457", "id": "ZDI-23-1457", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1457/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-21661", "zdi_id": "ZDI-23-1457" }, { "cve": "CVE-2023-40474", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1456/advisory.json", "detail_path": "advisories/ZDI-23-1456", "id": "ZDI-23-1456", "kind": "published", "published_date": "2023-09-27", "status": "published", "title": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1456/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-21660", "zdi_id": "ZDI-23-1456" }, { "cve": "CVE-2023-42100", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1455/advisory.json", "detail_path": "advisories/ZDI-23-1455", "id": "ZDI-23-1455", "kind": "published", "published_date": "2023-09-22", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1455/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21604", "zdi_id": "ZDI-23-1455" }, { "cve": "CVE-2023-42105", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1454/advisory.json", "detail_path": "advisories/ZDI-23-1454", "id": "ZDI-23-1454", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2023-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1454/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20562", "zdi_id": "ZDI-23-1454" }, { "cve": "CVE-2023-42104", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1453/advisory.json", "detail_path": "advisories/ZDI-23-1453", "id": "ZDI-23-1453", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1453/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20630", "zdi_id": "ZDI-23-1453" }, { "cve": "CVE-2023-42103", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1452/advisory.json", "detail_path": "advisories/ZDI-23-1452", "id": "ZDI-23-1452", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1452/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20660", "zdi_id": "ZDI-23-1452" }, { "cve": "CVE-2023-42102", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1451/advisory.json", "detail_path": "advisories/ZDI-23-1451", "id": "ZDI-23-1451", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2023-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1451/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20409", "zdi_id": "ZDI-23-1451" }, { "cve": "CVE-2023-42101", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1450/advisory.json", "detail_path": "advisories/ZDI-23-1450", "id": "ZDI-23-1450", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1450/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20418", "zdi_id": "ZDI-23-1450" }, { "cve": "CVE-2023-42099", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-23-1449/advisory.json", "detail_path": "advisories/ZDI-23-1449", "id": "ZDI-23-1449", "kind": "published", "published_date": "2023-09-21", "status": "published", "title": "(0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1449/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-21846", "zdi_id": "ZDI-23-1449" }, { "cve": "CVE-2023-36745", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of t...", "detail_json": "/data/advisories/ZDI-23-1448/advisory.json", "detail_path": "advisories/ZDI-23-1448", "id": "ZDI-23-1448", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1448/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21488", "zdi_id": "ZDI-23-1448" }, { "cve": "CVE-2023-36757", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deseri...", "detail_json": "/data/advisories/ZDI-23-1447/advisory.json", "detail_path": "advisories/ZDI-23-1447", "id": "ZDI-23-1447", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1447/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21487", "zdi_id": "ZDI-23-1447" }, { "cve": "CVE-2023-36805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-1446/advisory.json", "detail_path": "advisories/ZDI-23-1446", "id": "ZDI-23-1446", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1446/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20618", "zdi_id": "ZDI-23-1446" }, { "cve": "CVE-2023-38161", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1445/advisory.json", "detail_path": "advisories/ZDI-23-1445", "id": "ZDI-23-1445", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Microsoft Windows UMPDDrvRealizeBrush Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1445/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21031", "zdi_id": "ZDI-23-1445" }, { "cve": "CVE-2023-23840", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateAction method. The issue results f...", "detail_json": "/data/advisories/ZDI-23-1444/advisory.json", "detail_path": "advisories/ZDI-23-1444", "id": "ZDI-23-1444", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "SolarWinds Orion Platform UpdateAction Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1444/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21117", "zdi_id": "ZDI-23-1444" }, { "cve": "CVE-2023-23845", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issu...", "detail_json": "/data/advisories/ZDI-23-1443/advisory.json", "detail_path": "advisories/ZDI-23-1443", "id": "ZDI-23-1443", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "SolarWinds Orion Platform UpdateActionsProperties Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1443/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21097", "zdi_id": "ZDI-23-1443" }, { "cve": "CVE-2023-41140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1442/advisory.json", "detail_path": "advisories/ZDI-23-1442", "id": "ZDI-23-1442", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1442/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20949", "zdi_id": "ZDI-23-1442" }, { "cve": "CVE-2023-41140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1441/advisory.json", "detail_path": "advisories/ZDI-23-1441", "id": "ZDI-23-1441", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1441/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20897", "zdi_id": "ZDI-23-1441" }, { "cve": "CVE-2023-41139", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1440/advisory.json", "detail_path": "advisories/ZDI-23-1440", "id": "ZDI-23-1440", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD STP File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1440/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20857", "zdi_id": "ZDI-23-1440" }, { "cve": "CVE-2023-29073", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1439/advisory.json", "detail_path": "advisories/ZDI-23-1439", "id": "ZDI-23-1439", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1439/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20869", "zdi_id": "ZDI-23-1439" }, { "cve": "CVE-2023-29074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1438/advisory.json", "detail_path": "advisories/ZDI-23-1438", "id": "ZDI-23-1438", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1438/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20871", "zdi_id": "ZDI-23-1438" }, { "cve": "CVE-2023-29074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1437/advisory.json", "detail_path": "advisories/ZDI-23-1437", "id": "ZDI-23-1437", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1437/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20872", "zdi_id": "ZDI-23-1437" }, { "cve": "CVE-2023-29075", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1436/advisory.json", "detail_path": "advisories/ZDI-23-1436", "id": "ZDI-23-1436", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1436/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20868", "zdi_id": "ZDI-23-1436" }, { "cve": "CVE-2023-29076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1435/advisory.json", "detail_path": "advisories/ZDI-23-1435", "id": "ZDI-23-1435", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD SLDASM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1435/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20867", "zdi_id": "ZDI-23-1435" }, { "cve": "CVE-2023-29076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1434/advisory.json", "detail_path": "advisories/ZDI-23-1434", "id": "ZDI-23-1434", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1434/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20866", "zdi_id": "ZDI-23-1434" }, { "cve": "CVE-2023-29076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1433/advisory.json", "detail_path": "advisories/ZDI-23-1433", "id": "ZDI-23-1433", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1433/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20865", "zdi_id": "ZDI-23-1433" }, { "cve": "CVE-2023-29076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1432/advisory.json", "detail_path": "advisories/ZDI-23-1432", "id": "ZDI-23-1432", "kind": "published", "published_date": "2023-09-19", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1432/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20864", "zdi_id": "ZDI-23-1432" }, { "cve": "CVE-2023-42098", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1431/advisory.json", "detail_path": "advisories/ZDI-23-1431", "id": "ZDI-23-1431", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1431/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-22037", "zdi_id": "ZDI-23-1431" }, { "cve": "CVE-2023-42097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1430/advisory.json", "detail_path": "advisories/ZDI-23-1430", "id": "ZDI-23-1430", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1430/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21902", "zdi_id": "ZDI-23-1430" }, { "cve": "CVE-2023-42096", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1429/advisory.json", "detail_path": "advisories/ZDI-23-1429", "id": "ZDI-23-1429", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1429/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21880", "zdi_id": "ZDI-23-1429" }, { "cve": "CVE-2023-42095", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1428/advisory.json", "detail_path": "advisories/ZDI-23-1428", "id": "ZDI-23-1428", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1428/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21879", "zdi_id": "ZDI-23-1428" }, { "cve": "CVE-2023-42094", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1427/advisory.json", "detail_path": "advisories/ZDI-23-1427", "id": "ZDI-23-1427", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1427/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21873", "zdi_id": "ZDI-23-1427" }, { "cve": "CVE-2023-42093", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1426/advisory.json", "detail_path": "advisories/ZDI-23-1426", "id": "ZDI-23-1426", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1426/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21869", "zdi_id": "ZDI-23-1426" }, { "cve": "CVE-2023-42092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1425/advisory.json", "detail_path": "advisories/ZDI-23-1425", "id": "ZDI-23-1425", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1425/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21676", "zdi_id": "ZDI-23-1425" }, { "cve": "CVE-2023-42091", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-1424/advisory.json", "detail_path": "advisories/ZDI-23-1424", "id": "ZDI-23-1424", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1424/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21601", "zdi_id": "ZDI-23-1424" }, { "cve": "CVE-2023-42090", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1423/advisory.json", "detail_path": "advisories/ZDI-23-1423", "id": "ZDI-23-1423", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21596", "zdi_id": "ZDI-23-1423" }, { "cve": "CVE-2023-42089", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1422/advisory.json", "detail_path": "advisories/ZDI-23-1422", "id": "ZDI-23-1422", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1422/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21586", "zdi_id": "ZDI-23-1422" }, { "cve": "CVE-2023-27909", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-1421/advisory.json", "detail_path": "advisories/ZDI-23-1421", "id": "ZDI-23-1421", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Office Word FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1421/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21615", "zdi_id": "ZDI-23-1421" }, { "cve": "CVE-2023-36744", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of t...", "detail_json": "/data/advisories/ZDI-23-1420/advisory.json", "detail_path": "advisories/ZDI-23-1420", "id": "ZDI-23-1420", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Exchange DumpDataReader Deserialization of Untrusted Data Arbitrary File Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1420/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21614", "zdi_id": "ZDI-23-1420" }, { "cve": "CVE-2023-36756", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of t...", "detail_json": "/data/advisories/ZDI-23-1419/advisory.json", "detail_path": "advisories/ZDI-23-1419", "id": "ZDI-23-1419", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Exchange ApprovedApplicationCollection Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1419/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21498", "zdi_id": "ZDI-23-1419" }, { "cve": "CVE-2023-36777", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserializat...", "detail_json": "/data/advisories/ZDI-23-1418/advisory.json", "detail_path": "advisories/ZDI-23-1418", "id": "ZDI-23-1418", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Exchange ProjectInstance Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1418/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21490", "zdi_id": "ZDI-23-1418" }, { "cve": "CVE-2023-36777", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserializat...", "detail_json": "/data/advisories/ZDI-23-1417/advisory.json", "detail_path": "advisories/ZDI-23-1417", "id": "ZDI-23-1417", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Exchange Project Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1417/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21489", "zdi_id": "ZDI-23-1417" }, { "cve": "CVE-2023-36770", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1416/advisory.json", "detail_path": "advisories/ZDI-23-1416", "id": "ZDI-23-1416", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1416/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21073", "zdi_id": "ZDI-23-1416" }, { "cve": "CVE-2023-36773", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1415/advisory.json", "detail_path": "advisories/ZDI-23-1415", "id": "ZDI-23-1415", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1415/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21072", "zdi_id": "ZDI-23-1415" }, { "cve": "CVE-2023-36771", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1414/advisory.json", "detail_path": "advisories/ZDI-23-1414", "id": "ZDI-23-1414", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1414/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21071", "zdi_id": "ZDI-23-1414" }, { "cve": "CVE-2023-36772", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1413/advisory.json", "detail_path": "advisories/ZDI-23-1413", "id": "ZDI-23-1413", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1413/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21070", "zdi_id": "ZDI-23-1413" }, { "cve": "CVE-2023-36772", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1412/advisory.json", "detail_path": "advisories/ZDI-23-1412", "id": "ZDI-23-1412", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1412/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21069", "zdi_id": "ZDI-23-1412" }, { "cve": "CVE-2023-36772", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1411/advisory.json", "detail_path": "advisories/ZDI-23-1411", "id": "ZDI-23-1411", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1411/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21068", "zdi_id": "ZDI-23-1411" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1410/advisory.json", "detail_path": "advisories/ZDI-23-1410", "id": "ZDI-23-1410", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows UMPDDrvStrokePath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1410/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21028", "zdi_id": "ZDI-23-1410" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1409/advisory.json", "detail_path": "advisories/ZDI-23-1409", "id": "ZDI-23-1409", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21027", "zdi_id": "ZDI-23-1409" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1408/advisory.json", "detail_path": "advisories/ZDI-23-1408", "id": "ZDI-23-1408", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1408/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21009", "zdi_id": "ZDI-23-1408" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1407/advisory.json", "detail_path": "advisories/ZDI-23-1407", "id": "ZDI-23-1407", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1407/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21008", "zdi_id": "ZDI-23-1407" }, { "cve": "CVE-2023-36804", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1406/advisory.json", "detail_path": "advisories/ZDI-23-1406", "id": "ZDI-23-1406", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows UMPDDrvFillPath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1406/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21003", "zdi_id": "ZDI-23-1406" }, { "cve": "CVE-2023-38144", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-1405/advisory.json", "detail_path": "advisories/ZDI-23-1405", "id": "ZDI-23-1405", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows CLFS Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1405/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20989", "zdi_id": "ZDI-23-1405" }, { "cve": "CVE-2023-38143", "cvss": 2.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-1404/advisory.json", "detail_path": "advisories/ZDI-23-1404", "id": "ZDI-23-1404", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Windows CLFS Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1404/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20975", "zdi_id": "ZDI-23-1404" }, { "cve": "CVE-2023-38155", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-23-1403/advisory.json", "detail_path": "advisories/ZDI-23-1403", "id": "ZDI-23-1403", "kind": "published", "published_date": "2023-09-12", "status": "published", "title": "Microsoft Azure DevOps Server MachinePropertyBag Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1403/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20695", "zdi_id": "ZDI-23-1403" }, { "cve": "CVE-2023-30908", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetAdminPassword endpoint....", "detail_json": "/data/advisories/ZDI-23-1402/advisory.json", "detail_path": "advisories/ZDI-23-1402", "id": "ZDI-23-1402", "kind": "published", "published_date": "2023-09-11", "status": "published", "title": "Hewlett Packard Enterprise OneView resetAdminPassword Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1402/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-21510", "zdi_id": "ZDI-23-1402" }, { "cve": "CVE-2023-39912", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the download method. The issue res...", "detail_json": "/data/advisories/ZDI-23-1401/advisory.json", "detail_path": "advisories/ZDI-23-1401", "id": "ZDI-23-1401", "kind": "published", "published_date": "2023-09-11", "status": "published", "title": "ManageEngine ADManager Plus download Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1401/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-21184", "zdi_id": "ZDI-23-1401" }, { "cve": "CVE-2023-4685", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1400/advisory.json", "detail_path": "advisories/ZDI-23-1400", "id": "ZDI-23-1400", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Delta Electronics CNCSoft-B DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1400/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-21390", "zdi_id": "ZDI-23-1400" }, { "cve": "CVE-2023-42034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccessCTConfig method...", "detail_json": "/data/advisories/ZDI-23-1399/advisory.json", "detail_path": "advisories/ZDI-23-1399", "id": "ZDI-23-1399", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1399/", "vendor": "Visualware", "vendor_url": null, "zdi_can": "ZDI-CAN-21613", "zdi_id": "ZDI-23-1399" }, { "cve": "CVE-2023-42032", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method...", "detail_json": "/data/advisories/ZDI-23-1398/advisory.json", "detail_path": "advisories/ZDI-23-1398", "id": "ZDI-23-1398", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1398/", "vendor": "Visualware", "vendor_url": null, "zdi_can": "ZDI-CAN-21611", "zdi_id": "ZDI-23-1398" }, { "cve": "CVE-2023-42035", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doIForward method. Due...", "detail_json": "/data/advisories/ZDI-23-1397/advisory.json", "detail_path": "advisories/ZDI-23-1397", "id": "ZDI-23-1397", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1397/", "vendor": "Visualware", "vendor_url": null, "zdi_can": "ZDI-CAN-21774", "zdi_id": "ZDI-23-1397" }, { "cve": "CVE-2023-42033", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-23-1396/advisory.json", "detail_path": "advisories/ZDI-23-1396", "id": "ZDI-23-1396", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1396/", "vendor": "Visualware", "vendor_url": null, "zdi_can": "ZDI-CAN-21612", "zdi_id": "ZDI-23-1396" }, { "cve": "CVE-2023-42039", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1395/advisory.json", "detail_path": "advisories/ZDI-23-1395", "id": "ZDI-23-1395", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1395/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21603", "zdi_id": "ZDI-23-1395" }, { "cve": "CVE-2023-42038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1394/advisory.json", "detail_path": "advisories/ZDI-23-1394", "id": "ZDI-23-1394", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1394/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21602", "zdi_id": "ZDI-23-1394" }, { "cve": "CVE-2023-42036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1393/advisory.json", "detail_path": "advisories/ZDI-23-1393", "id": "ZDI-23-1393", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1393/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21582", "zdi_id": "ZDI-23-1393" }, { "cve": "CVE-2023-42037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1392/advisory.json", "detail_path": "advisories/ZDI-23-1392", "id": "ZDI-23-1392", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1392/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-21583", "zdi_id": "ZDI-23-1392" }, { "cve": "CVE-2023-42040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1391/advisory.json", "detail_path": "advisories/ZDI-23-1391", "id": "ZDI-23-1391", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1391/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20663", "zdi_id": "ZDI-23-1391" }, { "cve": "CVE-2023-42088", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1390/advisory.json", "detail_path": "advisories/ZDI-23-1390", "id": "ZDI-23-1390", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1390/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22088", "zdi_id": "ZDI-23-1390" }, { "cve": "CVE-2023-42085", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1389/advisory.json", "detail_path": "advisories/ZDI-23-1389", "id": "ZDI-23-1389", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1389/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22061", "zdi_id": "ZDI-23-1389" }, { "cve": "CVE-2023-42086", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1388/advisory.json", "detail_path": "advisories/ZDI-23-1388", "id": "ZDI-23-1388", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1388/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22062", "zdi_id": "ZDI-23-1388" }, { "cve": "CVE-2023-42087", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1387/advisory.json", "detail_path": "advisories/ZDI-23-1387", "id": "ZDI-23-1387", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1387/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-22064", "zdi_id": "ZDI-23-1387" }, { "cve": "CVE-2023-42083", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1386/advisory.json", "detail_path": "advisories/ZDI-23-1386", "id": "ZDI-23-1386", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1386/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21967", "zdi_id": "ZDI-23-1386" }, { "cve": "CVE-2023-42084", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1385/advisory.json", "detail_path": "advisories/ZDI-23-1385", "id": "ZDI-23-1385", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1385/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21974", "zdi_id": "ZDI-23-1385" }, { "cve": "CVE-2023-42082", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1384/advisory.json", "detail_path": "advisories/ZDI-23-1384", "id": "ZDI-23-1384", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1384/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21944", "zdi_id": "ZDI-23-1384" }, { "cve": "CVE-2023-42081", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1383/advisory.json", "detail_path": "advisories/ZDI-23-1383", "id": "ZDI-23-1383", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1383/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21878", "zdi_id": "ZDI-23-1383" }, { "cve": "CVE-2023-42080", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1382/advisory.json", "detail_path": "advisories/ZDI-23-1382", "id": "ZDI-23-1382", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1382/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21877", "zdi_id": "ZDI-23-1382" }, { "cve": "CVE-2023-42078", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1381/advisory.json", "detail_path": "advisories/ZDI-23-1381", "id": "ZDI-23-1381", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1381/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21850", "zdi_id": "ZDI-23-1381" }, { "cve": "CVE-2023-42079", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1380/advisory.json", "detail_path": "advisories/ZDI-23-1380", "id": "ZDI-23-1380", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1380/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21851", "zdi_id": "ZDI-23-1380" }, { "cve": "CVE-2023-42077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1379/advisory.json", "detail_path": "advisories/ZDI-23-1379", "id": "ZDI-23-1379", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1379/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21818", "zdi_id": "ZDI-23-1379" }, { "cve": "CVE-2023-42075", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1378/advisory.json", "detail_path": "advisories/ZDI-23-1378", "id": "ZDI-23-1378", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1378/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21691", "zdi_id": "ZDI-23-1378" }, { "cve": "CVE-2023-42076", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1377/advisory.json", "detail_path": "advisories/ZDI-23-1377", "id": "ZDI-23-1377", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1377/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21762", "zdi_id": "ZDI-23-1377" }, { "cve": "CVE-2023-42074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1376/advisory.json", "detail_path": "advisories/ZDI-23-1376", "id": "ZDI-23-1376", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1376/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21338", "zdi_id": "ZDI-23-1376" }, { "cve": "CVE-2023-42071", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1375/advisory.json", "detail_path": "advisories/ZDI-23-1375", "id": "ZDI-23-1375", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1375/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21291", "zdi_id": "ZDI-23-1375" }, { "cve": "CVE-2023-42073", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1374/advisory.json", "detail_path": "advisories/ZDI-23-1374", "id": "ZDI-23-1374", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1374/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21323", "zdi_id": "ZDI-23-1374" }, { "cve": "CVE-2023-42072", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1373/advisory.json", "detail_path": "advisories/ZDI-23-1373", "id": "ZDI-23-1373", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1373/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21311", "zdi_id": "ZDI-23-1373" }, { "cve": "CVE-2023-42070", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1372/advisory.json", "detail_path": "advisories/ZDI-23-1372", "id": "ZDI-23-1372", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1372/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21179", "zdi_id": "ZDI-23-1372" }, { "cve": "CVE-2023-42069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1371/advisory.json", "detail_path": "advisories/ZDI-23-1371", "id": "ZDI-23-1371", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1371/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-21166", "zdi_id": "ZDI-23-1371" }, { "cve": "CVE-2023-42043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1370/advisory.json", "detail_path": "advisories/ZDI-23-1370", "id": "ZDI-23-1370", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1370/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20887", "zdi_id": "ZDI-23-1370" }, { "cve": "CVE-2023-42068", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1369/advisory.json", "detail_path": "advisories/ZDI-23-1369", "id": "ZDI-23-1369", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1369/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20985", "zdi_id": "ZDI-23-1369" }, { "cve": "CVE-2023-42052", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1368/advisory.json", "detail_path": "advisories/ZDI-23-1368", "id": "ZDI-23-1368", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1368/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20925", "zdi_id": "ZDI-23-1368" }, { "cve": "CVE-2023-42053", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1367/advisory.json", "detail_path": "advisories/ZDI-23-1367", "id": "ZDI-23-1367", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1367/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20926", "zdi_id": "ZDI-23-1367" }, { "cve": "CVE-2023-42054", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1366/advisory.json", "detail_path": "advisories/ZDI-23-1366", "id": "ZDI-23-1366", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1366/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20927", "zdi_id": "ZDI-23-1366" }, { "cve": "CVE-2023-42055", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1365/advisory.json", "detail_path": "advisories/ZDI-23-1365", "id": "ZDI-23-1365", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1365/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20928", "zdi_id": "ZDI-23-1365" }, { "cve": "CVE-2023-42056", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1364/advisory.json", "detail_path": "advisories/ZDI-23-1364", "id": "ZDI-23-1364", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1364/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20929", "zdi_id": "ZDI-23-1364" }, { "cve": "CVE-2023-42057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1363/advisory.json", "detail_path": "advisories/ZDI-23-1363", "id": "ZDI-23-1363", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1363/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20930", "zdi_id": "ZDI-23-1363" }, { "cve": "CVE-2023-42058", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1362/advisory.json", "detail_path": "advisories/ZDI-23-1362", "id": "ZDI-23-1362", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1362/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20931", "zdi_id": "ZDI-23-1362" }, { "cve": "CVE-2023-42059", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1361/advisory.json", "detail_path": "advisories/ZDI-23-1361", "id": "ZDI-23-1361", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1361/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20932", "zdi_id": "ZDI-23-1361" }, { "cve": "CVE-2023-42044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "his vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-1360/advisory.json", "detail_path": "advisories/ZDI-23-1360", "id": "ZDI-23-1360", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1360/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20889", "zdi_id": "ZDI-23-1360" }, { "cve": "CVE-2023-42060", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1359/advisory.json", "detail_path": "advisories/ZDI-23-1359", "id": "ZDI-23-1359", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1359/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20933", "zdi_id": "ZDI-23-1359" }, { "cve": "CVE-2023-42061", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1358/advisory.json", "detail_path": "advisories/ZDI-23-1358", "id": "ZDI-23-1358", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1358/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20934", "zdi_id": "ZDI-23-1358" }, { "cve": "CVE-2023-42063", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1357/advisory.json", "detail_path": "advisories/ZDI-23-1357", "id": "ZDI-23-1357", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1357/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20943", "zdi_id": "ZDI-23-1357" }, { "cve": "CVE-2023-42041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1356/advisory.json", "detail_path": "advisories/ZDI-23-1356", "id": "ZDI-23-1356", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1356/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20845", "zdi_id": "ZDI-23-1356" }, { "cve": "CVE-2023-42042", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1355/advisory.json", "detail_path": "advisories/ZDI-23-1355", "id": "ZDI-23-1355", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor App Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1355/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20848", "zdi_id": "ZDI-23-1355" }, { "cve": "CVE-2023-42045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1354/advisory.json", "detail_path": "advisories/ZDI-23-1354", "id": "ZDI-23-1354", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1354/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20906", "zdi_id": "ZDI-23-1354" }, { "cve": "CVE-2023-42046", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1353/advisory.json", "detail_path": "advisories/ZDI-23-1353", "id": "ZDI-23-1353", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1353/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20907", "zdi_id": "ZDI-23-1353" }, { "cve": "CVE-2023-42047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1352/advisory.json", "detail_path": "advisories/ZDI-23-1352", "id": "ZDI-23-1352", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1352/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20908", "zdi_id": "ZDI-23-1352" }, { "cve": "CVE-2023-42048", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1351/advisory.json", "detail_path": "advisories/ZDI-23-1351", "id": "ZDI-23-1351", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1351/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20909", "zdi_id": "ZDI-23-1351" }, { "cve": "CVE-2023-42049", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1350/advisory.json", "detail_path": "advisories/ZDI-23-1350", "id": "ZDI-23-1350", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1350/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20920", "zdi_id": "ZDI-23-1350" }, { "cve": "CVE-2023-42050", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1349/advisory.json", "detail_path": "advisories/ZDI-23-1349", "id": "ZDI-23-1349", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1349/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20921", "zdi_id": "ZDI-23-1349" }, { "cve": "CVE-2023-42051", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1348/advisory.json", "detail_path": "advisories/ZDI-23-1348", "id": "ZDI-23-1348", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1348/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20924", "zdi_id": "ZDI-23-1348" }, { "cve": "CVE-2023-42062", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1347/advisory.json", "detail_path": "advisories/ZDI-23-1347", "id": "ZDI-23-1347", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1347/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20935", "zdi_id": "ZDI-23-1347" }, { "cve": "CVE-2023-42064", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1346/advisory.json", "detail_path": "advisories/ZDI-23-1346", "id": "ZDI-23-1346", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1346/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20944", "zdi_id": "ZDI-23-1346" }, { "cve": "CVE-2023-42065", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1345/advisory.json", "detail_path": "advisories/ZDI-23-1345", "id": "ZDI-23-1345", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1345/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20973", "zdi_id": "ZDI-23-1345" }, { "cve": "CVE-2023-42066", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1344/advisory.json", "detail_path": "advisories/ZDI-23-1344", "id": "ZDI-23-1344", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1344/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20974", "zdi_id": "ZDI-23-1344" }, { "cve": "CVE-2023-42067", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1343/advisory.json", "detail_path": "advisories/ZDI-23-1343", "id": "ZDI-23-1343", "kind": "published", "published_date": "2023-09-08", "status": "published", "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1343/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20984", "zdi_id": "ZDI-23-1343" }, { "cve": "CVE-2023-41741", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue res...", "detail_json": "/data/advisories/ZDI-23-1342/advisory.json", "detail_path": "advisories/ZDI-23-1342", "id": "ZDI-23-1342", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1342/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19744", "zdi_id": "ZDI-23-1342" }, { "cve": "CVE-2023-41740", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file...", "detail_json": "/data/advisories/ZDI-23-1341/advisory.json", "detail_path": "advisories/ZDI-23-1341", "id": "ZDI-23-1341", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1341/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19743", "zdi_id": "ZDI-23-1341" }, { "cve": "CVE-2023-41739", "cvss": 5.7, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file....", "detail_json": "/data/advisories/ZDI-23-1340/advisory.json", "detail_path": "advisories/ZDI-23-1340", "id": "ZDI-23-1340", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1340/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19742", "zdi_id": "ZDI-23-1340" }, { "cve": "CVE-2023-41738", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WEB API endpoint. The issue re...", "detail_json": "/data/advisories/ZDI-23-1339/advisory.json", "detail_path": "advisories/ZDI-23-1339", "id": "ZDI-23-1339", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1339/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19741", "zdi_id": "ZDI-23-1339" }, { "cve": "CVE-2023-41230", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handl...", "detail_json": "/data/advisories/ZDI-23-1338/advisory.json", "detail_path": "advisories/ZDI-23-1338", "id": "ZDI-23-1338", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1338/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21674", "zdi_id": "ZDI-23-1338" }, { "cve": "CVE-2023-41229", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handl...", "detail_json": "/data/advisories/ZDI-23-1337/advisory.json", "detail_path": "advisories/ZDI-23-1337", "id": "ZDI-23-1337", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1337/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21671", "zdi_id": "ZDI-23-1337" }, { "cve": "CVE-2023-41228", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1336/advisory.json", "detail_path": "advisories/ZDI-23-1336", "id": "ZDI-23-1336", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1336/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21654", "zdi_id": "ZDI-23-1336" }, { "cve": "CVE-2023-41227", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1335/advisory.json", "detail_path": "advisories/ZDI-23-1335", "id": "ZDI-23-1335", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1335/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21653", "zdi_id": "ZDI-23-1335" }, { "cve": "CVE-2023-41226", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1334/advisory.json", "detail_path": "advisories/ZDI-23-1334", "id": "ZDI-23-1334", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1334/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21652", "zdi_id": "ZDI-23-1334" }, { "cve": "CVE-2023-41225", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1333/advisory.json", "detail_path": "advisories/ZDI-23-1333", "id": "ZDI-23-1333", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1333/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21651", "zdi_id": "ZDI-23-1333" }, { "cve": "CVE-2023-41224", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1332/advisory.json", "detail_path": "advisories/ZDI-23-1332", "id": "ZDI-23-1332", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetDeviceSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1332/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21650", "zdi_id": "ZDI-23-1332" }, { "cve": "CVE-2023-41223", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1331/advisory.json", "detail_path": "advisories/ZDI-23-1331", "id": "ZDI-23-1331", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1331/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21623", "zdi_id": "ZDI-23-1331" }, { "cve": "CVE-2023-41222", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1330/advisory.json", "detail_path": "advisories/ZDI-23-1330", "id": "ZDI-23-1330", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1330/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21622", "zdi_id": "ZDI-23-1330" }, { "cve": "CVE-2023-41221", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1329/advisory.json", "detail_path": "advisories/ZDI-23-1329", "id": "ZDI-23-1329", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1329/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21621", "zdi_id": "ZDI-23-1329" }, { "cve": "CVE-2023-41220", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1328/advisory.json", "detail_path": "advisories/ZDI-23-1328", "id": "ZDI-23-1328", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1328/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21620", "zdi_id": "ZDI-23-1328" }, { "cve": "CVE-2023-41219", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1327/advisory.json", "detail_path": "advisories/ZDI-23-1327", "id": "ZDI-23-1327", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1327/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21619", "zdi_id": "ZDI-23-1327" }, { "cve": "CVE-2023-41218", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1326/advisory.json", "detail_path": "advisories/ZDI-23-1326", "id": "ZDI-23-1326", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1326/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21618", "zdi_id": "ZDI-23-1326" }, { "cve": "CVE-2023-41217", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1325/advisory.json", "detail_path": "advisories/ZDI-23-1325", "id": "ZDI-23-1325", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1325/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21617", "zdi_id": "ZDI-23-1325" }, { "cve": "CVE-2023-41216", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles H...", "detail_json": "/data/advisories/ZDI-23-1324/advisory.json", "detail_path": "advisories/ZDI-23-1324", "id": "ZDI-23-1324", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1324/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-21616", "zdi_id": "ZDI-23-1324" }, { "cve": "CVE-2023-41186", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the...", "detail_json": "/data/advisories/ZDI-23-1323/advisory.json", "detail_path": "advisories/ZDI-23-1323", "id": "ZDI-23-1323", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1323/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18804", "zdi_id": "ZDI-23-1323" }, { "cve": "CVE-2023-41187", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HNAP i...", "detail_json": "/data/advisories/ZDI-23-1322/advisory.json", "detail_path": "advisories/ZDI-23-1322", "id": "ZDI-23-1322", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1322/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18807", "zdi_id": "ZDI-23-1322" }, { "cve": "CVE-2023-41213", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1321/advisory.json", "detail_path": "advisories/ZDI-23-1321", "id": "ZDI-23-1321", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1321/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18840", "zdi_id": "ZDI-23-1321" }, { "cve": "CVE-2023-41212", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1320/advisory.json", "detail_path": "advisories/ZDI-23-1320", "id": "ZDI-23-1320", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1320/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18839", "zdi_id": "ZDI-23-1320" }, { "cve": "CVE-2023-41211", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1319/advisory.json", "detail_path": "advisories/ZDI-23-1319", "id": "ZDI-23-1319", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1319/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18837", "zdi_id": "ZDI-23-1319" }, { "cve": "CVE-2023-41210", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1318/advisory.json", "detail_path": "advisories/ZDI-23-1318", "id": "ZDI-23-1318", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1318/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18836", "zdi_id": "ZDI-23-1318" }, { "cve": "CVE-2023-41209", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1317/advisory.json", "detail_path": "advisories/ZDI-23-1317", "id": "ZDI-23-1317", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1317/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18835", "zdi_id": "ZDI-23-1317" }, { "cve": "CVE-2023-41208", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1316/advisory.json", "detail_path": "advisories/ZDI-23-1316", "id": "ZDI-23-1316", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1316/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18834", "zdi_id": "ZDI-23-1316" }, { "cve": "CVE-2023-41207", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1315/advisory.json", "detail_path": "advisories/ZDI-23-1315", "id": "ZDI-23-1315", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1315/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18833", "zdi_id": "ZDI-23-1315" }, { "cve": "CVE-2023-41206", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1314/advisory.json", "detail_path": "advisories/ZDI-23-1314", "id": "ZDI-23-1314", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1314/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18832", "zdi_id": "ZDI-23-1314" }, { "cve": "CVE-2023-41205", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1313/advisory.json", "detail_path": "advisories/ZDI-23-1313", "id": "ZDI-23-1313", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1313/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18831", "zdi_id": "ZDI-23-1313" }, { "cve": "CVE-2023-41204", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1312/advisory.json", "detail_path": "advisories/ZDI-23-1312", "id": "ZDI-23-1312", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetAPLanSettings SecondaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1312/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18830", "zdi_id": "ZDI-23-1312" }, { "cve": "CVE-2023-41203", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1311/advisory.json", "detail_path": "advisories/ZDI-23-1311", "id": "ZDI-23-1311", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1311/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18829", "zdi_id": "ZDI-23-1311" }, { "cve": "CVE-2023-41202", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1310/advisory.json", "detail_path": "advisories/ZDI-23-1310", "id": "ZDI-23-1310", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1310/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18828", "zdi_id": "ZDI-23-1310" }, { "cve": "CVE-2023-41201", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1309/advisory.json", "detail_path": "advisories/ZDI-23-1309", "id": "ZDI-23-1309", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1309/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18821", "zdi_id": "ZDI-23-1309" }, { "cve": "CVE-2023-41200", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1308/advisory.json", "detail_path": "advisories/ZDI-23-1308", "id": "ZDI-23-1308", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1308/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18820", "zdi_id": "ZDI-23-1308" }, { "cve": "CVE-2023-41199", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1307/advisory.json", "detail_path": "advisories/ZDI-23-1307", "id": "ZDI-23-1307", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1307/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18819", "zdi_id": "ZDI-23-1307" }, { "cve": "CVE-2023-41198", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1306/advisory.json", "detail_path": "advisories/ZDI-23-1306", "id": "ZDI-23-1306", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1306/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18818", "zdi_id": "ZDI-23-1306" }, { "cve": "CVE-2023-41197", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1305/advisory.json", "detail_path": "advisories/ZDI-23-1305", "id": "ZDI-23-1305", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1305/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18817", "zdi_id": "ZDI-23-1305" }, { "cve": "CVE-2023-41196", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1304/advisory.json", "detail_path": "advisories/ZDI-23-1304", "id": "ZDI-23-1304", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1304/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18816", "zdi_id": "ZDI-23-1304" }, { "cve": "CVE-2023-41195", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1303/advisory.json", "detail_path": "advisories/ZDI-23-1303", "id": "ZDI-23-1303", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1303/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18815", "zdi_id": "ZDI-23-1303" }, { "cve": "CVE-2023-41194", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1302/advisory.json", "detail_path": "advisories/ZDI-23-1302", "id": "ZDI-23-1302", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1302/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18814", "zdi_id": "ZDI-23-1302" }, { "cve": "CVE-2023-41193", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1301/advisory.json", "detail_path": "advisories/ZDI-23-1301", "id": "ZDI-23-1301", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1301/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18813", "zdi_id": "ZDI-23-1301" }, { "cve": "CVE-2023-41192", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1300/advisory.json", "detail_path": "advisories/ZDI-23-1300", "id": "ZDI-23-1300", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1300/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18812", "zdi_id": "ZDI-23-1300" }, { "cve": "CVE-2023-41191", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1299/advisory.json", "detail_path": "advisories/ZDI-23-1299", "id": "ZDI-23-1299", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1299/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18811", "zdi_id": "ZDI-23-1299" }, { "cve": "CVE-2023-41190", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1298/advisory.json", "detail_path": "advisories/ZDI-23-1298", "id": "ZDI-23-1298", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1298/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18810", "zdi_id": "ZDI-23-1298" }, { "cve": "CVE-2023-41189", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1297/advisory.json", "detail_path": "advisories/ZDI-23-1297", "id": "ZDI-23-1297", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1297/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18809", "zdi_id": "ZDI-23-1297" }, { "cve": "CVE-2023-41188", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parame...", "detail_json": "/data/advisories/ZDI-23-1296/advisory.json", "detail_path": "advisories/ZDI-23-1296", "id": "ZDI-23-1296", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1296/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18808", "zdi_id": "ZDI-23-1296" }, { "cve": "CVE-2023-41214", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provide...", "detail_json": "/data/advisories/ZDI-23-1295/advisory.json", "detail_path": "advisories/ZDI-23-1295", "id": "ZDI-23-1295", "kind": "published", "published_date": "2023-09-07", "status": "published", "title": "D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1295/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18841", "zdi_id": "ZDI-23-1295" }, { "cve": "CVE-2023-0251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1294/advisory.json", "detail_path": "advisories/ZDI-23-1294", "id": "ZDI-23-1294", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1294/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19435", "zdi_id": "ZDI-23-1294" }, { "cve": "CVE-2023-0123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1293/advisory.json", "detail_path": "advisories/ZDI-23-1293", "id": "ZDI-23-1293", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1293/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19203", "zdi_id": "ZDI-23-1293" }, { "cve": "CVE-2023-0123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1292/advisory.json", "detail_path": "advisories/ZDI-23-1292", "id": "ZDI-23-1292", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1292/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19200", "zdi_id": "ZDI-23-1292" }, { "cve": "CVE-2023-0124", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1291/advisory.json", "detail_path": "advisories/ZDI-23-1291", "id": "ZDI-23-1291", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1291/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19196", "zdi_id": "ZDI-23-1291" }, { "cve": "CVE-2023-0123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1290/advisory.json", "detail_path": "advisories/ZDI-23-1290", "id": "ZDI-23-1290", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1290/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19195", "zdi_id": "ZDI-23-1290" }, { "cve": "CVE-2023-0123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1289/advisory.json", "detail_path": "advisories/ZDI-23-1289", "id": "ZDI-23-1289", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1289/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19194", "zdi_id": "ZDI-23-1289" }, { "cve": "CVE-2023-0123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1288/advisory.json", "detail_path": "advisories/ZDI-23-1288", "id": "ZDI-23-1288", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1288/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19193", "zdi_id": "ZDI-23-1288" }, { "cve": "CVE-2023-41184", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-1287/advisory.json", "detail_path": "advisories/ZDI-23-1287", "id": "ZDI-23-1287", "kind": "published", "published_date": "2023-08-31", "status": "published", "title": "TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1287/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20589", "zdi_id": "ZDI-23-1287" }, { "cve": "CVE-2023-41185", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of clien...", "detail_json": "/data/advisories/ZDI-23-1286/advisory.json", "detail_path": "advisories/ZDI-23-1286", "id": "ZDI-23-1286", "kind": "published", "published_date": "2023-08-30", "status": "published", "title": "Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1286/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20353", "zdi_id": "ZDI-23-1286" }, { "cve": "CVE-2023-39469", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results...", "detail_json": "/data/advisories/ZDI-23-1285/advisory.json", "detail_path": "advisories/ZDI-23-1285", "id": "ZDI-23-1285", "kind": "published", "published_date": "2023-08-30", "status": "published", "title": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-21013", "zdi_id": "ZDI-23-1285" }, { "cve": "CVE-2023-41182", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-1284/advisory.json", "detail_path": "advisories/ZDI-23-1284", "id": "ZDI-23-1284", "kind": "published", "published_date": "2023-08-30", "status": "published", "title": "NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1284/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19716", "zdi_id": "ZDI-23-1284" }, { "cve": "CVE-2023-41183", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP A...", "detail_json": "/data/advisories/ZDI-23-1283/advisory.json", "detail_path": "advisories/ZDI-23-1283", "id": "ZDI-23-1283", "kind": "published", "published_date": "2023-08-30", "status": "published", "title": "NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1283/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-20524", "zdi_id": "ZDI-23-1283" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. An attacker must first obtain the ability to execute script within the application window in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1282/advisory.json", "detail_path": "advisories/ZDI-23-1282", "id": "ZDI-23-1282", "kind": "published", "published_date": "2023-08-30", "status": "published", "title": "Microsoft Teams Pluginhost Prototype Pollution Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1282/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21201", "zdi_id": "ZDI-23-1282" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-23-1281/advisory.json", "detail_path": "advisories/ZDI-23-1281", "id": "ZDI-23-1281", "kind": "published", "published_date": "2023-08-29", "status": "published", "title": "Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2023-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1281/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-19459", "zdi_id": "ZDI-23-1281" }, { "cve": "CVE-2023-37325", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the D...", "detail_json": "/data/advisories/ZDI-23-1280/advisory.json", "detail_path": "advisories/ZDI-23-1280", "id": "ZDI-23-1280", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability", "updated_date": "2024-05-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1280/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20104", "zdi_id": "ZDI-23-1280" }, { "cve": "CVE-2023-37326", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1279/advisory.json", "detail_path": "advisories/ZDI-23-1279", "id": "ZDI-23-1279", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1279/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20103", "zdi_id": "ZDI-23-1279" }, { "cve": "CVE-2023-37324", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1278/advisory.json", "detail_path": "advisories/ZDI-23-1278", "id": "ZDI-23-1278", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1278/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20102", "zdi_id": "ZDI-23-1278" }, { "cve": "CVE-2023-37323", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1277/advisory.json", "detail_path": "advisories/ZDI-23-1277", "id": "ZDI-23-1277", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1277/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20101", "zdi_id": "ZDI-23-1277" }, { "cve": "CVE-2023-37322", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1276/advisory.json", "detail_path": "advisories/ZDI-23-1276", "id": "ZDI-23-1276", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1276/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20100", "zdi_id": "ZDI-23-1276" }, { "cve": "CVE-2023-37321", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1275/advisory.json", "detail_path": "advisories/ZDI-23-1275", "id": "ZDI-23-1275", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1275/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20099", "zdi_id": "ZDI-23-1275" }, { "cve": "CVE-2023-37320", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1274/advisory.json", "detail_path": "advisories/ZDI-23-1274", "id": "ZDI-23-1274", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1274/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20098", "zdi_id": "ZDI-23-1274" }, { "cve": "CVE-2023-37319", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1273/advisory.json", "detail_path": "advisories/ZDI-23-1273", "id": "ZDI-23-1273", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1273/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20097", "zdi_id": "ZDI-23-1273" }, { "cve": "CVE-2023-37318", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1272/advisory.json", "detail_path": "advisories/ZDI-23-1272", "id": "ZDI-23-1272", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1272/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20096", "zdi_id": "ZDI-23-1272" }, { "cve": "CVE-2023-37317", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1271/advisory.json", "detail_path": "advisories/ZDI-23-1271", "id": "ZDI-23-1271", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1271/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20095", "zdi_id": "ZDI-23-1271" }, { "cve": "CVE-2023-37316", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1270/advisory.json", "detail_path": "advisories/ZDI-23-1270", "id": "ZDI-23-1270", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1270/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20094", "zdi_id": "ZDI-23-1270" }, { "cve": "CVE-2023-37315", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1269/advisory.json", "detail_path": "advisories/ZDI-23-1269", "id": "ZDI-23-1269", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1269/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20093", "zdi_id": "ZDI-23-1269" }, { "cve": "CVE-2023-37314", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1268/advisory.json", "detail_path": "advisories/ZDI-23-1268", "id": "ZDI-23-1268", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1268/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20092", "zdi_id": "ZDI-23-1268" }, { "cve": "CVE-2023-37313", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1267/advisory.json", "detail_path": "advisories/ZDI-23-1267", "id": "ZDI-23-1267", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1267/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20090", "zdi_id": "ZDI-23-1267" }, { "cve": "CVE-2023-37312", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1266/advisory.json", "detail_path": "advisories/ZDI-23-1266", "id": "ZDI-23-1266", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1266/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20089", "zdi_id": "ZDI-23-1266" }, { "cve": "CVE-2023-37311", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1265/advisory.json", "detail_path": "advisories/ZDI-23-1265", "id": "ZDI-23-1265", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1265/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20088", "zdi_id": "ZDI-23-1265" }, { "cve": "CVE-2023-37310", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1264/advisory.json", "detail_path": "advisories/ZDI-23-1264", "id": "ZDI-23-1264", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1264/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20087", "zdi_id": "ZDI-23-1264" }, { "cve": "CVE-2023-41215", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1263/advisory.json", "detail_path": "advisories/ZDI-23-1263", "id": "ZDI-23-1263", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1263/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20086", "zdi_id": "ZDI-23-1263" }, { "cve": "CVE-2023-35757", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1262/advisory.json", "detail_path": "advisories/ZDI-23-1262", "id": "ZDI-23-1262", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-05-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1262/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20085", "zdi_id": "ZDI-23-1262" }, { "cve": "CVE-2023-35756", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1261/advisory.json", "detail_path": "advisories/ZDI-23-1261", "id": "ZDI-23-1261", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1261/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20084", "zdi_id": "ZDI-23-1261" }, { "cve": "CVE-2023-35755", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1260/advisory.json", "detail_path": "advisories/ZDI-23-1260", "id": "ZDI-23-1260", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1260/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20083", "zdi_id": "ZDI-23-1260" }, { "cve": "CVE-2023-35754", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1259/advisory.json", "detail_path": "advisories/ZDI-23-1259", "id": "ZDI-23-1259", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1259/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20082", "zdi_id": "ZDI-23-1259" }, { "cve": "CVE-2023-35753", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1258/advisory.json", "detail_path": "advisories/ZDI-23-1258", "id": "ZDI-23-1258", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1258/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20081", "zdi_id": "ZDI-23-1258" }, { "cve": "CVE-2023-35752", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1257/advisory.json", "detail_path": "advisories/ZDI-23-1257", "id": "ZDI-23-1257", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1257/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20080", "zdi_id": "ZDI-23-1257" }, { "cve": "CVE-2023-35751", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1256/advisory.json", "detail_path": "advisories/ZDI-23-1256", "id": "ZDI-23-1256", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1256/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20079", "zdi_id": "ZDI-23-1256" }, { "cve": "CVE-2023-35750", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The iss...", "detail_json": "/data/advisories/ZDI-23-1255/advisory.json", "detail_path": "advisories/ZDI-23-1255", "id": "ZDI-23-1255", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1255/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20078", "zdi_id": "ZDI-23-1255" }, { "cve": "CVE-2023-35749", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1254/advisory.json", "detail_path": "advisories/ZDI-23-1254", "id": "ZDI-23-1254", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-05-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1254/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20077", "zdi_id": "ZDI-23-1254" }, { "cve": "CVE-2023-35748", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1253/advisory.json", "detail_path": "advisories/ZDI-23-1253", "id": "ZDI-23-1253", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1253/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20076", "zdi_id": "ZDI-23-1253" }, { "cve": "CVE-2023-35747", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1252/advisory.json", "detail_path": "advisories/ZDI-23-1252", "id": "ZDI-23-1252", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Firmware Upgrade Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1252/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20075", "zdi_id": "ZDI-23-1252" }, { "cve": "CVE-2023-35746", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1251/advisory.json", "detail_path": "advisories/ZDI-23-1251", "id": "ZDI-23-1251", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1251/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20074", "zdi_id": "ZDI-23-1251" }, { "cve": "CVE-2023-35745", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1250/advisory.json", "detail_path": "advisories/ZDI-23-1250", "id": "ZDI-23-1250", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1250/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20073", "zdi_id": "ZDI-23-1250" }, { "cve": "CVE-2023-35744", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1249/advisory.json", "detail_path": "advisories/ZDI-23-1249", "id": "ZDI-23-1249", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1249/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20071", "zdi_id": "ZDI-23-1249" }, { "cve": "CVE-2023-35743", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1248/advisory.json", "detail_path": "advisories/ZDI-23-1248", "id": "ZDI-23-1248", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1248/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20070", "zdi_id": "ZDI-23-1248" }, { "cve": "CVE-2023-35742", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1247/advisory.json", "detail_path": "advisories/ZDI-23-1247", "id": "ZDI-23-1247", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1247/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20069", "zdi_id": "ZDI-23-1247" }, { "cve": "CVE-2023-35741", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1246/advisory.json", "detail_path": "advisories/ZDI-23-1246", "id": "ZDI-23-1246", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1246/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20068", "zdi_id": "ZDI-23-1246" }, { "cve": "CVE-2023-35740", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1245/advisory.json", "detail_path": "advisories/ZDI-23-1245", "id": "ZDI-23-1245", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1245/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20067", "zdi_id": "ZDI-23-1245" }, { "cve": "CVE-2023-35739", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1244/advisory.json", "detail_path": "advisories/ZDI-23-1244", "id": "ZDI-23-1244", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1244/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20066", "zdi_id": "ZDI-23-1244" }, { "cve": "CVE-2023-35738", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1243/advisory.json", "detail_path": "advisories/ZDI-23-1243", "id": "ZDI-23-1243", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1243/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20065", "zdi_id": "ZDI-23-1243" }, { "cve": "CVE-2023-35737", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1242/advisory.json", "detail_path": "advisories/ZDI-23-1242", "id": "ZDI-23-1242", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1242/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20064", "zdi_id": "ZDI-23-1242" }, { "cve": "CVE-2023-35736", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1241/advisory.json", "detail_path": "advisories/ZDI-23-1241", "id": "ZDI-23-1241", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1241/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20063", "zdi_id": "ZDI-23-1241" }, { "cve": "CVE-2023-35735", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1240/advisory.json", "detail_path": "advisories/ZDI-23-1240", "id": "ZDI-23-1240", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1240/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20062", "zdi_id": "ZDI-23-1240" }, { "cve": "CVE-2023-35733", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1239/advisory.json", "detail_path": "advisories/ZDI-23-1239", "id": "ZDI-23-1239", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1239/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20060", "zdi_id": "ZDI-23-1239" }, { "cve": "CVE-2023-35732", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1238/advisory.json", "detail_path": "advisories/ZDI-23-1238", "id": "ZDI-23-1238", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1238/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20059", "zdi_id": "ZDI-23-1238" }, { "cve": "CVE-2023-35731", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1237/advisory.json", "detail_path": "advisories/ZDI-23-1237", "id": "ZDI-23-1237", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1237/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20058", "zdi_id": "ZDI-23-1237" }, { "cve": "CVE-2023-35730", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1236/advisory.json", "detail_path": "advisories/ZDI-23-1236", "id": "ZDI-23-1236", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1236/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20057", "zdi_id": "ZDI-23-1236" }, { "cve": "CVE-2023-35729", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1235/advisory.json", "detail_path": "advisories/ZDI-23-1235", "id": "ZDI-23-1235", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1235/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20056", "zdi_id": "ZDI-23-1235" }, { "cve": "CVE-2023-35728", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1234/advisory.json", "detail_path": "advisories/ZDI-23-1234", "id": "ZDI-23-1234", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1234/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20055", "zdi_id": "ZDI-23-1234" }, { "cve": "CVE-2023-35727", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1233/advisory.json", "detail_path": "advisories/ZDI-23-1233", "id": "ZDI-23-1233", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1233/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20054", "zdi_id": "ZDI-23-1233" }, { "cve": "CVE-2023-35726", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1232/advisory.json", "detail_path": "advisories/ZDI-23-1232", "id": "ZDI-23-1232", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1232/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20053", "zdi_id": "ZDI-23-1232" }, { "cve": "CVE-2023-35725", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-1231/advisory.json", "detail_path": "advisories/ZDI-23-1231", "id": "ZDI-23-1231", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1231/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20052", "zdi_id": "ZDI-23-1231" }, { "cve": "CVE-2023-35724", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on...", "detail_json": "/data/advisories/ZDI-23-1230/advisory.json", "detail_path": "advisories/ZDI-23-1230", "id": "ZDI-23-1230", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1230/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20050", "zdi_id": "ZDI-23-1230" }, { "cve": "CVE-2023-26371", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1229/advisory.json", "detail_path": "advisories/ZDI-23-1229", "id": "ZDI-23-1229", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1229/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20661", "zdi_id": "ZDI-23-1229" }, { "cve": "CVE-2023-34966", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Spotlight RPC arguments. The issue re...", "detail_json": "/data/advisories/ZDI-23-1228/advisory.json", "detail_path": "advisories/ZDI-23-1228", "id": "ZDI-23-1228", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "Samba Spotlight mdssvc RPC Request Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1228/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-20228", "zdi_id": "ZDI-23-1228" }, { "cve": "CVE-2023-34967", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Spotlight RPC arguments. Crafte...", "detail_json": "/data/advisories/ZDI-23-1227/advisory.json", "detail_path": "advisories/ZDI-23-1227", "id": "ZDI-23-1227", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1227/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-20229", "zdi_id": "ZDI-23-1227" }, { "cve": "CVE-2023-32384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-23-1226/advisory.json", "detail_path": "advisories/ZDI-23-1226", "id": "ZDI-23-1226", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "Apple macOS ImageIO EXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1226/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-20043", "zdi_id": "ZDI-23-1226" }, { "cve": "CVE-2023-32372", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-23-1225/advisory.json", "detail_path": "advisories/ZDI-23-1225", "id": "ZDI-23-1225", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "Apple macOS EXR Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1225/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-20027", "zdi_id": "ZDI-23-1225" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. Th...", "detail_json": "/data/advisories/ZDI-23-1224/advisory.json", "detail_path": "advisories/ZDI-23-1224", "id": "ZDI-23-1224", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "LG LED Assistant updateFile Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1224/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20270", "zdi_id": "ZDI-23-1224" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue re...", "detail_json": "/data/advisories/ZDI-23-1223/advisory.json", "detail_path": "advisories/ZDI-23-1223", "id": "ZDI-23-1223", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "LG LED Assistant thumbnail Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1223/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20269", "zdi_id": "ZDI-23-1223" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. Th...", "detail_json": "/data/advisories/ZDI-23-1222/advisory.json", "detail_path": "advisories/ZDI-23-1222", "id": "ZDI-23-1222", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "LG LED Assistant setThumbnailRc Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1222/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20210", "zdi_id": "ZDI-23-1222" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1221/advisory.json", "detail_path": "advisories/ZDI-23-1221", "id": "ZDI-23-1221", "kind": "published", "published_date": "2023-08-25", "status": "published", "title": "LG LED Assistant upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1221/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20271", "zdi_id": "ZDI-23-1221" }, { "cve": "CVE-2023-41181", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getSubFolderList method. The...", "detail_json": "/data/advisories/ZDI-23-1220/advisory.json", "detail_path": "advisories/ZDI-23-1220", "id": "ZDI-23-1220", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1220/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20330", "zdi_id": "ZDI-23-1220" }, { "cve": "CVE-2023-40517", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getObject method implemented...", "detail_json": "/data/advisories/ZDI-23-1219/advisory.json", "detail_path": "advisories/ZDI-23-1219", "id": "ZDI-23-1219", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1219/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20328", "zdi_id": "ZDI-23-1219" }, { "cve": "CVE-2023-40516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1218/advisory.json", "detail_path": "advisories/ZDI-23-1218", "id": "ZDI-23-1218", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1218/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20327", "zdi_id": "ZDI-23-1218" }, { "cve": "CVE-2023-40501", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. Th...", "detail_json": "/data/advisories/ZDI-23-1217/advisory.json", "detail_path": "advisories/ZDI-23-1217", "id": "ZDI-23-1217", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1217/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19945", "zdi_id": "ZDI-23-1217" }, { "cve": "CVE-2023-40512", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-23-1216/advisory.json", "detail_path": "advisories/ZDI-23-1216", "id": "ZDI-23-1216", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1216/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20014", "zdi_id": "ZDI-23-1216" }, { "cve": "CVE-2023-40511", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the checkServer method. The issue results from the...", "detail_json": "/data/advisories/ZDI-23-1215/advisory.json", "detail_path": "advisories/ZDI-23-1215", "id": "ZDI-23-1215", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor checkServer Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1215/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20013", "zdi_id": "ZDI-23-1215" }, { "cve": "CVE-2023-40510", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results fro...", "detail_json": "/data/advisories/ZDI-23-1214/advisory.json", "detail_path": "advisories/ZDI-23-1214", "id": "ZDI-23-1214", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor getServerSetting Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1214/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20012", "zdi_id": "ZDI-23-1214" }, { "cve": "CVE-2023-40509", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCanvas method. The issue results from t...", "detail_json": "/data/advisories/ZDI-23-1213/advisory.json", "detail_path": "advisories/ZDI-23-1213", "id": "ZDI-23-1213", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1213/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20011", "zdi_id": "ZDI-23-1213" }, { "cve": "CVE-2023-40508", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putCanvasDB method. The issue results from th...", "detail_json": "/data/advisories/ZDI-23-1212/advisory.json", "detail_path": "advisories/ZDI-23-1212", "id": "ZDI-23-1212", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1212/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20010", "zdi_id": "ZDI-23-1212" }, { "cve": "CVE-2023-40507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent com...", "detail_json": "/data/advisories/ZDI-23-1211/advisory.json", "detail_path": "advisories/ZDI-23-1211", "id": "ZDI-23-1211", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1211/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20006", "zdi_id": "ZDI-23-1211" }, { "cve": "CVE-2023-40506", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent com...", "detail_json": "/data/advisories/ZDI-23-1210/advisory.json", "detail_path": "advisories/ZDI-23-1210", "id": "ZDI-23-1210", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1210/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20005", "zdi_id": "ZDI-23-1210" }, { "cve": "CVE-2023-40505", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createThumbnailByMovie method. The issue resu...", "detail_json": "/data/advisories/ZDI-23-1209/advisory.json", "detail_path": "advisories/ZDI-23-1209", "id": "ZDI-23-1209", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1209/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19978", "zdi_id": "ZDI-23-1209" }, { "cve": "CVE-2023-40504", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from...", "detail_json": "/data/advisories/ZDI-23-1208/advisory.json", "detail_path": "advisories/ZDI-23-1208", "id": "ZDI-23-1208", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1208/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19953", "zdi_id": "ZDI-23-1208" }, { "cve": "CVE-2023-40503", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXmlFile method. Due to the improp...", "detail_json": "/data/advisories/ZDI-23-1207/advisory.json", "detail_path": "advisories/ZDI-23-1207", "id": "ZDI-23-1207", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1207/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19952", "zdi_id": "ZDI-23-1207" }, { "cve": "CVE-2023-40500", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. Th...", "detail_json": "/data/advisories/ZDI-23-1206/advisory.json", "detail_path": "advisories/ZDI-23-1206", "id": "ZDI-23-1206", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1206/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19944", "zdi_id": "ZDI-23-1206" }, { "cve": "CVE-2023-40499", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mkdir command implemented in the makeDetailCo...", "detail_json": "/data/advisories/ZDI-23-1205/advisory.json", "detail_path": "advisories/ZDI-23-1205", "id": "ZDI-23-1205", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1205/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19926", "zdi_id": "ZDI-23-1205" }, { "cve": "CVE-2023-40498", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailConte...", "detail_json": "/data/advisories/ZDI-23-1204/advisory.json", "detail_path": "advisories/ZDI-23-1204", "id": "ZDI-23-1204", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1204/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19925", "zdi_id": "ZDI-23-1204" }, { "cve": "CVE-2023-40497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXml command implemented in the makeDetail...", "detail_json": "/data/advisories/ZDI-23-1203/advisory.json", "detail_path": "advisories/ZDI-23-1203", "id": "ZDI-23-1203", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1203/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19924", "zdi_id": "ZDI-23-1203" }, { "cve": "CVE-2023-40496", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyStickerCont...", "detail_json": "/data/advisories/ZDI-23-1202/advisory.json", "detail_path": "advisories/ZDI-23-1202", "id": "ZDI-23-1202", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1202/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19923", "zdi_id": "ZDI-23-1202" }, { "cve": "CVE-2023-40495", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyTemplateAll method. The issue res...", "detail_json": "/data/advisories/ZDI-23-1201/advisory.json", "detail_path": "advisories/ZDI-23-1201", "id": "ZDI-23-1201", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1201/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19922", "zdi_id": "ZDI-23-1201" }, { "cve": "CVE-2023-40494", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteFolder method. The issue results from t...", "detail_json": "/data/advisories/ZDI-23-1200/advisory.json", "detail_path": "advisories/ZDI-23-1200", "id": "ZDI-23-1200", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1200/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19921", "zdi_id": "ZDI-23-1200" }, { "cve": "CVE-2023-40493", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copySessionFolder comma...", "detail_json": "/data/advisories/ZDI-23-1199/advisory.json", "detail_path": "advisories/ZDI-23-1199", "id": "ZDI-23-1199", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1199/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19920", "zdi_id": "ZDI-23-1199" }, { "cve": "CVE-2023-40492", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results...", "detail_json": "/data/advisories/ZDI-23-1198/advisory.json", "detail_path": "advisories/ZDI-23-1198", "id": "ZDI-23-1198", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1198/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19919", "zdi_id": "ZDI-23-1198" }, { "cve": "CVE-2023-40515", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the joinAddUser method. The issue r...", "detail_json": "/data/advisories/ZDI-23-1197/advisory.json", "detail_path": "advisories/ZDI-23-1197", "id": "ZDI-23-1197", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1197/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20048", "zdi_id": "ZDI-23-1197" }, { "cve": "CVE-2023-40514", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-23-1196/advisory.json", "detail_path": "advisories/ZDI-23-1196", "id": "ZDI-23-1196", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1196/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20016", "zdi_id": "ZDI-23-1196" }, { "cve": "CVE-2023-40513", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-23-1195/advisory.json", "detail_path": "advisories/ZDI-23-1195", "id": "ZDI-23-1195", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1195/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-20015", "zdi_id": "ZDI-23-1195" }, { "cve": "CVE-2023-40502", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cropImage command. The...", "detail_json": "/data/advisories/ZDI-23-1194/advisory.json", "detail_path": "advisories/ZDI-23-1194", "id": "ZDI-23-1194", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1194/", "vendor": "LG", "vendor_url": null, "zdi_can": "ZDI-CAN-19951", "zdi_id": "ZDI-23-1194" }, { "cve": "CVE-2023-40489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1193/advisory.json", "detail_path": "advisories/ZDI-23-1193", "id": "ZDI-23-1193", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1193/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21437", "zdi_id": "ZDI-23-1193" }, { "cve": "CVE-2023-40487", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1192/advisory.json", "detail_path": "advisories/ZDI-23-1192", "id": "ZDI-23-1192", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1192/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21435", "zdi_id": "ZDI-23-1192" }, { "cve": "CVE-2023-40491", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1191/advisory.json", "detail_path": "advisories/ZDI-23-1191", "id": "ZDI-23-1191", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1191/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21439", "zdi_id": "ZDI-23-1191" }, { "cve": "CVE-2023-40490", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1190/advisory.json", "detail_path": "advisories/ZDI-23-1190", "id": "ZDI-23-1190", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-05-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1190/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21438", "zdi_id": "ZDI-23-1190" }, { "cve": "CVE-2023-40488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1189/advisory.json", "detail_path": "advisories/ZDI-23-1189", "id": "ZDI-23-1189", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1189/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21436", "zdi_id": "ZDI-23-1189" }, { "cve": "CVE-2023-40484", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1188/advisory.json", "detail_path": "advisories/ZDI-23-1188", "id": "ZDI-23-1188", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1188/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21432", "zdi_id": "ZDI-23-1188" }, { "cve": "CVE-2023-40485", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1187/advisory.json", "detail_path": "advisories/ZDI-23-1187", "id": "ZDI-23-1187", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1187/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21433", "zdi_id": "ZDI-23-1187" }, { "cve": "CVE-2023-40486", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1186/advisory.json", "detail_path": "advisories/ZDI-23-1186", "id": "ZDI-23-1186", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1186/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21434", "zdi_id": "ZDI-23-1186" }, { "cve": "CVE-2023-40483", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1185/advisory.json", "detail_path": "advisories/ZDI-23-1185", "id": "ZDI-23-1185", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1185/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21431", "zdi_id": "ZDI-23-1185" }, { "cve": "CVE-2023-40482", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1184/advisory.json", "detail_path": "advisories/ZDI-23-1184", "id": "ZDI-23-1184", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(0Day) Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1184/", "vendor": "Maxon", "vendor_url": null, "zdi_can": "ZDI-CAN-21430", "zdi_id": "ZDI-23-1184" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1183/advisory.json", "detail_path": "advisories/ZDI-23-1183", "id": "ZDI-23-1183", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18971", "zdi_id": "ZDI-23-1183" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1182/advisory.json", "detail_path": "advisories/ZDI-23-1182", "id": "ZDI-23-1182", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18970", "zdi_id": "ZDI-23-1182" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1181/advisory.json", "detail_path": "advisories/ZDI-23-1181", "id": "ZDI-23-1181", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18969", "zdi_id": "ZDI-23-1181" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1180/advisory.json", "detail_path": "advisories/ZDI-23-1180", "id": "ZDI-23-1180", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18966", "zdi_id": "ZDI-23-1180" }, { "cve": "CVE-2023-33146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1179/advisory.json", "detail_path": "advisories/ZDI-23-1179", "id": "ZDI-23-1179", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18967", "zdi_id": "ZDI-23-1179" }, { "cve": "CVE-2023-27971", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of P...", "detail_json": "/data/advisories/ZDI-23-1178/advisory.json", "detail_path": "advisories/ZDI-23-1178", "id": "ZDI-23-1178", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw msws Probe Message Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1178/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19586", "zdi_id": "ZDI-23-1178" }, { "cve": "CVE-2023-35178", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the slangapp bina...", "detail_json": "/data/advisories/ZDI-23-1177/advisory.json", "detail_path": "advisories/ZDI-23-1177", "id": "ZDI-23-1177", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw slangapp PATH_INFO Stack-based Buffer Overflow Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1177/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19765", "zdi_id": "ZDI-23-1177" }, { "cve": "CVE-2023-35176", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of th...", "detail_json": "/data/advisories/ZDI-23-1176/advisory.json", "detail_path": "advisories/ZDI-23-1176", "id": "ZDI-23-1176", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw Serial_Number Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1176/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19844", "zdi_id": "ZDI-23-1176" }, { "cve": "CVE-2023-35177", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of C...", "detail_json": "/data/advisories/ZDI-23-1175/advisory.json", "detail_path": "advisories/ZDI-23-1175", "id": "ZDI-23-1175", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw CFF Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1175/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19707", "zdi_id": "ZDI-23-1175" }, { "cve": "CVE-2023-35175", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msws service....", "detail_json": "/data/advisories/ZDI-23-1174/advisory.json", "detail_path": "advisories/ZDI-23-1174", "id": "ZDI-23-1174", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw msws Server-Side Request Forgery Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1174/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19683", "zdi_id": "ZDI-23-1174" }, { "cve": "CVE-2023-27973", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportFile ha...", "detail_json": "/data/advisories/ZDI-23-1173/advisory.json", "detail_path": "advisories/ZDI-23-1173", "id": "ZDI-23-1173", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "HP Color LaserJet Pro M479fdw ledm_advanced Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1173/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19901", "zdi_id": "ZDI-23-1173" }, { "cve": "CVE-2023-27972", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cacheddata_ht...", "detail_json": "/data/advisories/ZDI-23-1172/advisory.json", "detail_path": "advisories/ZDI-23-1172", "id": "ZDI-23-1172", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "HP Color LaserJet Pro M479fdw cacheddata_http_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1172/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19900", "zdi_id": "ZDI-23-1172" }, { "cve": "CVE-2023-35175", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Notif...", "detail_json": "/data/advisories/ZDI-23-1171/advisory.json", "detail_path": "advisories/ZDI-23-1171", "id": "ZDI-23-1171", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP Color LaserJet Pro M479fdw NotifyTo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1171/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19835", "zdi_id": "ZDI-23-1171" }, { "cve": "CVE-2023-35176", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of HP LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Backup and Restore f...", "detail_json": "/data/advisories/ZDI-23-1170/advisory.json", "detail_path": "advisories/ZDI-23-1170", "id": "ZDI-23-1170", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro M479fdw bksettings Hardcoded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1170/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-19693", "zdi_id": "ZDI-23-1170" }, { "cve": "CVE-2023-1900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-1169/advisory.json", "detail_path": "advisories/ZDI-23-1169", "id": "ZDI-23-1169", "kind": "published", "published_date": "2023-08-24", "status": "published", "title": "Avira Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1169/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-19836", "zdi_id": "ZDI-23-1169" }, { "cve": "CVE-2022-46768", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zabbix Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within PDF report generation. The issue result...", "detail_json": "/data/advisories/ZDI-23-1168/advisory.json", "detail_path": "advisories/ZDI-23-1168", "id": "ZDI-23-1168", "kind": "published", "published_date": "2023-08-23", "status": "published", "title": "Zabbix Web Service Report Generation External Control of File Name Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1168/", "vendor": "Zabbix", "vendor_url": null, "zdi_can": "ZDI-CAN-18532", "zdi_id": "ZDI-23-1168" }, { "cve": "CVE-2023-32567", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improp...", "detail_json": "/data/advisories/ZDI-23-1167/advisory.json", "detail_path": "advisories/ZDI-23-1167", "id": "ZDI-23-1167", "kind": "published", "published_date": "2023-08-23", "status": "published", "title": "Ivanti Avalanche decodeToMap XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1167/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21030", "zdi_id": "ZDI-23-1167" }, { "cve": "CVE-2023-35720", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a re...", "detail_json": "/data/advisories/ZDI-23-1166/advisory.json", "detail_path": "advisories/ZDI-23-1166", "id": "ZDI-23-1166", "kind": "published", "published_date": "2023-08-23", "status": "published", "title": "ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1166/", "vendor": "ASUS", "vendor_url": null, "zdi_can": "ZDI-CAN-16078", "zdi_id": "ZDI-23-1166" }, { "cve": "CVE-2023-31102", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-23-1165/advisory.json", "detail_path": "advisories/ZDI-23-1165", "id": "ZDI-23-1165", "kind": "published", "published_date": "2023-08-23", "status": "published", "title": "7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1165/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-18588", "zdi_id": "ZDI-23-1165" }, { "cve": "CVE-2023-40481", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-23-1164/advisory.json", "detail_path": "advisories/ZDI-23-1164", "id": "ZDI-23-1164", "kind": "published", "published_date": "2023-08-23", "status": "published", "title": "7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1164/", "vendor": "7-Zip", "vendor_url": null, "zdi_can": "ZDI-CAN-18589", "zdi_id": "ZDI-23-1164" }, { "cve": "CVE-2023-40478", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-23-1163/advisory.json", "detail_path": "advisories/ZDI-23-1163", "id": "ZDI-23-1163", "kind": "published", "published_date": "2023-08-22", "status": "published", "title": "NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1163/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-20009", "zdi_id": "ZDI-23-1163" }, { "cve": "CVE-2023-40480", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP server. The issue results...", "detail_json": "/data/advisories/ZDI-23-1162/advisory.json", "detail_path": "advisories/ZDI-23-1162", "id": "ZDI-23-1162", "kind": "published", "published_date": "2023-08-22", "status": "published", "title": "NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1162/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19705", "zdi_id": "ZDI-23-1162" }, { "cve": "CVE-2023-40479", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue result...", "detail_json": "/data/advisories/ZDI-23-1161/advisory.json", "detail_path": "advisories/ZDI-23-1161", "id": "ZDI-23-1161", "kind": "published", "published_date": "2023-08-22", "status": "published", "title": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1161/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19704", "zdi_id": "ZDI-23-1161" }, { "cve": "CVE-2023-36475", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the transformUpdate function. The issue results from the...", "detail_json": "/data/advisories/ZDI-23-1160/advisory.json", "detail_path": "advisories/ZDI-23-1160", "id": "ZDI-23-1160", "kind": "published", "published_date": "2023-08-22", "status": "published", "title": "Parse Server transformUpdate Prototype Pollution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1160/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-19904", "zdi_id": "ZDI-23-1160" }, { "cve": "CVE-2023-27939", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-23-1159/advisory.json", "detail_path": "advisories/ZDI-23-1159", "id": "ZDI-23-1159", "kind": "published", "published_date": "2023-08-22", "status": "published", "title": "Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1159/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-19367", "zdi_id": "ZDI-23-1159" }, { "cve": "CVE-2023-40352", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Safe Connect VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-23-1158/advisory.json", "detail_path": "advisories/ZDI-23-1158", "id": "ZDI-23-1158", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "McAfee Safe Connect VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1158/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-20770", "zdi_id": "ZDI-23-1158" }, { "cve": "CVE-2023-3256", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability. The specific flaw exists within the device_status page. The issue results from the lac...", "detail_json": "/data/advisories/ZDI-23-1157/advisory.json", "detail_path": "advisories/ZDI-23-1157", "id": "ZDI-23-1157", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "Advantech R-SeeNet device_status Local File Inclusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1157/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-19579", "zdi_id": "ZDI-23-1157" }, { "cve": "CVE-2023-2611", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the database. The issue res...", "detail_json": "/data/advisories/ZDI-23-1156/advisory.json", "detail_path": "advisories/ZDI-23-1156", "id": "ZDI-23-1156", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "Advantech R-SeeNet Use Of Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1156/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-19580", "zdi_id": "ZDI-23-1156" }, { "cve": "CVE-2023-34124", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpDigestAuthenticator class....", "detail_json": "/data/advisories/ZDI-23-1155/advisory.json", "detail_path": "advisories/ZDI-23-1155", "id": "ZDI-23-1155", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1155/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-21221", "zdi_id": "ZDI-23-1155" }, { "cve": "CVE-2023-34129", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-23-1154/advisory.json", "detail_path": "advisories/ZDI-23-1154", "id": "ZDI-23-1154", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "SonicWALL GMS Virtual Appliance Syslog Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1154/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-20914", "zdi_id": "ZDI-23-1154" }, { "cve": "CVE-2023-27362", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-23-1153/advisory.json", "detail_path": "advisories/ZDI-23-1153", "id": "ZDI-23-1153", "kind": "published", "published_date": "2023-08-21", "status": "published", "title": "3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1153/", "vendor": "3CX", "vendor_url": null, "zdi_can": "ZDI-CAN-20026", "zdi_id": "ZDI-23-1153" }, { "cve": "CVE-2023-40477", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-1152/advisory.json", "detail_path": "advisories/ZDI-23-1152", "id": "ZDI-23-1152", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1152/", "vendor": "RARLAB", "vendor_url": null, "zdi_can": "ZDI-CAN-21233", "zdi_id": "ZDI-23-1152" }, { "cve": "CVE-2023-40473", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1151/advisory.json", "detail_path": "advisories/ZDI-23-1151", "id": "ZDI-23-1151", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1151/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20891", "zdi_id": "ZDI-23-1151" }, { "cve": "CVE-2023-40471", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1150/advisory.json", "detail_path": "advisories/ZDI-23-1150", "id": "ZDI-23-1150", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1150/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20729", "zdi_id": "ZDI-23-1150" }, { "cve": "CVE-2023-40472", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1149/advisory.json", "detail_path": "advisories/ZDI-23-1149", "id": "ZDI-23-1149", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1149/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20730", "zdi_id": "ZDI-23-1149" }, { "cve": "CVE-2023-40469", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1148/advisory.json", "detail_path": "advisories/ZDI-23-1148", "id": "ZDI-23-1148", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1148/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20621", "zdi_id": "ZDI-23-1148" }, { "cve": "CVE-2023-39506", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1147/advisory.json", "detail_path": "advisories/ZDI-23-1147", "id": "ZDI-23-1147", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor createDataObject Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1147/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20594", "zdi_id": "ZDI-23-1147" }, { "cve": "CVE-2023-40470", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1146/advisory.json", "detail_path": "advisories/ZDI-23-1146", "id": "ZDI-23-1146", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1146/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20622", "zdi_id": "ZDI-23-1146" }, { "cve": "CVE-2023-40468", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1145/advisory.json", "detail_path": "advisories/ZDI-23-1145", "id": "ZDI-23-1145", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1145/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20620", "zdi_id": "ZDI-23-1145" }, { "cve": "CVE-2023-39497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1144/advisory.json", "detail_path": "advisories/ZDI-23-1144", "id": "ZDI-23-1144", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1144/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19947", "zdi_id": "ZDI-23-1144" }, { "cve": "CVE-2023-39505", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1143/advisory.json", "detail_path": "advisories/ZDI-23-1143", "id": "ZDI-23-1143", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1143/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20211", "zdi_id": "ZDI-23-1143" }, { "cve": "CVE-2023-39498", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1142/advisory.json", "detail_path": "advisories/ZDI-23-1142", "id": "ZDI-23-1142", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1142/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19948", "zdi_id": "ZDI-23-1142" }, { "cve": "CVE-2023-39495", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1141/advisory.json", "detail_path": "advisories/ZDI-23-1141", "id": "ZDI-23-1141", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1141/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19657", "zdi_id": "ZDI-23-1141" }, { "cve": "CVE-2023-39500", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1140/advisory.json", "detail_path": "advisories/ZDI-23-1140", "id": "ZDI-23-1140", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1140/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19950", "zdi_id": "ZDI-23-1140" }, { "cve": "CVE-2023-39499", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1139/advisory.json", "detail_path": "advisories/ZDI-23-1139", "id": "ZDI-23-1139", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1139/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19949", "zdi_id": "ZDI-23-1139" }, { "cve": "CVE-2023-39502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1138/advisory.json", "detail_path": "advisories/ZDI-23-1138", "id": "ZDI-23-1138", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1138/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20035", "zdi_id": "ZDI-23-1138" }, { "cve": "CVE-2023-39503", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1137/advisory.json", "detail_path": "advisories/ZDI-23-1137", "id": "ZDI-23-1137", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1137/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20036", "zdi_id": "ZDI-23-1137" }, { "cve": "CVE-2023-39504", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1136/advisory.json", "detail_path": "advisories/ZDI-23-1136", "id": "ZDI-23-1136", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1136/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20037", "zdi_id": "ZDI-23-1136" }, { "cve": "CVE-2023-39501", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1135/advisory.json", "detail_path": "advisories/ZDI-23-1135", "id": "ZDI-23-1135", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1135/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-20034", "zdi_id": "ZDI-23-1135" }, { "cve": "CVE-2023-39490", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1134/advisory.json", "detail_path": "advisories/ZDI-23-1134", "id": "ZDI-23-1134", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1134/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19636", "zdi_id": "ZDI-23-1134" }, { "cve": "CVE-2023-39492", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1133/advisory.json", "detail_path": "advisories/ZDI-23-1133", "id": "ZDI-23-1133", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1133/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19640", "zdi_id": "ZDI-23-1133" }, { "cve": "CVE-2023-39491", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1132/advisory.json", "detail_path": "advisories/ZDI-23-1132", "id": "ZDI-23-1132", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1132/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19638", "zdi_id": "ZDI-23-1132" }, { "cve": "CVE-2023-39494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1131/advisory.json", "detail_path": "advisories/ZDI-23-1131", "id": "ZDI-23-1131", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1131/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19655", "zdi_id": "ZDI-23-1131" }, { "cve": "CVE-2023-39493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1130/advisory.json", "detail_path": "advisories/ZDI-23-1130", "id": "ZDI-23-1130", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1130/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19649", "zdi_id": "ZDI-23-1130" }, { "cve": "CVE-2023-39496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1129/advisory.json", "detail_path": "advisories/ZDI-23-1129", "id": "ZDI-23-1129", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1129/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19658", "zdi_id": "ZDI-23-1129" }, { "cve": "CVE-2023-39489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1128/advisory.json", "detail_path": "advisories/ZDI-23-1128", "id": "ZDI-23-1128", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1128/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19488", "zdi_id": "ZDI-23-1128" }, { "cve": "CVE-2023-39488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1127/advisory.json", "detail_path": "advisories/ZDI-23-1127", "id": "ZDI-23-1127", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1127/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19487", "zdi_id": "ZDI-23-1127" }, { "cve": "CVE-2023-39487", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1126/advisory.json", "detail_path": "advisories/ZDI-23-1126", "id": "ZDI-23-1126", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor util Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1126/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19483", "zdi_id": "ZDI-23-1126" }, { "cve": "CVE-2023-39486", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1125/advisory.json", "detail_path": "advisories/ZDI-23-1125", "id": "ZDI-23-1125", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1125/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19264", "zdi_id": "ZDI-23-1125" }, { "cve": "CVE-2023-39485", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-1124/advisory.json", "detail_path": "advisories/ZDI-23-1124", "id": "ZDI-23-1124", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1124/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19189", "zdi_id": "ZDI-23-1124" }, { "cve": "CVE-2023-39484", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-1123/advisory.json", "detail_path": "advisories/ZDI-23-1123", "id": "ZDI-23-1123", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1123/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18493", "zdi_id": "ZDI-23-1123" }, { "cve": "CVE-2023-39483", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-1122/advisory.json", "detail_path": "advisories/ZDI-23-1122", "id": "ZDI-23-1122", "kind": "published", "published_date": "2023-08-17", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1122/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18308", "zdi_id": "ZDI-23-1122" }, { "cve": "CVE-2023-32566", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the allowPassThrough method. The issue r...", "detail_json": "/data/advisories/ZDI-23-1121/advisory.json", "detail_path": "advisories/ZDI-23-1121", "id": "ZDI-23-1121", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1121/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21005", "zdi_id": "ZDI-23-1121" }, { "cve": "CVE-2023-32565", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue result...", "detail_json": "/data/advisories/ZDI-23-1120/advisory.json", "detail_path": "advisories/ZDI-23-1120", "id": "ZDI-23-1120", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1120/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21004", "zdi_id": "ZDI-23-1120" }, { "cve": "CVE-2023-32564", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-23-1119/advisory.json", "detail_path": "advisories/ZDI-23-1119", "id": "ZDI-23-1119", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1119/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21002", "zdi_id": "ZDI-23-1119" }, { "cve": "CVE-2023-32563", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateSkin method. The issue results from the...", "detail_json": "/data/advisories/ZDI-23-1118/advisory.json", "detail_path": "advisories/ZDI-23-1118", "id": "ZDI-23-1118", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche updateSkin Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1118/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-21081", "zdi_id": "ZDI-23-1118" }, { "cve": "CVE-2023-32562", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig endpoint. The issue results from...", "detail_json": "/data/advisories/ZDI-23-1117/advisory.json", "detail_path": "advisories/ZDI-23-1117", "id": "ZDI-23-1117", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1117/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-20991", "zdi_id": "ZDI-23-1117" }, { "cve": "CVE-2023-32561", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dumpHeap method. The issue results from an inc...", "detail_json": "/data/advisories/ZDI-23-1116/advisory.json", "detail_path": "advisories/ZDI-23-1116", "id": "ZDI-23-1116", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Ivanti Avalanche dumpHeap Incorrect Permission Assignment Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1116/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-20904", "zdi_id": "ZDI-23-1116" }, { "cve": "CVE-2023-39549", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1115/advisory.json", "detail_path": "advisories/ZDI-23-1115", "id": "ZDI-23-1115", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1115/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19562", "zdi_id": "ZDI-23-1115" }, { "cve": "CVE-2023-3160", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-23-1114/advisory.json", "detail_path": "advisories/ZDI-23-1114", "id": "ZDI-23-1114", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "ESET Smart Security Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1114/", "vendor": "ESET", "vendor_url": null, "zdi_can": "ZDI-CAN-20587", "zdi_id": "ZDI-23-1114" }, { "cve": "CVE-2023-1049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...", "detail_json": "/data/advisories/ZDI-23-1113/advisory.json", "detail_path": "advisories/ZDI-23-1113", "id": "ZDI-23-1113", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Code Injection Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1113/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-17204", "zdi_id": "ZDI-23-1113" }, { "cve": "CVE-2023-35359", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore,...", "detail_json": "/data/advisories/ZDI-23-1112/advisory.json", "detail_path": "advisories/ZDI-23-1112", "id": "ZDI-23-1112", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "Microsoft Windows Error Reporting Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1112/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21597", "zdi_id": "ZDI-23-1112" }, { "cve": "CVE-2023-29320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1111/advisory.json", "detail_path": "advisories/ZDI-23-1111", "id": "ZDI-23-1111", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Protected API Restrictions Bypass Vulnerability", "updated_date": "2024-03-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1111/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20746", "zdi_id": "ZDI-23-1111" }, { "cve": "CVE-2023-26406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1110/advisory.json", "detail_path": "advisories/ZDI-23-1110", "id": "ZDI-23-1110", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request URL Restriction Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20744", "zdi_id": "ZDI-23-1110" }, { "cve": "CVE-2023-26408", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1109/advisory.json", "detail_path": "advisories/ZDI-23-1109", "id": "ZDI-23-1109", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC AnnotsString Prototype Pollution API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1109/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20747", "zdi_id": "ZDI-23-1109" }, { "cve": "CVE-2023-26405", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-1108/advisory.json", "detail_path": "advisories/ZDI-23-1108", "id": "ZDI-23-1108", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Exposed Dangerous Method Sandbox Escape", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1108/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20743", "zdi_id": "ZDI-23-1108" }, { "cve": "CVE-2023-26405", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1107/advisory.json", "detail_path": "advisories/ZDI-23-1107", "id": "ZDI-23-1107", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Object Prototype Pollution API Restrictions Bypass", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1107/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20712", "zdi_id": "ZDI-23-1107" }, { "cve": "CVE-2023-26407", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1106/advisory.json", "detail_path": "advisories/ZDI-23-1106", "id": "ZDI-23-1106", "kind": "published", "published_date": "2023-08-15", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1106/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20745", "zdi_id": "ZDI-23-1106" }, { "cve": "CVE-2023-3663", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function....", "detail_json": "/data/advisories/ZDI-23-1105/advisory.json", "detail_path": "advisories/ZDI-23-1105", "id": "ZDI-23-1105", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1105/", "vendor": "CODESYS", "vendor_url": null, "zdi_can": "ZDI-CAN-20816", "zdi_id": "ZDI-23-1105" }, { "cve": "CVE-2022-43946", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. The specific flaw exists within the FortiClient Logging daemon. The product a...", "detail_json": "/data/advisories/ZDI-23-1104/advisory.json", "detail_path": "advisories/ZDI-23-1104", "id": "ZDI-23-1104", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1104/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-18590", "zdi_id": "ZDI-23-1104" }, { "cve": "CVE-2023-3001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-23-1103/advisory.json", "detail_path": "advisories/ZDI-23-1103", "id": "ZDI-23-1103", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Schneider Electric IGSS UpdateService Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1103/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-20851", "zdi_id": "ZDI-23-1103" }, { "cve": "CVE-2023-26361", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the copydirectory endpoint. The issue results...", "detail_json": "/data/advisories/ZDI-23-1102/advisory.json", "detail_path": "advisories/ZDI-23-1102", "id": "ZDI-23-1102", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe ColdFusion copydirectory Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1102/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20474", "zdi_id": "ZDI-23-1102" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1101/advisory.json", "detail_path": "advisories/ZDI-23-1101", "id": "ZDI-23-1101", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1101/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20240", "zdi_id": "ZDI-23-1101" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1100/advisory.json", "detail_path": "advisories/ZDI-23-1100", "id": "ZDI-23-1100", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1100/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20244", "zdi_id": "ZDI-23-1100" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1099/advisory.json", "detail_path": "advisories/ZDI-23-1099", "id": "ZDI-23-1099", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1099/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20247", "zdi_id": "ZDI-23-1099" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1098/advisory.json", "detail_path": "advisories/ZDI-23-1098", "id": "ZDI-23-1098", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1098/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20238", "zdi_id": "ZDI-23-1098" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1097/advisory.json", "detail_path": "advisories/ZDI-23-1097", "id": "ZDI-23-1097", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1097/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20277", "zdi_id": "ZDI-23-1097" }, { "cve": "CVE-2023-38211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1096/advisory.json", "detail_path": "advisories/ZDI-23-1096", "id": "ZDI-23-1096", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1096/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21078", "zdi_id": "ZDI-23-1096" }, { "cve": "CVE-2023-38212", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-1095/advisory.json", "detail_path": "advisories/ZDI-23-1095", "id": "ZDI-23-1095", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1095/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21093", "zdi_id": "ZDI-23-1095" }, { "cve": "CVE-2023-38213", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1094/advisory.json", "detail_path": "advisories/ZDI-23-1094", "id": "ZDI-23-1094", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1094/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21094", "zdi_id": "ZDI-23-1094" }, { "cve": "CVE-2023-38233", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1093/advisory.json", "detail_path": "advisories/ZDI-23-1093", "id": "ZDI-23-1093", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1093/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21337", "zdi_id": "ZDI-23-1093" }, { "cve": "CVE-2023-38228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1092/advisory.json", "detail_path": "advisories/ZDI-23-1092", "id": "ZDI-23-1092", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21317", "zdi_id": "ZDI-23-1092" }, { "cve": "CVE-2023-38231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1091/advisory.json", "detail_path": "advisories/ZDI-23-1091", "id": "ZDI-23-1091", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1091/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21334", "zdi_id": "ZDI-23-1091" }, { "cve": "CVE-2023-38247", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1090/advisory.json", "detail_path": "advisories/ZDI-23-1090", "id": "ZDI-23-1090", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1090/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21449", "zdi_id": "ZDI-23-1090" }, { "cve": "CVE-2023-38234", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1089/advisory.json", "detail_path": "advisories/ZDI-23-1089", "id": "ZDI-23-1089", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1089/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21359", "zdi_id": "ZDI-23-1089" }, { "cve": "CVE-2023-38230", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1088/advisory.json", "detail_path": "advisories/ZDI-23-1088", "id": "ZDI-23-1088", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1088/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21318", "zdi_id": "ZDI-23-1088" }, { "cve": "CVE-2023-38235", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1087/advisory.json", "detail_path": "advisories/ZDI-23-1087", "id": "ZDI-23-1087", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1087/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21356", "zdi_id": "ZDI-23-1087" }, { "cve": "CVE-2023-38229", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1086/advisory.json", "detail_path": "advisories/ZDI-23-1086", "id": "ZDI-23-1086", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1086/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21310", "zdi_id": "ZDI-23-1086" }, { "cve": "CVE-2023-38232", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1085/advisory.json", "detail_path": "advisories/ZDI-23-1085", "id": "ZDI-23-1085", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1085/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21357", "zdi_id": "ZDI-23-1085" }, { "cve": "CVE-2023-38248", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1084/advisory.json", "detail_path": "advisories/ZDI-23-1084", "id": "ZDI-23-1084", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1084/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21494", "zdi_id": "ZDI-23-1084" }, { "cve": "CVE-2023-29303", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1083/advisory.json", "detail_path": "advisories/ZDI-23-1083", "id": "ZDI-23-1083", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1083/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20970", "zdi_id": "ZDI-23-1083" }, { "cve": "CVE-2023-38222", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1082/advisory.json", "detail_path": "advisories/ZDI-23-1082", "id": "ZDI-23-1082", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm spawnPageFromTemplate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1082/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21103", "zdi_id": "ZDI-23-1082" }, { "cve": "CVE-2023-38243", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1081/advisory.json", "detail_path": "advisories/ZDI-23-1081", "id": "ZDI-23-1081", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC JBIG2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1081/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21252", "zdi_id": "ZDI-23-1081" }, { "cve": "CVE-2023-38227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1080/advisory.json", "detail_path": "advisories/ZDI-23-1080", "id": "ZDI-23-1080", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1080/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21241", "zdi_id": "ZDI-23-1080" }, { "cve": "CVE-2023-38226", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1079/advisory.json", "detail_path": "advisories/ZDI-23-1079", "id": "ZDI-23-1079", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1079/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21240", "zdi_id": "ZDI-23-1079" }, { "cve": "CVE-2023-38239", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1078/advisory.json", "detail_path": "advisories/ZDI-23-1078", "id": "ZDI-23-1078", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1078/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21242", "zdi_id": "ZDI-23-1078" }, { "cve": "CVE-2023-38225", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1077/advisory.json", "detail_path": "advisories/ZDI-23-1077", "id": "ZDI-23-1077", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1077/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21118", "zdi_id": "ZDI-23-1077" }, { "cve": "CVE-2023-38224", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1076/advisory.json", "detail_path": "advisories/ZDI-23-1076", "id": "ZDI-23-1076", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1076/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21122", "zdi_id": "ZDI-23-1076" }, { "cve": "CVE-2023-38223", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-1075/advisory.json", "detail_path": "advisories/ZDI-23-1075", "id": "ZDI-23-1075", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1075/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21063", "zdi_id": "ZDI-23-1075" }, { "cve": "CVE-2023-38242", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1074/advisory.json", "detail_path": "advisories/ZDI-23-1074", "id": "ZDI-23-1074", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1074/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21387", "zdi_id": "ZDI-23-1074" }, { "cve": "CVE-2023-38241", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1073/advisory.json", "detail_path": "advisories/ZDI-23-1073", "id": "ZDI-23-1073", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1073/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21246", "zdi_id": "ZDI-23-1073" }, { "cve": "CVE-2023-38240", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1072/advisory.json", "detail_path": "advisories/ZDI-23-1072", "id": "ZDI-23-1072", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1072/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21245", "zdi_id": "ZDI-23-1072" }, { "cve": "CVE-2023-38237", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1071/advisory.json", "detail_path": "advisories/ZDI-23-1071", "id": "ZDI-23-1071", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1071/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21244", "zdi_id": "ZDI-23-1071" }, { "cve": "CVE-2023-38238", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1070/advisory.json", "detail_path": "advisories/ZDI-23-1070", "id": "ZDI-23-1070", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21243", "zdi_id": "ZDI-23-1070" }, { "cve": "CVE-2023-38236", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1069/advisory.json", "detail_path": "advisories/ZDI-23-1069", "id": "ZDI-23-1069", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1069/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21247", "zdi_id": "ZDI-23-1069" }, { "cve": "CVE-2023-38244", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-1068/advisory.json", "detail_path": "advisories/ZDI-23-1068", "id": "ZDI-23-1068", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1068/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-21371", "zdi_id": "ZDI-23-1068" }, { "cve": "CVE-2023-36900", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1067/advisory.json", "detail_path": "advisories/ZDI-23-1067", "id": "ZDI-23-1067", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Microsoft Windows CLFS Incorrect Integer Conversion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1067/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20977", "zdi_id": "ZDI-23-1067" }, { "cve": "CVE-2023-35387", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The...", "detail_json": "/data/advisories/ZDI-23-1066/advisory.json", "detail_path": "advisories/ZDI-23-1066", "id": "ZDI-23-1066", "kind": "published", "published_date": "2023-08-14", "status": "published", "title": "Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1066/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20988", "zdi_id": "ZDI-23-1066" }, { "cve": "CVE-2023-27336", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC cl...", "detail_json": "/data/advisories/ZDI-23-1065/advisory.json", "detail_path": "advisories/ZDI-23-1065", "id": "ZDI-23-1065", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1065/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20508", "zdi_id": "ZDI-23-1065" }, { "cve": "CVE-2023-39482", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-1064/advisory.json", "detail_path": "advisories/ZDI-23-1064", "id": "ZDI-23-1064", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1064/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20610", "zdi_id": "ZDI-23-1064" }, { "cve": "CVE-2023-39481", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1063/advisory.json", "detail_path": "advisories/ZDI-23-1063", "id": "ZDI-23-1063", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1063/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20551", "zdi_id": "ZDI-23-1063" }, { "cve": "CVE-2023-39480", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1062/advisory.json", "detail_path": "advisories/ZDI-23-1062", "id": "ZDI-23-1062", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20549", "zdi_id": "ZDI-23-1062" }, { "cve": "CVE-2023-39479", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-23-1061/advisory.json", "detail_path": "advisories/ZDI-23-1061", "id": "ZDI-23-1061", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20548", "zdi_id": "ZDI-23-1061" }, { "cve": "CVE-2023-39478", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1060/advisory.json", "detail_path": "advisories/ZDI-23-1060", "id": "ZDI-23-1060", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20547", "zdi_id": "ZDI-23-1060" }, { "cve": "CVE-2023-38125", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue...", "detail_json": "/data/advisories/ZDI-23-1059/advisory.json", "detail_path": "advisories/ZDI-23-1059", "id": "ZDI-23-1059", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20542", "zdi_id": "ZDI-23-1059" }, { "cve": "CVE-2023-38126", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue r...", "detail_json": "/data/advisories/ZDI-23-1058/advisory.json", "detail_path": "advisories/ZDI-23-1058", "id": "ZDI-23-1058", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1058/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20543", "zdi_id": "ZDI-23-1058" }, { "cve": "CVE-2023-27335", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-1057/advisory.json", "detail_path": "advisories/ZDI-23-1057", "id": "ZDI-23-1057", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) (Pwn2Own) Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1057/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20504", "zdi_id": "ZDI-23-1057" }, { "cve": null, "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-23-1056/advisory.json", "detail_path": "advisories/ZDI-23-1056", "id": "ZDI-23-1056", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability", "updated_date": "2023-08-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1056/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20771", "zdi_id": "ZDI-23-1056" }, { "cve": "CVE-2023-29377", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-1055/advisory.json", "detail_path": "advisories/ZDI-23-1055", "id": "ZDI-23-1055", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1055/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20550", "zdi_id": "ZDI-23-1055" }, { "cve": "CVE-2023-27334", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA...", "detail_json": "/data/advisories/ZDI-23-1054/advisory.json", "detail_path": "advisories/ZDI-23-1054", "id": "ZDI-23-1054", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "(Pwn2Own) Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1054/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-20498", "zdi_id": "ZDI-23-1054" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the REST SDK....", "detail_json": "/data/advisories/ZDI-23-1053/advisory.json", "detail_path": "advisories/ZDI-23-1053", "id": "ZDI-23-1053", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "Western Digital MyCloud PR4100 REST SDK Use of Potentially Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1053/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19746", "zdi_id": "ZDI-23-1053" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger cla...", "detail_json": "/data/advisories/ZDI-23-1052/advisory.json", "detail_path": "advisories/ZDI-23-1052", "id": "ZDI-23-1052", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1052/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19745", "zdi_id": "ZDI-23-1052" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the CGI API. T...", "detail_json": "/data/advisories/ZDI-23-1051/advisory.json", "detail_path": "advisories/ZDI-23-1051", "id": "ZDI-23-1051", "kind": "published", "published_date": "2023-08-09", "status": "published", "title": "Western Digital MyCloud PR4100 CGI API Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1051/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19678", "zdi_id": "ZDI-23-1051" }, { "cve": "CVE-2023-39477", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA...", "detail_json": "/data/advisories/ZDI-23-1050/advisory.json", "detail_path": "advisories/ZDI-23-1050", "id": "ZDI-23-1050", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) (Pwn2Own) Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": "2023-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1050/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20499", "zdi_id": "ZDI-23-1050" }, { "cve": "CVE-2023-39474", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific fla...", "detail_json": "/data/advisories/ZDI-23-1049/advisory.json", "detail_path": "advisories/ZDI-23-1049", "id": "ZDI-23-1049", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability", "updated_date": "2023-08-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1049/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-19915", "zdi_id": "ZDI-23-1049" }, { "cve": "CVE-2023-39472", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the SimpleXMLReader class. Due t...", "detail_json": "/data/advisories/ZDI-23-1048/advisory.json", "detail_path": "advisories/ZDI-23-1048", "id": "ZDI-23-1048", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2023-08-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1048/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17571", "zdi_id": "ZDI-23-1048" }, { "cve": "CVE-2023-39475", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ParameterVersionJavaSerializatio...", "detail_json": "/data/advisories/ZDI-23-1047/advisory.json", "detail_path": "advisories/ZDI-23-1047", "id": "ZDI-23-1047", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2023-08-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1047/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20290", "zdi_id": "ZDI-23-1047" }, { "cve": "CVE-2023-39476", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JavaSerializationCodec class. Th...", "detail_json": "/data/advisories/ZDI-23-1046/advisory.json", "detail_path": "advisories/ZDI-23-1046", "id": "ZDI-23-1046", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2023-08-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1046/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20291", "zdi_id": "ZDI-23-1046" }, { "cve": "CVE-2023-39473", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the AbstractGatewayFunction class. The i...", "detail_json": "/data/advisories/ZDI-23-1045/advisory.json", "detail_path": "advisories/ZDI-23-1045", "id": "ZDI-23-1045", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2023-08-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1045/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17587", "zdi_id": "ZDI-23-1045" }, { "cve": null, "cvss": 9.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application doe...", "detail_json": "/data/advisories/ZDI-23-1044/advisory.json", "detail_path": "advisories/ZDI-23-1044", "id": "ZDI-23-1044", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": "2024-05-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20784", "zdi_id": "ZDI-23-1044" }, { "cve": "CVE-2022-46300", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1043/advisory.json", "detail_path": "advisories/ZDI-23-1043", "id": "ZDI-23-1043", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base VBASE-Editor GestureConfigurations File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1043/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18903", "zdi_id": "ZDI-23-1043" }, { "cve": "CVE-2022-41696", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1042/advisory.json", "detail_path": "advisories/ZDI-23-1042", "id": "ZDI-23-1042", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base FB.XML File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1042/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-19107", "zdi_id": "ZDI-23-1042" }, { "cve": "CVE-2022-43512", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1041/advisory.json", "detail_path": "advisories/ZDI-23-1041", "id": "ZDI-23-1041", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base DBConnections File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1041/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18906", "zdi_id": "ZDI-23-1041" }, { "cve": "CVE-2022-45121", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1040/advisory.json", "detail_path": "advisories/ZDI-23-1040", "id": "ZDI-23-1040", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base FB File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1040/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18907", "zdi_id": "ZDI-23-1040" }, { "cve": "CVE-2022-45468", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1039/advisory.json", "detail_path": "advisories/ZDI-23-1039", "id": "ZDI-23-1039", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base VBASE-Editor LayerSettings File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1039/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18904", "zdi_id": "ZDI-23-1039" }, { "cve": "CVE-2022-45876", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1038/advisory.json", "detail_path": "advisories/ZDI-23-1038", "id": "ZDI-23-1038", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base VBASE-Editor ProjektInfo File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1038/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18877", "zdi_id": "ZDI-23-1038" }, { "cve": "CVE-2022-46286", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1037/advisory.json", "detail_path": "advisories/ZDI-23-1037", "id": "ZDI-23-1037", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "VBASE VISAM Automation Base VBASE-Editor WebRemote File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1037/", "vendor": "VBASE", "vendor_url": null, "zdi_can": "ZDI-CAN-18905", "zdi_id": "ZDI-23-1037" }, { "cve": "CVE-2023-39468", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileT...", "detail_json": "/data/advisories/ZDI-23-1036/advisory.json", "detail_path": "advisories/ZDI-23-1036", "id": "ZDI-23-1036", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20799", "zdi_id": "ZDI-23-1036" }, { "cve": "CVE-2023-39467", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration o...", "detail_json": "/data/advisories/ZDI-23-1035/advisory.json", "detail_path": "advisories/ZDI-23-1035", "id": "ZDI-23-1035", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20798", "zdi_id": "ZDI-23-1035" }, { "cve": "CVE-2023-39466", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endp...", "detail_json": "/data/advisories/ZDI-23-1034/advisory.json", "detail_path": "advisories/ZDI-23-1034", "id": "ZDI-23-1034", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20797", "zdi_id": "ZDI-23-1034" }, { "cve": "CVE-2023-39465", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class...", "detail_json": "/data/advisories/ZDI-23-1033/advisory.json", "detail_path": "advisories/ZDI-23-1033", "id": "ZDI-23-1033", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20615", "zdi_id": "ZDI-23-1033" }, { "cve": "CVE-2023-39464", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-23-1032/advisory.json", "detail_path": "advisories/ZDI-23-1032", "id": "ZDI-23-1032", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20538", "zdi_id": "ZDI-23-1032" }, { "cve": "CVE-2023-39463", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-1031/advisory.json", "detail_path": "advisories/ZDI-23-1031", "id": "ZDI-23-1031", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20537", "zdi_id": "ZDI-23-1031" }, { "cve": "CVE-2023-39462", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-1030/advisory.json", "detail_path": "advisories/ZDI-23-1030", "id": "ZDI-23-1030", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20536", "zdi_id": "ZDI-23-1030" }, { "cve": "CVE-2023-39461", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-1029/advisory.json", "detail_path": "advisories/ZDI-23-1029", "id": "ZDI-23-1029", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20535", "zdi_id": "ZDI-23-1029" }, { "cve": "CVE-2023-39460", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-1028/advisory.json", "detail_path": "advisories/ZDI-23-1028", "id": "ZDI-23-1028", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20534", "zdi_id": "ZDI-23-1028" }, { "cve": "CVE-2023-39459", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-1027/advisory.json", "detail_path": "advisories/ZDI-23-1027", "id": "ZDI-23-1027", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20531", "zdi_id": "ZDI-23-1027" }, { "cve": "CVE-2023-39458", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ce...", "detail_json": "/data/advisories/ZDI-23-1026/advisory.json", "detail_path": "advisories/ZDI-23-1026", "id": "ZDI-23-1026", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20509", "zdi_id": "ZDI-23-1026" }, { "cve": "CVE-2023-39457", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authenticat...", "detail_json": "/data/advisories/ZDI-23-1025/advisory.json", "detail_path": "advisories/ZDI-23-1025", "id": "ZDI-23-1025", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-20501", "zdi_id": "ZDI-23-1025" }, { "cve": "CVE-2023-30985", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-1024/advisory.json", "detail_path": "advisories/ZDI-23-1024", "id": "ZDI-23-1024", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1024/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19426", "zdi_id": "ZDI-23-1024" }, { "cve": "CVE-2023-30986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1023/advisory.json", "detail_path": "advisories/ZDI-23-1023", "id": "ZDI-23-1023", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Siemens Solid Edge Viewer STP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1023/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19561", "zdi_id": "ZDI-23-1023" }, { "cve": "CVE-2023-0973", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-1022/advisory.json", "detail_path": "advisories/ZDI-23-1022", "id": "ZDI-23-1022", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Siemens Solid Edge Viewer IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1022/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19429", "zdi_id": "ZDI-23-1022" }, { "cve": "CVE-2022-4634", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-1021/advisory.json", "detail_path": "advisories/ZDI-23-1021", "id": "ZDI-23-1021", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Delta Industrial Automation CNCSoft DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1021/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-18014", "zdi_id": "ZDI-23-1021" }, { "cve": "CVE-2023-32358", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-1020/advisory.json", "detail_path": "advisories/ZDI-23-1020", "id": "ZDI-23-1020", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Apple Safari PDF Plugin Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1020/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-19331", "zdi_id": "ZDI-23-1020" }, { "cve": "CVE-2023-38421", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-23-1019/advisory.json", "detail_path": "advisories/ZDI-23-1019", "id": "ZDI-23-1019", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Apple macOS Hydra Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1019/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-21503", "zdi_id": "ZDI-23-1019" }, { "cve": "CVE-2023-28198", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-1018/advisory.json", "detail_path": "advisories/ZDI-23-1018", "id": "ZDI-23-1018", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1018/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-19555", "zdi_id": "ZDI-23-1018" }, { "cve": "CVE-2023-35803", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Extreme Networks AP410C routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ah_acsd service, whi...", "detail_json": "/data/advisories/ZDI-23-1017/advisory.json", "detail_path": "advisories/ZDI-23-1017", "id": "ZDI-23-1017", "kind": "published", "published_date": "2023-08-04", "status": "published", "title": "Extreme Networks AP410C Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1017/", "vendor": "Extreme Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-19695", "zdi_id": "ZDI-23-1017" }, { "cve": "CVE-2023-3670", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of CODESYS Development System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-1016/advisory.json", "detail_path": "advisories/ZDI-23-1016", "id": "ZDI-23-1016", "kind": "published", "published_date": "2023-08-03", "status": "published", "title": "CODESYS Development System Exposure of Resource to Wrong Sphere Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1016/", "vendor": "CODESYS", "vendor_url": null, "zdi_can": "ZDI-CAN-20295", "zdi_id": "ZDI-23-1016" }, { "cve": "CVE-2023-38124", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ignition Gateway server. The issue r...", "detail_json": "/data/advisories/ZDI-23-1015/advisory.json", "detail_path": "advisories/ZDI-23-1015", "id": "ZDI-23-1015", "kind": "published", "published_date": "2023-08-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1015/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20541", "zdi_id": "ZDI-23-1015" }, { "cve": "CVE-2023-38123", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-1014/advisory.json", "detail_path": "advisories/ZDI-23-1014", "id": "ZDI-23-1014", "kind": "published", "published_date": "2023-08-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1014/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20540", "zdi_id": "ZDI-23-1014" }, { "cve": "CVE-2023-38122", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-23-1013/advisory.json", "detail_path": "advisories/ZDI-23-1013", "id": "ZDI-23-1013", "kind": "published", "published_date": "2023-08-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1013/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20539", "zdi_id": "ZDI-23-1013" }, { "cve": "CVE-2023-38121", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-1012/advisory.json", "detail_path": "advisories/ZDI-23-1012", "id": "ZDI-23-1012", "kind": "published", "published_date": "2023-08-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1012/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20355", "zdi_id": "ZDI-23-1012" }, { "cve": "CVE-2023-3825", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of PTC KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of variant types. By se...", "detail_json": "/data/advisories/ZDI-23-1011/advisory.json", "detail_path": "advisories/ZDI-23-1011", "id": "ZDI-23-1011", "kind": "published", "published_date": "2023-07-31", "status": "published", "title": "(Pwn2Own) PTC KEPServerEX Variant Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1011/", "vendor": "PTC", "vendor_url": null, "zdi_can": "ZDI-CAN-20500", "zdi_id": "ZDI-23-1011" }, { "cve": "CVE-2023-38120", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fl...", "detail_json": "/data/advisories/ZDI-23-1010/advisory.json", "detail_path": "advisories/ZDI-23-1010", "id": "ZDI-23-1010", "kind": "published", "published_date": "2023-07-28", "status": "published", "title": "Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1010/", "vendor": "Adtran", "vendor_url": null, "zdi_can": "ZDI-CAN-20525", "zdi_id": "ZDI-23-1010" }, { "cve": "CVE-2023-2640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-1009/advisory.json", "detail_path": "advisories/ZDI-23-1009", "id": "ZDI-23-1009", "kind": "published", "published_date": "2023-07-28", "status": "published", "title": "Canonical Ubuntu OverlayFS File System Missing Authorization Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1009/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-20913", "zdi_id": "ZDI-23-1009" }, { "cve": "CVE-2023-38104", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1008/advisory.json", "detail_path": "advisories/ZDI-23-1008", "id": "ZDI-23-1008", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1008/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-21444", "zdi_id": "ZDI-23-1008" }, { "cve": "CVE-2023-38103", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-1007/advisory.json", "detail_path": "advisories/ZDI-23-1007", "id": "ZDI-23-1007", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1007/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-21443", "zdi_id": "ZDI-23-1007" }, { "cve": "CVE-2023-33225", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the SendHttpRequest action. The issue result...", "detail_json": "/data/advisories/ZDI-23-1006/advisory.json", "detail_path": "advisories/ZDI-23-1006", "id": "ZDI-23-1006", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "SolarWinds Orion Platform SendHttpRequest Missing Authorization Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1006/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21090", "zdi_id": "ZDI-23-1006" }, { "cve": "CVE-2023-33224", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issu...", "detail_json": "/data/advisories/ZDI-23-1005/advisory.json", "detail_path": "advisories/ZDI-23-1005", "id": "ZDI-23-1005", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "SolarWinds Orion Platform UpdateActionsProperties Incorrect Behavior Order Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1005/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21105", "zdi_id": "ZDI-23-1005" }, { "cve": "CVE-2023-23844", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue...", "detail_json": "/data/advisories/ZDI-23-1004/advisory.json", "detail_path": "advisories/ZDI-23-1004", "id": "ZDI-23-1004", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability", "updated_date": "2023-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1004/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21095", "zdi_id": "ZDI-23-1004" }, { "cve": "CVE-2023-23843", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issu...", "detail_json": "/data/advisories/ZDI-23-1003/advisory.json", "detail_path": "advisories/ZDI-23-1003", "id": "ZDI-23-1003", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "SolarWinds Orion Platform UpdateActionsProperties Incorrect Comparison Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1003/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-21096", "zdi_id": "ZDI-23-1003" }, { "cve": "CVE-2023-23842", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the VulnDownloader class. The...", "detail_json": "/data/advisories/ZDI-23-1002/advisory.json", "detail_path": "advisories/ZDI-23-1002", "id": "ZDI-23-1002", "kind": "published", "published_date": "2023-07-27", "status": "published", "title": "SolarWinds Network Configuration Manager VulnDownloader Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1002/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-20995", "zdi_id": "ZDI-23-1002" }, { "cve": "CVE-2023-38627", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTXSO module. The issue results...", "detail_json": "/data/advisories/ZDI-23-1001/advisory.json", "detail_path": "advisories/ZDI-23-1001", "id": "ZDI-23-1001", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Trend Micro Apex Central modTXSO Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1001/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20329", "zdi_id": "ZDI-23-1001" }, { "cve": "CVE-2023-38626", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. T...", "detail_json": "/data/advisories/ZDI-23-1000/advisory.json", "detail_path": "advisories/ZDI-23-1000", "id": "ZDI-23-1000", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1000/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19872", "zdi_id": "ZDI-23-1000" }, { "cve": "CVE-2023-38625", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modDeepSecurity module. The issue...", "detail_json": "/data/advisories/ZDI-23-999/advisory.json", "detail_path": "advisories/ZDI-23-999", "id": "ZDI-23-999", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Trend Micro Apex Central modDeepSecurity Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-999/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19871", "zdi_id": "ZDI-23-999" }, { "cve": "CVE-2023-38624", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTMSL module. The issue results...", "detail_json": "/data/advisories/ZDI-23-998/advisory.json", "detail_path": "advisories/ZDI-23-998", "id": "ZDI-23-998", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Trend Micro Apex Central modTMSL Server-Side Request Forgery Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-998/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19870", "zdi_id": "ZDI-23-998" }, { "cve": "CVE-2023-38119", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-997/advisory.json", "detail_path": "advisories/ZDI-23-997", "id": "ZDI-23-997", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-997/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21326", "zdi_id": "ZDI-23-997" }, { "cve": "CVE-2023-38118", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-996/advisory.json", "detail_path": "advisories/ZDI-23-996", "id": "ZDI-23-996", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-996/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21325", "zdi_id": "ZDI-23-996" }, { "cve": "CVE-2023-38117", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-995/advisory.json", "detail_path": "advisories/ZDI-23-995", "id": "ZDI-23-995", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-995/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21293", "zdi_id": "ZDI-23-995" }, { "cve": "CVE-2023-38116", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-994/advisory.json", "detail_path": "advisories/ZDI-23-994", "id": "ZDI-23-994", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-994/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21292", "zdi_id": "ZDI-23-994" }, { "cve": "CVE-2023-38115", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-993/advisory.json", "detail_path": "advisories/ZDI-23-993", "id": "ZDI-23-993", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-993/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21256", "zdi_id": "ZDI-23-993" }, { "cve": "CVE-2023-38114", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-992/advisory.json", "detail_path": "advisories/ZDI-23-992", "id": "ZDI-23-992", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-992/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21085", "zdi_id": "ZDI-23-992" }, { "cve": "CVE-2023-38113", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-991/advisory.json", "detail_path": "advisories/ZDI-23-991", "id": "ZDI-23-991", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-991/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21083", "zdi_id": "ZDI-23-991" }, { "cve": "CVE-2023-38112", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-990/advisory.json", "detail_path": "advisories/ZDI-23-990", "id": "ZDI-23-990", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-990/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21062", "zdi_id": "ZDI-23-990" }, { "cve": "CVE-2023-38111", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-989/advisory.json", "detail_path": "advisories/ZDI-23-989", "id": "ZDI-23-989", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-989/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21025", "zdi_id": "ZDI-23-989" }, { "cve": "CVE-2023-38110", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-988/advisory.json", "detail_path": "advisories/ZDI-23-988", "id": "ZDI-23-988", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-988/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21023", "zdi_id": "ZDI-23-988" }, { "cve": "CVE-2023-38109", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-987/advisory.json", "detail_path": "advisories/ZDI-23-987", "id": "ZDI-23-987", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-987/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21022", "zdi_id": "ZDI-23-987" }, { "cve": "CVE-2023-38108", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-986/advisory.json", "detail_path": "advisories/ZDI-23-986", "id": "ZDI-23-986", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-986/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21020", "zdi_id": "ZDI-23-986" }, { "cve": "CVE-2023-38107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-985/advisory.json", "detail_path": "advisories/ZDI-23-985", "id": "ZDI-23-985", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-985/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21019", "zdi_id": "ZDI-23-985" }, { "cve": "CVE-2023-38106", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-984/advisory.json", "detail_path": "advisories/ZDI-23-984", "id": "ZDI-23-984", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-984/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21018", "zdi_id": "ZDI-23-984" }, { "cve": "CVE-2023-38105", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-983/advisory.json", "detail_path": "advisories/ZDI-23-983", "id": "ZDI-23-983", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-983/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-21017", "zdi_id": "ZDI-23-983" }, { "cve": "CVE-2023-22018", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication may or may not be required to exploit this vulnerability, depending upon product configuration. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-23-982/advisory.json", "detail_path": "advisories/ZDI-23-982", "id": "ZDI-23-982", "kind": "published", "published_date": "2023-07-26", "status": "published", "title": "Oracle VirtualBox VRDP Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-982/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-21259", "zdi_id": "ZDI-23-982" }, { "cve": "CVE-2023-3867", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-23-981/advisory.json", "detail_path": "advisories/ZDI-23-981", "id": "ZDI-23-981", "kind": "published", "published_date": "2023-07-20", "status": "published", "title": "Linux Kernel ksmbd Session Setup Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-981/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21355", "zdi_id": "ZDI-23-981" }, { "cve": "CVE-2023-3865", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd...", "detail_json": "/data/advisories/ZDI-23-980/advisory.json", "detail_path": "advisories/ZDI-23-980", "id": "ZDI-23-980", "kind": "published", "published_date": "2023-07-28", "status": "published", "title": "Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-980/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21164", "zdi_id": "ZDI-23-980" }, { "cve": "CVE-2023-3866", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-979/advisory.json", "detail_path": "advisories/ZDI-23-979", "id": "ZDI-23-979", "kind": "published", "published_date": "2023-07-28", "status": "published", "title": "Linux Kernel ksmbd Chained Request NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": "2024-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-979/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-21165", "zdi_id": "ZDI-23-979" }, { "cve": "CVE-2023-34394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-978/advisory.json", "detail_path": "advisories/ZDI-23-978", "id": "ZDI-23-978", "kind": "published", "published_date": "2023-07-19", "status": "published", "title": "KeySight N6841A RF Sensor deleteEmbeddedApp Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-978/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-19118", "zdi_id": "ZDI-23-978" }, { "cve": "CVE-2023-34394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-977/advisory.json", "detail_path": "advisories/ZDI-23-977", "id": "ZDI-23-977", "kind": "published", "published_date": "2023-07-19", "status": "published", "title": "KeySight N6841A RF Sensor deleteFirmwarePackage Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-977/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-19097", "zdi_id": "ZDI-23-977" }, { "cve": "CVE-2023-34394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-976/advisory.json", "detail_path": "advisories/ZDI-23-976", "id": "ZDI-23-976", "kind": "published", "published_date": "2023-07-19", "status": "published", "title": "KeySight N6841A RF Sensor addFirmwarePackage Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-976/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-19096", "zdi_id": "ZDI-23-976" }, { "cve": "CVE-2023-36853", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-975/advisory.json", "detail_path": "advisories/ZDI-23-975", "id": "ZDI-23-975", "kind": "published", "published_date": "2023-07-19", "status": "published", "title": "KeySight N6841A RF Sensor smsRestoreDatabaseZip Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-975/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-19095", "zdi_id": "ZDI-23-975" }, { "cve": "CVE-2023-34394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-974/advisory.json", "detail_path": "advisories/ZDI-23-974", "id": "ZDI-23-974", "kind": "published", "published_date": "2023-07-19", "status": "published", "title": "KeySight N6841A RF Sensor removeLicenseFile Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-974/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-18753", "zdi_id": "ZDI-23-974" }, { "cve": "CVE-2023-32157", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-23-973/advisory.json", "detail_path": "advisories/ZDI-23-973", "id": "ZDI-23-973", "kind": "published", "published_date": "2023-07-18", "status": "published", "title": "(Pwn2Own) Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-973/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-20737", "zdi_id": "ZDI-23-973" }, { "cve": "CVE-2023-32156", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-23-972/advisory.json", "detail_path": "advisories/ZDI-23-972", "id": "ZDI-23-972", "kind": "published", "published_date": "2023-07-18", "status": "published", "title": "(Pwn2Own) Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-972/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-20734", "zdi_id": "ZDI-23-972" }, { "cve": "CVE-2023-32155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this vulnerability. The specific flaw exists within the bc...", "detail_json": "/data/advisories/ZDI-23-971/advisory.json", "detail_path": "advisories/ZDI-23-971", "id": "ZDI-23-971", "kind": "published", "published_date": "2023-07-18", "status": "published", "title": "(Pwn2Own) Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-971/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-20733", "zdi_id": "ZDI-23-971" }, { "cve": "CVE-2023-35734", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-970/advisory.json", "detail_path": "advisories/ZDI-23-970", "id": "ZDI-23-970", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "(0Day) Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2023-08-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-970/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21405", "zdi_id": "ZDI-23-970" }, { "cve": "CVE-2023-38091", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-969/advisory.json", "detail_path": "advisories/ZDI-23-969", "id": "ZDI-23-969", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-969/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20601", "zdi_id": "ZDI-23-969" }, { "cve": "CVE-2023-38094", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-968/advisory.json", "detail_path": "advisories/ZDI-23-968", "id": "ZDI-23-968", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-968/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20605", "zdi_id": "ZDI-23-968" }, { "cve": "CVE-2023-38093", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-967/advisory.json", "detail_path": "advisories/ZDI-23-967", "id": "ZDI-23-967", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF saveAs Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-967/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20604", "zdi_id": "ZDI-23-967" }, { "cve": "CVE-2023-38092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-966/advisory.json", "detail_path": "advisories/ZDI-23-966", "id": "ZDI-23-966", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF importDataObject Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-966/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20603", "zdi_id": "ZDI-23-966" }, { "cve": "CVE-2023-38090", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-965/advisory.json", "detail_path": "advisories/ZDI-23-965", "id": "ZDI-23-965", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF popUpMenu Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-965/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20588", "zdi_id": "ZDI-23-965" }, { "cve": "CVE-2023-38088", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-964/advisory.json", "detail_path": "advisories/ZDI-23-964", "id": "ZDI-23-964", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-964/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20566", "zdi_id": "ZDI-23-964" }, { "cve": "CVE-2023-38087", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-963/advisory.json", "detail_path": "advisories/ZDI-23-963", "id": "ZDI-23-963", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF clearTimeOut Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-963/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20560", "zdi_id": "ZDI-23-963" }, { "cve": "CVE-2023-38089", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-962/advisory.json", "detail_path": "advisories/ZDI-23-962", "id": "ZDI-23-962", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-962/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20567", "zdi_id": "ZDI-23-962" }, { "cve": "CVE-2023-38083", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-961/advisory.json", "detail_path": "advisories/ZDI-23-961", "id": "ZDI-23-961", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-961/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20489", "zdi_id": "ZDI-23-961" }, { "cve": "CVE-2023-38082", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-960/advisory.json", "detail_path": "advisories/ZDI-23-960", "id": "ZDI-23-960", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-960/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20488", "zdi_id": "ZDI-23-960" }, { "cve": "CVE-2023-38081", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-959/advisory.json", "detail_path": "advisories/ZDI-23-959", "id": "ZDI-23-959", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-959/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20487", "zdi_id": "ZDI-23-959" }, { "cve": "CVE-2023-38080", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-958/advisory.json", "detail_path": "advisories/ZDI-23-958", "id": "ZDI-23-958", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-958/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20486", "zdi_id": "ZDI-23-958" }, { "cve": "CVE-2023-38079", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-957/advisory.json", "detail_path": "advisories/ZDI-23-957", "id": "ZDI-23-957", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-957/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20485", "zdi_id": "ZDI-23-957" }, { "cve": "CVE-2023-38078", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-956/advisory.json", "detail_path": "advisories/ZDI-23-956", "id": "ZDI-23-956", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-956/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20472", "zdi_id": "ZDI-23-956" }, { "cve": "CVE-2023-38077", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-955/advisory.json", "detail_path": "advisories/ZDI-23-955", "id": "ZDI-23-955", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-955/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20471", "zdi_id": "ZDI-23-955" }, { "cve": "CVE-2023-37359", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-954/advisory.json", "detail_path": "advisories/ZDI-23-954", "id": "ZDI-23-954", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-954/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20470", "zdi_id": "ZDI-23-954" }, { "cve": "CVE-2023-37358", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-953/advisory.json", "detail_path": "advisories/ZDI-23-953", "id": "ZDI-23-953", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-953/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20469", "zdi_id": "ZDI-23-953" }, { "cve": "CVE-2023-37357", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-952/advisory.json", "detail_path": "advisories/ZDI-23-952", "id": "ZDI-23-952", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-952/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20468", "zdi_id": "ZDI-23-952" }, { "cve": "CVE-2023-37356", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-951/advisory.json", "detail_path": "advisories/ZDI-23-951", "id": "ZDI-23-951", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-951/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20461", "zdi_id": "ZDI-23-951" }, { "cve": "CVE-2023-37355", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-950/advisory.json", "detail_path": "advisories/ZDI-23-950", "id": "ZDI-23-950", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JPG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-950/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20460", "zdi_id": "ZDI-23-950" }, { "cve": "CVE-2023-37354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-949/advisory.json", "detail_path": "advisories/ZDI-23-949", "id": "ZDI-23-949", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-949/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20458", "zdi_id": "ZDI-23-949" }, { "cve": "CVE-2023-37353", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-948/advisory.json", "detail_path": "advisories/ZDI-23-948", "id": "ZDI-23-948", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-948/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20455", "zdi_id": "ZDI-23-948" }, { "cve": "CVE-2023-37352", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-947/advisory.json", "detail_path": "advisories/ZDI-23-947", "id": "ZDI-23-947", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-947/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20454", "zdi_id": "ZDI-23-947" }, { "cve": "CVE-2023-37351", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-946/advisory.json", "detail_path": "advisories/ZDI-23-946", "id": "ZDI-23-946", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-946/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20453", "zdi_id": "ZDI-23-946" }, { "cve": "CVE-2023-37350", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-945/advisory.json", "detail_path": "advisories/ZDI-23-945", "id": "ZDI-23-945", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-945/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20452", "zdi_id": "ZDI-23-945" }, { "cve": "CVE-2023-37349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-944/advisory.json", "detail_path": "advisories/ZDI-23-944", "id": "ZDI-23-944", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-944/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20451", "zdi_id": "ZDI-23-944" }, { "cve": "CVE-2023-37348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-943/advisory.json", "detail_path": "advisories/ZDI-23-943", "id": "ZDI-23-943", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-943/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20445", "zdi_id": "ZDI-23-943" }, { "cve": "CVE-2023-37347", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-942/advisory.json", "detail_path": "advisories/ZDI-23-942", "id": "ZDI-23-942", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-942/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20444", "zdi_id": "ZDI-23-942" }, { "cve": "CVE-2023-37346", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-941/advisory.json", "detail_path": "advisories/ZDI-23-941", "id": "ZDI-23-941", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-941/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20443", "zdi_id": "ZDI-23-941" }, { "cve": "CVE-2023-37345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-940/advisory.json", "detail_path": "advisories/ZDI-23-940", "id": "ZDI-23-940", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-940/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20442", "zdi_id": "ZDI-23-940" }, { "cve": "CVE-2023-37344", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-939/advisory.json", "detail_path": "advisories/ZDI-23-939", "id": "ZDI-23-939", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-939/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20441", "zdi_id": "ZDI-23-939" }, { "cve": "CVE-2023-37343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-938/advisory.json", "detail_path": "advisories/ZDI-23-938", "id": "ZDI-23-938", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-938/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20440", "zdi_id": "ZDI-23-938" }, { "cve": "CVE-2023-37342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-937/advisory.json", "detail_path": "advisories/ZDI-23-937", "id": "ZDI-23-937", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-937/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20439", "zdi_id": "ZDI-23-937" }, { "cve": "CVE-2023-37341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-936/advisory.json", "detail_path": "advisories/ZDI-23-936", "id": "ZDI-23-936", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-936/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20397", "zdi_id": "ZDI-23-936" }, { "cve": "CVE-2023-37340", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-935/advisory.json", "detail_path": "advisories/ZDI-23-935", "id": "ZDI-23-935", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-935/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20396", "zdi_id": "ZDI-23-935" }, { "cve": "CVE-2023-37339", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-934/advisory.json", "detail_path": "advisories/ZDI-23-934", "id": "ZDI-23-934", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-934/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20395", "zdi_id": "ZDI-23-934" }, { "cve": "CVE-2023-37338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-933/advisory.json", "detail_path": "advisories/ZDI-23-933", "id": "ZDI-23-933", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-933/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20394", "zdi_id": "ZDI-23-933" }, { "cve": "CVE-2023-37337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-932/advisory.json", "detail_path": "advisories/ZDI-23-932", "id": "ZDI-23-932", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-932/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20393", "zdi_id": "ZDI-23-932" }, { "cve": "CVE-2023-37336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-931/advisory.json", "detail_path": "advisories/ZDI-23-931", "id": "ZDI-23-931", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-931/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20392", "zdi_id": "ZDI-23-931" }, { "cve": "CVE-2023-37335", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-930/advisory.json", "detail_path": "advisories/ZDI-23-930", "id": "ZDI-23-930", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-930/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20391", "zdi_id": "ZDI-23-930" }, { "cve": "CVE-2023-37334", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-929/advisory.json", "detail_path": "advisories/ZDI-23-929", "id": "ZDI-23-929", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-929/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20390", "zdi_id": "ZDI-23-929" }, { "cve": "CVE-2023-37333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-928/advisory.json", "detail_path": "advisories/ZDI-23-928", "id": "ZDI-23-928", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-928/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20389", "zdi_id": "ZDI-23-928" }, { "cve": "CVE-2023-37332", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-927/advisory.json", "detail_path": "advisories/ZDI-23-927", "id": "ZDI-23-927", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PNG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-927/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20388", "zdi_id": "ZDI-23-927" }, { "cve": "CVE-2023-37331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-926/advisory.json", "detail_path": "advisories/ZDI-23-926", "id": "ZDI-23-926", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF GIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-926/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20373", "zdi_id": "ZDI-23-926" }, { "cve": "CVE-2023-37330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-925/advisory.json", "detail_path": "advisories/ZDI-23-925", "id": "ZDI-23-925", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-925/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20230", "zdi_id": "ZDI-23-925" }, { "cve": "CVE-2023-38085", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-924/advisory.json", "detail_path": "advisories/ZDI-23-924", "id": "ZDI-23-924", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-924/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20491", "zdi_id": "ZDI-23-924" }, { "cve": "CVE-2023-38084", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-923/advisory.json", "detail_path": "advisories/ZDI-23-923", "id": "ZDI-23-923", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-923/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20490", "zdi_id": "ZDI-23-923" }, { "cve": "CVE-2023-38086", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-922/advisory.json", "detail_path": "advisories/ZDI-23-922", "id": "ZDI-23-922", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-922/", "vendor": "Kofax", "vendor_url": null, "zdi_can": "ZDI-CAN-20529", "zdi_id": "ZDI-23-922" }, { "cve": "CVE-2023-38095", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-921/advisory.json", "detail_path": "advisories/ZDI-23-921", "id": "ZDI-23-921", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-921/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19717", "zdi_id": "ZDI-23-921" }, { "cve": "CVE-2023-38096", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor...", "detail_json": "/data/advisories/ZDI-23-920/advisory.json", "detail_path": "advisories/ZDI-23-920", "id": "ZDI-23-920", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-920/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19718", "zdi_id": "ZDI-23-920" }, { "cve": "CVE-2023-38097", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-919/advisory.json", "detail_path": "advisories/ZDI-23-919", "id": "ZDI-23-919", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-919/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19719", "zdi_id": "ZDI-23-919" }, { "cve": "CVE-2023-38098", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-918/advisory.json", "detail_path": "advisories/ZDI-23-918", "id": "ZDI-23-918", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-918/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19720", "zdi_id": "ZDI-23-918" }, { "cve": "CVE-2023-38099", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-917/advisory.json", "detail_path": "advisories/ZDI-23-917", "id": "ZDI-23-917", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-917/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19723", "zdi_id": "ZDI-23-917" }, { "cve": "CVE-2023-38100", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-916/advisory.json", "detail_path": "advisories/ZDI-23-916", "id": "ZDI-23-916", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-916/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19724", "zdi_id": "ZDI-23-916" }, { "cve": "CVE-2023-38101", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-23-915/advisory.json", "detail_path": "advisories/ZDI-23-915", "id": "ZDI-23-915", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-915/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19725", "zdi_id": "ZDI-23-915" }, { "cve": "CVE-2023-38102", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-914/advisory.json", "detail_path": "advisories/ZDI-23-914", "id": "ZDI-23-914", "kind": "published", "published_date": "2023-07-13", "status": "published", "title": "NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-914/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19726", "zdi_id": "ZDI-23-914" }, { "cve": "CVE-2023-32050", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-913/advisory.json", "detail_path": "advisories/ZDI-23-913", "id": "ZDI-23-913", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-913/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17704", "zdi_id": "ZDI-23-913" }, { "cve": "CVE-2023-2763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-912/advisory.json", "detail_path": "advisories/ZDI-23-912", "id": "ZDI-23-912", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Dassault Syst\u00e8mes SolidWorks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-912/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-20886", "zdi_id": "ZDI-23-912" }, { "cve": "CVE-2023-2763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-911/advisory.json", "detail_path": "advisories/ZDI-23-911", "id": "ZDI-23-911", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Dassault Syst\u00e8mes SolidWorks DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-911/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-20884", "zdi_id": "ZDI-23-911" }, { "cve": "CVE-2023-2763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-910/advisory.json", "detail_path": "advisories/ZDI-23-910", "id": "ZDI-23-910", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Dassault Syst\u00e8mes SolidWorks DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-910/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-20883", "zdi_id": "ZDI-23-910" }, { "cve": "CVE-2023-2762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-909/advisory.json", "detail_path": "advisories/ZDI-23-909", "id": "ZDI-23-909", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Dassault Syst\u00e8mes SolidWorks SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-909/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-20881", "zdi_id": "ZDI-23-909" }, { "cve": "CVE-2023-2763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst\ufffd\ufffdmes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-23-908/advisory.json", "detail_path": "advisories/ZDI-23-908", "id": "ZDI-23-908", "kind": "published", "published_date": "2023-07-12", "status": "published", "title": "Dassault Syst\u00e8mes SolidWorks DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-908/", "vendor": "Dassault Syst\u00e8mes", "vendor_url": null, "zdi_can": "ZDI-CAN-20882", "zdi_id": "ZDI-23-908" }, { "cve": "CVE-2023-26495", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-907/advisory.json", "detail_path": "advisories/ZDI-23-907", "id": "ZDI-23-907", "kind": "published", "published_date": "2023-07-10", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-907/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19432", "zdi_id": "ZDI-23-907" }, { "cve": "CVE-2023-34347", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gateway serv...", "detail_json": "/data/advisories/ZDI-23-906/advisory.json", "detail_path": "advisories/ZDI-23-906", "id": "ZDI-23-906", "kind": "published", "published_date": "2023-07-10", "status": "published", "title": "Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-906/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-20785", "zdi_id": "ZDI-23-906" }, { "cve": "CVE-2023-30765", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the modifyusergroup endpoint....", "detail_json": "/data/advisories/ZDI-23-905/advisory.json", "detail_path": "advisories/ZDI-23-905", "id": "ZDI-23-905", "kind": "published", "published_date": "2023-07-10", "status": "published", "title": "Delta Electronics InfraSuite Device Master modifyusergroup Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-905/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-20911", "zdi_id": "ZDI-23-905" }, { "cve": "CVE-2023-34316", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the gateway endpoin...", "detail_json": "/data/advisories/ZDI-23-904/advisory.json", "detail_path": "advisories/ZDI-23-904", "id": "ZDI-23-904", "kind": "published", "published_date": "2023-07-10", "status": "published", "title": "Delta Electronics InfraSuite Device Master APRunning Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-904/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-20606", "zdi_id": "ZDI-23-904" }, { "cve": "CVE-2023-37327", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-903/advisory.json", "detail_path": "advisories/ZDI-23-903", "id": "ZDI-23-903", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-903/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-20775", "zdi_id": "ZDI-23-903" }, { "cve": "CVE-2023-37329", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-902/advisory.json", "detail_path": "advisories/ZDI-23-902", "id": "ZDI-23-902", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-902/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-20968", "zdi_id": "ZDI-23-902" }, { "cve": "CVE-2023-37328", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-901/advisory.json", "detail_path": "advisories/ZDI-23-901", "id": "ZDI-23-901", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-901/", "vendor": "GStreamer", "vendor_url": null, "zdi_can": "ZDI-CAN-20994", "zdi_id": "ZDI-23-901" }, { "cve": "CVE-2023-35001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-900/advisory.json", "detail_path": "advisories/ZDI-23-900", "id": "ZDI-23-900", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "(Pwn2Own) Linux Kernel nftables Incorrect Pointer Scaling Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-900/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20721", "zdi_id": "ZDI-23-900" }, { "cve": "CVE-2023-31248", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-899/advisory.json", "detail_path": "advisories/ZDI-23-899", "id": "ZDI-23-899", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "(Pwn2Own) Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-899/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20717", "zdi_id": "ZDI-23-899" }, { "cve": "CVE-2023-1829", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-898/advisory.json", "detail_path": "advisories/ZDI-23-898", "id": "ZDI-23-898", "kind": "published", "published_date": "2023-07-06", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu tcindex Double-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-898/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-20667", "zdi_id": "ZDI-23-898" }, { "cve": "CVE-2023-36934", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A craft...", "detail_json": "/data/advisories/ZDI-23-897/advisory.json", "detail_path": "advisories/ZDI-23-897", "id": "ZDI-23-897", "kind": "published", "published_date": "2023-07-05", "status": "published", "title": "Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability", "updated_date": "2023-07-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-897/", "vendor": "Progress Software", "vendor_url": null, "zdi_can": "ZDI-CAN-21496", "zdi_id": "ZDI-23-897" }, { "cve": "CVE-2023-35718", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue resul...", "detail_json": "/data/advisories/ZDI-23-896/advisory.json", "detail_path": "advisories/ZDI-23-896", "id": "ZDI-23-896", "kind": "published", "published_date": "2023-07-05", "status": "published", "title": "D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-896/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20061", "zdi_id": "ZDI-23-896" }, { "cve": "CVE-2023-35717", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechan...", "detail_json": "/data/advisories/ZDI-23-895/advisory.json", "detail_path": "advisories/ZDI-23-895", "id": "ZDI-23-895", "kind": "published", "published_date": "2023-07-05", "status": "published", "title": "TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-895/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20484", "zdi_id": "ZDI-23-895" }, { "cve": "CVE-2023-35722", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of UPnP port mapping...", "detail_json": "/data/advisories/ZDI-23-894/advisory.json", "detail_path": "advisories/ZDI-23-894", "id": "ZDI-23-894", "kind": "published", "published_date": "2023-06-30", "status": "published", "title": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-894/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-20429", "zdi_id": "ZDI-23-894" }, { "cve": "CVE-2023-35721", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-23-893/advisory.json", "detail_path": "advisories/ZDI-23-893", "id": "ZDI-23-893", "kind": "published", "published_date": "2023-06-30", "status": "published", "title": "NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-893/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19981", "zdi_id": "ZDI-23-893" }, { "cve": "CVE-2023-35723", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction...", "detail_json": "/data/advisories/ZDI-23-892/advisory.json", "detail_path": "advisories/ZDI-23-892", "id": "ZDI-23-892", "kind": "published", "published_date": "2023-06-30", "status": "published", "title": "D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-892/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20983", "zdi_id": "ZDI-23-892" }, { "cve": "CVE-2023-35719", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Por...", "detail_json": "/data/advisories/ZDI-23-891/advisory.json", "detail_path": "advisories/ZDI-23-891", "id": "ZDI-23-891", "kind": "published", "published_date": "2023-06-21", "status": "published", "title": "(0Day) ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-17009", "zdi_id": "ZDI-23-891" }, { "cve": "CVE-2023-29539", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-890/advisory.json", "detail_path": "advisories/ZDI-23-890", "id": "ZDI-23-890", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-890/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20722", "zdi_id": "ZDI-23-890" }, { "cve": "CVE-2023-3001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-889/advisory.json", "detail_path": "advisories/ZDI-23-889", "id": "ZDI-23-889", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-889/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-20793", "zdi_id": "ZDI-23-889" }, { "cve": "CVE-2023-21618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-888/advisory.json", "detail_path": "advisories/ZDI-23-888", "id": "ZDI-23-888", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-888/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20963", "zdi_id": "ZDI-23-888" }, { "cve": "CVE-2023-29363", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of th...", "detail_json": "/data/advisories/ZDI-23-887/advisory.json", "detail_path": "advisories/ZDI-23-887", "id": "ZDI-23-887", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "Microsoft Windows PGM Invalid Transmission Group Size Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-887/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-21089", "zdi_id": "ZDI-23-887" }, { "cve": "CVE-2023-29361", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-886/advisory.json", "detail_path": "advisories/ZDI-23-886", "id": "ZDI-23-886", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft Windows cldflt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-886/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20736", "zdi_id": "ZDI-23-886" }, { "cve": "CVE-2023-29360", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-885/advisory.json", "detail_path": "advisories/ZDI-23-885", "id": "ZDI-23-885", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft Windows mskssrv Driver Untrusted Pointer Dereference Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-885/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20735", "zdi_id": "ZDI-23-885" }, { "cve": "CVE-2023-24954", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The speci...", "detail_json": "/data/advisories/ZDI-23-884/advisory.json", "detail_path": "advisories/ZDI-23-884", "id": "ZDI-23-884", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint userphoto Information Disclosure Vulnerability", "updated_date": "2023-06-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-884/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20748", "zdi_id": "ZDI-23-884" }, { "cve": "CVE-2023-24955", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-883/advisory.json", "detail_path": "advisories/ZDI-23-883", "id": "ZDI-23-883", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint GenerateProxyAssembly Code Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-883/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20749", "zdi_id": "ZDI-23-883" }, { "cve": "CVE-2023-29357", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ValidateTokenIssuer method. The issue resu...", "detail_json": "/data/advisories/ZDI-23-882/advisory.json", "detail_path": "advisories/ZDI-23-882", "id": "ZDI-23-882", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "(Pwn2Own) Microsoft SharePoint ValidateTokenIssuer Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability", "updated_date": "2024-10-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-882/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20716", "zdi_id": "ZDI-23-882" }, { "cve": "CVE-2023-32031", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the Command class. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-23-881/advisory.json", "detail_path": "advisories/ZDI-23-881", "id": "ZDI-23-881", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "Microsoft Exchange Command Class Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-881/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20807", "zdi_id": "ZDI-23-881" }, { "cve": "CVE-2023-28312", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-23-880/advisory.json", "detail_path": "advisories/ZDI-23-880", "id": "ZDI-23-880", "kind": "published", "published_date": "2023-06-16", "status": "published", "title": "Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-880/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19402", "zdi_id": "ZDI-23-880" }, { "cve": "CVE-2023-35716", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-879/advisory.json", "detail_path": "advisories/ZDI-23-879", "id": "ZDI-23-879", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-879/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20417", "zdi_id": "ZDI-23-879" }, { "cve": "CVE-2023-35715", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-878/advisory.json", "detail_path": "advisories/ZDI-23-878", "id": "ZDI-23-878", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-878/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20408", "zdi_id": "ZDI-23-878" }, { "cve": "CVE-2023-35714", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-877/advisory.json", "detail_path": "advisories/ZDI-23-877", "id": "ZDI-23-877", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-877/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18005", "zdi_id": "ZDI-23-877" }, { "cve": "CVE-2023-35713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-876/advisory.json", "detail_path": "advisories/ZDI-23-876", "id": "ZDI-23-876", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-876/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20201", "zdi_id": "ZDI-23-876" }, { "cve": "CVE-2023-35712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-875/advisory.json", "detail_path": "advisories/ZDI-23-875", "id": "ZDI-23-875", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-875/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20200", "zdi_id": "ZDI-23-875" }, { "cve": "CVE-2023-35711", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-874/advisory.json", "detail_path": "advisories/ZDI-23-874", "id": "ZDI-23-874", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-874/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-20189", "zdi_id": "ZDI-23-874" }, { "cve": "CVE-2023-35710", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-873/advisory.json", "detail_path": "advisories/ZDI-23-873", "id": "ZDI-23-873", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-873/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-19956", "zdi_id": "ZDI-23-873" }, { "cve": "CVE-2023-35709", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-872/advisory.json", "detail_path": "advisories/ZDI-23-872", "id": "ZDI-23-872", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-872/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-19928", "zdi_id": "ZDI-23-872" }, { "cve": "CVE-2023-34311", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-871/advisory.json", "detail_path": "advisories/ZDI-23-871", "id": "ZDI-23-871", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-871/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-19879", "zdi_id": "ZDI-23-871" }, { "cve": "CVE-2023-34310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-870/advisory.json", "detail_path": "advisories/ZDI-23-870", "id": "ZDI-23-870", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-870/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-19878", "zdi_id": "ZDI-23-870" }, { "cve": "CVE-2023-34309", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-869/advisory.json", "detail_path": "advisories/ZDI-23-869", "id": "ZDI-23-869", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-869/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-19876", "zdi_id": "ZDI-23-869" }, { "cve": "CVE-2023-34308", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-868/advisory.json", "detail_path": "advisories/ZDI-23-868", "id": "ZDI-23-868", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-868/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18913", "zdi_id": "ZDI-23-868" }, { "cve": "CVE-2023-34307", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-867/advisory.json", "detail_path": "advisories/ZDI-23-867", "id": "ZDI-23-867", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-867/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18910", "zdi_id": "ZDI-23-867" }, { "cve": "CVE-2023-34306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-866/advisory.json", "detail_path": "advisories/ZDI-23-866", "id": "ZDI-23-866", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-866/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18908", "zdi_id": "ZDI-23-866" }, { "cve": "CVE-2023-34305", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-865/advisory.json", "detail_path": "advisories/ZDI-23-865", "id": "ZDI-23-865", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-865/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18637", "zdi_id": "ZDI-23-865" }, { "cve": "CVE-2023-34304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-864/advisory.json", "detail_path": "advisories/ZDI-23-864", "id": "ZDI-23-864", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2025-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-864/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18006", "zdi_id": "ZDI-23-864" }, { "cve": "CVE-2023-34303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-863/advisory.json", "detail_path": "advisories/ZDI-23-863", "id": "ZDI-23-863", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-863/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17987", "zdi_id": "ZDI-23-863" }, { "cve": "CVE-2023-34302", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-862/advisory.json", "detail_path": "advisories/ZDI-23-862", "id": "ZDI-23-862", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2025-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-862/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17865", "zdi_id": "ZDI-23-862" }, { "cve": "CVE-2023-34301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-861/advisory.json", "detail_path": "advisories/ZDI-23-861", "id": "ZDI-23-861", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2025-02-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-861/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17909", "zdi_id": "ZDI-23-861" }, { "cve": "CVE-2023-34300", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-860/advisory.json", "detail_path": "advisories/ZDI-23-860", "id": "ZDI-23-860", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-860/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17948", "zdi_id": "ZDI-23-860" }, { "cve": "CVE-2023-34299", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-859/advisory.json", "detail_path": "advisories/ZDI-23-859", "id": "ZDI-23-859", "kind": "published", "published_date": "2023-06-15", "status": "published", "title": "(0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-859/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17910", "zdi_id": "ZDI-23-859" }, { "cve": "CVE-2023-34298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-23-858/advisory.json", "detail_path": "advisories/ZDI-23-858", "id": "ZDI-23-858", "kind": "published", "published_date": "2023-06-14", "status": "published", "title": "(0Day) Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858/", "vendor": "Pulse Secure", "vendor_url": null, "zdi_can": "ZDI-CAN-17687", "zdi_id": "ZDI-23-858" }, { "cve": "CVE-2023-32535", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-857/advisory.json", "detail_path": "advisories/ZDI-23-857", "id": "ZDI-23-857", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": "2023-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-857/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18867", "zdi_id": "ZDI-23-857" }, { "cve": "CVE-2023-34297", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-856/advisory.json", "detail_path": "advisories/ZDI-23-856", "id": "ZDI-23-856", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-856/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21127", "zdi_id": "ZDI-23-856" }, { "cve": "CVE-2023-34296", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-855/advisory.json", "detail_path": "advisories/ZDI-23-855", "id": "ZDI-23-855", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-855/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21126", "zdi_id": "ZDI-23-855" }, { "cve": "CVE-2023-34295", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-854/advisory.json", "detail_path": "advisories/ZDI-23-854", "id": "ZDI-23-854", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-854/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21125", "zdi_id": "ZDI-23-854" }, { "cve": "CVE-2023-34294", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-853/advisory.json", "detail_path": "advisories/ZDI-23-853", "id": "ZDI-23-853", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-853/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-21086", "zdi_id": "ZDI-23-853" }, { "cve": "CVE-2022-29842", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the account_m...", "detail_json": "/data/advisories/ZDI-23-852/advisory.json", "detail_path": "advisories/ZDI-23-852", "id": "ZDI-23-852", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 account_mgr Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-852/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-20003", "zdi_id": "ZDI-23-852" }, { "cve": "CVE-2022-36326", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-23-851/advisory.json", "detail_path": "advisories/ZDI-23-851", "id": "ZDI-23-851", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-851/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19856", "zdi_id": "ZDI-23-851" }, { "cve": "CVE-2022-29840", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK s...", "detail_json": "/data/advisories/ZDI-23-850/advisory.json", "detail_path": "advisories/ZDI-23-850", "id": "ZDI-23-850", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-850/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19767", "zdi_id": "ZDI-23-850" }, { "cve": "CVE-2022-29841", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-849/advisory.json", "detail_path": "advisories/ZDI-23-849", "id": "ZDI-23-849", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 do_reboot Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-849/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19607", "zdi_id": "ZDI-23-849" }, { "cve": "CVE-2022-36328", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create and read arbitrary files on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-23-848/advisory.json", "detail_path": "advisories/ZDI-23-848", "id": "ZDI-23-848", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 restsdk Directory Traversal Arbitrary File Read and Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-848/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19862", "zdi_id": "ZDI-23-848" }, { "cve": "CVE-2022-36331", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100 NAS devices. Some user interaction is required to exploit this vulnerability. The specific flaw exists within the way the device co...", "detail_json": "/data/advisories/ZDI-23-847/advisory.json", "detail_path": "advisories/ZDI-23-847", "id": "ZDI-23-847", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-847/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19861", "zdi_id": "ZDI-23-847" }, { "cve": "CVE-2022-36331", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation...", "detail_json": "/data/advisories/ZDI-23-846/advisory.json", "detail_path": "advisories/ZDI-23-846", "id": "ZDI-23-846", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-846/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19860", "zdi_id": "ZDI-23-846" }, { "cve": "CVE-2023-32413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-845/advisory.json", "detail_path": "advisories/ZDI-23-845", "id": "ZDI-23-845", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-845/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-20714", "zdi_id": "ZDI-23-845" }, { "cve": "CVE-2023-32375", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-23-844/advisory.json", "detail_path": "advisories/ZDI-23-844", "id": "ZDI-23-844", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Apple macOS Hydra USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-844/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-20222", "zdi_id": "ZDI-23-844" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S22 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-843/advisory.json", "detail_path": "advisories/ZDI-23-843", "id": "ZDI-23-843", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-843/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-19699", "zdi_id": "ZDI-23-843" }, { "cve": "CVE-2023-20889", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The...", "detail_json": "/data/advisories/ZDI-23-842/advisory.json", "detail_path": "advisories/ZDI-23-842", "id": "ZDI-23-842", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-842/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20778", "zdi_id": "ZDI-23-842" }, { "cve": "CVE-2023-20888", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNotifiedEvents method. The...", "detail_json": "/data/advisories/ZDI-23-841/advisory.json", "detail_path": "advisories/ZDI-23-841", "id": "ZDI-23-841", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "VMware Aria Operations for Networks getNotifiedEvents Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-841/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20612", "zdi_id": "ZDI-23-841" }, { "cve": "CVE-2023-20887", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Networks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle method...", "detail_json": "/data/advisories/ZDI-23-840/advisory.json", "detail_path": "advisories/ZDI-23-840", "id": "ZDI-23-840", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "VMware Aria Operations for Networks createSupportBundle Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-840/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-19980", "zdi_id": "ZDI-23-840" }, { "cve": "CVE-2023-34285", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telne...", "detail_json": "/data/advisories/ZDI-23-839/advisory.json", "detail_path": "advisories/ZDI-23-839", "id": "ZDI-23-839", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-839/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19918", "zdi_id": "ZDI-23-839" }, { "cve": "CVE-2023-34284", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The syste...", "detail_json": "/data/advisories/ZDI-23-838/advisory.json", "detail_path": "advisories/ZDI-23-838", "id": "ZDI-23-838", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-838/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19660", "zdi_id": "ZDI-23-838" }, { "cve": "CVE-2023-34283", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic...", "detail_json": "/data/advisories/ZDI-23-837/advisory.json", "detail_path": "advisories/ZDI-23-837", "id": "ZDI-23-837", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-837/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19498", "zdi_id": "ZDI-23-837" }, { "cve": "CVE-2023-34145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-836/advisory.json", "detail_path": "advisories/ZDI-23-836", "id": "ZDI-23-836", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-836/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19681", "zdi_id": "ZDI-23-836" }, { "cve": "CVE-2023-34144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-835/advisory.json", "detail_path": "advisories/ZDI-23-835", "id": "ZDI-23-835", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-835/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19680", "zdi_id": "ZDI-23-835" }, { "cve": "CVE-2023-34148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-834/advisory.json", "detail_path": "advisories/ZDI-23-834", "id": "ZDI-23-834", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-834/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19192", "zdi_id": "ZDI-23-834" }, { "cve": "CVE-2023-34147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-833/advisory.json", "detail_path": "advisories/ZDI-23-833", "id": "ZDI-23-833", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-833/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19191", "zdi_id": "ZDI-23-833" }, { "cve": "CVE-2023-34146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-832/advisory.json", "detail_path": "advisories/ZDI-23-832", "id": "ZDI-23-832", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-832/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19188", "zdi_id": "ZDI-23-832" }, { "cve": "CVE-2023-34293", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-831/advisory.json", "detail_path": "advisories/ZDI-23-831", "id": "ZDI-23-831", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-831/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18636", "zdi_id": "ZDI-23-831" }, { "cve": "CVE-2023-34292", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-830/advisory.json", "detail_path": "advisories/ZDI-23-830", "id": "ZDI-23-830", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-830/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18552", "zdi_id": "ZDI-23-830" }, { "cve": "CVE-2023-34291", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-829/advisory.json", "detail_path": "advisories/ZDI-23-829", "id": "ZDI-23-829", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-829/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18401", "zdi_id": "ZDI-23-829" }, { "cve": "CVE-2023-34290", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-828/advisory.json", "detail_path": "advisories/ZDI-23-828", "id": "ZDI-23-828", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-828/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-18007", "zdi_id": "ZDI-23-828" }, { "cve": "CVE-2023-34289", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-827/advisory.json", "detail_path": "advisories/ZDI-23-827", "id": "ZDI-23-827", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-827/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17985", "zdi_id": "ZDI-23-827" }, { "cve": "CVE-2023-34288", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-826/advisory.json", "detail_path": "advisories/ZDI-23-826", "id": "ZDI-23-826", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-826/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17966", "zdi_id": "ZDI-23-826" }, { "cve": "CVE-2023-34287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-825/advisory.json", "detail_path": "advisories/ZDI-23-825", "id": "ZDI-23-825", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-825/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17892", "zdi_id": "ZDI-23-825" }, { "cve": "CVE-2023-34286", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-824/advisory.json", "detail_path": "advisories/ZDI-23-824", "id": "ZDI-23-824", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-824/", "vendor": "Ashlar-Vellum", "vendor_url": null, "zdi_can": "ZDI-CAN-17891", "zdi_id": "ZDI-23-824" }, { "cve": "CVE-2022-3087", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-823/advisory.json", "detail_path": "advisories/ZDI-23-823", "id": "ZDI-23-823", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-823/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-16781", "zdi_id": "ZDI-23-823" }, { "cve": "CVE-2022-3087", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-822/advisory.json", "detail_path": "advisories/ZDI-23-822", "id": "ZDI-23-822", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-822/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-16779", "zdi_id": "ZDI-23-822" }, { "cve": "CVE-2022-3085", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-821/advisory.json", "detail_path": "advisories/ZDI-23-821", "id": "ZDI-23-821", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-821/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-16717", "zdi_id": "ZDI-23-821" }, { "cve": "CVE-2022-3087", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-820/advisory.json", "detail_path": "advisories/ZDI-23-820", "id": "ZDI-23-820", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-820/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-16602", "zdi_id": "ZDI-23-820" }, { "cve": "CVE-2022-3087", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-819/advisory.json", "detail_path": "advisories/ZDI-23-819", "id": "ZDI-23-819", "kind": "published", "published_date": "2023-06-08", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-819/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-16600", "zdi_id": "ZDI-23-819" }, { "cve": "CVE-2023-25649", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provi...", "detail_json": "/data/advisories/ZDI-23-818/advisory.json", "detail_path": "advisories/ZDI-23-818", "id": "ZDI-23-818", "kind": "published", "published_date": "2023-06-07", "status": "published", "title": "(0Day) ZTE MF286R goahead Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-818/", "vendor": "ZTE", "vendor_url": null, "zdi_can": "ZDI-CAN-19059", "zdi_id": "ZDI-23-818" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-817/advisory.json", "detail_path": "advisories/ZDI-23-817", "id": "ZDI-23-817", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-817/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19374", "zdi_id": "ZDI-23-817" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-816/advisory.json", "detail_path": "advisories/ZDI-23-816", "id": "ZDI-23-816", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-816/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19373", "zdi_id": "ZDI-23-816" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-815/advisory.json", "detail_path": "advisories/ZDI-23-815", "id": "ZDI-23-815", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-815/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19372", "zdi_id": "ZDI-23-815" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-814/advisory.json", "detail_path": "advisories/ZDI-23-814", "id": "ZDI-23-814", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-814/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19371", "zdi_id": "ZDI-23-814" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-813/advisory.json", "detail_path": "advisories/ZDI-23-813", "id": "ZDI-23-813", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-813/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19370", "zdi_id": "ZDI-23-813" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-812/advisory.json", "detail_path": "advisories/ZDI-23-812", "id": "ZDI-23-812", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-812/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19346", "zdi_id": "ZDI-23-812" }, { "cve": "CVE-2023-24014", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-811/advisory.json", "detail_path": "advisories/ZDI-23-811", "id": "ZDI-23-811", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-811/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19345", "zdi_id": "ZDI-23-811" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-810/advisory.json", "detail_path": "advisories/ZDI-23-810", "id": "ZDI-23-810", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-810/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19344", "zdi_id": "ZDI-23-810" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-809/advisory.json", "detail_path": "advisories/ZDI-23-809", "id": "ZDI-23-809", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-809/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19343", "zdi_id": "ZDI-23-809" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-808/advisory.json", "detail_path": "advisories/ZDI-23-808", "id": "ZDI-23-808", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-808/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19342", "zdi_id": "ZDI-23-808" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-807/advisory.json", "detail_path": "advisories/ZDI-23-807", "id": "ZDI-23-807", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-807/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19341", "zdi_id": "ZDI-23-807" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-806/advisory.json", "detail_path": "advisories/ZDI-23-806", "id": "ZDI-23-806", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-806/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19340", "zdi_id": "ZDI-23-806" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-805/advisory.json", "detail_path": "advisories/ZDI-23-805", "id": "ZDI-23-805", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-805/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19336", "zdi_id": "ZDI-23-805" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-804/advisory.json", "detail_path": "advisories/ZDI-23-804", "id": "ZDI-23-804", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-804/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19335", "zdi_id": "ZDI-23-804" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-803/advisory.json", "detail_path": "advisories/ZDI-23-803", "id": "ZDI-23-803", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-803/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19334", "zdi_id": "ZDI-23-803" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-802/advisory.json", "detail_path": "advisories/ZDI-23-802", "id": "ZDI-23-802", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-802/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19332", "zdi_id": "ZDI-23-802" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-801/advisory.json", "detail_path": "advisories/ZDI-23-801", "id": "ZDI-23-801", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-801/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19330", "zdi_id": "ZDI-23-801" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-800/advisory.json", "detail_path": "advisories/ZDI-23-800", "id": "ZDI-23-800", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-800/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19329", "zdi_id": "ZDI-23-800" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-799/advisory.json", "detail_path": "advisories/ZDI-23-799", "id": "ZDI-23-799", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-799/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19328", "zdi_id": "ZDI-23-799" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-798/advisory.json", "detail_path": "advisories/ZDI-23-798", "id": "ZDI-23-798", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-798/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19327", "zdi_id": "ZDI-23-798" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-797/advisory.json", "detail_path": "advisories/ZDI-23-797", "id": "ZDI-23-797", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-797/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19326", "zdi_id": "ZDI-23-797" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-796/advisory.json", "detail_path": "advisories/ZDI-23-796", "id": "ZDI-23-796", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-796/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19325", "zdi_id": "ZDI-23-796" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-795/advisory.json", "detail_path": "advisories/ZDI-23-795", "id": "ZDI-23-795", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-795/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19220", "zdi_id": "ZDI-23-795" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-794/advisory.json", "detail_path": "advisories/ZDI-23-794", "id": "ZDI-23-794", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-794/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19219", "zdi_id": "ZDI-23-794" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-793/advisory.json", "detail_path": "advisories/ZDI-23-793", "id": "ZDI-23-793", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-793/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19218", "zdi_id": "ZDI-23-793" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-792/advisory.json", "detail_path": "advisories/ZDI-23-792", "id": "ZDI-23-792", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-792/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19217", "zdi_id": "ZDI-23-792" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-791/advisory.json", "detail_path": "advisories/ZDI-23-791", "id": "ZDI-23-791", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-791/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19216", "zdi_id": "ZDI-23-791" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-790/advisory.json", "detail_path": "advisories/ZDI-23-790", "id": "ZDI-23-790", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-790/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19215", "zdi_id": "ZDI-23-790" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-789/advisory.json", "detail_path": "advisories/ZDI-23-789", "id": "ZDI-23-789", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-789/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19214", "zdi_id": "ZDI-23-789" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-788/advisory.json", "detail_path": "advisories/ZDI-23-788", "id": "ZDI-23-788", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-788/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19213", "zdi_id": "ZDI-23-788" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-787/advisory.json", "detail_path": "advisories/ZDI-23-787", "id": "ZDI-23-787", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-787/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19211", "zdi_id": "ZDI-23-787" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-786/advisory.json", "detail_path": "advisories/ZDI-23-786", "id": "ZDI-23-786", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-786/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19210", "zdi_id": "ZDI-23-786" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-785/advisory.json", "detail_path": "advisories/ZDI-23-785", "id": "ZDI-23-785", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-785/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19209", "zdi_id": "ZDI-23-785" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-784/advisory.json", "detail_path": "advisories/ZDI-23-784", "id": "ZDI-23-784", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-784/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19208", "zdi_id": "ZDI-23-784" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-783/advisory.json", "detail_path": "advisories/ZDI-23-783", "id": "ZDI-23-783", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-783/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19207", "zdi_id": "ZDI-23-783" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-782/advisory.json", "detail_path": "advisories/ZDI-23-782", "id": "ZDI-23-782", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-782/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19206", "zdi_id": "ZDI-23-782" }, { "cve": "CVE-2023-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-781/advisory.json", "detail_path": "advisories/ZDI-23-781", "id": "ZDI-23-781", "kind": "published", "published_date": "2023-06-01", "status": "published", "title": "Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-781/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19205", "zdi_id": "ZDI-23-781" }, { "cve": "CVE-2023-32174", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-23-780/advisory.json", "detail_path": "advisories/ZDI-23-780", "id": "ZDI-23-780", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-780/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20577", "zdi_id": "ZDI-23-780" }, { "cve": "CVE-2023-32173", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specif...", "detail_json": "/data/advisories/ZDI-23-779/advisory.json", "detail_path": "advisories/ZDI-23-779", "id": "ZDI-23-779", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-779/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20576", "zdi_id": "ZDI-23-779" }, { "cve": "CVE-2023-32787", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Open...", "detail_json": "/data/advisories/ZDI-23-778/advisory.json", "detail_path": "advisories/ZDI-23-778", "id": "ZDI-23-778", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Prosys OPC UA Simulation Server OpenSecureChannel Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-778/", "vendor": "Prosys OPC", "vendor_url": null, "zdi_can": "ZDI-CAN-20544", "zdi_id": "ZDI-23-778" }, { "cve": "CVE-2023-32172", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the I...", "detail_json": "/data/advisories/ZDI-23-777/advisory.json", "detail_path": "advisories/ZDI-23-777", "id": "ZDI-23-777", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-777/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20497", "zdi_id": "ZDI-23-777" }, { "cve": "CVE-2023-32171", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A cra...", "detail_json": "/data/advisories/ZDI-23-776/advisory.json", "detail_path": "advisories/ZDI-23-776", "id": "ZDI-23-776", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-776/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20495", "zdi_id": "ZDI-23-776" }, { "cve": "CVE-2023-32170", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certific...", "detail_json": "/data/advisories/ZDI-23-775/advisory.json", "detail_path": "advisories/ZDI-23-775", "id": "ZDI-23-775", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-775/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20494", "zdi_id": "ZDI-23-775" }, { "cve": "CVE-2023-21516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S22 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-774/advisory.json", "detail_path": "advisories/ZDI-23-774", "id": "ZDI-23-774", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-774/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-19768", "zdi_id": "ZDI-23-774" }, { "cve": "CVE-2023-21514", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S22 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-773/advisory.json", "detail_path": "advisories/ZDI-23-773", "id": "ZDI-23-773", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S22 InstantPlaysDeepLink Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-773/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-19751", "zdi_id": "ZDI-23-773" }, { "cve": "CVE-2023-21515", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S22 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-772/advisory.json", "detail_path": "advisories/ZDI-23-772", "id": "ZDI-23-772", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-772/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-19585", "zdi_id": "ZDI-23-772" }, { "cve": "CVE-2023-34273", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-771/advisory.json", "detail_path": "advisories/ZDI-23-771", "id": "ZDI-23-771", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18183", "zdi_id": "ZDI-23-771" }, { "cve": "CVE-2023-34272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-770/advisory.json", "detail_path": "advisories/ZDI-23-770", "id": "ZDI-23-770", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18182", "zdi_id": "ZDI-23-770" }, { "cve": "CVE-2023-34271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-769/advisory.json", "detail_path": "advisories/ZDI-23-769", "id": "ZDI-23-769", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18178", "zdi_id": "ZDI-23-769" }, { "cve": "CVE-2023-34270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-768/advisory.json", "detail_path": "advisories/ZDI-23-768", "id": "ZDI-23-768", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18176", "zdi_id": "ZDI-23-768" }, { "cve": "CVE-2023-34269", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-767/advisory.json", "detail_path": "advisories/ZDI-23-767", "id": "ZDI-23-767", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18173", "zdi_id": "ZDI-23-767" }, { "cve": "CVE-2023-34268", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-766/advisory.json", "detail_path": "advisories/ZDI-23-766", "id": "ZDI-23-766", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18172", "zdi_id": "ZDI-23-766" }, { "cve": "CVE-2023-34267", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-765/advisory.json", "detail_path": "advisories/ZDI-23-765", "id": "ZDI-23-765", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-765/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18170", "zdi_id": "ZDI-23-765" }, { "cve": "CVE-2023-34266", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-764/advisory.json", "detail_path": "advisories/ZDI-23-764", "id": "ZDI-23-764", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-764/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18168", "zdi_id": "ZDI-23-764" }, { "cve": "CVE-2023-34265", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-763/advisory.json", "detail_path": "advisories/ZDI-23-763", "id": "ZDI-23-763", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-763/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18166", "zdi_id": "ZDI-23-763" }, { "cve": "CVE-2023-34264", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-762/advisory.json", "detail_path": "advisories/ZDI-23-762", "id": "ZDI-23-762", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-762/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18164", "zdi_id": "ZDI-23-762" }, { "cve": "CVE-2023-34263", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-761/advisory.json", "detail_path": "advisories/ZDI-23-761", "id": "ZDI-23-761", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-761/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18162", "zdi_id": "ZDI-23-761" }, { "cve": "CVE-2023-34262", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-760/advisory.json", "detail_path": "advisories/ZDI-23-760", "id": "ZDI-23-760", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-760/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-18161", "zdi_id": "ZDI-23-760" }, { "cve": "CVE-2023-32179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-759/advisory.json", "detail_path": "advisories/ZDI-23-759", "id": "ZDI-23-759", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2023-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-759/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-19397", "zdi_id": "ZDI-23-759" }, { "cve": "CVE-2023-32178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-758/advisory.json", "detail_path": "advisories/ZDI-23-758", "id": "ZDI-23-758", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability", "updated_date": "2023-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-758/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-19396", "zdi_id": "ZDI-23-758" }, { "cve": "CVE-2023-32177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-757/advisory.json", "detail_path": "advisories/ZDI-23-757", "id": "ZDI-23-757", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2023-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-757/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-19395", "zdi_id": "ZDI-23-757" }, { "cve": "CVE-2023-32176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-756/advisory.json", "detail_path": "advisories/ZDI-23-756", "id": "ZDI-23-756", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": "2024-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-756/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-19394", "zdi_id": "ZDI-23-756" }, { "cve": "CVE-2023-32175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-755/advisory.json", "detail_path": "advisories/ZDI-23-755", "id": "ZDI-23-755", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability", "updated_date": "2023-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-755/", "vendor": "VIPRE", "vendor_url": null, "zdi_can": "ZDI-CAN-18899", "zdi_id": "ZDI-23-755" }, { "cve": "CVE-2023-27911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-754/advisory.json", "detail_path": "advisories/ZDI-23-754", "id": "ZDI-23-754", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Microsoft 3D Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-754/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18521", "zdi_id": "ZDI-23-754" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-753/advisory.json", "detail_path": "advisories/ZDI-23-753", "id": "ZDI-23-753", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(0Day) Microsoft 3D Viewer PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-753/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19052", "zdi_id": "ZDI-23-753" }, { "cve": "CVE-2022-41211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-752/advisory.json", "detail_path": "advisories/ZDI-23-752", "id": "ZDI-23-752", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-752/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18158", "zdi_id": "ZDI-23-752" }, { "cve": "CVE-2022-41211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-751/advisory.json", "detail_path": "advisories/ZDI-23-751", "id": "ZDI-23-751", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-751/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18157", "zdi_id": "ZDI-23-751" }, { "cve": "CVE-2022-41211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-750/advisory.json", "detail_path": "advisories/ZDI-23-750", "id": "ZDI-23-750", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Author DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-750/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18156", "zdi_id": "ZDI-23-750" }, { "cve": "CVE-2022-41211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-749/advisory.json", "detail_path": "advisories/ZDI-23-749", "id": "ZDI-23-749", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Author DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-749/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18155", "zdi_id": "ZDI-23-749" }, { "cve": "CVE-2022-41211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-748/advisory.json", "detail_path": "advisories/ZDI-23-748", "id": "ZDI-23-748", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Author DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-748/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18118", "zdi_id": "ZDI-23-748" }, { "cve": "CVE-2022-32240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-747/advisory.json", "detail_path": "advisories/ZDI-23-747", "id": "ZDI-23-747", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-747/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16667", "zdi_id": "ZDI-23-747" }, { "cve": "CVE-2022-26107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-746/advisory.json", "detail_path": "advisories/ZDI-23-746", "id": "ZDI-23-746", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-746/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16666", "zdi_id": "ZDI-23-746" }, { "cve": "CVE-2022-32235", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-745/advisory.json", "detail_path": "advisories/ZDI-23-745", "id": "ZDI-23-745", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-745/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16662", "zdi_id": "ZDI-23-745" }, { "cve": "CVE-2022-35299", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP SQL Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Database Server, which listens on TCP and UDP...", "detail_json": "/data/advisories/ZDI-23-744/advisory.json", "detail_path": "advisories/ZDI-23-744", "id": "ZDI-23-744", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "SAP SQL Anywhere Database Server Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-744/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17336", "zdi_id": "ZDI-23-744" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DemoDy...", "detail_json": "/data/advisories/ZDI-23-743/advisory.json", "detail_path": "advisories/ZDI-23-743", "id": "ZDI-23-743", "kind": "published", "published_date": "2023-05-31", "status": "published", "title": "(Pwn2Own) Unified Automation OPC UA C++ Demo Server DemoDynamicNodesDeleteDynamicNode Use-After Free Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-743/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17196", "zdi_id": "ZDI-23-743" }, { "cve": "CVE-2023-32163", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-742/advisory.json", "detail_path": "advisories/ZDI-23-742", "id": "ZDI-23-742", "kind": "published", "published_date": "2023-05-26", "status": "published", "title": "(0Day) Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-742/", "vendor": "Wacom", "vendor_url": null, "zdi_can": "ZDI-CAN-16857", "zdi_id": "ZDI-23-742" }, { "cve": "CVE-2023-32162", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-741/advisory.json", "detail_path": "advisories/ZDI-23-741", "id": "ZDI-23-741", "kind": "published", "published_date": "2023-05-26", "status": "published", "title": "(0Day) Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-741/", "vendor": "Wacom", "vendor_url": null, "zdi_can": "ZDI-CAN-16318", "zdi_id": "ZDI-23-741" }, { "cve": "CVE-2022-44515", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-740/advisory.json", "detail_path": "advisories/ZDI-23-740", "id": "ZDI-23-740", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-740/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17070", "zdi_id": "ZDI-23-740" }, { "cve": "CVE-2022-44514", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-739/advisory.json", "detail_path": "advisories/ZDI-23-739", "id": "ZDI-23-739", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-739/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17064", "zdi_id": "ZDI-23-739" }, { "cve": "CVE-2022-44513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-738/advisory.json", "detail_path": "advisories/ZDI-23-738", "id": "ZDI-23-738", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-738/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16957", "zdi_id": "ZDI-23-738" }, { "cve": "CVE-2022-44512", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-737/advisory.json", "detail_path": "advisories/ZDI-23-737", "id": "ZDI-23-737", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-737/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16951", "zdi_id": "ZDI-23-737" }, { "cve": "CVE-2022-44520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-736/advisory.json", "detail_path": "advisories/ZDI-23-736", "id": "ZDI-23-736", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Highlight Annotation noView Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-736/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16875", "zdi_id": "ZDI-23-736" }, { "cve": "CVE-2022-44519", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-735/advisory.json", "detail_path": "advisories/ZDI-23-735", "id": "ZDI-23-735", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Highlight popupOpen Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-735/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16874", "zdi_id": "ZDI-23-735" }, { "cve": "CVE-2022-44518", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-734/advisory.json", "detail_path": "advisories/ZDI-23-734", "id": "ZDI-23-734", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Highlight delay Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-734/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16873", "zdi_id": "ZDI-23-734" }, { "cve": "CVE-2022-44517", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-733/advisory.json", "detail_path": "advisories/ZDI-23-733", "id": "ZDI-23-733", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Annotation fillColor Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-733/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16872", "zdi_id": "ZDI-23-733" }, { "cve": "CVE-2022-44516", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-732/advisory.json", "detail_path": "advisories/ZDI-23-732", "id": "ZDI-23-732", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Acrobat Reader DC Annotation lineWidth Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-732/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16871", "zdi_id": "ZDI-23-732" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-731/advisory.json", "detail_path": "advisories/ZDI-23-731", "id": "ZDI-23-731", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-731/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19606", "zdi_id": "ZDI-23-731" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-730/advisory.json", "detail_path": "advisories/ZDI-23-730", "id": "ZDI-23-730", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-730/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19617", "zdi_id": "ZDI-23-730" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-729/advisory.json", "detail_path": "advisories/ZDI-23-729", "id": "ZDI-23-729", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-729/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19620", "zdi_id": "ZDI-23-729" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-728/advisory.json", "detail_path": "advisories/ZDI-23-728", "id": "ZDI-23-728", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-728/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19621", "zdi_id": "ZDI-23-728" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-727/advisory.json", "detail_path": "advisories/ZDI-23-727", "id": "ZDI-23-727", "kind": "published", "published_date": "2023-05-25", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-727/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19605", "zdi_id": "ZDI-23-727" }, { "cve": "CVE-2023-32533", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-726/advisory.json", "detail_path": "advisories/ZDI-23-726", "id": "ZDI-23-726", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-726/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18876", "zdi_id": "ZDI-23-726" }, { "cve": "CVE-2023-32534", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-725/advisory.json", "detail_path": "advisories/ZDI-23-725", "id": "ZDI-23-725", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-725/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18874", "zdi_id": "ZDI-23-725" }, { "cve": "CVE-2023-32531", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-724/advisory.json", "detail_path": "advisories/ZDI-23-724", "id": "ZDI-23-724", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-724/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18872", "zdi_id": "ZDI-23-724" }, { "cve": "CVE-2023-32532", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-723/advisory.json", "detail_path": "advisories/ZDI-23-723", "id": "ZDI-23-723", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-723/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18871", "zdi_id": "ZDI-23-723" }, { "cve": "CVE-2022-34691", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the iss...", "detail_json": "/data/advisories/ZDI-23-722/advisory.json", "detail_path": "advisories/ZDI-23-722", "id": "ZDI-23-722", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-722/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16184", "zdi_id": "ZDI-23-722" }, { "cve": "CVE-2023-33235", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MXsecurity Series appliances. Authentication is required to exploit this vulnerability. The specific flaw exists within the SSH CLI program. The issue resul...", "detail_json": "/data/advisories/ZDI-23-721/advisory.json", "detail_path": "advisories/ZDI-23-721", "id": "ZDI-23-721", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Moxa MXsecurity Series Restricted Shell Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-721/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-19895", "zdi_id": "ZDI-23-721" }, { "cve": "CVE-2023-33236", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the web-base...", "detail_json": "/data/advisories/ZDI-23-720/advisory.json", "detail_path": "advisories/ZDI-23-720", "id": "ZDI-23-720", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-720/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-19896", "zdi_id": "ZDI-23-720" }, { "cve": "CVE-2023-32168", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUser method. The issue results from the lack of pro...", "detail_json": "/data/advisories/ZDI-23-719/advisory.json", "detail_path": "advisories/ZDI-23-719", "id": "ZDI-23-719", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-719/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19534", "zdi_id": "ZDI-23-719" }, { "cve": "CVE-2023-32167", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results fro...", "detail_json": "/data/advisories/ZDI-23-718/advisory.json", "detail_path": "advisories/ZDI-23-718", "id": "ZDI-23-718", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-718/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19529", "zdi_id": "ZDI-23-718" }, { "cve": "CVE-2023-32166", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadFile function. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-23-717/advisory.json", "detail_path": "advisories/ZDI-23-717", "id": "ZDI-23-717", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-717/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19527", "zdi_id": "ZDI-23-717" }, { "cve": "CVE-2023-32165", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue results...", "detail_json": "/data/advisories/ZDI-23-716/advisory.json", "detail_path": "advisories/ZDI-23-716", "id": "ZDI-23-716", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-716/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19497", "zdi_id": "ZDI-23-716" }, { "cve": "CVE-2023-32164", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpSendFileThread class. The issue resu...", "detail_json": "/data/advisories/ZDI-23-715/advisory.json", "detail_path": "advisories/ZDI-23-715", "id": "ZDI-23-715", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-715/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19496", "zdi_id": "ZDI-23-715" }, { "cve": "CVE-2023-32169", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-c...", "detail_json": "/data/advisories/ZDI-23-714/advisory.json", "detail_path": "advisories/ZDI-23-714", "id": "ZDI-23-714", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-714/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19659", "zdi_id": "ZDI-23-714" }, { "cve": "CVE-2022-32742", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samba. Authentication is required to exploit this vulnerability, and SMB1 must be enabled on the target. The specific flaw exists within the Samba servic...", "detail_json": "/data/advisories/ZDI-23-713/advisory.json", "detail_path": "advisories/ZDI-23-713", "id": "ZDI-23-713", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-713/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-17388", "zdi_id": "ZDI-23-713" }, { "cve": "CVE-2023-27908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-712/advisory.json", "detail_path": "advisories/ZDI-23-712", "id": "ZDI-23-712", "kind": "published", "published_date": "2023-05-24", "status": "published", "title": "Autodesk On-Demand Install Services Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-712/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19227", "zdi_id": "ZDI-23-712" }, { "cve": "CVE-2023-0852", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Authorization hea...", "detail_json": "/data/advisories/ZDI-23-711/advisory.json", "detail_path": "advisories/ZDI-23-711", "id": "ZDI-23-711", "kind": "published", "published_date": "2023-05-19", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-711/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19760", "zdi_id": "ZDI-23-711" }, { "cve": "CVE-2023-32154", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The i...", "detail_json": "/data/advisories/ZDI-23-710/advisory.json", "detail_path": "advisories/ZDI-23-710", "id": "ZDI-23-710", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(0Day) (Pwn2Own) Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/", "vendor": "Mikrotik", "vendor_url": null, "zdi_can": "ZDI-CAN-19797", "zdi_id": "ZDI-23-710" }, { "cve": "CVE-2023-32787", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of mess...", "detail_json": "/data/advisories/ZDI-23-709/advisory.json", "detail_path": "advisories/ZDI-23-709", "id": "ZDI-23-709", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Prosys OPC UA Simulation Server Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": "2023-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-709/", "vendor": "Prosys OPC", "vendor_url": null, "zdi_can": "ZDI-CAN-20503", "zdi_id": "ZDI-23-709" }, { "cve": "CVE-2023-33952", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-23-708/advisory.json", "detail_path": "advisories/ZDI-23-708", "id": "ZDI-23-708", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel vmwgfx Driver Double Free Local Privilege Escalation Vulnerability", "updated_date": "2023-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-708/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20292", "zdi_id": "ZDI-23-708" }, { "cve": "CVE-2023-33951", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-707/advisory.json", "detail_path": "advisories/ZDI-23-707", "id": "ZDI-23-707", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel vmwgfx Driver Race Condition Information Disclosure Vulnerability", "updated_date": "2023-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-707/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20110", "zdi_id": "ZDI-23-707" }, { "cve": "CVE-2023-32258", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-23-706/advisory.json", "detail_path": "advisories/ZDI-23-706", "id": "ZDI-23-706", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-706/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20796", "zdi_id": "ZDI-23-706" }, { "cve": "CVE-2023-32257", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-23-705/advisory.json", "detail_path": "advisories/ZDI-23-705", "id": "ZDI-23-705", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-705/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20596", "zdi_id": "ZDI-23-705" }, { "cve": "CVE-2023-32256", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-23-704/advisory.json", "detail_path": "advisories/ZDI-23-704", "id": "ZDI-23-704", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session User Object Race Condition Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-704/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20595", "zdi_id": "ZDI-23-704" }, { "cve": "CVE-2023-32255", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-703/advisory.json", "detail_path": "advisories/ZDI-23-703", "id": "ZDI-23-703", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Setup Memory Leak Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-703/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20593", "zdi_id": "ZDI-23-703" }, { "cve": "CVE-2023-32254", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-23-702/advisory.json", "detail_path": "advisories/ZDI-23-702", "id": "ZDI-23-702", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Tree Connection Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20592", "zdi_id": "ZDI-23-702" }, { "cve": "CVE-2023-32253", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-701/advisory.json", "detail_path": "advisories/ZDI-23-701", "id": "ZDI-23-701", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Deadlock Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-701/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20591", "zdi_id": "ZDI-23-701" }, { "cve": "CVE-2023-32252", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-700/advisory.json", "detail_path": "advisories/ZDI-23-700", "id": "ZDI-23-700", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-700/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20590", "zdi_id": "ZDI-23-700" }, { "cve": "CVE-2023-32251", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a brute force condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-23-699/advisory.json", "detail_path": "advisories/ZDI-23-699", "id": "ZDI-23-699", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Improper Restriction of Excessive Authentication Attempts Protection Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-699/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20482", "zdi_id": "ZDI-23-699" }, { "cve": "CVE-2023-32250", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-23-698/advisory.json", "detail_path": "advisories/ZDI-23-698", "id": "ZDI-23-698", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-698/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20481", "zdi_id": "ZDI-23-698" }, { "cve": "CVE-2023-32249", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to hijack a session on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-23-697/advisory.json", "detail_path": "advisories/ZDI-23-697", "id": "ZDI-23-697", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Multichannel Improper Authentication Session Hijack Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-697/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20480", "zdi_id": "ZDI-23-697" }, { "cve": "CVE-2023-32248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-696/advisory.json", "detail_path": "advisories/ZDI-23-696", "id": "ZDI-23-696", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Tree Connection NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-696/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20479", "zdi_id": "ZDI-23-696" }, { "cve": "CVE-2023-32247", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-695/advisory.json", "detail_path": "advisories/ZDI-23-695", "id": "ZDI-23-695", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Session Setup Memory Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-695/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20478", "zdi_id": "ZDI-23-695" }, { "cve": "CVE-2023-32246", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-694/advisory.json", "detail_path": "advisories/ZDI-23-694", "id": "ZDI-23-694", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd RCU Callback Race Condition Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-694/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-20477", "zdi_id": "ZDI-23-694" }, { "cve": "CVE-2023-2593", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of new TCP connections...", "detail_json": "/data/advisories/ZDI-23-693/advisory.json", "detail_path": "advisories/ZDI-23-693", "id": "ZDI-23-693", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-693/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18259", "zdi_id": "ZDI-23-693" }, { "cve": "CVE-2023-2860", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-692/advisory.json", "detail_path": "advisories/ZDI-23-692", "id": "ZDI-23-692", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Linux Kernel IPv6 Segment Routing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-692/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18511", "zdi_id": "ZDI-23-692" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SRVSVC_O...", "detail_json": "/data/advisories/ZDI-23-691/advisory.json", "detail_path": "advisories/ZDI-23-691", "id": "ZDI-23-691", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Canonical ksmbd-tools SRVSVC Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-691/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-17823", "zdi_id": "ZDI-23-691" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WKSSVC service. The issue results from t...", "detail_json": "/data/advisories/ZDI-23-690/advisory.json", "detail_path": "advisories/ZDI-23-690", "id": "ZDI-23-690", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Canonical ksmbd-tools WKSSVC Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-690/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-17822", "zdi_id": "ZDI-23-690" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SAMR_OPN...", "detail_json": "/data/advisories/ZDI-23-689/advisory.json", "detail_path": "advisories/ZDI-23-689", "id": "ZDI-23-689", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Canonical ksmbd-tools SAMR Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-689/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-17821", "zdi_id": "ZDI-23-689" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SAMR_OPNUM_QUERY_USER_...", "detail_json": "/data/advisories/ZDI-23-688/advisory.json", "detail_path": "advisories/ZDI-23-688", "id": "ZDI-23-688", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Canonical ksmbd-tools SAMR Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-688/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-17820", "zdi_id": "ZDI-23-688" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the LSARPC_OPNUM_LOOKUP_SI...", "detail_json": "/data/advisories/ZDI-23-687/advisory.json", "detail_path": "advisories/ZDI-23-687", "id": "ZDI-23-687", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Canonical ksmbd-tools LSARPC Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-687/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-17770", "zdi_id": "ZDI-23-687" }, { "cve": "CVE-2023-1135", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu...", "detail_json": "/data/advisories/ZDI-23-686/advisory.json", "detail_path": "advisories/ZDI-23-686", "id": "ZDI-23-686", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-686/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19590", "zdi_id": "ZDI-23-686" }, { "cve": "CVE-2023-1137", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the gateway endpoin...", "detail_json": "/data/advisories/ZDI-23-685/advisory.json", "detail_path": "advisories/ZDI-23-685", "id": "ZDI-23-685", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master APRunning Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-685/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19574", "zdi_id": "ZDI-23-685" }, { "cve": "CVE-2023-1141", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-684/advisory.json", "detail_path": "advisories/ZDI-23-684", "id": "ZDI-23-684", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-684/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19446", "zdi_id": "ZDI-23-684" }, { "cve": "CVE-2023-1133", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installed instance...", "detail_json": "/data/advisories/ZDI-23-683/advisory.json", "detail_path": "advisories/ZDI-23-683", "id": "ZDI-23-683", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-683/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19407", "zdi_id": "ZDI-23-683" }, { "cve": "CVE-2023-1142", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebServerCa...", "detail_json": "/data/advisories/ZDI-23-682/advisory.json", "detail_path": "advisories/ZDI-23-682", "id": "ZDI-23-682", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-682/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19406", "zdi_id": "ZDI-23-682" }, { "cve": "CVE-2023-1145", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect...", "detail_json": "/data/advisories/ZDI-23-681/advisory.json", "detail_path": "advisories/ZDI-23-681", "id": "ZDI-23-681", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-681/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19365", "zdi_id": "ZDI-23-681" }, { "cve": "CVE-2023-1139", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gateway serv...", "detail_json": "/data/advisories/ZDI-23-680/advisory.json", "detail_path": "advisories/ZDI-23-680", "id": "ZDI-23-680", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-680/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19308", "zdi_id": "ZDI-23-680" }, { "cve": "CVE-2023-1136", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CheckgRPCAuthenticat...", "detail_json": "/data/advisories/ZDI-23-679/advisory.json", "detail_path": "advisories/ZDI-23-679", "id": "ZDI-23-679", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master CheckgRPCAuthentication Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-679/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19281", "zdi_id": "ZDI-23-679" }, { "cve": "CVE-2023-1134", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-678/advisory.json", "detail_path": "advisories/ZDI-23-678", "id": "ZDI-23-678", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_ReportFileOperation Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-678/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19280", "zdi_id": "ZDI-23-678" }, { "cve": "CVE-2023-1134", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-23-677/advisory.json", "detail_path": "advisories/ZDI-23-677", "id": "ZDI-23-677", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_ReportFileOperation Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-677/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19279", "zdi_id": "ZDI-23-677" }, { "cve": "CVE-2023-1143", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-676/advisory.json", "detail_path": "advisories/ZDI-23-676", "id": "ZDI-23-676", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master ActionExeScriptString Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-676/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19277", "zdi_id": "ZDI-23-676" }, { "cve": "CVE-2023-1144", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-23-675/advisory.json", "detail_path": "advisories/ZDI-23-675", "id": "ZDI-23-675", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-675/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19276", "zdi_id": "ZDI-23-675" }, { "cve": "CVE-2023-1140", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Ap...", "detail_json": "/data/advisories/ZDI-23-674/advisory.json", "detail_path": "advisories/ZDI-23-674", "id": "ZDI-23-674", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-674/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19223", "zdi_id": "ZDI-23-674" }, { "cve": "CVE-2023-1138", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gate...", "detail_json": "/data/advisories/ZDI-23-673/advisory.json", "detail_path": "advisories/ZDI-23-673", "id": "ZDI-23-673", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-673/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19054", "zdi_id": "ZDI-23-673" }, { "cve": "CVE-2023-1133", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ParseUDPPacket func...", "detail_json": "/data/advisories/ZDI-23-672/advisory.json", "detail_path": "advisories/ZDI-23-672", "id": "ZDI-23-672", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Electronics InfraSuite Device Master ParseUDPPacket Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-672/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19053", "zdi_id": "ZDI-23-672" }, { "cve": "CVE-2022-2969", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Delta Industrial Automation DIALink. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...", "detail_json": "/data/advisories/ZDI-23-671/advisory.json", "detail_path": "advisories/ZDI-23-671", "id": "ZDI-23-671", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Delta Industrial Automation DIALink Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-671/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-16888", "zdi_id": "ZDI-23-671" }, { "cve": "CVE-2023-26067", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-670/advisory.json", "detail_path": "advisories/ZDI-23-670", "id": "ZDI-23-670", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i lbtraceapp Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-670/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19858", "zdi_id": "ZDI-23-670" }, { "cve": "CVE-2023-26069", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpUTIL binary. The issue...", "detail_json": "/data/advisories/ZDI-23-669/advisory.json", "detail_path": "advisories/ZDI-23-669", "id": "ZDI-23-669", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i snmpUTIL Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-669/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19731", "zdi_id": "ZDI-23-669" }, { "cve": "CVE-2023-26067", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fax_change_faxtrace_setting...", "detail_json": "/data/advisories/ZDI-23-668/advisory.json", "detail_path": "advisories/ZDI-23-668", "id": "ZDI-23-668", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-668/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19470", "zdi_id": "ZDI-23-668" }, { "cve": "CVE-2023-26067", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-667/advisory.json", "detail_path": "advisories/ZDI-23-667", "id": "ZDI-23-667", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i lbtraceapp _WriteTarFile Command Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-667/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19766", "zdi_id": "ZDI-23-667" }, { "cve": "CVE-2023-26066", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemark service. The issue...", "detail_json": "/data/advisories/ZDI-23-666/advisory.json", "detail_path": "advisories/ZDI-23-666", "id": "ZDI-23-666", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i pagemark Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-666/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19685", "zdi_id": "ZDI-23-666" }, { "cve": "CVE-2023-26065", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the PostS...", "detail_json": "/data/advisories/ZDI-23-665/advisory.json", "detail_path": "advisories/ZDI-23-665", "id": "ZDI-23-665", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i putinterval Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-665/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19822", "zdi_id": "ZDI-23-665" }, { "cve": "CVE-2023-26064", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putinterval method. The iss...", "detail_json": "/data/advisories/ZDI-23-664/advisory.json", "detail_path": "advisories/ZDI-23-664", "id": "ZDI-23-664", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i putinterval Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-664/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19755", "zdi_id": "ZDI-23-664" }, { "cve": "CVE-2023-26063", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemaker service. When par...", "detail_json": "/data/advisories/ZDI-23-663/advisory.json", "detail_path": "advisories/ZDI-23-663", "id": "ZDI-23-663", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i pagemaker NAME Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-663/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-19859", "zdi_id": "ZDI-23-663" }, { "cve": "CVE-2023-32955", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhcpd binary. The issue re...", "detail_json": "/data/advisories/ZDI-23-662/advisory.json", "detail_path": "advisories/ZDI-23-662", "id": "ZDI-23-662", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Synology RT6600ax dhcpd Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-662/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19753", "zdi_id": "ZDI-23-662" }, { "cve": "CVE-2022-43932", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libsynoskd library. The is...", "detail_json": "/data/advisories/ZDI-23-661/advisory.json", "detail_path": "advisories/ZDI-23-661", "id": "ZDI-23-661", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Synology RT6600ax Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-661/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19752", "zdi_id": "ZDI-23-661" }, { "cve": "CVE-2022-45188", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction. The specific flaw exists within the Serv...", "detail_json": "/data/advisories/ZDI-23-660/advisory.json", "detail_path": "advisories/ZDI-23-660", "id": "ZDI-23-660", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability", "updated_date": "2023-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-660/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19829", "zdi_id": "ZDI-23-660" }, { "cve": "CVE-2022-45188", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-23-659/advisory.json", "detail_path": "advisories/ZDI-23-659", "id": "ZDI-23-659", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager dnsauth.php Missing Authentication Information Disclosure Vulnerability", "updated_date": "2023-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-659/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19828", "zdi_id": "ZDI-23-659" }, { "cve": "CVE-2022-45188", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the api.php endpoint. The issue result...", "detail_json": "/data/advisories/ZDI-23-658/advisory.json", "detail_path": "advisories/ZDI-23-658", "id": "ZDI-23-658", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager api.php Authentication Bypass Vulnerability", "updated_date": "2023-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-658/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-19609", "zdi_id": "ZDI-23-658" }, { "cve": "CVE-2023-32554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-657/advisory.json", "detail_path": "advisories/ZDI-23-657", "id": "ZDI-23-657", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-657/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19831", "zdi_id": "ZDI-23-657" }, { "cve": "CVE-2023-32555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-656/advisory.json", "detail_path": "advisories/ZDI-23-656", "id": "ZDI-23-656", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-656/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19102", "zdi_id": "ZDI-23-656" }, { "cve": "CVE-2023-32552", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-23-655/advisory.json", "detail_path": "advisories/ZDI-23-655", "id": "ZDI-23-655", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-655/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18290", "zdi_id": "ZDI-23-655" }, { "cve": "CVE-2023-32530", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of set_certificates_config req...", "detail_json": "/data/advisories/ZDI-23-654/advisory.json", "detail_path": "advisories/ZDI-23-654", "id": "ZDI-23-654", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-654/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17690", "zdi_id": "ZDI-23-654" }, { "cve": "CVE-2023-32553", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue results fr...", "detail_json": "/data/advisories/ZDI-23-653/advisory.json", "detail_path": "advisories/ZDI-23-653", "id": "ZDI-23-653", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-653/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17965", "zdi_id": "ZDI-23-653" }, { "cve": "CVE-2023-32529", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of delete_cert_vec requests to...", "detail_json": "/data/advisories/ZDI-23-652/advisory.json", "detail_path": "advisories/ZDI-23-652", "id": "ZDI-23-652", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-652/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17688", "zdi_id": "ZDI-23-652" }, { "cve": "CVE-2023-32556", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-23-651/advisory.json", "detail_path": "advisories/ZDI-23-651", "id": "ZDI-23-651", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-651/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16525", "zdi_id": "ZDI-23-651" }, { "cve": "CVE-2023-23519", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-23-650/advisory.json", "detail_path": "advisories/ZDI-23-650", "id": "ZDI-23-650", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-650/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-19349", "zdi_id": "ZDI-23-650" }, { "cve": "CVE-2023-27929", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation...", "detail_json": "/data/advisories/ZDI-23-649/advisory.json", "detail_path": "advisories/ZDI-23-649", "id": "ZDI-23-649", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-649/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-19348", "zdi_id": "ZDI-23-649" }, { "cve": "CVE-2022-42798", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-648/advisory.json", "detail_path": "advisories/ZDI-23-648", "id": "ZDI-23-648", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple macOS AudioToolbox CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-648/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17662", "zdi_id": "ZDI-23-648" }, { "cve": "CVE-2022-32922", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-647/advisory.json", "detail_path": "advisories/ZDI-23-647", "id": "ZDI-23-647", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple Safari PDFPluginAnnotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-647/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17338", "zdi_id": "ZDI-23-647" }, { "cve": "CVE-2022-32912", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-646/advisory.json", "detail_path": "advisories/ZDI-23-646", "id": "ZDI-23-646", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple WebKit WebGL2 drawRangeElements Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-646/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17329", "zdi_id": "ZDI-23-646" }, { "cve": "CVE-2022-32797", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AppleScript library is required to exploit this vulnerability but attack vectors may vary depending on the implementati...", "detail_json": "/data/advisories/ZDI-23-645/advisory.json", "detail_path": "advisories/ZDI-23-645", "id": "ZDI-23-645", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple macOS AppleScript UASIsConstant SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-645/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17359", "zdi_id": "ZDI-23-645" }, { "cve": "CVE-2023-27938", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple GarageBand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-644/advisory.json", "detail_path": "advisories/ZDI-23-644", "id": "ZDI-23-644", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Apple GarageBand MIDI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-644/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17199", "zdi_id": "ZDI-23-644" }, { "cve": "CVE-2023-32161", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-643/advisory.json", "detail_path": "advisories/ZDI-23-643", "id": "ZDI-23-643", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-643/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17778", "zdi_id": "ZDI-23-643" }, { "cve": "CVE-2023-32160", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-642/advisory.json", "detail_path": "advisories/ZDI-23-642", "id": "ZDI-23-642", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-642/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17767", "zdi_id": "ZDI-23-642" }, { "cve": "CVE-2023-32159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-641/advisory.json", "detail_path": "advisories/ZDI-23-641", "id": "ZDI-23-641", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-641/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17765", "zdi_id": "ZDI-23-641" }, { "cve": "CVE-2023-32158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-640/advisory.json", "detail_path": "advisories/ZDI-23-640", "id": "ZDI-23-640", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-640/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17764", "zdi_id": "ZDI-23-640" }, { "cve": "CVE-2022-42972", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-23-639/advisory.json", "detail_path": "advisories/ZDI-23-639", "id": "ZDI-23-639", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-639/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-17649", "zdi_id": "ZDI-23-639" }, { "cve": "CVE-2022-42973", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-23-638/advisory.json", "detail_path": "advisories/ZDI-23-638", "id": "ZDI-23-638", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-638/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-17585", "zdi_id": "ZDI-23-638" }, { "cve": "CVE-2022-42971", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. Whe...", "detail_json": "/data/advisories/ZDI-23-637/advisory.json", "detail_path": "advisories/ZDI-23-637", "id": "ZDI-23-637", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-637/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-17584", "zdi_id": "ZDI-23-637" }, { "cve": "CVE-2022-42970", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatePassword function....", "detail_json": "/data/advisories/ZDI-23-636/advisory.json", "detail_path": "advisories/ZDI-23-636", "id": "ZDI-23-636", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online updatePassword Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-636/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-17583", "zdi_id": "ZDI-23-636" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-635/advisory.json", "detail_path": "advisories/ZDI-23-635", "id": "ZDI-23-635", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-635/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17949", "zdi_id": "ZDI-23-635" }, { "cve": "CVE-2022-43509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-634/advisory.json", "detail_path": "advisories/ZDI-23-634", "id": "ZDI-23-634", "kind": "published", "published_date": "2023-05-17", "status": "published", "title": "Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-634/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-15484", "zdi_id": "ZDI-23-634" }, { "cve": "CVE-2023-34281", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-633/advisory.json", "detail_path": "advisories/ZDI-23-633", "id": "ZDI-23-633", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-633/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20561", "zdi_id": "ZDI-23-633" }, { "cve": "CVE-2023-34276", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-632/advisory.json", "detail_path": "advisories/ZDI-23-632", "id": "ZDI-23-632", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-632/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20554", "zdi_id": "ZDI-23-632" }, { "cve": "CVE-2023-34275", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-631/advisory.json", "detail_path": "advisories/ZDI-23-631", "id": "ZDI-23-631", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-631/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20553", "zdi_id": "ZDI-23-631" }, { "cve": "CVE-2023-34279", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which li...", "detail_json": "/data/advisories/ZDI-23-630/advisory.json", "detail_path": "advisories/ZDI-23-630", "id": "ZDI-23-630", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-630/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20558", "zdi_id": "ZDI-23-630" }, { "cve": "CVE-2023-34280", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-629/advisory.json", "detail_path": "advisories/ZDI-23-629", "id": "ZDI-23-629", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-629/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20559", "zdi_id": "ZDI-23-629" }, { "cve": "CVE-2023-34282", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which lis...", "detail_json": "/data/advisories/ZDI-23-628/advisory.json", "detail_path": "advisories/ZDI-23-628", "id": "ZDI-23-628", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-628/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20910", "zdi_id": "ZDI-23-628" }, { "cve": "CVE-2023-34274", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which lis...", "detail_json": "/data/advisories/ZDI-23-627/advisory.json", "detail_path": "advisories/ZDI-23-627", "id": "ZDI-23-627", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-627/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20552", "zdi_id": "ZDI-23-627" }, { "cve": "CVE-2023-34278", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-626/advisory.json", "detail_path": "advisories/ZDI-23-626", "id": "ZDI-23-626", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-626/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20556", "zdi_id": "ZDI-23-626" }, { "cve": "CVE-2023-34277", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-625/advisory.json", "detail_path": "advisories/ZDI-23-625", "id": "ZDI-23-625", "kind": "published", "published_date": "2023-05-15", "status": "published", "title": "D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-625/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-20555", "zdi_id": "ZDI-23-625" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-624/advisory.json", "detail_path": "advisories/ZDI-23-624", "id": "ZDI-23-624", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-624/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20261", "zdi_id": "ZDI-23-624" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-623/advisory.json", "detail_path": "advisories/ZDI-23-623", "id": "ZDI-23-623", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-623/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20260", "zdi_id": "ZDI-23-623" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-622/advisory.json", "detail_path": "advisories/ZDI-23-622", "id": "ZDI-23-622", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-622/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20251", "zdi_id": "ZDI-23-622" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-621/advisory.json", "detail_path": "advisories/ZDI-23-621", "id": "ZDI-23-621", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-621/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20250", "zdi_id": "ZDI-23-621" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-620/advisory.json", "detail_path": "advisories/ZDI-23-620", "id": "ZDI-23-620", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-620/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20249", "zdi_id": "ZDI-23-620" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-619/advisory.json", "detail_path": "advisories/ZDI-23-619", "id": "ZDI-23-619", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-619/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20248", "zdi_id": "ZDI-23-619" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-618/advisory.json", "detail_path": "advisories/ZDI-23-618", "id": "ZDI-23-618", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-618/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20246", "zdi_id": "ZDI-23-618" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-617/advisory.json", "detail_path": "advisories/ZDI-23-617", "id": "ZDI-23-617", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-617/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20245", "zdi_id": "ZDI-23-617" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-616/advisory.json", "detail_path": "advisories/ZDI-23-616", "id": "ZDI-23-616", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-616/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20243", "zdi_id": "ZDI-23-616" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-615/advisory.json", "detail_path": "advisories/ZDI-23-615", "id": "ZDI-23-615", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-615/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20242", "zdi_id": "ZDI-23-615" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-614/advisory.json", "detail_path": "advisories/ZDI-23-614", "id": "ZDI-23-614", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-614/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20241", "zdi_id": "ZDI-23-614" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-613/advisory.json", "detail_path": "advisories/ZDI-23-613", "id": "ZDI-23-613", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Substance 3D Stager SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-613/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20239", "zdi_id": "ZDI-23-613" }, { "cve": "CVE-2023-29461", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-23-612/advisory.json", "detail_path": "advisories/ZDI-23-612", "id": "ZDI-23-612", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-612/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-20109", "zdi_id": "ZDI-23-612" }, { "cve": "CVE-2023-29462", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-23-611/advisory.json", "detail_path": "advisories/ZDI-23-611", "id": "ZDI-23-611", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-611/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-19749", "zdi_id": "ZDI-23-611" }, { "cve": "CVE-2023-29460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-23-610/advisory.json", "detail_path": "advisories/ZDI-23-610", "id": "ZDI-23-610", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-610/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-19747", "zdi_id": "ZDI-23-610" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-609/advisory.json", "detail_path": "advisories/ZDI-23-609", "id": "ZDI-23-609", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-609/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19393", "zdi_id": "ZDI-23-609" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-608/advisory.json", "detail_path": "advisories/ZDI-23-608", "id": "ZDI-23-608", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-608/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19256", "zdi_id": "ZDI-23-608" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-607/advisory.json", "detail_path": "advisories/ZDI-23-607", "id": "ZDI-23-607", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-607/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19289", "zdi_id": "ZDI-23-607" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-606/advisory.json", "detail_path": "advisories/ZDI-23-606", "id": "ZDI-23-606", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-606/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19288", "zdi_id": "ZDI-23-606" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-605/advisory.json", "detail_path": "advisories/ZDI-23-605", "id": "ZDI-23-605", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-605/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19245", "zdi_id": "ZDI-23-605" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-604/advisory.json", "detail_path": "advisories/ZDI-23-604", "id": "ZDI-23-604", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-604/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19246", "zdi_id": "ZDI-23-604" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-603/advisory.json", "detail_path": "advisories/ZDI-23-603", "id": "ZDI-23-603", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-603/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19247", "zdi_id": "ZDI-23-603" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-602/advisory.json", "detail_path": "advisories/ZDI-23-602", "id": "ZDI-23-602", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-602/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19248", "zdi_id": "ZDI-23-602" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-601/advisory.json", "detail_path": "advisories/ZDI-23-601", "id": "ZDI-23-601", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-601/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19249", "zdi_id": "ZDI-23-601" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-600/advisory.json", "detail_path": "advisories/ZDI-23-600", "id": "ZDI-23-600", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-600/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19250", "zdi_id": "ZDI-23-600" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-599/advisory.json", "detail_path": "advisories/ZDI-23-599", "id": "ZDI-23-599", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-599/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19251", "zdi_id": "ZDI-23-599" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-598/advisory.json", "detail_path": "advisories/ZDI-23-598", "id": "ZDI-23-598", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-598/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19244", "zdi_id": "ZDI-23-598" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-597/advisory.json", "detail_path": "advisories/ZDI-23-597", "id": "ZDI-23-597", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-597/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19110", "zdi_id": "ZDI-23-597" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-596/advisory.json", "detail_path": "advisories/ZDI-23-596", "id": "ZDI-23-596", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-596/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19121", "zdi_id": "ZDI-23-596" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-595/advisory.json", "detail_path": "advisories/ZDI-23-595", "id": "ZDI-23-595", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-595/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18962", "zdi_id": "ZDI-23-595" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-594/advisory.json", "detail_path": "advisories/ZDI-23-594", "id": "ZDI-23-594", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-594/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18619", "zdi_id": "ZDI-23-594" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-593/advisory.json", "detail_path": "advisories/ZDI-23-593", "id": "ZDI-23-593", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-593/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18618", "zdi_id": "ZDI-23-593" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-592/advisory.json", "detail_path": "advisories/ZDI-23-592", "id": "ZDI-23-592", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Adobe Dimension SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-592/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20276", "zdi_id": "ZDI-23-592" }, { "cve": "CVE-2023-32528", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-23-591/advisory.json", "detail_path": "advisories/ZDI-23-591", "id": "ZDI-23-591", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widgetforsecurity getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20181", "zdi_id": "ZDI-23-591" }, { "cve": "CVE-2023-32527", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-23-590/advisory.json", "detail_path": "advisories/ZDI-23-590", "id": "ZDI-23-590", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20180", "zdi_id": "ZDI-23-590" }, { "cve": "CVE-2023-32525", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-23-589/advisory.json", "detail_path": "advisories/ZDI-23-589", "id": "ZDI-23-589", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20179", "zdi_id": "ZDI-23-589" }, { "cve": "CVE-2023-32524", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Mobile Security for Enterprises. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WFUser class define...", "detail_json": "/data/advisories/ZDI-23-588/advisory.json", "detail_path": "advisories/ZDI-23-588", "id": "ZDI-23-588", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widgetforsecurity WFUser Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19722", "zdi_id": "ZDI-23-588" }, { "cve": "CVE-2023-32523", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Mobile Security for Enterprises. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WFUser class define...", "detail_json": "/data/advisories/ZDI-23-587/advisory.json", "detail_path": "advisories/ZDI-23-587", "id": "ZDI-23-587", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-19721", "zdi_id": "ZDI-23-587" }, { "cve": "CVE-2023-32526", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-23-586/advisory.json", "detail_path": "advisories/ZDI-23-586", "id": "ZDI-23-586", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Trend Micro Mobile Security for Enterprises widgetforsecurity set_certificates_config Unrestricted File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-20182", "zdi_id": "ZDI-23-586" }, { "cve": "CVE-2023-25001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-585/advisory.json", "detail_path": "advisories/ZDI-23-585", "id": "ZDI-23-585", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Autodesk 3DS Max SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-05-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-585/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19083", "zdi_id": "ZDI-23-585" }, { "cve": "CVE-2023-25009", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-584/advisory.json", "detail_path": "advisories/ZDI-23-584", "id": "ZDI-23-584", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-584/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20169", "zdi_id": "ZDI-23-584" }, { "cve": "CVE-2023-25008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-583/advisory.json", "detail_path": "advisories/ZDI-23-583", "id": "ZDI-23-583", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-583/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20170", "zdi_id": "ZDI-23-583" }, { "cve": "CVE-2023-25007", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-582/advisory.json", "detail_path": "advisories/ZDI-23-582", "id": "ZDI-23-582", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-582/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20173", "zdi_id": "ZDI-23-582" }, { "cve": "CVE-2023-25008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-581/advisory.json", "detail_path": "advisories/ZDI-23-581", "id": "ZDI-23-581", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-581/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20174", "zdi_id": "ZDI-23-581" }, { "cve": "CVE-2023-25006", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-580/advisory.json", "detail_path": "advisories/ZDI-23-580", "id": "ZDI-23-580", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-580/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20175", "zdi_id": "ZDI-23-580" }, { "cve": "CVE-2023-25006", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-579/advisory.json", "detail_path": "advisories/ZDI-23-579", "id": "ZDI-23-579", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-579/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20171", "zdi_id": "ZDI-23-579" }, { "cve": "CVE-2023-25008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-578/advisory.json", "detail_path": "advisories/ZDI-23-578", "id": "ZDI-23-578", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-578/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20221", "zdi_id": "ZDI-23-578" }, { "cve": "CVE-2023-25008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-577/advisory.json", "detail_path": "advisories/ZDI-23-577", "id": "ZDI-23-577", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-577/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20168", "zdi_id": "ZDI-23-577" }, { "cve": "CVE-2023-25001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-576/advisory.json", "detail_path": "advisories/ZDI-23-576", "id": "ZDI-23-576", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-576/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19085", "zdi_id": "ZDI-23-576" }, { "cve": "CVE-2023-25001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-575/advisory.json", "detail_path": "advisories/ZDI-23-575", "id": "ZDI-23-575", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-575/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-18963", "zdi_id": "ZDI-23-575" }, { "cve": "CVE-2023-25001", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-574/advisory.json", "detail_path": "advisories/ZDI-23-574", "id": "ZDI-23-574", "kind": "published", "published_date": "2023-05-12", "status": "published", "title": "Autodesk 3DS Max SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-574/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-18974", "zdi_id": "ZDI-23-574" }, { "cve": "CVE-2023-24949", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-573/advisory.json", "detail_path": "advisories/ZDI-23-573", "id": "ZDI-23-573", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Microsoft Windows PE Parsing Integer Overflow Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-573/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20044", "zdi_id": "ZDI-23-573" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-572/advisory.json", "detail_path": "advisories/ZDI-23-572", "id": "ZDI-23-572", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Microsoft Office Visio DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-572/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20167", "zdi_id": "ZDI-23-572" }, { "cve": "CVE-2023-24950", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the AdRotator WebControl. T...", "detail_json": "/data/advisories/ZDI-23-571/advisory.json", "detail_path": "advisories/ZDI-23-571", "id": "ZDI-23-571", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Microsoft SharePoint AdRotator Improper Input Validation NTLM Relay Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-571/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20375", "zdi_id": "ZDI-23-571" }, { "cve": "CVE-2023-29277", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-570/advisory.json", "detail_path": "advisories/ZDI-23-570", "id": "ZDI-23-570", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-570/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20370", "zdi_id": "ZDI-23-570" }, { "cve": "CVE-2023-29278", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-569/advisory.json", "detail_path": "advisories/ZDI-23-569", "id": "ZDI-23-569", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter GLTF File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20371", "zdi_id": "ZDI-23-569" }, { "cve": "CVE-2023-29280", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-568/advisory.json", "detail_path": "advisories/ZDI-23-568", "id": "ZDI-23-568", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20372", "zdi_id": "ZDI-23-568" }, { "cve": "CVE-2023-29279", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-567/advisory.json", "detail_path": "advisories/ZDI-23-567", "id": "ZDI-23-567", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-567/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20368", "zdi_id": "ZDI-23-567" }, { "cve": "CVE-2023-29286", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-566/advisory.json", "detail_path": "advisories/ZDI-23-566", "id": "ZDI-23-566", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-566/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20369", "zdi_id": "ZDI-23-566" }, { "cve": "CVE-2023-29282", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-565/advisory.json", "detail_path": "advisories/ZDI-23-565", "id": "ZDI-23-565", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-565/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20359", "zdi_id": "ZDI-23-565" }, { "cve": "CVE-2023-29285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-564/advisory.json", "detail_path": "advisories/ZDI-23-564", "id": "ZDI-23-564", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20360", "zdi_id": "ZDI-23-564" }, { "cve": "CVE-2023-29283", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-563/advisory.json", "detail_path": "advisories/ZDI-23-563", "id": "ZDI-23-563", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-563/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20361", "zdi_id": "ZDI-23-563" }, { "cve": "CVE-2023-29276", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-562/advisory.json", "detail_path": "advisories/ZDI-23-562", "id": "ZDI-23-562", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-562/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20362", "zdi_id": "ZDI-23-562" }, { "cve": "CVE-2023-29275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-561/advisory.json", "detail_path": "advisories/ZDI-23-561", "id": "ZDI-23-561", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-561/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20363", "zdi_id": "ZDI-23-561" }, { "cve": "CVE-2023-29281", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-560/advisory.json", "detail_path": "advisories/ZDI-23-560", "id": "ZDI-23-560", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-560/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20364", "zdi_id": "ZDI-23-560" }, { "cve": "CVE-2023-29284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-559/advisory.json", "detail_path": "advisories/ZDI-23-559", "id": "ZDI-23-559", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-559/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20365", "zdi_id": "ZDI-23-559" }, { "cve": "CVE-2023-29274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-558/advisory.json", "detail_path": "advisories/ZDI-23-558", "id": "ZDI-23-558", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-558/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20366", "zdi_id": "ZDI-23-558" }, { "cve": "CVE-2023-29273", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-557/advisory.json", "detail_path": "advisories/ZDI-23-557", "id": "ZDI-23-557", "kind": "published", "published_date": "2023-05-10", "status": "published", "title": "Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-557/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20367", "zdi_id": "ZDI-23-557" }, { "cve": "CVE-2023-0856", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing...", "detail_json": "/data/advisories/ZDI-23-556/advisory.json", "detail_path": "advisories/ZDI-23-556", "id": "ZDI-23-556", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw IPP sides Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-556/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19803", "zdi_id": "ZDI-23-556" }, { "cve": "CVE-2023-0855", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing...", "detail_json": "/data/advisories/ZDI-23-555/advisory.json", "detail_path": "advisories/ZDI-23-555", "id": "ZDI-23-555", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw IPP number-up Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-555/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19756", "zdi_id": "ZDI-23-555" }, { "cve": "CVE-2023-0854", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of NetBIO...", "detail_json": "/data/advisories/ZDI-23-554/advisory.json", "detail_path": "advisories/ZDI-23-554", "id": "ZDI-23-554", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw cmNetBiosParseName Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-554/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19798", "zdi_id": "ZDI-23-554" }, { "cve": "CVE-2023-0853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of mDNS pack...", "detail_json": "/data/advisories/ZDI-23-553/advisory.json", "detail_path": "advisories/ZDI-23-553", "id": "ZDI-23-553", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw mDNS hostname Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-553/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19827", "zdi_id": "ZDI-23-553" }, { "cve": "CVE-2023-0852", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rls-login handler...", "detail_json": "/data/advisories/ZDI-23-552/advisory.json", "detail_path": "advisories/ZDI-23-552", "id": "ZDI-23-552", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-552/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19794", "zdi_id": "ZDI-23-552" }, { "cve": "CVE-2023-0851", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service, whi...", "detail_json": "/data/advisories/ZDI-23-551/advisory.json", "detail_path": "advisories/ZDI-23-551", "id": "ZDI-23-551", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw CADM setResource Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-551/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19682", "zdi_id": "ZDI-23-551" }, { "cve": "CVE-2023-0851", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the r...", "detail_json": "/data/advisories/ZDI-23-550/advisory.json", "detail_path": "advisories/ZDI-23-550", "id": "ZDI-23-550", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw CADM resourceStart2 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-550/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19644", "zdi_id": "ZDI-23-550" }, { "cve": "CVE-2023-0851", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service, whi...", "detail_json": "/data/advisories/ZDI-23-549/advisory.json", "detail_path": "advisories/ZDI-23-549", "id": "ZDI-23-549", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF743Cdw CADM resourceStart2 Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-549/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-19634", "zdi_id": "ZDI-23-549" }, { "cve": "CVE-2023-27321", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC...", "detail_json": "/data/advisories/ZDI-23-548/advisory.json", "detail_path": "advisories/ZDI-23-548", "id": "ZDI-23-548", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(Pwn2Own) OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-548/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-20505", "zdi_id": "ZDI-23-548" }, { "cve": "CVE-2023-2156", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the RPL protocol. The i...", "detail_json": "/data/advisories/ZDI-23-547/advisory.json", "detail_path": "advisories/ZDI-23-547", "id": "ZDI-23-547", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "(0Day) Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-547/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-16223", "zdi_id": "ZDI-23-547" }, { "cve": "CVE-2022-29108", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of charts. Tampering with c...", "detail_json": "/data/advisories/ZDI-23-546/advisory.json", "detail_path": "advisories/ZDI-23-546", "id": "ZDI-23-546", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-546/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16664", "zdi_id": "ZDI-23-546" }, { "cve": "CVE-2023-32153", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-545/advisory.json", "detail_path": "advisories/ZDI-23-545", "id": "ZDI-23-545", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-545/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19550", "zdi_id": "ZDI-23-545" }, { "cve": "CVE-2023-32152", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, whi...", "detail_json": "/data/advisories/ZDI-23-544/advisory.json", "detail_path": "advisories/ZDI-23-544", "id": "ZDI-23-544", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-544/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19549", "zdi_id": "ZDI-23-544" }, { "cve": "CVE-2023-32151", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-543/advisory.json", "detail_path": "advisories/ZDI-23-543", "id": "ZDI-23-543", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-543/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19548", "zdi_id": "ZDI-23-543" }, { "cve": "CVE-2023-32150", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-542/advisory.json", "detail_path": "advisories/ZDI-23-542", "id": "ZDI-23-542", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-542/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19547", "zdi_id": "ZDI-23-542" }, { "cve": "CVE-2023-32149", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, wh...", "detail_json": "/data/advisories/ZDI-23-541/advisory.json", "detail_path": "advisories/ZDI-23-541", "id": "ZDI-23-541", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-541/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19546", "zdi_id": "ZDI-23-541" }, { "cve": "CVE-2023-32148", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, whi...", "detail_json": "/data/advisories/ZDI-23-540/advisory.json", "detail_path": "advisories/ZDI-23-540", "id": "ZDI-23-540", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-540/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19545", "zdi_id": "ZDI-23-540" }, { "cve": "CVE-2023-32147", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-23-539/advisory.json", "detail_path": "advisories/ZDI-23-539", "id": "ZDI-23-539", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-539/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19544", "zdi_id": "ZDI-23-539" }, { "cve": "CVE-2023-32146", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. W...", "detail_json": "/data/advisories/ZDI-23-538/advisory.json", "detail_path": "advisories/ZDI-23-538", "id": "ZDI-23-538", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-538/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18746", "zdi_id": "ZDI-23-538" }, { "cve": "CVE-2023-32145", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests...", "detail_json": "/data/advisories/ZDI-23-537/advisory.json", "detail_path": "advisories/ZDI-23-537", "id": "ZDI-23-537", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-537/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18455", "zdi_id": "ZDI-23-537" }, { "cve": "CVE-2023-32144", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the...", "detail_json": "/data/advisories/ZDI-23-536/advisory.json", "detail_path": "advisories/ZDI-23-536", "id": "ZDI-23-536", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-536/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18454", "zdi_id": "ZDI-23-536" }, { "cve": "CVE-2023-32143", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the...", "detail_json": "/data/advisories/ZDI-23-535/advisory.json", "detail_path": "advisories/ZDI-23-535", "id": "ZDI-23-535", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-535/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18423", "zdi_id": "ZDI-23-535" }, { "cve": "CVE-2023-32142", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the...", "detail_json": "/data/advisories/ZDI-23-534/advisory.json", "detail_path": "advisories/ZDI-23-534", "id": "ZDI-23-534", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-534/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18422", "zdi_id": "ZDI-23-534" }, { "cve": "CVE-2023-32141", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the...", "detail_json": "/data/advisories/ZDI-23-533/advisory.json", "detail_path": "advisories/ZDI-23-533", "id": "ZDI-23-533", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-533/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18419", "zdi_id": "ZDI-23-533" }, { "cve": "CVE-2023-32140", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cg...", "detail_json": "/data/advisories/ZDI-23-532/advisory.json", "detail_path": "advisories/ZDI-23-532", "id": "ZDI-23-532", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-532/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18418", "zdi_id": "ZDI-23-532" }, { "cve": "CVE-2023-32139", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cg...", "detail_json": "/data/advisories/ZDI-23-531/advisory.json", "detail_path": "advisories/ZDI-23-531", "id": "ZDI-23-531", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-531/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18417", "zdi_id": "ZDI-23-531" }, { "cve": "CVE-2023-32138", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the...", "detail_json": "/data/advisories/ZDI-23-530/advisory.json", "detail_path": "advisories/ZDI-23-530", "id": "ZDI-23-530", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-530/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18416", "zdi_id": "ZDI-23-530" }, { "cve": "CVE-2023-32137", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests...", "detail_json": "/data/advisories/ZDI-23-529/advisory.json", "detail_path": "advisories/ZDI-23-529", "id": "ZDI-23-529", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-529/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18415", "zdi_id": "ZDI-23-529" }, { "cve": "CVE-2023-32136", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cg...", "detail_json": "/data/advisories/ZDI-23-528/advisory.json", "detail_path": "advisories/ZDI-23-528", "id": "ZDI-23-528", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-528/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18414", "zdi_id": "ZDI-23-528" }, { "cve": "CVE-2023-32135", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-527/advisory.json", "detail_path": "advisories/ZDI-23-527", "id": "ZDI-23-527", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-527/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-18863", "zdi_id": "ZDI-23-527" }, { "cve": "CVE-2023-32134", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-526/advisory.json", "detail_path": "advisories/ZDI-23-526", "id": "ZDI-23-526", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-526/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15629", "zdi_id": "ZDI-23-526" }, { "cve": "CVE-2023-32133", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-525/advisory.json", "detail_path": "advisories/ZDI-23-525", "id": "ZDI-23-525", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-525/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15628", "zdi_id": "ZDI-23-525" }, { "cve": "CVE-2023-32132", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-524/advisory.json", "detail_path": "advisories/ZDI-23-524", "id": "ZDI-23-524", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-524/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15627", "zdi_id": "ZDI-23-524" }, { "cve": "CVE-2023-32131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-523/advisory.json", "detail_path": "advisories/ZDI-23-523", "id": "ZDI-23-523", "kind": "published", "published_date": "2023-05-04", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-523/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15626", "zdi_id": "ZDI-23-523" }, { "cve": "CVE-2023-20869", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-522/advisory.json", "detail_path": "advisories/ZDI-23-522", "id": "ZDI-23-522", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) VMware Workstation UHCI Component Stack-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-522/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20773", "zdi_id": "ZDI-23-522" }, { "cve": "CVE-2023-20870", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-23-521/advisory.json", "detail_path": "advisories/ZDI-23-521", "id": "ZDI-23-521", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-521/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20719", "zdi_id": "ZDI-23-521" }, { "cve": "CVE-2023-0249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-520/advisory.json", "detail_path": "advisories/ZDI-23-520", "id": "ZDI-23-520", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-520/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19443", "zdi_id": "ZDI-23-520" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-519/advisory.json", "detail_path": "advisories/ZDI-23-519", "id": "ZDI-23-519", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-519/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19442", "zdi_id": "ZDI-23-519" }, { "cve": "CVE-2023-0251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-518/advisory.json", "detail_path": "advisories/ZDI-23-518", "id": "ZDI-23-518", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-518/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19441", "zdi_id": "ZDI-23-518" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-517/advisory.json", "detail_path": "advisories/ZDI-23-517", "id": "ZDI-23-517", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-517/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19440", "zdi_id": "ZDI-23-517" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-516/advisory.json", "detail_path": "advisories/ZDI-23-516", "id": "ZDI-23-516", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-516/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19439", "zdi_id": "ZDI-23-516" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-515/advisory.json", "detail_path": "advisories/ZDI-23-515", "id": "ZDI-23-515", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-515/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19438", "zdi_id": "ZDI-23-515" }, { "cve": "CVE-2023-0251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-514/advisory.json", "detail_path": "advisories/ZDI-23-514", "id": "ZDI-23-514", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-514/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19437", "zdi_id": "ZDI-23-514" }, { "cve": "CVE-2023-0249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-513/advisory.json", "detail_path": "advisories/ZDI-23-513", "id": "ZDI-23-513", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-513/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19436", "zdi_id": "ZDI-23-513" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-512/advisory.json", "detail_path": "advisories/ZDI-23-512", "id": "ZDI-23-512", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-512/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19434", "zdi_id": "ZDI-23-512" }, { "cve": "CVE-2023-0251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-511/advisory.json", "detail_path": "advisories/ZDI-23-511", "id": "ZDI-23-511", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-511/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19433", "zdi_id": "ZDI-23-511" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-510/advisory.json", "detail_path": "advisories/ZDI-23-510", "id": "ZDI-23-510", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-510/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19238", "zdi_id": "ZDI-23-510" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-509/advisory.json", "detail_path": "advisories/ZDI-23-509", "id": "ZDI-23-509", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-509/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19237", "zdi_id": "ZDI-23-509" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-508/advisory.json", "detail_path": "advisories/ZDI-23-508", "id": "ZDI-23-508", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-508/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19236", "zdi_id": "ZDI-23-508" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-507/advisory.json", "detail_path": "advisories/ZDI-23-507", "id": "ZDI-23-507", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-507/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19235", "zdi_id": "ZDI-23-507" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-506/advisory.json", "detail_path": "advisories/ZDI-23-506", "id": "ZDI-23-506", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-506/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19234", "zdi_id": "ZDI-23-506" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-505/advisory.json", "detail_path": "advisories/ZDI-23-505", "id": "ZDI-23-505", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-505/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19233", "zdi_id": "ZDI-23-505" }, { "cve": "CVE-2023-0250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-504/advisory.json", "detail_path": "advisories/ZDI-23-504", "id": "ZDI-23-504", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-504/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19212", "zdi_id": "ZDI-23-504" }, { "cve": "CVE-2023-27356", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-23-503/advisory.json", "detail_path": "advisories/ZDI-23-503", "id": "ZDI-23-503", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-503/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19825", "zdi_id": "ZDI-23-503" }, { "cve": "CVE-2023-27358", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requ...", "detail_json": "/data/advisories/ZDI-23-502/advisory.json", "detail_path": "advisories/ZDI-23-502", "id": "ZDI-23-502", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19754", "zdi_id": "ZDI-23-502" }, { "cve": "CVE-2023-27370", "cvss": 5.7, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-23-501/advisory.json", "detail_path": "advisories/ZDI-23-501", "id": "ZDI-23-501", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-501/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19841", "zdi_id": "ZDI-23-501" }, { "cve": "CVE-2023-27369", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the...", "detail_json": "/data/advisories/ZDI-23-500/advisory.json", "detail_path": "advisories/ZDI-23-500", "id": "ZDI-23-500", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-500/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19840", "zdi_id": "ZDI-23-500" }, { "cve": "CVE-2023-27368", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When pars...", "detail_json": "/data/advisories/ZDI-23-499/advisory.json", "detail_path": "advisories/ZDI-23-499", "id": "ZDI-23-499", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-499/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19839", "zdi_id": "ZDI-23-499" }, { "cve": "CVE-2023-27367", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-23-498/advisory.json", "detail_path": "advisories/ZDI-23-498", "id": "ZDI-23-498", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-498/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19838", "zdi_id": "ZDI-23-498" }, { "cve": "CVE-2023-27357", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP reque...", "detail_json": "/data/advisories/ZDI-23-497/advisory.json", "detail_path": "advisories/ZDI-23-497", "id": "ZDI-23-497", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "(Pwn2Own) NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-497/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19608", "zdi_id": "ZDI-23-497" }, { "cve": "CVE-2023-27360", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP ser...", "detail_json": "/data/advisories/ZDI-23-496/advisory.json", "detail_path": "advisories/ZDI-23-496", "id": "ZDI-23-496", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-496/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19398", "zdi_id": "ZDI-23-496" }, { "cve": "CVE-2023-27361", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue r...", "detail_json": "/data/advisories/ZDI-23-495/advisory.json", "detail_path": "advisories/ZDI-23-495", "id": "ZDI-23-495", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-495/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-19355", "zdi_id": "ZDI-23-495" }, { "cve": "CVE-2023-27366", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-494/advisory.json", "detail_path": "advisories/ZDI-23-494", "id": "ZDI-23-494", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-494/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-20225", "zdi_id": "ZDI-23-494" }, { "cve": "CVE-2023-27365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-493/advisory.json", "detail_path": "advisories/ZDI-23-493", "id": "ZDI-23-493", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-493/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19739", "zdi_id": "ZDI-23-493" }, { "cve": "CVE-2023-27364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-492/advisory.json", "detail_path": "advisories/ZDI-23-492", "id": "ZDI-23-492", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-492/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19738", "zdi_id": "ZDI-23-492" }, { "cve": "CVE-2023-27363", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-491/advisory.json", "detail_path": "advisories/ZDI-23-491", "id": "ZDI-23-491", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-491/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19697", "zdi_id": "ZDI-23-491" }, { "cve": "CVE-2023-1967", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N8844A Data Analytics Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Unmarshal function....", "detail_json": "/data/advisories/ZDI-23-490/advisory.json", "detail_path": "advisories/ZDI-23-490", "id": "ZDI-23-490", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "KeySight N8844A Data Analytics Web Service Unmarshal Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-490/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-19603", "zdi_id": "ZDI-23-490" }, { "cve": "CVE-2023-1399", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-23-489/advisory.json", "detail_path": "advisories/ZDI-23-489", "id": "ZDI-23-489", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-489/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-18488", "zdi_id": "ZDI-23-489" }, { "cve": "CVE-2023-21893", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of Oracle ODP.NET Managed Driver. An attacker must first obtain the ability to intercept and alter network traffic in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-23-488/advisory.json", "detail_path": "advisories/ZDI-23-488", "id": "ZDI-23-488", "kind": "published", "published_date": "2023-05-01", "status": "published", "title": "Oracle ODP.NET Managed Driver Improper Certificate Validation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-488/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-19864", "zdi_id": "ZDI-23-488" }, { "cve": "CVE-2023-21987", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-487/advisory.json", "detail_path": "advisories/ZDI-23-487", "id": "ZDI-23-487", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox TPM MMIO Handling Stack-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-487/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-20779", "zdi_id": "ZDI-23-487" }, { "cve": "CVE-2023-21988", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-486/advisory.json", "detail_path": "advisories/ZDI-23-486", "id": "ZDI-23-486", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-486/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-20723", "zdi_id": "ZDI-23-486" }, { "cve": "CVE-2023-21990", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-485/advisory.json", "detail_path": "advisories/ZDI-23-485", "id": "ZDI-23-485", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-485/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-20671", "zdi_id": "ZDI-23-485" }, { "cve": "CVE-2023-21989", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-484/advisory.json", "detail_path": "advisories/ZDI-23-484", "id": "ZDI-23-484", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI USB Controller Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-484/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-20670", "zdi_id": "ZDI-23-484" }, { "cve": "CVE-2023-21991", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-483/advisory.json", "detail_path": "advisories/ZDI-23-483", "id": "ZDI-23-483", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox VGA MMIO Handling Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-483/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-20669", "zdi_id": "ZDI-23-483" }, { "cve": "CVE-2023-20864", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController clas...", "detail_json": "/data/advisories/ZDI-23-482/advisory.json", "detail_path": "advisories/ZDI-23-482", "id": "ZDI-23-482", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "VMware Aria Operations for Logs Cluster Controller Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-482/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-20380", "zdi_id": "ZDI-23-482" }, { "cve": "CVE-2022-26804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-481/advisory.json", "detail_path": "advisories/ZDI-23-481", "id": "ZDI-23-481", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-481/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19242", "zdi_id": "ZDI-23-481" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-480/advisory.json", "detail_path": "advisories/ZDI-23-480", "id": "ZDI-23-480", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-480/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19180", "zdi_id": "ZDI-23-480" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-479/advisory.json", "detail_path": "advisories/ZDI-23-479", "id": "ZDI-23-479", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-479/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19179", "zdi_id": "ZDI-23-479" }, { "cve": "CVE-2022-44692", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-478/advisory.json", "detail_path": "advisories/ZDI-23-478", "id": "ZDI-23-478", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-478/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18374", "zdi_id": "ZDI-23-478" }, { "cve": "CVE-2022-44692", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-477/advisory.json", "detail_path": "advisories/ZDI-23-477", "id": "ZDI-23-477", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-477/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18372", "zdi_id": "ZDI-23-477" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-476/advisory.json", "detail_path": "advisories/ZDI-23-476", "id": "ZDI-23-476", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-476/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18079", "zdi_id": "ZDI-23-476" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-475/advisory.json", "detail_path": "advisories/ZDI-23-475", "id": "ZDI-23-475", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-475/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18078", "zdi_id": "ZDI-23-475" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-474/advisory.json", "detail_path": "advisories/ZDI-23-474", "id": "ZDI-23-474", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-474/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18077", "zdi_id": "ZDI-23-474" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-473/advisory.json", "detail_path": "advisories/ZDI-23-473", "id": "ZDI-23-473", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-473/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18076", "zdi_id": "ZDI-23-473" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-472/advisory.json", "detail_path": "advisories/ZDI-23-472", "id": "ZDI-23-472", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-472/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18075", "zdi_id": "ZDI-23-472" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-471/advisory.json", "detail_path": "advisories/ZDI-23-471", "id": "ZDI-23-471", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-471/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18074", "zdi_id": "ZDI-23-471" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-470/advisory.json", "detail_path": "advisories/ZDI-23-470", "id": "ZDI-23-470", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-470/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18073", "zdi_id": "ZDI-23-470" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-469/advisory.json", "detail_path": "advisories/ZDI-23-469", "id": "ZDI-23-469", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-469/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18072", "zdi_id": "ZDI-23-469" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-468/advisory.json", "detail_path": "advisories/ZDI-23-468", "id": "ZDI-23-468", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-468/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18071", "zdi_id": "ZDI-23-468" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-467/advisory.json", "detail_path": "advisories/ZDI-23-467", "id": "ZDI-23-467", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-467/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17967", "zdi_id": "ZDI-23-467" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-466/advisory.json", "detail_path": "advisories/ZDI-23-466", "id": "ZDI-23-466", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-466/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17954", "zdi_id": "ZDI-23-466" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-465/advisory.json", "detail_path": "advisories/ZDI-23-465", "id": "ZDI-23-465", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-465/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17952", "zdi_id": "ZDI-23-465" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-464/advisory.json", "detail_path": "advisories/ZDI-23-464", "id": "ZDI-23-464", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-464/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17951", "zdi_id": "ZDI-23-464" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-23-463/advisory.json", "detail_path": "advisories/ZDI-23-463", "id": "ZDI-23-463", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-463/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17950", "zdi_id": "ZDI-23-463" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-462/advisory.json", "detail_path": "advisories/ZDI-23-462", "id": "ZDI-23-462", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvEscape Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-462/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16761", "zdi_id": "ZDI-23-462" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-461/advisory.json", "detail_path": "advisories/ZDI-23-461", "id": "ZDI-23-461", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvLineTo Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-461/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16763", "zdi_id": "ZDI-23-461" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-460/advisory.json", "detail_path": "advisories/ZDI-23-460", "id": "ZDI-23-460", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvNextBand Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-460/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16759", "zdi_id": "ZDI-23-460" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-459/advisory.json", "detail_path": "advisories/ZDI-23-459", "id": "ZDI-23-459", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvQueryPerBandInfo Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-459/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16758", "zdi_id": "ZDI-23-459" }, { "cve": "CVE-2022-47505", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-23-458/advisory.json", "detail_path": "advisories/ZDI-23-458", "id": "ZDI-23-458", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "SolarWinds Network Performance Monitor TFTP Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-458/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19902", "zdi_id": "ZDI-23-458" }, { "cve": "CVE-2022-36963", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram meth...", "detail_json": "/data/advisories/ZDI-23-457/advisory.json", "detail_path": "advisories/ZDI-23-457", "id": "ZDI-23-457", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "SolarWinds Network Performance Monitor ExecuteExternalProgram Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-457/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17702", "zdi_id": "ZDI-23-457" }, { "cve": "CVE-2023-28128", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-23-456/advisory.json", "detail_path": "advisories/ZDI-23-456", "id": "ZDI-23-456", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-456/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-17812", "zdi_id": "ZDI-23-456" }, { "cve": "CVE-2023-28127", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-23-455/advisory.json", "detail_path": "advisories/ZDI-23-455", "id": "ZDI-23-455", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Ivanti Avalanche getLogFile Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-455/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-17769", "zdi_id": "ZDI-23-455" }, { "cve": "CVE-2023-28126", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-23-454/advisory.json", "detail_path": "advisories/ZDI-23-454", "id": "ZDI-23-454", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Ivanti Avalanche EnterpriseServer GetSettings Exposed Dangerous Method Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-454/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-17750", "zdi_id": "ZDI-23-454" }, { "cve": "CVE-2023-28125", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. User interaction is required to exploit this vulnerability. The specific flaw exists within the InfoRail service. The issue results from imprope...", "detail_json": "/data/advisories/ZDI-23-453/advisory.json", "detail_path": "advisories/ZDI-23-453", "id": "ZDI-23-453", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "Ivanti Avalanche InfoRail Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-453/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-17729", "zdi_id": "ZDI-23-453" }, { "cve": "CVE-2023-27359", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The iss...", "detail_json": "/data/advisories/ZDI-23-452/advisory.json", "detail_path": "advisories/ZDI-23-452", "id": "ZDI-23-452", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-452/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19664", "zdi_id": "ZDI-23-452" }, { "cve": "CVE-2023-1389", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the merge_country_config fun...", "detail_json": "/data/advisories/ZDI-23-451/advisory.json", "detail_path": "advisories/ZDI-23-451", "id": "ZDI-23-451", "kind": "published", "published_date": "2023-04-24", "status": "published", "title": "(Pwn2Own) TP-Link Archer AX21 merge_country_config Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-451/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19557", "zdi_id": "ZDI-23-451" }, { "cve": "CVE-2022-0369", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-23-450/advisory.json", "detail_path": "advisories/ZDI-23-450", "id": "ZDI-23-450", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-17227", "zdi_id": "ZDI-23-450" }, { "cve": "CVE-2023-27355", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results...", "detail_json": "/data/advisories/ZDI-23-449/advisory.json", "detail_path": "advisories/ZDI-23-449", "id": "ZDI-23-449", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "(Pwn2Own) Sonos One Speaker MPEG-TS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-449/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-19773", "zdi_id": "ZDI-23-449" }, { "cve": "CVE-2023-27353", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue...", "detail_json": "/data/advisories/ZDI-23-448/advisory.json", "detail_path": "advisories/ZDI-23-448", "id": "ZDI-23-448", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "(Pwn2Own) Sonos One Speaker msprox Endpoint Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-448/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-19846", "zdi_id": "ZDI-23-448" }, { "cve": "CVE-2023-27352", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory qu...", "detail_json": "/data/advisories/ZDI-23-447/advisory.json", "detail_path": "advisories/ZDI-23-447", "id": "ZDI-23-447", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "(Pwn2Own) Sonos One Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-447/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-19845", "zdi_id": "ZDI-23-447" }, { "cve": "CVE-2023-27354", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB dire...", "detail_json": "/data/advisories/ZDI-23-446/advisory.json", "detail_path": "advisories/ZDI-23-446", "id": "ZDI-23-446", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "(Pwn2Own) Sonos One Speaker libsmb2 Integer Overflow Information Disclosure Vulnerability", "updated_date": "2023-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-446/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-19727", "zdi_id": "ZDI-23-446" }, { "cve": "CVE-2023-29412", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP funct...", "detail_json": "/data/advisories/ZDI-23-445/advisory.json", "detail_path": "advisories/ZDI-23-445", "id": "ZDI-23-445", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "Schneider Electric APC Easy UPS Online getMacAddressByIP Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-445/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19269", "zdi_id": "ZDI-23-445" }, { "cve": "CVE-2023-29411", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword fu...", "detail_json": "/data/advisories/ZDI-23-444/advisory.json", "detail_path": "advisories/ZDI-23-444", "id": "ZDI-23-444", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "Schneider Electric APC Easy UPS Online updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-444/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19274", "zdi_id": "ZDI-23-444" }, { "cve": "CVE-2023-29413", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketSer...", "detail_json": "/data/advisories/ZDI-23-443/advisory.json", "detail_path": "advisories/ZDI-23-443", "id": "ZDI-23-443", "kind": "published", "published_date": "2023-04-14", "status": "published", "title": "Schneider Electric APC Easy UPS Online SocketService Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-443/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19268", "zdi_id": "ZDI-23-443" }, { "cve": "CVE-2023-2019", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-23-442/advisory.json", "detail_path": "advisories/ZDI-23-442", "id": "ZDI-23-442", "kind": "published", "published_date": "2023-04-13", "status": "published", "title": "Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-442/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17811", "zdi_id": "ZDI-23-442" }, { "cve": "CVE-2023-2008", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-23-441/advisory.json", "detail_path": "advisories/ZDI-23-441", "id": "ZDI-23-441", "kind": "published", "published_date": "2023-04-13", "status": "published", "title": "Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-441/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17639", "zdi_id": "ZDI-23-441" }, { "cve": "CVE-2023-2007", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-440/advisory.json", "detail_path": "advisories/ZDI-23-440", "id": "ZDI-23-440", "kind": "published", "published_date": "2023-04-13", "status": "published", "title": "Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-440/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17016", "zdi_id": "ZDI-23-440" }, { "cve": "CVE-2023-2006", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-439/advisory.json", "detail_path": "advisories/ZDI-23-439", "id": "ZDI-23-439", "kind": "published", "published_date": "2023-04-13", "status": "published", "title": "Linux Kernel RxRPC Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-15975", "zdi_id": "ZDI-23-439" }, { "cve": "CVE-2023-29084", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ChangePasswordAction function. The iss...", "detail_json": "/data/advisories/ZDI-23-438/advisory.json", "detail_path": "advisories/ZDI-23-438", "id": "ZDI-23-438", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "ManageEngine ADManager Plus ChangePasswordAction Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-438/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-20033", "zdi_id": "ZDI-23-438" }, { "cve": "CVE-2023-28342", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DomainUserSSPLog...", "detail_json": "/data/advisories/ZDI-23-437/advisory.json", "detail_path": "advisories/ZDI-23-437", "id": "ZDI-23-437", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "ManageEngine ADSelfService Plus DomainUserSSPLogonAuth Improper Input Validation Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-437/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-20008", "zdi_id": "ZDI-23-437" }, { "cve": "CVE-2023-21577", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-436/advisory.json", "detail_path": "advisories/ZDI-23-436", "id": "ZDI-23-436", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-436/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18891", "zdi_id": "ZDI-23-436" }, { "cve": "CVE-2023-26424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-435/advisory.json", "detail_path": "advisories/ZDI-23-435", "id": "ZDI-23-435", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-435/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19833", "zdi_id": "ZDI-23-435" }, { "cve": "CVE-2023-26417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-434/advisory.json", "detail_path": "advisories/ZDI-23-434", "id": "ZDI-23-434", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC Popup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-434/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20583", "zdi_id": "ZDI-23-434" }, { "cve": "CVE-2023-26422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-433/advisory.json", "detail_path": "advisories/ZDI-23-433", "id": "ZDI-23-433", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-433/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20176", "zdi_id": "ZDI-23-433" }, { "cve": "CVE-2023-26423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-432/advisory.json", "detail_path": "advisories/ZDI-23-432", "id": "ZDI-23-432", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm insertItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-432/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20160", "zdi_id": "ZDI-23-432" }, { "cve": "CVE-2023-26420", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-431/advisory.json", "detail_path": "advisories/ZDI-23-431", "id": "ZDI-23-431", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm addField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-431/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20227", "zdi_id": "ZDI-23-431" }, { "cve": "CVE-2023-26421", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-430/advisory.json", "detail_path": "advisories/ZDI-23-430", "id": "ZDI-23-430", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-430/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19832", "zdi_id": "ZDI-23-430" }, { "cve": "CVE-2023-26419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-429/advisory.json", "detail_path": "advisories/ZDI-23-429", "id": "ZDI-23-429", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-429/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20274", "zdi_id": "ZDI-23-429" }, { "cve": "CVE-2023-26418", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-428/advisory.json", "detail_path": "advisories/ZDI-23-428", "id": "ZDI-23-428", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm exportAsFDFStr Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-428/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20311", "zdi_id": "ZDI-23-428" }, { "cve": "CVE-2023-26425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-427/advisory.json", "detail_path": "advisories/ZDI-23-427", "id": "ZDI-23-427", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-427/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19854", "zdi_id": "ZDI-23-427" }, { "cve": "CVE-2023-26416", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-426/advisory.json", "detail_path": "advisories/ZDI-23-426", "id": "ZDI-23-426", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-426/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20318", "zdi_id": "ZDI-23-426" }, { "cve": "CVE-2023-26415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-425/advisory.json", "detail_path": "advisories/ZDI-23-425", "id": "ZDI-23-425", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-425/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20317", "zdi_id": "ZDI-23-425" }, { "cve": "CVE-2023-26413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-424/advisory.json", "detail_path": "advisories/ZDI-23-424", "id": "ZDI-23-424", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-424/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20315", "zdi_id": "ZDI-23-424" }, { "cve": "CVE-2023-26411", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-423/advisory.json", "detail_path": "advisories/ZDI-23-423", "id": "ZDI-23-423", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-423/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20312", "zdi_id": "ZDI-23-423" }, { "cve": "CVE-2023-26403", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-422/advisory.json", "detail_path": "advisories/ZDI-23-422", "id": "ZDI-23-422", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-422/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20259", "zdi_id": "ZDI-23-422" }, { "cve": "CVE-2023-26389", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-421/advisory.json", "detail_path": "advisories/ZDI-23-421", "id": "ZDI-23-421", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-421/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20258", "zdi_id": "ZDI-23-421" }, { "cve": "CVE-2023-26391", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-420/advisory.json", "detail_path": "advisories/ZDI-23-420", "id": "ZDI-23-420", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-420/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20256", "zdi_id": "ZDI-23-420" }, { "cve": "CVE-2023-26390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-419/advisory.json", "detail_path": "advisories/ZDI-23-419", "id": "ZDI-23-419", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-419/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20255", "zdi_id": "ZDI-23-419" }, { "cve": "CVE-2023-26402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-418/advisory.json", "detail_path": "advisories/ZDI-23-418", "id": "ZDI-23-418", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-418/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20237", "zdi_id": "ZDI-23-418" }, { "cve": "CVE-2023-26394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-417/advisory.json", "detail_path": "advisories/ZDI-23-417", "id": "ZDI-23-417", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20236", "zdi_id": "ZDI-23-417" }, { "cve": "CVE-2023-26392", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-416/advisory.json", "detail_path": "advisories/ZDI-23-416", "id": "ZDI-23-416", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20235", "zdi_id": "ZDI-23-416" }, { "cve": "CVE-2023-26393", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-415/advisory.json", "detail_path": "advisories/ZDI-23-415", "id": "ZDI-23-415", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-415/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20234", "zdi_id": "ZDI-23-415" }, { "cve": "CVE-2023-26388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-414/advisory.json", "detail_path": "advisories/ZDI-23-414", "id": "ZDI-23-414", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-414/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20286", "zdi_id": "ZDI-23-414" }, { "cve": "CVE-2023-26384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-413/advisory.json", "detail_path": "advisories/ZDI-23-413", "id": "ZDI-23-413", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-413/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20279", "zdi_id": "ZDI-23-413" }, { "cve": "CVE-2023-26385", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-412/advisory.json", "detail_path": "advisories/ZDI-23-412", "id": "ZDI-23-412", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-412/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20267", "zdi_id": "ZDI-23-412" }, { "cve": "CVE-2023-26386", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-411/advisory.json", "detail_path": "advisories/ZDI-23-411", "id": "ZDI-23-411", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-411/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20266", "zdi_id": "ZDI-23-411" }, { "cve": "CVE-2023-26383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-410/advisory.json", "detail_path": "advisories/ZDI-23-410", "id": "ZDI-23-410", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-410/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20287", "zdi_id": "ZDI-23-410" }, { "cve": "CVE-2023-26410", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-409/advisory.json", "detail_path": "advisories/ZDI-23-409", "id": "ZDI-23-409", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-409/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20309", "zdi_id": "ZDI-23-409" }, { "cve": "CVE-2023-26387", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-408/advisory.json", "detail_path": "advisories/ZDI-23-408", "id": "ZDI-23-408", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-408/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20265", "zdi_id": "ZDI-23-408" }, { "cve": "CVE-2023-26414", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-407/advisory.json", "detail_path": "advisories/ZDI-23-407", "id": "ZDI-23-407", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-407/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20316", "zdi_id": "ZDI-23-407" }, { "cve": "CVE-2023-26412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-406/advisory.json", "detail_path": "advisories/ZDI-23-406", "id": "ZDI-23-406", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-406/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20314", "zdi_id": "ZDI-23-406" }, { "cve": "CVE-2023-26409", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-405/advisory.json", "detail_path": "advisories/ZDI-23-405", "id": "ZDI-23-405", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-405/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20313", "zdi_id": "ZDI-23-405" }, { "cve": "CVE-2023-26398", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-404/advisory.json", "detail_path": "advisories/ZDI-23-404", "id": "ZDI-23-404", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-404/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20310", "zdi_id": "ZDI-23-404" }, { "cve": "CVE-2023-26375", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-403/advisory.json", "detail_path": "advisories/ZDI-23-403", "id": "ZDI-23-403", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-403/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20231", "zdi_id": "ZDI-23-403" }, { "cve": "CVE-2023-26372", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-402/advisory.json", "detail_path": "advisories/ZDI-23-402", "id": "ZDI-23-402", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USDZ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-402/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20284", "zdi_id": "ZDI-23-402" }, { "cve": "CVE-2023-26401", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-401/advisory.json", "detail_path": "advisories/ZDI-23-401", "id": "ZDI-23-401", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-401/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20278", "zdi_id": "ZDI-23-401" }, { "cve": "CVE-2023-26404", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-400/advisory.json", "detail_path": "advisories/ZDI-23-400", "id": "ZDI-23-400", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-400/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20143", "zdi_id": "ZDI-23-400" }, { "cve": "CVE-2023-26379", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-399/advisory.json", "detail_path": "advisories/ZDI-23-399", "id": "ZDI-23-399", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-399/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20233", "zdi_id": "ZDI-23-399" }, { "cve": "CVE-2023-26400", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-398/advisory.json", "detail_path": "advisories/ZDI-23-398", "id": "ZDI-23-398", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-398/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20232", "zdi_id": "ZDI-23-398" }, { "cve": "CVE-2023-26378", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-397/advisory.json", "detail_path": "advisories/ZDI-23-397", "id": "ZDI-23-397", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-397/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20148", "zdi_id": "ZDI-23-397" }, { "cve": "CVE-2023-26382", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-396/advisory.json", "detail_path": "advisories/ZDI-23-396", "id": "ZDI-23-396", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-396/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20156", "zdi_id": "ZDI-23-396" }, { "cve": "CVE-2023-26376", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-395/advisory.json", "detail_path": "advisories/ZDI-23-395", "id": "ZDI-23-395", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-395/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20155", "zdi_id": "ZDI-23-395" }, { "cve": "CVE-2023-26377", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-394/advisory.json", "detail_path": "advisories/ZDI-23-394", "id": "ZDI-23-394", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-394/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20151", "zdi_id": "ZDI-23-394" }, { "cve": "CVE-2023-26380", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-393/advisory.json", "detail_path": "advisories/ZDI-23-393", "id": "ZDI-23-393", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-393/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20150", "zdi_id": "ZDI-23-393" }, { "cve": "CVE-2023-26381", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-392/advisory.json", "detail_path": "advisories/ZDI-23-392", "id": "ZDI-23-392", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-392/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20147", "zdi_id": "ZDI-23-392" }, { "cve": "CVE-2023-26374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-391/advisory.json", "detail_path": "advisories/ZDI-23-391", "id": "ZDI-23-391", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-391/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20045", "zdi_id": "ZDI-23-391" }, { "cve": "CVE-2023-21582", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-390/advisory.json", "detail_path": "advisories/ZDI-23-390", "id": "ZDI-23-390", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Adobe Digital Editions PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-390/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18255", "zdi_id": "ZDI-23-390" }, { "cve": "CVE-2023-25010", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-389/advisory.json", "detail_path": "advisories/ZDI-23-389", "id": "ZDI-23-389", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Autodesk Maya USD File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-389/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20159", "zdi_id": "ZDI-23-389" }, { "cve": "CVE-2023-27906", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-388/advisory.json", "detail_path": "advisories/ZDI-23-388", "id": "ZDI-23-388", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Autodesk Maya USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-388/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20158", "zdi_id": "ZDI-23-388" }, { "cve": "CVE-2023-27907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-387/advisory.json", "detail_path": "advisories/ZDI-23-387", "id": "ZDI-23-387", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "Autodesk Maya USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-387/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-20157", "zdi_id": "ZDI-23-387" }, { "cve": "CVE-2023-27349", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific fla...", "detail_json": "/data/advisories/ZDI-23-386/advisory.json", "detail_path": "advisories/ZDI-23-386", "id": "ZDI-23-386", "kind": "published", "published_date": "2023-04-12", "status": "published", "title": "BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-386/", "vendor": "BlueZ", "vendor_url": null, "zdi_can": "ZDI-CAN-19908", "zdi_id": "ZDI-23-386" }, { "cve": "CVE-2023-28285", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-385/advisory.json", "detail_path": "advisories/ZDI-23-385", "id": "ZDI-23-385", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft Office Word SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-385/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20725", "zdi_id": "ZDI-23-385" }, { "cve": "CVE-2023-28311", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-384/advisory.json", "detail_path": "advisories/ZDI-23-384", "id": "ZDI-23-384", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft Office Word DOCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-384/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20574", "zdi_id": "ZDI-23-384" }, { "cve": "CVE-2023-28227", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specifi...", "detail_json": "/data/advisories/ZDI-23-383/advisory.json", "detail_path": "advisories/ZDI-23-383", "id": "ZDI-23-383", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-383/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20475", "zdi_id": "ZDI-23-383" }, { "cve": "CVE-2023-28288", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSSXmlUrlResolver class. The issue re...", "detail_json": "/data/advisories/ZDI-23-382/advisory.json", "detail_path": "advisories/ZDI-23-382", "id": "ZDI-23-382", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-382/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-20506", "zdi_id": "ZDI-23-382" }, { "cve": "CVE-2023-28267", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has be...", "detail_json": "/data/advisories/ZDI-23-381/advisory.json", "detail_path": "advisories/ZDI-23-381", "id": "ZDI-23-381", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft Windows Remote Desktop Connection Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-381/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19598", "zdi_id": "ZDI-23-381" }, { "cve": "CVE-2023-28312", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DSIMountAgent service, which listens on TCP port 46802...", "detail_json": "/data/advisories/ZDI-23-380/advisory.json", "detail_path": "advisories/ZDI-23-380", "id": "ZDI-23-380", "kind": "published", "published_date": "2023-04-11", "status": "published", "title": "Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-380/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19403", "zdi_id": "ZDI-23-380" }, { "cve": "CVE-2023-27347", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-23-379/advisory.json", "detail_path": "advisories/ZDI-23-379", "id": "ZDI-23-379", "kind": "published", "published_date": "2023-04-05", "status": "published", "title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability", "updated_date": "2023-12-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-379/", "vendor": "G DATA", "vendor_url": null, "zdi_can": "ZDI-CAN-18749", "zdi_id": "ZDI-23-379" }, { "cve": "CVE-2023-21758", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IKEEXT service, which listens...", "detail_json": "/data/advisories/ZDI-23-378/advisory.json", "detail_path": "advisories/ZDI-23-378", "id": "ZDI-23-378", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-378/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18935", "zdi_id": "ZDI-23-378" }, { "cve": "CVE-2023-27346", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. T...", "detail_json": "/data/advisories/ZDI-23-377/advisory.json", "detail_path": "advisories/ZDI-23-377", "id": "ZDI-23-377", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-377/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19703", "zdi_id": "ZDI-23-377" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-376/advisory.json", "detail_path": "advisories/ZDI-23-376", "id": "ZDI-23-376", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Excel SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-376/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19243", "zdi_id": "ZDI-23-376" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-375/advisory.json", "detail_path": "advisories/ZDI-23-375", "id": "ZDI-23-375", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-375/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19010", "zdi_id": "ZDI-23-375" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-374/advisory.json", "detail_path": "advisories/ZDI-23-374", "id": "ZDI-23-374", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-374/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19006", "zdi_id": "ZDI-23-374" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-373/advisory.json", "detail_path": "advisories/ZDI-23-373", "id": "ZDI-23-373", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Print 3D WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-373/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19028", "zdi_id": "ZDI-23-373" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-372/advisory.json", "detail_path": "advisories/ZDI-23-372", "id": "ZDI-23-372", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-372/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19012", "zdi_id": "ZDI-23-372" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-371/advisory.json", "detail_path": "advisories/ZDI-23-371", "id": "ZDI-23-371", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-371/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19011", "zdi_id": "ZDI-23-371" }, { "cve": "CVE-2023-23378", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-370/advisory.json", "detail_path": "advisories/ZDI-23-370", "id": "ZDI-23-370", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Print 3D OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-370/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19031", "zdi_id": "ZDI-23-370" }, { "cve": "CVE-2023-23378", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-369/advisory.json", "detail_path": "advisories/ZDI-23-369", "id": "ZDI-23-369", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Print 3D WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-369/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19030", "zdi_id": "ZDI-23-369" }, { "cve": "CVE-2023-23390", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-368/advisory.json", "detail_path": "advisories/ZDI-23-368", "id": "ZDI-23-368", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Print 3D OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-368/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19021", "zdi_id": "ZDI-23-368" }, { "cve": "CVE-2023-23378", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-367/advisory.json", "detail_path": "advisories/ZDI-23-367", "id": "ZDI-23-367", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft Print 3D OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-367/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19020", "zdi_id": "ZDI-23-367" }, { "cve": "CVE-2023-21782", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-366/advisory.json", "detail_path": "advisories/ZDI-23-366", "id": "ZDI-23-366", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-366/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19133", "zdi_id": "ZDI-23-366" }, { "cve": "CVE-2023-21780", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-365/advisory.json", "detail_path": "advisories/ZDI-23-365", "id": "ZDI-23-365", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-365/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19132", "zdi_id": "ZDI-23-365" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-364/advisory.json", "detail_path": "advisories/ZDI-23-364", "id": "ZDI-23-364", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-364/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19034", "zdi_id": "ZDI-23-364" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-363/advisory.json", "detail_path": "advisories/ZDI-23-363", "id": "ZDI-23-363", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-363/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19019", "zdi_id": "ZDI-23-363" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-362/advisory.json", "detail_path": "advisories/ZDI-23-362", "id": "ZDI-23-362", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-362/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19013", "zdi_id": "ZDI-23-362" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-361/advisory.json", "detail_path": "advisories/ZDI-23-361", "id": "ZDI-23-361", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-361/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19002", "zdi_id": "ZDI-23-361" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-360/advisory.json", "detail_path": "advisories/ZDI-23-360", "id": "ZDI-23-360", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-360/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18997", "zdi_id": "ZDI-23-360" }, { "cve": "CVE-2023-1393", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-359/advisory.json", "detail_path": "advisories/ZDI-23-359", "id": "ZDI-23-359", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-359/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19866", "zdi_id": "ZDI-23-359" }, { "cve": "CVE-2023-27348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-358/advisory.json", "detail_path": "advisories/ZDI-23-358", "id": "ZDI-23-358", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-358/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19108", "zdi_id": "ZDI-23-358" }, { "cve": "CVE-2023-27345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-357/advisory.json", "detail_path": "advisories/ZDI-23-357", "id": "ZDI-23-357", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-357/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19303", "zdi_id": "ZDI-23-357" }, { "cve": "CVE-2023-27344", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-356/advisory.json", "detail_path": "advisories/ZDI-23-356", "id": "ZDI-23-356", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-356/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-19302", "zdi_id": "ZDI-23-356" }, { "cve": "CVE-2023-27343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-355/advisory.json", "detail_path": "advisories/ZDI-23-355", "id": "ZDI-23-355", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-355/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18790", "zdi_id": "ZDI-23-355" }, { "cve": "CVE-2023-27342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-354/advisory.json", "detail_path": "advisories/ZDI-23-354", "id": "ZDI-23-354", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-354/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18766", "zdi_id": "ZDI-23-354" }, { "cve": "CVE-2023-27341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-353/advisory.json", "detail_path": "advisories/ZDI-23-353", "id": "ZDI-23-353", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-353/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18729", "zdi_id": "ZDI-23-353" }, { "cve": "CVE-2023-27340", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-352/advisory.json", "detail_path": "advisories/ZDI-23-352", "id": "ZDI-23-352", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-352/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18665", "zdi_id": "ZDI-23-352" }, { "cve": "CVE-2023-27339", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-351/advisory.json", "detail_path": "advisories/ZDI-23-351", "id": "ZDI-23-351", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-351/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18663", "zdi_id": "ZDI-23-351" }, { "cve": "CVE-2023-27338", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-23-350/advisory.json", "detail_path": "advisories/ZDI-23-350", "id": "ZDI-23-350", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-350/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18612", "zdi_id": "ZDI-23-350" }, { "cve": "CVE-2023-27337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-349/advisory.json", "detail_path": "advisories/ZDI-23-349", "id": "ZDI-23-349", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-349/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18494", "zdi_id": "ZDI-23-349" }, { "cve": "CVE-2022-43653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-348/advisory.json", "detail_path": "advisories/ZDI-23-348", "id": "ZDI-23-348", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-348/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-19084", "zdi_id": "ZDI-23-348" }, { "cve": "CVE-2022-43652", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-347/advisory.json", "detail_path": "advisories/ZDI-23-347", "id": "ZDI-23-347", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-347/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-18981", "zdi_id": "ZDI-23-347" }, { "cve": "CVE-2022-43651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-346/advisory.json", "detail_path": "advisories/ZDI-23-346", "id": "ZDI-23-346", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-346/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-18960", "zdi_id": "ZDI-23-346" }, { "cve": "CVE-2022-43656", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-345/advisory.json", "detail_path": "advisories/ZDI-23-345", "id": "ZDI-23-345", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-345/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-18492", "zdi_id": "ZDI-23-345" }, { "cve": "CVE-2022-43655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-344/advisory.json", "detail_path": "advisories/ZDI-23-344", "id": "ZDI-23-344", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-344/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-18491", "zdi_id": "ZDI-23-344" }, { "cve": "CVE-2022-33320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-343/advisory.json", "detail_path": "advisories/ZDI-23-343", "id": "ZDI-23-343", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "ICONICS GENESIS64 PKGX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-343/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17369", "zdi_id": "ZDI-23-343" }, { "cve": "CVE-2022-40264", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-342/advisory.json", "detail_path": "advisories/ZDI-23-342", "id": "ZDI-23-342", "kind": "published", "published_date": "2023-03-31", "status": "published", "title": "ICONICS GENESIS64 PKGX File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-342/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17368", "zdi_id": "ZDI-23-342" }, { "cve": "CVE-2023-27984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-341/advisory.json", "detail_path": "advisories/ZDI-23-341", "id": "ZDI-23-341", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS openReport Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-341/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19420", "zdi_id": "ZDI-23-341" }, { "cve": "CVE-2023-27983", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete application-level data on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSdataServer process, which l...", "detail_json": "/data/advisories/ZDI-23-340/advisory.json", "detail_path": "advisories/ZDI-23-340", "id": "ZDI-23-340", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSSdataServer Exposed Dangerous Function Data Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-340/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19531", "zdi_id": "ZDI-23-340" }, { "cve": "CVE-2023-27980", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSdataServer process, which listens...", "detail_json": "/data/advisories/ZDI-23-339/advisory.json", "detail_path": "advisories/ZDI-23-339", "id": "ZDI-23-339", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-339/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19533", "zdi_id": "ZDI-23-339" }, { "cve": "CVE-2023-27981", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-338/advisory.json", "detail_path": "advisories/ZDI-23-338", "id": "ZDI-23-338", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS getRMSreportFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-338/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19419", "zdi_id": "ZDI-23-338" }, { "cve": "CVE-2023-27982", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSdataServer process, which listens...", "detail_json": "/data/advisories/ZDI-23-337/advisory.json", "detail_path": "advisories/ZDI-23-337", "id": "ZDI-23-337", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-337/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19652", "zdi_id": "ZDI-23-337" }, { "cve": "CVE-2023-27979", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSdataServer process,...", "detail_json": "/data/advisories/ZDI-23-336/advisory.json", "detail_path": "advisories/ZDI-23-336", "id": "ZDI-23-336", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-336/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19653", "zdi_id": "ZDI-23-336" }, { "cve": "CVE-2023-27977", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSdataServer process,...", "detail_json": "/data/advisories/ZDI-23-335/advisory.json", "detail_path": "advisories/ZDI-23-335", "id": "ZDI-23-335", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-335/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19654", "zdi_id": "ZDI-23-335" }, { "cve": "CVE-2023-27978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-334/advisory.json", "detail_path": "advisories/ZDI-23-334", "id": "ZDI-23-334", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-334/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-19239", "zdi_id": "ZDI-23-334" }, { "cve": "CVE-2023-27406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-333/advisory.json", "detail_path": "advisories/ZDI-23-333", "id": "ZDI-23-333", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-333/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20449", "zdi_id": "ZDI-23-333" }, { "cve": "CVE-2023-27403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-332/advisory.json", "detail_path": "advisories/ZDI-23-332", "id": "ZDI-23-332", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-332/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20348", "zdi_id": "ZDI-23-332" }, { "cve": "CVE-2023-27405", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-331/advisory.json", "detail_path": "advisories/ZDI-23-331", "id": "ZDI-23-331", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-331/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20432", "zdi_id": "ZDI-23-331" }, { "cve": "CVE-2023-27404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-330/advisory.json", "detail_path": "advisories/ZDI-23-330", "id": "ZDI-23-330", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-330/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20433", "zdi_id": "ZDI-23-330" }, { "cve": "CVE-2023-27403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-329/advisory.json", "detail_path": "advisories/ZDI-23-329", "id": "ZDI-23-329", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-329/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20303", "zdi_id": "ZDI-23-329" }, { "cve": "CVE-2023-27401", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-328/advisory.json", "detail_path": "advisories/ZDI-23-328", "id": "ZDI-23-328", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-328/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20345", "zdi_id": "ZDI-23-328" }, { "cve": "CVE-2023-27402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-327/advisory.json", "detail_path": "advisories/ZDI-23-327", "id": "ZDI-23-327", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-327/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20334", "zdi_id": "ZDI-23-327" }, { "cve": "CVE-2023-27401", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-326/advisory.json", "detail_path": "advisories/ZDI-23-326", "id": "ZDI-23-326", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-326/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20308", "zdi_id": "ZDI-23-326" }, { "cve": "CVE-2023-27398", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-325/advisory.json", "detail_path": "advisories/ZDI-23-325", "id": "ZDI-23-325", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-325/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20304", "zdi_id": "ZDI-23-325" }, { "cve": "CVE-2023-27400", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-324/advisory.json", "detail_path": "advisories/ZDI-23-324", "id": "ZDI-23-324", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-324/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20300", "zdi_id": "ZDI-23-324" }, { "cve": "CVE-2023-27399", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-323/advisory.json", "detail_path": "advisories/ZDI-23-323", "id": "ZDI-23-323", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-323/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20299", "zdi_id": "ZDI-23-323" }, { "cve": "CVE-2023-27399", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-322/advisory.json", "detail_path": "advisories/ZDI-23-322", "id": "ZDI-23-322", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-322/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-20346", "zdi_id": "ZDI-23-322" }, { "cve": "CVE-2023-26356", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-321/advisory.json", "detail_path": "advisories/ZDI-23-321", "id": "ZDI-23-321", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-321/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19506", "zdi_id": "ZDI-23-321" }, { "cve": "CVE-2023-26355", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-320/advisory.json", "detail_path": "advisories/ZDI-23-320", "id": "ZDI-23-320", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-320/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19512", "zdi_id": "ZDI-23-320" }, { "cve": "CVE-2023-26354", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-319/advisory.json", "detail_path": "advisories/ZDI-23-319", "id": "ZDI-23-319", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-319/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19519", "zdi_id": "ZDI-23-319" }, { "cve": "CVE-2023-26353", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-318/advisory.json", "detail_path": "advisories/ZDI-23-318", "id": "ZDI-23-318", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-318/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19511", "zdi_id": "ZDI-23-318" }, { "cve": "CVE-2023-26352", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-317/advisory.json", "detail_path": "advisories/ZDI-23-317", "id": "ZDI-23-317", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-317/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19509", "zdi_id": "ZDI-23-317" }, { "cve": "CVE-2023-26351", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-316/advisory.json", "detail_path": "advisories/ZDI-23-316", "id": "ZDI-23-316", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-316/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19507", "zdi_id": "ZDI-23-316" }, { "cve": "CVE-2023-26350", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-315/advisory.json", "detail_path": "advisories/ZDI-23-315", "id": "ZDI-23-315", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-315/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19510", "zdi_id": "ZDI-23-315" }, { "cve": "CVE-2023-26349", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-314/advisory.json", "detail_path": "advisories/ZDI-23-314", "id": "ZDI-23-314", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USDZ File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-314/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20218", "zdi_id": "ZDI-23-314" }, { "cve": "CVE-2023-26348", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-313/advisory.json", "detail_path": "advisories/ZDI-23-313", "id": "ZDI-23-313", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-313/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19518", "zdi_id": "ZDI-23-313" }, { "cve": "CVE-2023-26346", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-312/advisory.json", "detail_path": "advisories/ZDI-23-312", "id": "ZDI-23-312", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-312/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19495", "zdi_id": "ZDI-23-312" }, { "cve": "CVE-2023-26345", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-311/advisory.json", "detail_path": "advisories/ZDI-23-311", "id": "ZDI-23-311", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-311/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19494", "zdi_id": "ZDI-23-311" }, { "cve": "CVE-2023-26344", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-310/advisory.json", "detail_path": "advisories/ZDI-23-310", "id": "ZDI-23-310", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-310/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19467", "zdi_id": "ZDI-23-310" }, { "cve": "CVE-2023-26343", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-309/advisory.json", "detail_path": "advisories/ZDI-23-309", "id": "ZDI-23-309", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-309/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19465", "zdi_id": "ZDI-23-309" }, { "cve": "CVE-2023-26342", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-308/advisory.json", "detail_path": "advisories/ZDI-23-308", "id": "ZDI-23-308", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-308/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19413", "zdi_id": "ZDI-23-308" }, { "cve": "CVE-2023-26341", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-307/advisory.json", "detail_path": "advisories/ZDI-23-307", "id": "ZDI-23-307", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-307/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19391", "zdi_id": "ZDI-23-307" }, { "cve": "CVE-2023-26340", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-306/advisory.json", "detail_path": "advisories/ZDI-23-306", "id": "ZDI-23-306", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-306/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19387", "zdi_id": "ZDI-23-306" }, { "cve": "CVE-2023-26339", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-305/advisory.json", "detail_path": "advisories/ZDI-23-305", "id": "ZDI-23-305", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-305/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19388", "zdi_id": "ZDI-23-305" }, { "cve": "CVE-2023-26338", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-304/advisory.json", "detail_path": "advisories/ZDI-23-304", "id": "ZDI-23-304", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-304/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19410", "zdi_id": "ZDI-23-304" }, { "cve": "CVE-2023-26337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-303/advisory.json", "detail_path": "advisories/ZDI-23-303", "id": "ZDI-23-303", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-303/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20285", "zdi_id": "ZDI-23-303" }, { "cve": "CVE-2023-26336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-302/advisory.json", "detail_path": "advisories/ZDI-23-302", "id": "ZDI-23-302", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-302/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20275", "zdi_id": "ZDI-23-302" }, { "cve": "CVE-2023-26335", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-301/advisory.json", "detail_path": "advisories/ZDI-23-301", "id": "ZDI-23-301", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-301/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20215", "zdi_id": "ZDI-23-301" }, { "cve": "CVE-2023-26334", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-300/advisory.json", "detail_path": "advisories/ZDI-23-300", "id": "ZDI-23-300", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-300/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20149", "zdi_id": "ZDI-23-300" }, { "cve": "CVE-2023-26333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-299/advisory.json", "detail_path": "advisories/ZDI-23-299", "id": "ZDI-23-299", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-299/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20214", "zdi_id": "ZDI-23-299" }, { "cve": "CVE-2023-26332", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-298/advisory.json", "detail_path": "advisories/ZDI-23-298", "id": "ZDI-23-298", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-298/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20144", "zdi_id": "ZDI-23-298" }, { "cve": "CVE-2023-26331", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-297/advisory.json", "detail_path": "advisories/ZDI-23-297", "id": "ZDI-23-297", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-297/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20145", "zdi_id": "ZDI-23-297" }, { "cve": "CVE-2023-26330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-296/advisory.json", "detail_path": "advisories/ZDI-23-296", "id": "ZDI-23-296", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-296/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20146", "zdi_id": "ZDI-23-296" }, { "cve": "CVE-2023-26329", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-295/advisory.json", "detail_path": "advisories/ZDI-23-295", "id": "ZDI-23-295", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-295/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20213", "zdi_id": "ZDI-23-295" }, { "cve": "CVE-2023-26328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-294/advisory.json", "detail_path": "advisories/ZDI-23-294", "id": "ZDI-23-294", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-294/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20212", "zdi_id": "ZDI-23-294" }, { "cve": "CVE-2023-26327", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-293/advisory.json", "detail_path": "advisories/ZDI-23-293", "id": "ZDI-23-293", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-293/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20217", "zdi_id": "ZDI-23-293" }, { "cve": "CVE-2023-25907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-292/advisory.json", "detail_path": "advisories/ZDI-23-292", "id": "ZDI-23-292", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-292/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20216", "zdi_id": "ZDI-23-292" }, { "cve": "CVE-2023-25906", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-291/advisory.json", "detail_path": "advisories/ZDI-23-291", "id": "ZDI-23-291", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-291/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20046", "zdi_id": "ZDI-23-291" }, { "cve": "CVE-2023-25902", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-290/advisory.json", "detail_path": "advisories/ZDI-23-290", "id": "ZDI-23-290", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-290/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19560", "zdi_id": "ZDI-23-290" }, { "cve": "CVE-2023-25901", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-289/advisory.json", "detail_path": "advisories/ZDI-23-289", "id": "ZDI-23-289", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-289/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19508", "zdi_id": "ZDI-23-289" }, { "cve": "CVE-2023-25900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-288/advisory.json", "detail_path": "advisories/ZDI-23-288", "id": "ZDI-23-288", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-288/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19559", "zdi_id": "ZDI-23-288" }, { "cve": "CVE-2023-25899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-287/advisory.json", "detail_path": "advisories/ZDI-23-287", "id": "ZDI-23-287", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-287/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19522", "zdi_id": "ZDI-23-287" }, { "cve": "CVE-2023-25898", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-286/advisory.json", "detail_path": "advisories/ZDI-23-286", "id": "ZDI-23-286", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-286/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19521", "zdi_id": "ZDI-23-286" }, { "cve": "CVE-2023-25897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-285/advisory.json", "detail_path": "advisories/ZDI-23-285", "id": "ZDI-23-285", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-285/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19520", "zdi_id": "ZDI-23-285" }, { "cve": "CVE-2023-25896", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-284/advisory.json", "detail_path": "advisories/ZDI-23-284", "id": "ZDI-23-284", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-284/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19541", "zdi_id": "ZDI-23-284" }, { "cve": "CVE-2023-25895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-283/advisory.json", "detail_path": "advisories/ZDI-23-283", "id": "ZDI-23-283", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-283/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19540", "zdi_id": "ZDI-23-283" }, { "cve": "CVE-2023-25894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-282/advisory.json", "detail_path": "advisories/ZDI-23-282", "id": "ZDI-23-282", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-282/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19543", "zdi_id": "ZDI-23-282" }, { "cve": "CVE-2023-25893", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-281/advisory.json", "detail_path": "advisories/ZDI-23-281", "id": "ZDI-23-281", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-281/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19539", "zdi_id": "ZDI-23-281" }, { "cve": "CVE-2023-25892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-280/advisory.json", "detail_path": "advisories/ZDI-23-280", "id": "ZDI-23-280", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-280/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19523", "zdi_id": "ZDI-23-280" }, { "cve": "CVE-2023-25891", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-279/advisory.json", "detail_path": "advisories/ZDI-23-279", "id": "ZDI-23-279", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-279/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19542", "zdi_id": "ZDI-23-279" }, { "cve": "CVE-2023-25890", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-278/advisory.json", "detail_path": "advisories/ZDI-23-278", "id": "ZDI-23-278", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-278/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19493", "zdi_id": "ZDI-23-278" }, { "cve": "CVE-2023-25889", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-277/advisory.json", "detail_path": "advisories/ZDI-23-277", "id": "ZDI-23-277", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-277/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19466", "zdi_id": "ZDI-23-277" }, { "cve": "CVE-2023-25888", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-276/advisory.json", "detail_path": "advisories/ZDI-23-276", "id": "ZDI-23-276", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-276/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19451", "zdi_id": "ZDI-23-276" }, { "cve": "CVE-2023-25887", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-275/advisory.json", "detail_path": "advisories/ZDI-23-275", "id": "ZDI-23-275", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-275/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19450", "zdi_id": "ZDI-23-275" }, { "cve": "CVE-2023-25886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-274/advisory.json", "detail_path": "advisories/ZDI-23-274", "id": "ZDI-23-274", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-274/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19452", "zdi_id": "ZDI-23-274" }, { "cve": "CVE-2023-25885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-273/advisory.json", "detail_path": "advisories/ZDI-23-273", "id": "ZDI-23-273", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-273/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19480", "zdi_id": "ZDI-23-273" }, { "cve": "CVE-2023-25884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-272/advisory.json", "detail_path": "advisories/ZDI-23-272", "id": "ZDI-23-272", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-272/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19411", "zdi_id": "ZDI-23-272" }, { "cve": "CVE-2023-25883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-271/advisory.json", "detail_path": "advisories/ZDI-23-271", "id": "ZDI-23-271", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-271/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19386", "zdi_id": "ZDI-23-271" }, { "cve": "CVE-2023-25882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-270/advisory.json", "detail_path": "advisories/ZDI-23-270", "id": "ZDI-23-270", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-270/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19385", "zdi_id": "ZDI-23-270" }, { "cve": "CVE-2023-25881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-269/advisory.json", "detail_path": "advisories/ZDI-23-269", "id": "ZDI-23-269", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-269/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19390", "zdi_id": "ZDI-23-269" }, { "cve": "CVE-2023-25880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-268/advisory.json", "detail_path": "advisories/ZDI-23-268", "id": "ZDI-23-268", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-268/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19412", "zdi_id": "ZDI-23-268" }, { "cve": "CVE-2023-25879", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-267/advisory.json", "detail_path": "advisories/ZDI-23-267", "id": "ZDI-23-267", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-267/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19389", "zdi_id": "ZDI-23-267" }, { "cve": "CVE-2023-25905", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-266/advisory.json", "detail_path": "advisories/ZDI-23-266", "id": "ZDI-23-266", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Dimension OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-266/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20031", "zdi_id": "ZDI-23-266" }, { "cve": "CVE-2023-25872", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-265/advisory.json", "detail_path": "advisories/ZDI-23-265", "id": "ZDI-23-265", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-265/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20325", "zdi_id": "ZDI-23-265" }, { "cve": "CVE-2023-25871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-264/advisory.json", "detail_path": "advisories/ZDI-23-264", "id": "ZDI-23-264", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-264/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20324", "zdi_id": "ZDI-23-264" }, { "cve": "CVE-2023-25878", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-263/advisory.json", "detail_path": "advisories/ZDI-23-263", "id": "ZDI-23-263", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-263/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20268", "zdi_id": "ZDI-23-263" }, { "cve": "CVE-2023-25877", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-262/advisory.json", "detail_path": "advisories/ZDI-23-262", "id": "ZDI-23-262", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-262/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20262", "zdi_id": "ZDI-23-262" }, { "cve": "CVE-2023-25876", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-261/advisory.json", "detail_path": "advisories/ZDI-23-261", "id": "ZDI-23-261", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-261/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20264", "zdi_id": "ZDI-23-261" }, { "cve": "CVE-2023-25875", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-260/advisory.json", "detail_path": "advisories/ZDI-23-260", "id": "ZDI-23-260", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-260/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20263", "zdi_id": "ZDI-23-260" }, { "cve": "CVE-2023-25874", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-259/advisory.json", "detail_path": "advisories/ZDI-23-259", "id": "ZDI-23-259", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-259/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20321", "zdi_id": "ZDI-23-259" }, { "cve": "CVE-2023-25873", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-258/advisory.json", "detail_path": "advisories/ZDI-23-258", "id": "ZDI-23-258", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-258/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20323", "zdi_id": "ZDI-23-258" }, { "cve": "CVE-2023-25870", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-257/advisory.json", "detail_path": "advisories/ZDI-23-257", "id": "ZDI-23-257", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-257/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20319", "zdi_id": "ZDI-23-257" }, { "cve": "CVE-2023-25869", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-256/advisory.json", "detail_path": "advisories/ZDI-23-256", "id": "ZDI-23-256", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-256/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20322", "zdi_id": "ZDI-23-256" }, { "cve": "CVE-2023-25868", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-255/advisory.json", "detail_path": "advisories/ZDI-23-255", "id": "ZDI-23-255", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-255/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20320", "zdi_id": "ZDI-23-255" }, { "cve": "CVE-2023-25867", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-254/advisory.json", "detail_path": "advisories/ZDI-23-254", "id": "ZDI-23-254", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-254/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20326", "zdi_id": "ZDI-23-254" }, { "cve": "CVE-2023-25866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-253/advisory.json", "detail_path": "advisories/ZDI-23-253", "id": "ZDI-23-253", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-253/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20253", "zdi_id": "ZDI-23-253" }, { "cve": "CVE-2023-25865", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-252/advisory.json", "detail_path": "advisories/ZDI-23-252", "id": "ZDI-23-252", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-252/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20252", "zdi_id": "ZDI-23-252" }, { "cve": "CVE-2023-25864", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-251/advisory.json", "detail_path": "advisories/ZDI-23-251", "id": "ZDI-23-251", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-251/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20254", "zdi_id": "ZDI-23-251" }, { "cve": "CVE-2023-25863", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-250/advisory.json", "detail_path": "advisories/ZDI-23-250", "id": "ZDI-23-250", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-250/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-20257", "zdi_id": "ZDI-23-250" }, { "cve": "CVE-2023-25862", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-249/advisory.json", "detail_path": "advisories/ZDI-23-249", "id": "ZDI-23-249", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-249/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19318", "zdi_id": "ZDI-23-249" }, { "cve": "CVE-2023-25861", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-248/advisory.json", "detail_path": "advisories/ZDI-23-248", "id": "ZDI-23-248", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-248/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19293", "zdi_id": "ZDI-23-248" }, { "cve": "CVE-2023-25860", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-247/advisory.json", "detail_path": "advisories/ZDI-23-247", "id": "ZDI-23-247", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-247/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19317", "zdi_id": "ZDI-23-247" }, { "cve": "CVE-2023-25859", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-246/advisory.json", "detail_path": "advisories/ZDI-23-246", "id": "ZDI-23-246", "kind": "published", "published_date": "2023-03-16", "status": "published", "title": "Adobe Illustrator Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-246/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19319", "zdi_id": "ZDI-23-246" }, { "cve": "CVE-2023-27332", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functionality of...", "detail_json": "/data/advisories/ZDI-23-245/advisory.json", "detail_path": "advisories/ZDI-23-245", "id": "ZDI-23-245", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-245/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19898", "zdi_id": "ZDI-23-245" }, { "cve": "CVE-2023-27333", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 pr...", "detail_json": "/data/advisories/ZDI-23-244/advisory.json", "detail_path": "advisories/ZDI-23-244", "id": "ZDI-23-244", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-244/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19905", "zdi_id": "ZDI-23-244" }, { "cve": "CVE-2023-24861", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-243/advisory.json", "detail_path": "advisories/ZDI-23-243", "id": "ZDI-23-243", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Microsoft Windows win32kfull Bitmap Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-243/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19261", "zdi_id": "ZDI-23-243" }, { "cve": "CVE-2023-23410", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-242/advisory.json", "detail_path": "advisories/ZDI-23-242", "id": "ZDI-23-242", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Microsoft Windows http.sys Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-242/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19954", "zdi_id": "ZDI-23-242" }, { "cve": "CVE-2023-21838", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP prot...", "detail_json": "/data/advisories/ZDI-23-241/advisory.json", "detail_path": "advisories/ZDI-23-241", "id": "ZDI-23-241", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Oracle WebLogic Server IIOP Protocol Deserialization of Untrusted Data Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-241/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17322", "zdi_id": "ZDI-23-241" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-240/advisory.json", "detail_path": "advisories/ZDI-23-240", "id": "ZDI-23-240", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-240/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-18980", "zdi_id": "ZDI-23-240" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-239/advisory.json", "detail_path": "advisories/ZDI-23-239", "id": "ZDI-23-239", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-239/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-19109", "zdi_id": "ZDI-23-239" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-238/advisory.json", "detail_path": "advisories/ZDI-23-238", "id": "ZDI-23-238", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-238/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-18978", "zdi_id": "ZDI-23-238" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-23-237/advisory.json", "detail_path": "advisories/ZDI-23-237", "id": "ZDI-23-237", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor SKP File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-237/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-18975", "zdi_id": "ZDI-23-237" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-236/advisory.json", "detail_path": "advisories/ZDI-23-236", "id": "ZDI-23-236", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-236/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-18977", "zdi_id": "ZDI-23-236" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-235/advisory.json", "detail_path": "advisories/ZDI-23-235", "id": "ZDI-23-235", "kind": "published", "published_date": "2023-03-15", "status": "published", "title": "Unity Technologies Unity Editor DAE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-235/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-18979", "zdi_id": "ZDI-23-235" }, { "cve": "CVE-2023-23378", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-234/advisory.json", "detail_path": "advisories/ZDI-23-234", "id": "ZDI-23-234", "kind": "published", "published_date": "2023-03-14", "status": "published", "title": "Microsoft Print 3D WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-234/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19029", "zdi_id": "ZDI-23-234" }, { "cve": "CVE-2023-27350", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improp...", "detail_json": "/data/advisories/ZDI-23-233/advisory.json", "detail_path": "advisories/ZDI-23-233", "id": "ZDI-23-233", "kind": "published", "published_date": "2023-03-14", "status": "published", "title": "PaperCut NG SetupCompleted Improper Access Control Authentication Bypass Vulnerability", "updated_date": "2023-04-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-18987", "zdi_id": "ZDI-23-233" }, { "cve": "CVE-2023-27351", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from...", "detail_json": "/data/advisories/ZDI-23-232/advisory.json", "detail_path": "advisories/ZDI-23-232", "id": "ZDI-23-232", "kind": "published", "published_date": "2023-03-14", "status": "published", "title": "PaperCut NG SecurityRequestFilter Authentication Bypass Vulnerability", "updated_date": "2023-04-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/", "vendor": "PaperCut", "vendor_url": null, "zdi_can": "ZDI-CAN-19226", "zdi_id": "ZDI-23-232" }, { "cve": "CVE-2023-25069", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro TXOne StellarOne. Authentication is required to exploit this vulnerability. The specific flaw exists within the Account endpoint. The issue results from...", "detail_json": "/data/advisories/ZDI-23-231/advisory.json", "detail_path": "advisories/ZDI-23-231", "id": "ZDI-23-231", "kind": "published", "published_date": "2023-03-17", "status": "published", "title": "Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2023-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-231/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18848", "zdi_id": "ZDI-23-231" }, { "cve": "CVE-2023-26601", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImageUploadServlet. Th...", "detail_json": "/data/advisories/ZDI-23-230/advisory.json", "detail_path": "advisories/ZDI-23-230", "id": "ZDI-23-230", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "ManageEngine ServiceDesk Plus ImageUploadServlet Improper Input Validation Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-230/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-19537", "zdi_id": "ZDI-23-230" }, { "cve": "CVE-2023-26600", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The iss...", "detail_json": "/data/advisories/ZDI-23-229/advisory.json", "detail_path": "advisories/ZDI-23-229", "id": "ZDI-23-229", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-229/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-19536", "zdi_id": "ZDI-23-229" }, { "cve": "CVE-2022-44574", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Control Server RCServlet servlet. The i...", "detail_json": "/data/advisories/ZDI-23-228/advisory.json", "detail_path": "advisories/ZDI-23-228", "id": "ZDI-23-228", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "Ivanti Avalanche Remote Control Server RCServlet Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-228/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-19513", "zdi_id": "ZDI-23-228" }, { "cve": "CVE-2023-27329", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-227/advisory.json", "detail_path": "advisories/ZDI-23-227", "id": "ZDI-23-227", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-227/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19477", "zdi_id": "ZDI-23-227" }, { "cve": "CVE-2023-27330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-226/advisory.json", "detail_path": "advisories/ZDI-23-226", "id": "ZDI-23-226", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-226/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19476", "zdi_id": "ZDI-23-226" }, { "cve": "CVE-2023-27331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-225/advisory.json", "detail_path": "advisories/ZDI-23-225", "id": "ZDI-23-225", "kind": "published", "published_date": "2023-03-09", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-225/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19475", "zdi_id": "ZDI-23-225" }, { "cve": "CVE-2022-3397", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-224/advisory.json", "detail_path": "advisories/ZDI-23-224", "id": "ZDI-23-224", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Omron CX-One CXP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-224/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-15355", "zdi_id": "ZDI-23-224" }, { "cve": "CVE-2022-3396", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-223/advisory.json", "detail_path": "advisories/ZDI-23-223", "id": "ZDI-23-223", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Omron CX-One CXP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-223/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-15353", "zdi_id": "ZDI-23-223" }, { "cve": "CVE-2022-3398", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-222/advisory.json", "detail_path": "advisories/ZDI-23-222", "id": "ZDI-23-222", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Omron CX-One CXP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-222/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-15352", "zdi_id": "ZDI-23-222" }, { "cve": "CVE-2023-27326", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-221/advisory.json", "detail_path": "advisories/ZDI-23-221", "id": "ZDI-23-221", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-221/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-18933", "zdi_id": "ZDI-23-221" }, { "cve": "CVE-2023-27328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-23-220/advisory.json", "detail_path": "advisories/ZDI-23-220", "id": "ZDI-23-220", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-220/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-19187", "zdi_id": "ZDI-23-220" }, { "cve": "CVE-2023-27325", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-219/advisory.json", "detail_path": "advisories/ZDI-23-219", "id": "ZDI-23-219", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-219/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-18253", "zdi_id": "ZDI-23-219" }, { "cve": "CVE-2023-27324", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-218/advisory.json", "detail_path": "advisories/ZDI-23-218", "id": "ZDI-23-218", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-218/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-18229", "zdi_id": "ZDI-23-218" }, { "cve": "CVE-2023-27323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-217/advisory.json", "detail_path": "advisories/ZDI-23-217", "id": "ZDI-23-217", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-217/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-18150", "zdi_id": "ZDI-23-217" }, { "cve": "CVE-2023-27322", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-23-216/advisory.json", "detail_path": "advisories/ZDI-23-216", "id": "ZDI-23-216", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-216/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-17751", "zdi_id": "ZDI-23-216" }, { "cve": "CVE-2023-27327", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-23-215/advisory.json", "detail_path": "advisories/ZDI-23-215", "id": "ZDI-23-215", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-215/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-18964", "zdi_id": "ZDI-23-215" }, { "cve": "CVE-2022-43654", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token paramet...", "detail_json": "/data/advisories/ZDI-23-214/advisory.json", "detail_path": "advisories/ZDI-23-214", "id": "ZDI-23-214", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-214/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-18227", "zdi_id": "ZDI-23-214" }, { "cve": "CVE-2022-47503", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WorkerControllerWCFProxy fu...", "detail_json": "/data/advisories/ZDI-23-213/advisory.json", "detail_path": "advisories/ZDI-23-213", "id": "ZDI-23-213", "kind": "published", "published_date": "2023-03-07", "status": "published", "title": "SolarWinds Network Performance Monitor WorkerControllerWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-213/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19830", "zdi_id": "ZDI-23-213" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-212/advisory.json", "detail_path": "advisories/ZDI-23-212", "id": "ZDI-23-212", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-212/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19165", "zdi_id": "ZDI-23-212" }, { "cve": "CVE-2021-43391", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-211/advisory.json", "detail_path": "advisories/ZDI-23-211", "id": "ZDI-23-211", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-211/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19082", "zdi_id": "ZDI-23-211" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-210/advisory.json", "detail_path": "advisories/ZDI-23-210", "id": "ZDI-23-210", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-210/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19080", "zdi_id": "ZDI-23-210" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-209/advisory.json", "detail_path": "advisories/ZDI-23-209", "id": "ZDI-23-209", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-209/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19075", "zdi_id": "ZDI-23-209" }, { "cve": "CVE-2021-32948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-208/advisory.json", "detail_path": "advisories/ZDI-23-208", "id": "ZDI-23-208", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-208/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19074", "zdi_id": "ZDI-23-208" }, { "cve": "CVE-2021-32938", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-207/advisory.json", "detail_path": "advisories/ZDI-23-207", "id": "ZDI-23-207", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-207/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19073", "zdi_id": "ZDI-23-207" }, { "cve": "CVE-2021-32936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-206/advisory.json", "detail_path": "advisories/ZDI-23-206", "id": "ZDI-23-206", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-206/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19072", "zdi_id": "ZDI-23-206" }, { "cve": "CVE-2023-22670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-205/advisory.json", "detail_path": "advisories/ZDI-23-205", "id": "ZDI-23-205", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-205/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19382", "zdi_id": "ZDI-23-205" }, { "cve": "CVE-2023-22669", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-204/advisory.json", "detail_path": "advisories/ZDI-23-204", "id": "ZDI-23-204", "kind": "published", "published_date": "2023-08-08", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-11-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-204/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19104", "zdi_id": "ZDI-23-204" }, { "cve": "CVE-2023-22354", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-203/advisory.json", "detail_path": "advisories/ZDI-23-203", "id": "ZDI-23-203", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-203/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19424", "zdi_id": "ZDI-23-203" }, { "cve": "CVE-2023-23579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-202/advisory.json", "detail_path": "advisories/ZDI-23-202", "id": "ZDI-23-202", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "Siemens Solid Edge Viewer SLDPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-202/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19423", "zdi_id": "ZDI-23-202" }, { "cve": "CVE-2023-24993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-201/advisory.json", "detail_path": "advisories/ZDI-23-201", "id": "ZDI-23-201", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-201/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19815", "zdi_id": "ZDI-23-201" }, { "cve": "CVE-2023-24992", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-200/advisory.json", "detail_path": "advisories/ZDI-23-200", "id": "ZDI-23-200", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-200/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19814", "zdi_id": "ZDI-23-200" }, { "cve": "CVE-2023-24991", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-199/advisory.json", "detail_path": "advisories/ZDI-23-199", "id": "ZDI-23-199", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-199/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19813", "zdi_id": "ZDI-23-199" }, { "cve": "CVE-2023-24990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-198/advisory.json", "detail_path": "advisories/ZDI-23-198", "id": "ZDI-23-198", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-198/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19812", "zdi_id": "ZDI-23-198" }, { "cve": "CVE-2023-24989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-197/advisory.json", "detail_path": "advisories/ZDI-23-197", "id": "ZDI-23-197", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-197/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19811", "zdi_id": "ZDI-23-197" }, { "cve": "CVE-2023-24988", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-196/advisory.json", "detail_path": "advisories/ZDI-23-196", "id": "ZDI-23-196", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-196/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19810", "zdi_id": "ZDI-23-196" }, { "cve": "CVE-2023-24987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-195/advisory.json", "detail_path": "advisories/ZDI-23-195", "id": "ZDI-23-195", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-195/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19809", "zdi_id": "ZDI-23-195" }, { "cve": "CVE-2023-24986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-194/advisory.json", "detail_path": "advisories/ZDI-23-194", "id": "ZDI-23-194", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-194/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19808", "zdi_id": "ZDI-23-194" }, { "cve": "CVE-2023-24985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-193/advisory.json", "detail_path": "advisories/ZDI-23-193", "id": "ZDI-23-193", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-193/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19807", "zdi_id": "ZDI-23-193" }, { "cve": "CVE-2023-24984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-192/advisory.json", "detail_path": "advisories/ZDI-23-192", "id": "ZDI-23-192", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-192/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19806", "zdi_id": "ZDI-23-192" }, { "cve": "CVE-2023-24983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-191/advisory.json", "detail_path": "advisories/ZDI-23-191", "id": "ZDI-23-191", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-191/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19805", "zdi_id": "ZDI-23-191" }, { "cve": "CVE-2023-24982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-190/advisory.json", "detail_path": "advisories/ZDI-23-190", "id": "ZDI-23-190", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-190/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19804", "zdi_id": "ZDI-23-190" }, { "cve": "CVE-2023-24981", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-189/advisory.json", "detail_path": "advisories/ZDI-23-189", "id": "ZDI-23-189", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-189/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19791", "zdi_id": "ZDI-23-189" }, { "cve": "CVE-2023-24980", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-188/advisory.json", "detail_path": "advisories/ZDI-23-188", "id": "ZDI-23-188", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-188/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19790", "zdi_id": "ZDI-23-188" }, { "cve": "CVE-2023-24979", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-187/advisory.json", "detail_path": "advisories/ZDI-23-187", "id": "ZDI-23-187", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-187/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19789", "zdi_id": "ZDI-23-187" }, { "cve": "CVE-2023-24978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-186/advisory.json", "detail_path": "advisories/ZDI-23-186", "id": "ZDI-23-186", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-186/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19788", "zdi_id": "ZDI-23-186" }, { "cve": "CVE-2023-24996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-185/advisory.json", "detail_path": "advisories/ZDI-23-185", "id": "ZDI-23-185", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-185/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19818", "zdi_id": "ZDI-23-185" }, { "cve": "CVE-2023-24995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-184/advisory.json", "detail_path": "advisories/ZDI-23-184", "id": "ZDI-23-184", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-184/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19817", "zdi_id": "ZDI-23-184" }, { "cve": "CVE-2023-24994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-23-183/advisory.json", "detail_path": "advisories/ZDI-23-183", "id": "ZDI-23-183", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-183/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19816", "zdi_id": "ZDI-23-183" }, { "cve": "CVE-2023-24566", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-182/advisory.json", "detail_path": "advisories/ZDI-23-182", "id": "ZDI-23-182", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-182/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19428", "zdi_id": "ZDI-23-182" }, { "cve": "CVE-2023-24564", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-181/advisory.json", "detail_path": "advisories/ZDI-23-181", "id": "ZDI-23-181", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-181/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19069", "zdi_id": "ZDI-23-181" }, { "cve": "CVE-2023-24581", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-180/advisory.json", "detail_path": "advisories/ZDI-23-180", "id": "ZDI-23-180", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer STP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-180/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19425", "zdi_id": "ZDI-23-180" }, { "cve": "CVE-2023-24565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-179/advisory.json", "detail_path": "advisories/ZDI-23-179", "id": "ZDI-23-179", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer STL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-179/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19472", "zdi_id": "ZDI-23-179" }, { "cve": "CVE-2023-22321", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-178/advisory.json", "detail_path": "advisories/ZDI-23-178", "id": "ZDI-23-178", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-178/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19501", "zdi_id": "ZDI-23-178" }, { "cve": "CVE-2023-22846", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-177/advisory.json", "detail_path": "advisories/ZDI-23-177", "id": "ZDI-23-177", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-177/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19473", "zdi_id": "ZDI-23-177" }, { "cve": "CVE-2023-22295", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-23-176/advisory.json", "detail_path": "advisories/ZDI-23-176", "id": "ZDI-23-176", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Siemens Solid Edge Viewer SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-176/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19448", "zdi_id": "ZDI-23-176" }, { "cve": "CVE-2023-21890", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebRTC Session Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parseCert function. The issue...", "detail_json": "/data/advisories/ZDI-23-175/advisory.json", "detail_path": "advisories/ZDI-23-175", "id": "ZDI-23-175", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Oracle WebRTC Session Controller parseCert Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-175/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-18862", "zdi_id": "ZDI-23-175" }, { "cve": "CVE-2023-25145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-174/advisory.json", "detail_path": "advisories/ZDI-23-174", "id": "ZDI-23-174", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-174/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18228", "zdi_id": "ZDI-23-174" }, { "cve": "CVE-2023-25148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-173/advisory.json", "detail_path": "advisories/ZDI-23-173", "id": "ZDI-23-173", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-173/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18008", "zdi_id": "ZDI-23-173" }, { "cve": "CVE-2023-25146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-23-172/advisory.json", "detail_path": "advisories/ZDI-23-172", "id": "ZDI-23-172", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-172/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17819", "zdi_id": "ZDI-23-172" }, { "cve": "CVE-2023-25144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-171/advisory.json", "detail_path": "advisories/ZDI-23-171", "id": "ZDI-23-171", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-171/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17686", "zdi_id": "ZDI-23-171" }, { "cve": "CVE-2023-23836", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the CredentialInitializer funct...", "detail_json": "/data/advisories/ZDI-23-170/advisory.json", "detail_path": "advisories/ZDI-23-170", "id": "ZDI-23-170", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "SolarWinds Network Performance Monitor CredentialInitializer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-170/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-20161", "zdi_id": "ZDI-23-170" }, { "cve": "CVE-2022-47507", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WorkerProcessWCFProxy funct...", "detail_json": "/data/advisories/ZDI-23-169/advisory.json", "detail_path": "advisories/ZDI-23-169", "id": "ZDI-23-169", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "SolarWinds Network Performance Monitor WorkerProcessWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-169/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19869", "zdi_id": "ZDI-23-169" }, { "cve": "CVE-2022-47506", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication may be required to exploit this vulnerability, depending on the product configuration. The specific flaw e...", "detail_json": "/data/advisories/ZDI-23-168/advisory.json", "detail_path": "advisories/ZDI-23-168", "id": "ZDI-23-168", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "SolarWinds Network Performance Monitor sshd_SftpRename Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-168/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19907", "zdi_id": "ZDI-23-168" }, { "cve": "CVE-2022-38111", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BytesToMessage function. The issue resul...", "detail_json": "/data/advisories/ZDI-23-167/advisory.json", "detail_path": "advisories/ZDI-23-167", "id": "ZDI-23-167", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "SolarWinds Orion Platform BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-167/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19648", "zdi_id": "ZDI-23-167" }, { "cve": "CVE-2022-47504", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SqlFileScript function. The...", "detail_json": "/data/advisories/ZDI-23-166/advisory.json", "detail_path": "advisories/ZDI-23-166", "id": "ZDI-23-166", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "SolarWinds Network Performance Monitor SqlFileScript Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2023-07-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-166/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-19776", "zdi_id": "ZDI-23-166" }, { "cve": "CVE-2023-21802", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-23-165/advisory.json", "detail_path": "advisories/ZDI-23-165", "id": "ZDI-23-165", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Windows Media Player Color Conversion Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-165/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19175", "zdi_id": "ZDI-23-165" }, { "cve": "CVE-2023-21805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-23-164/advisory.json", "detail_path": "advisories/ZDI-23-164", "id": "ZDI-23-164", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-164/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18896", "zdi_id": "ZDI-23-164" }, { "cve": "CVE-2023-21822", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-163/advisory.json", "detail_path": "advisories/ZDI-23-163", "id": "ZDI-23-163", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Windows win32kfull UMPD Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-163/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19103", "zdi_id": "ZDI-23-163" }, { "cve": "CVE-2023-21529", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MultiValuedProperty class. The issue results fr...", "detail_json": "/data/advisories/ZDI-23-162/advisory.json", "detail_path": "advisories/ZDI-23-162", "id": "ZDI-23-162", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Exchange MultiValuedProperty Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-162/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18985", "zdi_id": "ZDI-23-162" }, { "cve": "CVE-2023-23382", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of credentials within Azure Machine Learning Service workbo...", "detail_json": "/data/advisories/ZDI-23-161/advisory.json", "detail_path": "advisories/ZDI-23-161", "id": "ZDI-23-161", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-161/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18520", "zdi_id": "ZDI-23-161" }, { "cve": "CVE-2023-23378", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-160/advisory.json", "detail_path": "advisories/ZDI-23-160", "id": "ZDI-23-160", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-160/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19025", "zdi_id": "ZDI-23-160" }, { "cve": "CVE-2023-23390", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-159/advisory.json", "detail_path": "advisories/ZDI-23-159", "id": "ZDI-23-159", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft 3D Builder OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-159/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19014", "zdi_id": "ZDI-23-159" }, { "cve": "CVE-2023-23377", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-158/advisory.json", "detail_path": "advisories/ZDI-23-158", "id": "ZDI-23-158", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-158/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19005", "zdi_id": "ZDI-23-158" }, { "cve": "CVE-2021-44045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-157/advisory.json", "detail_path": "advisories/ZDI-23-157", "id": "ZDI-23-157", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-157/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19186", "zdi_id": "ZDI-23-157" }, { "cve": "CVE-2023-22229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-156/advisory.json", "detail_path": "advisories/ZDI-23-156", "id": "ZDI-23-156", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-156/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19291", "zdi_id": "ZDI-23-156" }, { "cve": "CVE-2023-21575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-155/advisory.json", "detail_path": "advisories/ZDI-23-155", "id": "ZDI-23-155", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-155/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19296", "zdi_id": "ZDI-23-155" }, { "cve": "CVE-2023-21622", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-154/advisory.json", "detail_path": "advisories/ZDI-23-154", "id": "ZDI-23-154", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-154/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19292", "zdi_id": "ZDI-23-154" }, { "cve": "CVE-2023-22238", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-153/advisory.json", "detail_path": "advisories/ZDI-23-153", "id": "ZDI-23-153", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-153/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19290", "zdi_id": "ZDI-23-153" }, { "cve": "CVE-2023-21578", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-152/advisory.json", "detail_path": "advisories/ZDI-23-152", "id": "ZDI-23-152", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-152/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19321", "zdi_id": "ZDI-23-152" }, { "cve": "CVE-2023-21576", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-151/advisory.json", "detail_path": "advisories/ZDI-23-151", "id": "ZDI-23-151", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-151/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19320", "zdi_id": "ZDI-23-151" }, { "cve": "CVE-2023-22237", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-150/advisory.json", "detail_path": "advisories/ZDI-23-150", "id": "ZDI-23-150", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-150/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19315", "zdi_id": "ZDI-23-150" }, { "cve": "CVE-2023-21574", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-149/advisory.json", "detail_path": "advisories/ZDI-23-149", "id": "ZDI-23-149", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Photoshop Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-149/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19322", "zdi_id": "ZDI-23-149" }, { "cve": "CVE-2023-22228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-148/advisory.json", "detail_path": "advisories/ZDI-23-148", "id": "ZDI-23-148", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Bridge Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-148/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19314", "zdi_id": "ZDI-23-148" }, { "cve": "CVE-2023-22239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-23-147/advisory.json", "detail_path": "advisories/ZDI-23-147", "id": "ZDI-23-147", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe After Effects Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-147/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19316", "zdi_id": "ZDI-23-147" }, { "cve": "CVE-2023-22231", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-146/advisory.json", "detail_path": "advisories/ZDI-23-146", "id": "ZDI-23-146", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-146/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19313", "zdi_id": "ZDI-23-146" }, { "cve": "CVE-2023-22227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-145/advisory.json", "detail_path": "advisories/ZDI-23-145", "id": "ZDI-23-145", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-145/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19312", "zdi_id": "ZDI-23-145" }, { "cve": "CVE-2023-21621", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-144/advisory.json", "detail_path": "advisories/ZDI-23-144", "id": "ZDI-23-144", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe FrameMaker Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-144/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19311", "zdi_id": "ZDI-23-144" }, { "cve": "CVE-2023-21620", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-143/advisory.json", "detail_path": "advisories/ZDI-23-143", "id": "ZDI-23-143", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-143/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19310", "zdi_id": "ZDI-23-143" }, { "cve": "CVE-2023-21619", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-142/advisory.json", "detail_path": "advisories/ZDI-23-142", "id": "ZDI-23-142", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-142/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19309", "zdi_id": "ZDI-23-142" }, { "cve": "CVE-2023-21584", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-141/advisory.json", "detail_path": "advisories/ZDI-23-141", "id": "ZDI-23-141", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe FrameMaker Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-141/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18887", "zdi_id": "ZDI-23-141" }, { "cve": "CVE-2023-21583", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-140/advisory.json", "detail_path": "advisories/ZDI-23-140", "id": "ZDI-23-140", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-140/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18886", "zdi_id": "ZDI-23-140" }, { "cve": "CVE-2023-22233", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-23-139/advisory.json", "detail_path": "advisories/ZDI-23-139", "id": "ZDI-23-139", "kind": "published", "published_date": "2023-02-24", "status": "published", "title": "Adobe After Effects Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-139/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18885", "zdi_id": "ZDI-23-139" }, { "cve": "CVE-2023-22669", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-138/advisory.json", "detail_path": "advisories/ZDI-23-138", "id": "ZDI-23-138", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-138/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19170", "zdi_id": "ZDI-23-138" }, { "cve": "CVE-2021-43391", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-137/advisory.json", "detail_path": "advisories/ZDI-23-137", "id": "ZDI-23-137", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-137/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19164", "zdi_id": "ZDI-23-137" }, { "cve": "CVE-2021-32950", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-23-136/advisory.json", "detail_path": "advisories/ZDI-23-136", "id": "ZDI-23-136", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-136/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19163", "zdi_id": "ZDI-23-136" }, { "cve": "CVE-2021-32938", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-23-135/advisory.json", "detail_path": "advisories/ZDI-23-135", "id": "ZDI-23-135", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-135/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19161", "zdi_id": "ZDI-23-135" }, { "cve": "CVE-2021-32940", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-23-134/advisory.json", "detail_path": "advisories/ZDI-23-134", "id": "ZDI-23-134", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-134/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19154", "zdi_id": "ZDI-23-134" }, { "cve": "CVE-2021-43582", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-23-133/advisory.json", "detail_path": "advisories/ZDI-23-133", "id": "ZDI-23-133", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-133/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19153", "zdi_id": "ZDI-23-133" }, { "cve": "CVE-2021-32944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-132/advisory.json", "detail_path": "advisories/ZDI-23-132", "id": "ZDI-23-132", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-132/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19152", "zdi_id": "ZDI-23-132" }, { "cve": "CVE-2021-32944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-131/advisory.json", "detail_path": "advisories/ZDI-23-131", "id": "ZDI-23-131", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-131/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19151", "zdi_id": "ZDI-23-131" }, { "cve": "CVE-2021-32946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-130/advisory.json", "detail_path": "advisories/ZDI-23-130", "id": "ZDI-23-130", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-130/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19148", "zdi_id": "ZDI-23-130" }, { "cve": "CVE-2021-32938", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-129/advisory.json", "detail_path": "advisories/ZDI-23-129", "id": "ZDI-23-129", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-129/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19146", "zdi_id": "ZDI-23-129" }, { "cve": "CVE-2021-32948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-128/advisory.json", "detail_path": "advisories/ZDI-23-128", "id": "ZDI-23-128", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-128/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19145", "zdi_id": "ZDI-23-128" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-127/advisory.json", "detail_path": "advisories/ZDI-23-127", "id": "ZDI-23-127", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-127/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19144", "zdi_id": "ZDI-23-127" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-126/advisory.json", "detail_path": "advisories/ZDI-23-126", "id": "ZDI-23-126", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-126/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19143", "zdi_id": "ZDI-23-126" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-125/advisory.json", "detail_path": "advisories/ZDI-23-125", "id": "ZDI-23-125", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-125/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19142", "zdi_id": "ZDI-23-125" }, { "cve": "CVE-2023-22670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-124/advisory.json", "detail_path": "advisories/ZDI-23-124", "id": "ZDI-23-124", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-124/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19138", "zdi_id": "ZDI-23-124" }, { "cve": "CVE-2021-32952", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-123/advisory.json", "detail_path": "advisories/ZDI-23-123", "id": "ZDI-23-123", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-123/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19137", "zdi_id": "ZDI-23-123" }, { "cve": "CVE-2021-43273", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-122/advisory.json", "detail_path": "advisories/ZDI-23-122", "id": "ZDI-23-122", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-122/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19136", "zdi_id": "ZDI-23-122" }, { "cve": "CVE-2021-32948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-121/advisory.json", "detail_path": "advisories/ZDI-23-121", "id": "ZDI-23-121", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-121/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19135", "zdi_id": "ZDI-23-121" }, { "cve": "CVE-2021-32940", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-23-120/advisory.json", "detail_path": "advisories/ZDI-23-120", "id": "ZDI-23-120", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Open Design Alliance (ODA) Drawing SDK DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-120/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-19134", "zdi_id": "ZDI-23-120" }, { "cve": "CVE-2023-21886", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Teleporter service. The issue results from th...", "detail_json": "/data/advisories/ZDI-23-119/advisory.json", "detail_path": "advisories/ZDI-23-119", "id": "ZDI-23-119", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Oracle VirtualBox Teleporter Improper Error Handling Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-119/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-18864", "zdi_id": "ZDI-23-119" }, { "cve": "CVE-2023-21838", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ForeignOpaqueReference class. The issue...", "detail_json": "/data/advisories/ZDI-23-118/advisory.json", "detail_path": "advisories/ZDI-23-118", "id": "ZDI-23-118", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Oracle WebLogic Server ForeignOpaqueReference JNDI Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-118/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-18409", "zdi_id": "ZDI-23-118" }, { "cve": "CVE-2022-31704", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. The issue resu...", "detail_json": "/data/advisories/ZDI-23-117/advisory.json", "detail_path": "advisories/ZDI-23-117", "id": "ZDI-23-117", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-117/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17961", "zdi_id": "ZDI-23-117" }, { "cve": "CVE-2022-31711", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getConfig function. The issue result...", "detail_json": "/data/advisories/ZDI-23-116/advisory.json", "detail_path": "advisories/ZDI-23-116", "id": "ZDI-23-116", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-116/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17964", "zdi_id": "ZDI-23-116" }, { "cve": "CVE-2022-31706", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RemotePakDownloadCommand function....", "detail_json": "/data/advisories/ZDI-23-115/advisory.json", "detail_path": "advisories/ZDI-23-115", "id": "ZDI-23-115", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "VMware vRealize Log Insight RemotePakDownloadCommand Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-115/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17962", "zdi_id": "ZDI-23-115" }, { "cve": "CVE-2022-31710", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addClusterCACertific...", "detail_json": "/data/advisories/ZDI-23-114/advisory.json", "detail_path": "advisories/ZDI-23-114", "id": "ZDI-23-114", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "VMware vRealize Log Insight addClusterCACertificate Deserialization of Untrusted Data Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-114/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17963", "zdi_id": "ZDI-23-114" }, { "cve": "CVE-2023-21532", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-113/advisory.json", "detail_path": "advisories/ZDI-23-113", "id": "ZDI-23-113", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Microsoft Windows win32kfull Bitmap Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-113/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19045", "zdi_id": "ZDI-23-113" }, { "cve": "CVE-2022-29844", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FTP serve...", "detail_json": "/data/advisories/ZDI-23-112/advisory.json", "detail_path": "advisories/ZDI-23-112", "id": "ZDI-23-112", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 FTP Server Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-112/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19736", "zdi_id": "ZDI-23-112" }, { "cve": "CVE-2022-29843", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DDNS resp...", "detail_json": "/data/advisories/ZDI-23-111/advisory.json", "detail_path": "advisories/ZDI-23-111", "id": "ZDI-23-111", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 DDNS Response Processing Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-111/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-19694", "zdi_id": "ZDI-23-111" }, { "cve": "CVE-2023-22240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-110/advisory.json", "detail_path": "advisories/ZDI-23-110", "id": "ZDI-23-110", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19517", "zdi_id": "ZDI-23-110" }, { "cve": "CVE-2023-22241", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-109/advisory.json", "detail_path": "advisories/ZDI-23-109", "id": "ZDI-23-109", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-109/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19516", "zdi_id": "ZDI-23-109" }, { "cve": "CVE-2023-22242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-108/advisory.json", "detail_path": "advisories/ZDI-23-108", "id": "ZDI-23-108", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-108/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19515", "zdi_id": "ZDI-23-108" }, { "cve": "CVE-2023-23912", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhcp6c daemon. The issue re...", "detail_json": "/data/advisories/ZDI-23-107/advisory.json", "detail_path": "advisories/ZDI-23-107", "id": "ZDI-23-107", "kind": "published", "published_date": "2023-02-09", "status": "published", "title": "(Pwn2Own) Ubiquiti Networks EdgeOS dhcp6c Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-107/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-19687", "zdi_id": "ZDI-23-107" }, { "cve": "CVE-2022-42947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-106/advisory.json", "detail_path": "advisories/ZDI-23-106", "id": "ZDI-23-106", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-106/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19569", "zdi_id": "ZDI-23-106" }, { "cve": "CVE-2022-42947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-105/advisory.json", "detail_path": "advisories/ZDI-23-105", "id": "ZDI-23-105", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-105/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19568", "zdi_id": "ZDI-23-105" }, { "cve": "CVE-2022-42946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-104/advisory.json", "detail_path": "advisories/ZDI-23-104", "id": "ZDI-23-104", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-104/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19567", "zdi_id": "ZDI-23-104" }, { "cve": "CVE-2022-42946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-103/advisory.json", "detail_path": "advisories/ZDI-23-103", "id": "ZDI-23-103", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-103/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19566", "zdi_id": "ZDI-23-103" }, { "cve": "CVE-2022-42946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-102/advisory.json", "detail_path": "advisories/ZDI-23-102", "id": "ZDI-23-102", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-102/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19565", "zdi_id": "ZDI-23-102" }, { "cve": "CVE-2022-42946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-101/advisory.json", "detail_path": "advisories/ZDI-23-101", "id": "ZDI-23-101", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-101/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19564", "zdi_id": "ZDI-23-101" }, { "cve": "CVE-2022-33886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-100/advisory.json", "detail_path": "advisories/ZDI-23-100", "id": "ZDI-23-100", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-100/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19563", "zdi_id": "ZDI-23-100" }, { "cve": "CVE-2022-42946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-23-099/advisory.json", "detail_path": "advisories/ZDI-23-099", "id": "ZDI-23-099", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-099/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-19570", "zdi_id": "ZDI-23-099" }, { "cve": "CVE-2023-0494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-23-098/advisory.json", "detail_path": "advisories/ZDI-23-098", "id": "ZDI-23-098", "kind": "published", "published_date": "2023-02-08", "status": "published", "title": "X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-098/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19596", "zdi_id": "ZDI-23-098" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JWT tokens within Azure Machine Learning Service workboo...", "detail_json": "/data/advisories/ZDI-23-097/advisory.json", "detail_path": "advisories/ZDI-23-097", "id": "ZDI-23-097", "kind": "published", "published_date": "2023-02-07", "status": "published", "title": "Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-097/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18565", "zdi_id": "ZDI-23-097" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of credentials within Azure Machine Learning Service workbo...", "detail_json": "/data/advisories/ZDI-23-096/advisory.json", "detail_path": "advisories/ZDI-23-096", "id": "ZDI-23-096", "kind": "published", "published_date": "2023-02-07", "status": "published", "title": "Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-096/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19057", "zdi_id": "ZDI-23-096" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of credentials within Azure Machine Learning Service workbo...", "detail_json": "/data/advisories/ZDI-23-095/advisory.json", "detail_path": "advisories/ZDI-23-095", "id": "ZDI-23-095", "kind": "published", "published_date": "2023-02-07", "status": "published", "title": "Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-095/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19307", "zdi_id": "ZDI-23-095" }, { "cve": "CVE-2022-43634", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the la...", "detail_json": "/data/advisories/ZDI-23-094/advisory.json", "detail_path": "advisories/ZDI-23-094", "id": "ZDI-23-094", "kind": "published", "published_date": "2023-02-06", "status": "published", "title": "Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-094/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-17646", "zdi_id": "ZDI-23-094" }, { "cve": "CVE-2022-46169", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. The specific flaw exists within the poll_for_data function. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-23-093/advisory.json", "detail_path": "advisories/ZDI-23-093", "id": "ZDI-23-093", "kind": "published", "published_date": "2023-01-31", "status": "published", "title": "Cacti poll_for_data Command Injection Remote Code Execution Vulnerability", "updated_date": "2023-01-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-093/", "vendor": "Cacti", "vendor_url": null, "zdi_can": "ZDI-CAN-19046", "zdi_id": "ZDI-23-093" }, { "cve": "CVE-2022-43650", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-23-092/advisory.json", "detail_path": "advisories/ZDI-23-092", "id": "ZDI-23-092", "kind": "published", "published_date": "2023-01-20", "status": "published", "title": "RARLAB WinRAR ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-092/", "vendor": "RARLAB", "vendor_url": null, "zdi_can": "ZDI-CAN-19232", "zdi_id": "ZDI-23-092" }, { "cve": "CVE-2022-43649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-091/advisory.json", "detail_path": "advisories/ZDI-23-091", "id": "ZDI-23-091", "kind": "published", "published_date": "2023-01-20", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-091/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-19478", "zdi_id": "ZDI-23-091" }, { "cve": "CVE-2021-44014", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-090/advisory.json", "detail_path": "advisories/ZDI-23-090", "id": "ZDI-23-090", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-090/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19081", "zdi_id": "ZDI-23-090" }, { "cve": "CVE-2022-47935", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-089/advisory.json", "detail_path": "advisories/ZDI-23-089", "id": "ZDI-23-089", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-089/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19078", "zdi_id": "ZDI-23-089" }, { "cve": "CVE-2021-44002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-088/advisory.json", "detail_path": "advisories/ZDI-23-088", "id": "ZDI-23-088", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-088/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19077", "zdi_id": "ZDI-23-088" }, { "cve": "CVE-2021-44002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-23-087/advisory.json", "detail_path": "advisories/ZDI-23-087", "id": "ZDI-23-087", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-087/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19076", "zdi_id": "ZDI-23-087" }, { "cve": "CVE-2022-41657", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-086/advisory.json", "detail_path": "advisories/ZDI-23-086", "id": "ZDI-23-086", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-086/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19418", "zdi_id": "ZDI-23-086" }, { "cve": "CVE-2022-41657", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-085/advisory.json", "detail_path": "advisories/ZDI-23-085", "id": "ZDI-23-085", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-085/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19417", "zdi_id": "ZDI-23-085" }, { "cve": "CVE-2022-41657", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-084/advisory.json", "detail_path": "advisories/ZDI-23-084", "id": "ZDI-23-084", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-084/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19416", "zdi_id": "ZDI-23-084" }, { "cve": "CVE-2022-40202", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-23-083/advisory.json", "detail_path": "advisories/ZDI-23-083", "id": "ZDI-23-083", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-083/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19415", "zdi_id": "ZDI-23-083" }, { "cve": "CVE-2022-41657", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-23-082/advisory.json", "detail_path": "advisories/ZDI-23-082", "id": "ZDI-23-082", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-082/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-19414", "zdi_id": "ZDI-23-082" }, { "cve": "CVE-2023-21581", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-081/advisory.json", "detail_path": "advisories/ZDI-23-081", "id": "ZDI-23-081", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-081/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18294", "zdi_id": "ZDI-23-081" }, { "cve": "CVE-2023-21603", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-080/advisory.json", "detail_path": "advisories/ZDI-23-080", "id": "ZDI-23-080", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-080/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19431", "zdi_id": "ZDI-23-080" }, { "cve": "CVE-2023-21601", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-079/advisory.json", "detail_path": "advisories/ZDI-23-079", "id": "ZDI-23-079", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Dimension OBJ File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-079/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19392", "zdi_id": "ZDI-23-079" }, { "cve": "CVE-2023-21597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-078/advisory.json", "detail_path": "advisories/ZDI-23-078", "id": "ZDI-23-078", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-078/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19294", "zdi_id": "ZDI-23-078" }, { "cve": "CVE-2023-21595", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-077/advisory.json", "detail_path": "advisories/ZDI-23-077", "id": "ZDI-23-077", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-077/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19323", "zdi_id": "ZDI-23-077" }, { "cve": "CVE-2023-21599", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-076/advisory.json", "detail_path": "advisories/ZDI-23-076", "id": "ZDI-23-076", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-076/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19324", "zdi_id": "ZDI-23-076" }, { "cve": "CVE-2023-21596", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-075/advisory.json", "detail_path": "advisories/ZDI-23-075", "id": "ZDI-23-075", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-075/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19347", "zdi_id": "ZDI-23-075" }, { "cve": "CVE-2023-21598", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-074/advisory.json", "detail_path": "advisories/ZDI-23-074", "id": "ZDI-23-074", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-074/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18889", "zdi_id": "ZDI-23-074" }, { "cve": "CVE-2023-21594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-23-073/advisory.json", "detail_path": "advisories/ZDI-23-073", "id": "ZDI-23-073", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-073/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18883", "zdi_id": "ZDI-23-073" }, { "cve": "CVE-2023-21590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-072/advisory.json", "detail_path": "advisories/ZDI-23-072", "id": "ZDI-23-072", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-072/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19295", "zdi_id": "ZDI-23-072" }, { "cve": "CVE-2023-21589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-071/advisory.json", "detail_path": "advisories/ZDI-23-071", "id": "ZDI-23-071", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-071/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19352", "zdi_id": "ZDI-23-071" }, { "cve": "CVE-2023-21592", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-070/advisory.json", "detail_path": "advisories/ZDI-23-070", "id": "ZDI-23-070", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19353", "zdi_id": "ZDI-23-070" }, { "cve": "CVE-2023-21588", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-069/advisory.json", "detail_path": "advisories/ZDI-23-069", "id": "ZDI-23-069", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-069/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19354", "zdi_id": "ZDI-23-069" }, { "cve": "CVE-2023-21587", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-068/advisory.json", "detail_path": "advisories/ZDI-23-068", "id": "ZDI-23-068", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-068/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18884", "zdi_id": "ZDI-23-068" }, { "cve": "CVE-2023-21591", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-067/advisory.json", "detail_path": "advisories/ZDI-23-067", "id": "ZDI-23-067", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-067/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18890", "zdi_id": "ZDI-23-067" }, { "cve": "CVE-2023-21607", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-066/advisory.json", "detail_path": "advisories/ZDI-23-066", "id": "ZDI-23-066", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-066/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19301", "zdi_id": "ZDI-23-066" }, { "cve": "CVE-2023-21613", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-065/advisory.json", "detail_path": "advisories/ZDI-23-065", "id": "ZDI-23-065", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-065/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19300", "zdi_id": "ZDI-23-065" }, { "cve": "CVE-2023-21614", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-064/advisory.json", "detail_path": "advisories/ZDI-23-064", "id": "ZDI-23-064", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-064/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19299", "zdi_id": "ZDI-23-064" }, { "cve": "CVE-2023-21606", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-063/advisory.json", "detail_path": "advisories/ZDI-23-063", "id": "ZDI-23-063", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-063/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19297", "zdi_id": "ZDI-23-063" }, { "cve": "CVE-2023-21609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-062/advisory.json", "detail_path": "advisories/ZDI-23-062", "id": "ZDI-23-062", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-062/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19469", "zdi_id": "ZDI-23-062" }, { "cve": "CVE-2023-21608", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-061/advisory.json", "detail_path": "advisories/ZDI-23-061", "id": "ZDI-23-061", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-061/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19240", "zdi_id": "ZDI-23-061" }, { "cve": "CVE-2023-21605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-060/advisory.json", "detail_path": "advisories/ZDI-23-060", "id": "ZDI-23-060", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-060/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-19036", "zdi_id": "ZDI-23-060" }, { "cve": "CVE-2023-21585", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-23-059/advisory.json", "detail_path": "advisories/ZDI-23-059", "id": "ZDI-23-059", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-059/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18897", "zdi_id": "ZDI-23-059" }, { "cve": "CVE-2023-21579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-23-058/advisory.json", "detail_path": "advisories/ZDI-23-058", "id": "ZDI-23-058", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-058/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18293", "zdi_id": "ZDI-23-058" }, { "cve": "CVE-2022-31708", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-23-057/advisory.json", "detail_path": "advisories/ZDI-23-057", "id": "ZDI-23-057", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-057/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-18336", "zdi_id": "ZDI-23-057" }, { "cve": "CVE-2022-31703", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadFile function....", "detail_json": "/data/advisories/ZDI-23-056/advisory.json", "detail_path": "advisories/ZDI-23-056", "id": "ZDI-23-056", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-056/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17960", "zdi_id": "ZDI-23-056" }, { "cve": "CVE-2022-31702", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle function....", "detail_json": "/data/advisories/ZDI-23-055/advisory.json", "detail_path": "advisories/ZDI-23-055", "id": "ZDI-23-055", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "VMware vRealize Network Insight createSupportBundle Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-055/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17959", "zdi_id": "ZDI-23-055" }, { "cve": "CVE-2022-31707", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of VMware vRealize Operations. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of CaSA. A crafted administr...", "detail_json": "/data/advisories/ZDI-23-054/advisory.json", "detail_path": "advisories/ZDI-23-054", "id": "ZDI-23-054", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "VMware vRealize Operations CaSA Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-054/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17957", "zdi_id": "ZDI-23-054" }, { "cve": "CVE-2022-48191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-23-053/advisory.json", "detail_path": "advisories/ZDI-23-053", "id": "ZDI-23-053", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18291", "zdi_id": "ZDI-23-053" }, { "cve": "CVE-2022-43648", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue...", "detail_json": "/data/advisories/ZDI-23-052/advisory.json", "detail_path": "advisories/ZDI-23-052", "id": "ZDI-23-052", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "D-Link DIR-3040 MiniDLNA Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-052/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19910", "zdi_id": "ZDI-23-052" }, { "cve": "CVE-2022-47211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-051/advisory.json", "detail_path": "advisories/ZDI-23-051", "id": "ZDI-23-051", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Word SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-051/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19622", "zdi_id": "ZDI-23-051" }, { "cve": "CVE-2022-47213", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-23-050/advisory.json", "detail_path": "advisories/ZDI-23-050", "id": "ZDI-23-050", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-050/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19181", "zdi_id": "ZDI-23-050" }, { "cve": "CVE-2023-21793", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-049/advisory.json", "detail_path": "advisories/ZDI-23-049", "id": "ZDI-23-049", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-049/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19016", "zdi_id": "ZDI-23-049" }, { "cve": "CVE-2023-21792", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-048/advisory.json", "detail_path": "advisories/ZDI-23-048", "id": "ZDI-23-048", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19126", "zdi_id": "ZDI-23-048" }, { "cve": "CVE-2023-21792", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-047/advisory.json", "detail_path": "advisories/ZDI-23-047", "id": "ZDI-23-047", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19125", "zdi_id": "ZDI-23-047" }, { "cve": "CVE-2023-21792", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-046/advisory.json", "detail_path": "advisories/ZDI-23-046", "id": "ZDI-23-046", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-046/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19004", "zdi_id": "ZDI-23-046" }, { "cve": "CVE-2023-21792", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-045/advisory.json", "detail_path": "advisories/ZDI-23-045", "id": "ZDI-23-045", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-045/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18990", "zdi_id": "ZDI-23-045" }, { "cve": "CVE-2023-21792", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-044/advisory.json", "detail_path": "advisories/ZDI-23-044", "id": "ZDI-23-044", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Print 3D WRL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19027", "zdi_id": "ZDI-23-044" }, { "cve": "CVE-2023-21792", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-043/advisory.json", "detail_path": "advisories/ZDI-23-043", "id": "ZDI-23-043", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-043/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19035", "zdi_id": "ZDI-23-043" }, { "cve": "CVE-2023-21791", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-042/advisory.json", "detail_path": "advisories/ZDI-23-042", "id": "ZDI-23-042", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-042/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19007", "zdi_id": "ZDI-23-042" }, { "cve": "CVE-2023-21790", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-041/advisory.json", "detail_path": "advisories/ZDI-23-041", "id": "ZDI-23-041", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-041/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19009", "zdi_id": "ZDI-23-041" }, { "cve": "CVE-2023-21789", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-040/advisory.json", "detail_path": "advisories/ZDI-23-040", "id": "ZDI-23-040", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-040/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19129", "zdi_id": "ZDI-23-040" }, { "cve": "CVE-2023-21788", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-039/advisory.json", "detail_path": "advisories/ZDI-23-039", "id": "ZDI-23-039", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-039/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19130", "zdi_id": "ZDI-23-039" }, { "cve": "CVE-2023-21787", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-038/advisory.json", "detail_path": "advisories/ZDI-23-038", "id": "ZDI-23-038", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-038/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19128", "zdi_id": "ZDI-23-038" }, { "cve": "CVE-2023-21786", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-037/advisory.json", "detail_path": "advisories/ZDI-23-037", "id": "ZDI-23-037", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-037/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19018", "zdi_id": "ZDI-23-037" }, { "cve": "CVE-2023-21785", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-036/advisory.json", "detail_path": "advisories/ZDI-23-036", "id": "ZDI-23-036", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-036/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19127", "zdi_id": "ZDI-23-036" }, { "cve": "CVE-2023-21784", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-035/advisory.json", "detail_path": "advisories/ZDI-23-035", "id": "ZDI-23-035", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-035/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19101", "zdi_id": "ZDI-23-035" }, { "cve": "CVE-2023-21784", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-034/advisory.json", "detail_path": "advisories/ZDI-23-034", "id": "ZDI-23-034", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-034/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19003", "zdi_id": "ZDI-23-034" }, { "cve": "CVE-2023-21784", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-033/advisory.json", "detail_path": "advisories/ZDI-23-033", "id": "ZDI-23-033", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-033/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19026", "zdi_id": "ZDI-23-033" }, { "cve": "CVE-2023-21783", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-032/advisory.json", "detail_path": "advisories/ZDI-23-032", "id": "ZDI-23-032", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-032/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18998", "zdi_id": "ZDI-23-032" }, { "cve": "CVE-2023-21782", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-031/advisory.json", "detail_path": "advisories/ZDI-23-031", "id": "ZDI-23-031", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-031/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19124", "zdi_id": "ZDI-23-031" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-030/advisory.json", "detail_path": "advisories/ZDI-23-030", "id": "ZDI-23-030", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19023", "zdi_id": "ZDI-23-030" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-029/advisory.json", "detail_path": "advisories/ZDI-23-029", "id": "ZDI-23-029", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-029/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19022", "zdi_id": "ZDI-23-029" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-028/advisory.json", "detail_path": "advisories/ZDI-23-028", "id": "ZDI-23-028", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-028/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19015", "zdi_id": "ZDI-23-028" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-027/advisory.json", "detail_path": "advisories/ZDI-23-027", "id": "ZDI-23-027", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19008", "zdi_id": "ZDI-23-027" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-026/advisory.json", "detail_path": "advisories/ZDI-23-026", "id": "ZDI-23-026", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19001", "zdi_id": "ZDI-23-026" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-025/advisory.json", "detail_path": "advisories/ZDI-23-025", "id": "ZDI-23-025", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19000", "zdi_id": "ZDI-23-025" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-024/advisory.json", "detail_path": "advisories/ZDI-23-024", "id": "ZDI-23-024", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18999", "zdi_id": "ZDI-23-024" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-023/advisory.json", "detail_path": "advisories/ZDI-23-023", "id": "ZDI-23-023", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18996", "zdi_id": "ZDI-23-023" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-022/advisory.json", "detail_path": "advisories/ZDI-23-022", "id": "ZDI-23-022", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18995", "zdi_id": "ZDI-23-022" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-021/advisory.json", "detail_path": "advisories/ZDI-23-021", "id": "ZDI-23-021", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-021/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18994", "zdi_id": "ZDI-23-021" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-020/advisory.json", "detail_path": "advisories/ZDI-23-020", "id": "ZDI-23-020", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18993", "zdi_id": "ZDI-23-020" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-019/advisory.json", "detail_path": "advisories/ZDI-23-019", "id": "ZDI-23-019", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18992", "zdi_id": "ZDI-23-019" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-018/advisory.json", "detail_path": "advisories/ZDI-23-018", "id": "ZDI-23-018", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18991", "zdi_id": "ZDI-23-018" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-017/advisory.json", "detail_path": "advisories/ZDI-23-017", "id": "ZDI-23-017", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-017/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18989", "zdi_id": "ZDI-23-017" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-016/advisory.json", "detail_path": "advisories/ZDI-23-016", "id": "ZDI-23-016", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19033", "zdi_id": "ZDI-23-016" }, { "cve": "CVE-2023-21782", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-23-015/advisory.json", "detail_path": "advisories/ZDI-23-015", "id": "ZDI-23-015", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-015/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19024", "zdi_id": "ZDI-23-015" }, { "cve": "CVE-2023-21781", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-014/advisory.json", "detail_path": "advisories/ZDI-23-014", "id": "ZDI-23-014", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19017", "zdi_id": "ZDI-23-014" }, { "cve": "CVE-2023-21780", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-23-013/advisory.json", "detail_path": "advisories/ZDI-23-013", "id": "ZDI-23-013", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19032", "zdi_id": "ZDI-23-013" }, { "cve": "CVE-2023-21764", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-23-012/advisory.json", "detail_path": "advisories/ZDI-23-012", "id": "ZDI-23-012", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19491", "zdi_id": "ZDI-23-012" }, { "cve": "CVE-2023-21763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-23-011/advisory.json", "detail_path": "advisories/ZDI-23-011", "id": "ZDI-23-011", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Exchange TorusUpdateInitialSessionState Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-011/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19492", "zdi_id": "ZDI-23-011" }, { "cve": "CVE-2023-21737", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-010/advisory.json", "detail_path": "advisories/ZDI-23-010", "id": "ZDI-23-010", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-010/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19183", "zdi_id": "ZDI-23-010" }, { "cve": "CVE-2023-21547", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IKEEXT service, which listens...", "detail_json": "/data/advisories/ZDI-23-009/advisory.json", "detail_path": "advisories/ZDI-23-009", "id": "ZDI-23-009", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-009/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18647", "zdi_id": "ZDI-23-009" }, { "cve": "CVE-2023-21735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-008/advisory.json", "detail_path": "advisories/ZDI-23-008", "id": "ZDI-23-008", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-008/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18601", "zdi_id": "ZDI-23-008" }, { "cve": "CVE-2023-21734", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-23-007/advisory.json", "detail_path": "advisories/ZDI-23-007", "id": "ZDI-23-007", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18598", "zdi_id": "ZDI-23-007" }, { "cve": "CVE-2023-21745", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not prope...", "detail_json": "/data/advisories/ZDI-23-006/advisory.json", "detail_path": "advisories/ZDI-23-006", "id": "ZDI-23-006", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability", "updated_date": "2024-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-006/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19041", "zdi_id": "ZDI-23-006" }, { "cve": "CVE-2023-21736", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-23-005/advisory.json", "detail_path": "advisories/ZDI-23-005", "id": "ZDI-23-005", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Office Visio DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-005/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19092", "zdi_id": "ZDI-23-005" }, { "cve": "CVE-2023-21680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-004/advisory.json", "detail_path": "advisories/ZDI-23-004", "id": "ZDI-23-004", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Windows GreStartDocInternal Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18614", "zdi_id": "ZDI-23-004" }, { "cve": "CVE-2023-21745", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not prope...", "detail_json": "/data/advisories/ZDI-23-003/advisory.json", "detail_path": "advisories/ZDI-23-003", "id": "ZDI-23-003", "kind": "published", "published_date": "2024-10-16", "status": "published", "title": "Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability", "updated_date": "2024-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-003/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19042", "zdi_id": "ZDI-23-003" }, { "cve": "CVE-2023-21531", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code within a container on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-23-002/advisory.json", "detail_path": "advisories/ZDI-23-002", "id": "ZDI-23-002", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Azure Service Fabric WAagent Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-002/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18519", "zdi_id": "ZDI-23-002" }, { "cve": "CVE-2023-21542", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-23-001/advisory.json", "detail_path": "advisories/ZDI-23-001", "id": "ZDI-23-001", "kind": "published", "published_date": "2023-01-18", "status": "published", "title": "Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-001/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18151", "zdi_id": "ZDI-23-001" }, { "cve": "CVE-2022-43647", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which list...", "detail_json": "/data/advisories/ZDI-22-1706/advisory.json", "detail_path": "advisories/ZDI-22-1706", "id": "ZDI-22-1706", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd Upload Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1706/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19464", "zdi_id": "ZDI-22-1706" }, { "cve": "CVE-2022-43646", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnp...", "detail_json": "/data/advisories/ZDI-22-1705/advisory.json", "detail_path": "advisories/ZDI-22-1705", "id": "ZDI-22-1705", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd Vimeo Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1705/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19463", "zdi_id": "ZDI-22-1705" }, { "cve": "CVE-2022-43645", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd...", "detail_json": "/data/advisories/ZDI-22-1704/advisory.json", "detail_path": "advisories/ZDI-22-1704", "id": "ZDI-22-1704", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd IVI Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1704/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19462", "zdi_id": "ZDI-22-1704" }, { "cve": "CVE-2022-43644", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xu...", "detail_json": "/data/advisories/ZDI-22-1703/advisory.json", "detail_path": "advisories/ZDI-22-1703", "id": "ZDI-22-1703", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1703/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19461", "zdi_id": "ZDI-22-1703" }, { "cve": "CVE-2022-43643", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xup...", "detail_json": "/data/advisories/ZDI-22-1702/advisory.json", "detail_path": "advisories/ZDI-22-1702", "id": "ZDI-22-1702", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd Generic Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1702/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19460", "zdi_id": "ZDI-22-1702" }, { "cve": "CVE-2022-43642", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xup...", "detail_json": "/data/advisories/ZDI-22-1701/advisory.json", "detail_path": "advisories/ZDI-22-1701", "id": "ZDI-22-1701", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "D-Link DIR-825/EE xupnpd YouTube Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1701/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-19222", "zdi_id": "ZDI-22-1701" }, { "cve": "CVE-2022-4283", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1700/advisory.json", "detail_path": "advisories/ZDI-22-1700", "id": "ZDI-22-1700", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability", "updated_date": "2023-12-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1700/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19530", "zdi_id": "ZDI-22-1700" }, { "cve": "CVE-2022-46344", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-22-1699/advisory.json", "detail_path": "advisories/ZDI-22-1699", "id": "ZDI-22-1699", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1699/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19405", "zdi_id": "ZDI-22-1699" }, { "cve": "CVE-2022-46343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1698/advisory.json", "detail_path": "advisories/ZDI-22-1698", "id": "ZDI-22-1698", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1698/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19404", "zdi_id": "ZDI-22-1698" }, { "cve": "CVE-2022-46342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1697/advisory.json", "detail_path": "advisories/ZDI-22-1697", "id": "ZDI-22-1697", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server XvdiSelectVideoNotify Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1697/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19400", "zdi_id": "ZDI-22-1697" }, { "cve": "CVE-2022-46341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1696/advisory.json", "detail_path": "advisories/ZDI-22-1696", "id": "ZDI-22-1696", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server ProcXIPassiveUngrabDevice Improper Validation of Array Index Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1696/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19381", "zdi_id": "ZDI-22-1696" }, { "cve": "CVE-2022-46340", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1695/advisory.json", "detail_path": "advisories/ZDI-22-1695", "id": "ZDI-22-1695", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1695/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-19265", "zdi_id": "ZDI-22-1695" }, { "cve": "CVE-2022-41121", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1694/advisory.json", "detail_path": "advisories/ZDI-22-1694", "id": "ZDI-22-1694", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "Microsoft Windows StretchBlt Untrusted Pointer Dereference Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1694/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18524", "zdi_id": "ZDI-22-1694" }, { "cve": "CVE-2022-41121", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1693/advisory.json", "detail_path": "advisories/ZDI-22-1693", "id": "ZDI-22-1693", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "Microsoft Windows PlgBlt Untrusted Pointer Dereference Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1693/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18523", "zdi_id": "ZDI-22-1693" }, { "cve": "CVE-2022-44671", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1692/advisory.json", "detail_path": "advisories/ZDI-22-1692", "id": "ZDI-22-1692", "kind": "published", "published_date": "2022-12-28", "status": "published", "title": "Microsoft Windows GreDrawStream Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1692/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18562", "zdi_id": "ZDI-22-1692" }, { "cve": "CVE-2022-47943", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of SMB2_WRITE commands. The issue re...", "detail_json": "/data/advisories/ZDI-22-1691/advisory.json", "detail_path": "advisories/ZDI-22-1691", "id": "ZDI-22-1691", "kind": "published", "published_date": "2023-01-23", "status": "published", "title": "Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-03-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1691/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17817", "zdi_id": "ZDI-22-1691" }, { "cve": "CVE-2022-47939", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-22-1690/advisory.json", "detail_path": "advisories/ZDI-22-1690", "id": "ZDI-22-1690", "kind": "published", "published_date": "2022-12-22", "status": "published", "title": "Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-01-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1690/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17816", "zdi_id": "ZDI-22-1690" }, { "cve": "CVE-2022-47938", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of SMB2_TREE_CONNECT commands....", "detail_json": "/data/advisories/ZDI-22-1689/advisory.json", "detail_path": "advisories/ZDI-22-1689", "id": "ZDI-22-1689", "kind": "published", "published_date": "2022-12-22", "status": "published", "title": "Linux Kernel ksmbd Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2023-01-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1689/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17818", "zdi_id": "ZDI-22-1689" }, { "cve": "CVE-2022-47942", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of file attributes. The issue results from t...", "detail_json": "/data/advisories/ZDI-22-1688/advisory.json", "detail_path": "advisories/ZDI-22-1688", "id": "ZDI-22-1688", "kind": "published", "published_date": "2022-12-22", "status": "published", "title": "Linux Kernel ksmbd Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-01-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1688/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17771", "zdi_id": "ZDI-22-1688" }, { "cve": "CVE-2022-47941", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2_NEGOTIATE commands...", "detail_json": "/data/advisories/ZDI-22-1687/advisory.json", "detail_path": "advisories/ZDI-22-1687", "id": "ZDI-22-1687", "kind": "published", "published_date": "2022-12-22", "status": "published", "title": "Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability", "updated_date": "2023-01-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1687/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17815", "zdi_id": "ZDI-22-1687" }, { "cve": "CVE-2022-31696", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1686/advisory.json", "detail_path": "advisories/ZDI-22-1686", "id": "ZDI-22-1686", "kind": "published", "published_date": "2022-12-21", "status": "published", "title": "VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1686/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-17737", "zdi_id": "ZDI-22-1686" }, { "cve": "CVE-2022-44502", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1685/advisory.json", "detail_path": "advisories/ZDI-22-1685", "id": "ZDI-22-1685", "kind": "published", "published_date": "2022-12-21", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1685/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18888", "zdi_id": "ZDI-22-1685" }, { "cve": "CVE-2022-45484", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-1684/advisory.json", "detail_path": "advisories/ZDI-22-1684", "id": "ZDI-22-1684", "kind": "published", "published_date": "2022-12-21", "status": "published", "title": "Siemens JT2Go RAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1684/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19056", "zdi_id": "ZDI-22-1684" }, { "cve": "CVE-2022-46348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1683/advisory.json", "detail_path": "advisories/ZDI-22-1683", "id": "ZDI-22-1683", "kind": "published", "published_date": "2022-12-21", "status": "published", "title": "Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1683/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19383", "zdi_id": "ZDI-22-1683" }, { "cve": "CVE-2022-42852", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1682/advisory.json", "detail_path": "advisories/ZDI-22-1682", "id": "ZDI-22-1682", "kind": "published", "published_date": "2022-12-21", "status": "published", "title": "Apple Safari DFG JIT Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1682/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-18337", "zdi_id": "ZDI-22-1682" }, { "cve": "CVE-2022-46349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1681/advisory.json", "detail_path": "advisories/ZDI-22-1681", "id": "ZDI-22-1681", "kind": "published", "published_date": "2022-12-20", "status": "published", "title": "Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1681/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19384", "zdi_id": "ZDI-22-1681" }, { "cve": "CVE-2022-46347", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1680/advisory.json", "detail_path": "advisories/ZDI-22-1680", "id": "ZDI-22-1680", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1680/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19079", "zdi_id": "ZDI-22-1680" }, { "cve": "CVE-2022-46346", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1679/advisory.json", "detail_path": "advisories/ZDI-22-1679", "id": "ZDI-22-1679", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1679/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19071", "zdi_id": "ZDI-22-1679" }, { "cve": "CVE-2022-46345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1678/advisory.json", "detail_path": "advisories/ZDI-22-1678", "id": "ZDI-22-1678", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1678/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-19070", "zdi_id": "ZDI-22-1678" }, { "cve": "CVE-2022-47211", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1677/advisory.json", "detail_path": "advisories/ZDI-22-1677", "id": "ZDI-22-1677", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Microsoft Office SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1677/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18517", "zdi_id": "ZDI-22-1677" }, { "cve": "CVE-2022-47212", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1676/advisory.json", "detail_path": "advisories/ZDI-22-1676", "id": "ZDI-22-1676", "kind": "published", "published_date": "2022-12-19", "status": "published", "title": "Microsoft Excel SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1676/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19182", "zdi_id": "ZDI-22-1676" }, { "cve": "CVE-2022-44697", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-1675/advisory.json", "detail_path": "advisories/ZDI-22-1675", "id": "ZDI-22-1675", "kind": "published", "published_date": "2022-12-16", "status": "published", "title": "Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1675/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18070", "zdi_id": "ZDI-22-1675" }, { "cve": "CVE-2022-44694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1674/advisory.json", "detail_path": "advisories/ZDI-22-1674", "id": "ZDI-22-1674", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1674/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19063", "zdi_id": "ZDI-22-1674" }, { "cve": "CVE-2022-44694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1673/advisory.json", "detail_path": "advisories/ZDI-22-1673", "id": "ZDI-22-1673", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1673/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19184", "zdi_id": "ZDI-22-1673" }, { "cve": "CVE-2022-44695", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1672/advisory.json", "detail_path": "advisories/ZDI-22-1672", "id": "ZDI-22-1672", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1672/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19048", "zdi_id": "ZDI-22-1672" }, { "cve": "CVE-2022-44696", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1671/advisory.json", "detail_path": "advisories/ZDI-22-1671", "id": "ZDI-22-1671", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1671/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19064", "zdi_id": "ZDI-22-1671" }, { "cve": "CVE-2022-44696", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1670/advisory.json", "detail_path": "advisories/ZDI-22-1670", "id": "ZDI-22-1670", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1670/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19065", "zdi_id": "ZDI-22-1670" }, { "cve": "CVE-2022-26805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1669/advisory.json", "detail_path": "advisories/ZDI-22-1669", "id": "ZDI-22-1669", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1669/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19286", "zdi_id": "ZDI-22-1669" }, { "cve": "CVE-2022-26806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1668/advisory.json", "detail_path": "advisories/ZDI-22-1668", "id": "ZDI-22-1668", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1668/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19285", "zdi_id": "ZDI-22-1668" }, { "cve": "CVE-2022-44694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1667/advisory.json", "detail_path": "advisories/ZDI-22-1667", "id": "ZDI-22-1667", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Microsoft Office Visio DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1667/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19047", "zdi_id": "ZDI-22-1667" }, { "cve": "CVE-2022-43608", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The...", "detail_json": "/data/advisories/ZDI-22-1666/advisory.json", "detail_path": "advisories/ZDI-22-1666", "id": "ZDI-22-1666", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Canon imageCLASS MF644Cdw BJNP Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1666/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-16032", "zdi_id": "ZDI-22-1666" }, { "cve": "CVE-2022-45798", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1665/advisory.json", "detail_path": "advisories/ZDI-22-1665", "id": "ZDI-22-1665", "kind": "published", "published_date": "2022-12-15", "status": "published", "title": "Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1665/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16543", "zdi_id": "ZDI-22-1665" }, { "cve": "CVE-2022-36964", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeserializeFromStrippedXml...", "detail_json": "/data/advisories/ZDI-22-1664/advisory.json", "detail_path": "advisories/ZDI-22-1664", "id": "ZDI-22-1664", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1664/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17718", "zdi_id": "ZDI-22-1664" }, { "cve": "CVE-2022-36962", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPdf function. The issue results fr...", "detail_json": "/data/advisories/ZDI-22-1663/advisory.json", "detail_path": "advisories/ZDI-22-1663", "id": "ZDI-22-1663", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "SolarWinds Network Performance Monitor GetPdf Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1663/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17678", "zdi_id": "ZDI-22-1663" }, { "cve": "CVE-2022-36960", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the CheckWhetherNonAdminAttemptsTo...", "detail_json": "/data/advisories/ZDI-22-1662/advisory.json", "detail_path": "advisories/ZDI-22-1662", "id": "ZDI-22-1662", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "SolarWinds Network Performance Monitor WebUserSettingsCrudHandler Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1662/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17644", "zdi_id": "ZDI-22-1662" }, { "cve": "CVE-2022-43641", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1661/advisory.json", "detail_path": "advisories/ZDI-22-1661", "id": "ZDI-22-1661", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1661/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-18894", "zdi_id": "ZDI-22-1661" }, { "cve": "CVE-2022-43640", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1660/advisory.json", "detail_path": "advisories/ZDI-22-1660", "id": "ZDI-22-1660", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1660/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-18629", "zdi_id": "ZDI-22-1660" }, { "cve": "CVE-2022-43639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1659/advisory.json", "detail_path": "advisories/ZDI-22-1659", "id": "ZDI-22-1659", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1659/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-18628", "zdi_id": "ZDI-22-1659" }, { "cve": "CVE-2022-43638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1658/advisory.json", "detail_path": "advisories/ZDI-22-1658", "id": "ZDI-22-1658", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1658/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-18627", "zdi_id": "ZDI-22-1658" }, { "cve": "CVE-2022-43637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1657/advisory.json", "detail_path": "advisories/ZDI-22-1657", "id": "ZDI-22-1657", "kind": "published", "published_date": "2022-11-23", "status": "published", "title": "Foxit PDF Reader U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1657/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-18626", "zdi_id": "ZDI-22-1657" }, { "cve": "CVE-2022-41175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1656/advisory.json", "detail_path": "advisories/ZDI-22-1656", "id": "ZDI-22-1656", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-11-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1656/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18154", "zdi_id": "ZDI-22-1656" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the rendering of...", "detail_json": "/data/advisories/ZDI-22-1655/advisory.json", "detail_path": "advisories/ZDI-22-1655", "id": "ZDI-22-1655", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "(Pwn2Own) Microsoft Teams chat Client-Side Template Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1655/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17427", "zdi_id": "ZDI-22-1655" }, { "cve": "CVE-2022-41082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DagNetMultiValuedProperty class. The issue resu...", "detail_json": "/data/advisories/ZDI-22-1654/advisory.json", "detail_path": "advisories/ZDI-22-1654", "id": "ZDI-22-1654", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange DagNetMultiValuedProperty Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1654/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18986", "zdi_id": "ZDI-22-1654" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler class. The issue results fr...", "detail_json": "/data/advisories/ZDI-22-1653/advisory.json", "detail_path": "advisories/ZDI-22-1653", "id": "ZDI-22-1653", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FileHandler Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1653/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18972", "zdi_id": "ZDI-22-1653" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MatlabWriter class. The issue res...", "detail_json": "/data/advisories/ZDI-22-1652/advisory.json", "detail_path": "advisories/ZDI-22-1652", "id": "ZDI-22-1652", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange MatlabWriter Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1652/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18973", "zdi_id": "ZDI-22-1652" }, { "cve": "CVE-2022-41082", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FormattedTextWriterTraceListener...", "detail_json": "/data/advisories/ZDI-22-1651/advisory.json", "detail_path": "advisories/ZDI-22-1651", "id": "ZDI-22-1651", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FormattedTextWriterTraceListener Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1651/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18959", "zdi_id": "ZDI-22-1651" }, { "cve": "CVE-2022-41082", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the OrganizationInitializationDefinition cl...", "detail_json": "/data/advisories/ZDI-22-1650/advisory.json", "detail_path": "advisories/ZDI-22-1650", "id": "ZDI-22-1650", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange OrganizationInitializationDefinition External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1650/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18958", "zdi_id": "ZDI-22-1650" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files and create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileLo...", "detail_json": "/data/advisories/ZDI-22-1649/advisory.json", "detail_path": "advisories/ZDI-22-1649", "id": "ZDI-22-1649", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FileLog Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1649/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18957", "zdi_id": "ZDI-22-1649" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the TraceFile class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1648/advisory.json", "detail_path": "advisories/ZDI-22-1648", "id": "ZDI-22-1648", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange TraceFile Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1648/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18956", "zdi_id": "ZDI-22-1648" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PEFile class. The issue results from th...", "detail_json": "/data/advisories/ZDI-22-1647/advisory.json", "detail_path": "advisories/ZDI-22-1647", "id": "ZDI-22-1647", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange PEFile Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1647/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18955", "zdi_id": "ZDI-22-1647" }, { "cve": "CVE-2022-41082", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FlatFileTraceListener class. The...", "detail_json": "/data/advisories/ZDI-22-1646/advisory.json", "detail_path": "advisories/ZDI-22-1646", "id": "ZDI-22-1646", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FlatFileTraceListener Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1646/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18954", "zdi_id": "ZDI-22-1646" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MsiDatabase class. The issue results fr...", "detail_json": "/data/advisories/ZDI-22-1645/advisory.json", "detail_path": "advisories/ZDI-22-1645", "id": "ZDI-22-1645", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange MsiDatabase Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18953", "zdi_id": "ZDI-22-1645" }, { "cve": "CVE-2022-41082", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the RecipientProvisioningDefinition class....", "detail_json": "/data/advisories/ZDI-22-1644/advisory.json", "detail_path": "advisories/ZDI-22-1644", "id": "ZDI-22-1644", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange RecipientProvisioningDefinition External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1644/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18952", "zdi_id": "ZDI-22-1644" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DbgEngDataReader class. The issue resul...", "detail_json": "/data/advisories/ZDI-22-1643/advisory.json", "detail_path": "advisories/ZDI-22-1643", "id": "ZDI-22-1643", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange DbgEngDataReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1643/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18951", "zdi_id": "ZDI-22-1643" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileDependency class. The issue results...", "detail_json": "/data/advisories/ZDI-22-1642/advisory.json", "detail_path": "advisories/ZDI-22-1642", "id": "ZDI-22-1642", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FileDependency Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1642/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18950", "zdi_id": "ZDI-22-1642" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the EtwFile class. The issue results from t...", "detail_json": "/data/advisories/ZDI-22-1641/advisory.json", "detail_path": "advisories/ZDI-22-1641", "id": "ZDI-22-1641", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange EtwFile Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1641/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18949", "zdi_id": "ZDI-22-1641" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DumpReader class. The issue results fro...", "detail_json": "/data/advisories/ZDI-22-1640/advisory.json", "detail_path": "advisories/ZDI-22-1640", "id": "ZDI-22-1640", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange DumpReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1640/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18948", "zdi_id": "ZDI-22-1640" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PstStatusLog class. The issue res...", "detail_json": "/data/advisories/ZDI-22-1639/advisory.json", "detail_path": "advisories/ZDI-22-1639", "id": "ZDI-22-1639", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange PstStatusLog Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18947", "zdi_id": "ZDI-22-1639" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the DumpDataReader class. The issue results...", "detail_json": "/data/advisories/ZDI-22-1638/advisory.json", "detail_path": "advisories/ZDI-22-1638", "id": "ZDI-22-1638", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange DumpDataReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1638/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18946", "zdi_id": "ZDI-22-1638" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileConfigurationSource class. The issu...", "detail_json": "/data/advisories/ZDI-22-1637/advisory.json", "detail_path": "advisories/ZDI-22-1637", "id": "ZDI-22-1637", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange FileConfigurationSource Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1637/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18945", "zdi_id": "ZDI-22-1637" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PdbReader class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1636/advisory.json", "detail_path": "advisories/ZDI-22-1636", "id": "ZDI-22-1636", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange PdbReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1636/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18944", "zdi_id": "ZDI-22-1636" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PromptPreviewRpcResponse class. The iss...", "detail_json": "/data/advisories/ZDI-22-1635/advisory.json", "detail_path": "advisories/ZDI-22-1635", "id": "ZDI-22-1635", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange PromptPreviewRpcResponse Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1635/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18943", "zdi_id": "ZDI-22-1635" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the GsmReader class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1634/advisory.json", "detail_path": "advisories/ZDI-22-1634", "id": "ZDI-22-1634", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange GsmReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1634/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18942", "zdi_id": "ZDI-22-1634" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the ScriptingAgentConfiguration class. The...", "detail_json": "/data/advisories/ZDI-22-1633/advisory.json", "detail_path": "advisories/ZDI-22-1633", "id": "ZDI-22-1633", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange ScriptingAgentConfiguration Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1633/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18941", "zdi_id": "ZDI-22-1633" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppConfigAssemblyResolver class. The is...", "detail_json": "/data/advisories/ZDI-22-1632/advisory.json", "detail_path": "advisories/ZDI-22-1632", "id": "ZDI-22-1632", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange AppConfigAssemblyResolver Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1632/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18940", "zdi_id": "ZDI-22-1632" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PcmReader class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1631/advisory.json", "detail_path": "advisories/ZDI-22-1631", "id": "ZDI-22-1631", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange PcmReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1631/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18939", "zdi_id": "ZDI-22-1631" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the G711Reader class. The issue results fro...", "detail_json": "/data/advisories/ZDI-22-1630/advisory.json", "detail_path": "advisories/ZDI-22-1630", "id": "ZDI-22-1630", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange G711Reader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1630/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18938", "zdi_id": "ZDI-22-1630" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the GsmWriter class. The issue result...", "detail_json": "/data/advisories/ZDI-22-1629/advisory.json", "detail_path": "advisories/ZDI-22-1629", "id": "ZDI-22-1629", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange GsmWriter Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1629/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18937", "zdi_id": "ZDI-22-1629" }, { "cve": "CVE-2022-41082", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the WmaReader class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1628/advisory.json", "detail_path": "advisories/ZDI-22-1628", "id": "ZDI-22-1628", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange WmaReader Exposed Dangerous Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1628/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18936", "zdi_id": "ZDI-22-1628" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the StreamWriterWrapper class. The is...", "detail_json": "/data/advisories/ZDI-22-1627/advisory.json", "detail_path": "advisories/ZDI-22-1627", "id": "ZDI-22-1627", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange StreamWriterWrapper Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1627/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18901", "zdi_id": "ZDI-22-1627" }, { "cve": "CVE-2022-41082", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MsgStorageWriter class. The issue...", "detail_json": "/data/advisories/ZDI-22-1626/advisory.json", "detail_path": "advisories/ZDI-22-1626", "id": "ZDI-22-1626", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange MsgStorageWriter Exposed Dangerous Function Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1626/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18900", "zdi_id": "ZDI-22-1626" }, { "cve": "CVE-2022-41082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the Command class. The issue results from the expos...", "detail_json": "/data/advisories/ZDI-22-1625/advisory.json", "detail_path": "advisories/ZDI-22-1625", "id": "ZDI-22-1625", "kind": "published", "published_date": "2022-11-22", "status": "published", "title": "Microsoft Exchange Command Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1625/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18932", "zdi_id": "ZDI-22-1625" }, { "cve": "CVE-2022-41082", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The issue results from the...", "detail_json": "/data/advisories/ZDI-22-1624/advisory.json", "detail_path": "advisories/ZDI-22-1624", "id": "ZDI-22-1624", "kind": "published", "published_date": "2022-10-17", "status": "published", "title": "Microsoft Exchange PowerShell Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-11-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1624/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18333", "zdi_id": "ZDI-22-1624" }, { "cve": "CVE-2022-37932", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OfficeConnect 1820 switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-22-1623/advisory.json", "detail_path": "advisories/ZDI-22-1623", "id": "ZDI-22-1623", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1623/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-17747", "zdi_id": "ZDI-22-1623" }, { "cve": "CVE-2022-44653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1622/advisory.json", "detail_path": "advisories/ZDI-22-1622", "id": "ZDI-22-1622", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Security Agent Directory Traversal Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1622/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16928", "zdi_id": "ZDI-22-1622" }, { "cve": "CVE-2022-44652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1621/advisory.json", "detail_path": "advisories/ZDI-22-1621", "id": "ZDI-22-1621", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Improper Handling of Exceptional Conditions Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1621/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16539", "zdi_id": "ZDI-22-1621" }, { "cve": "CVE-2022-44651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1620/advisory.json", "detail_path": "advisories/ZDI-22-1620", "id": "ZDI-22-1620", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1620/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17337", "zdi_id": "ZDI-22-1620" }, { "cve": "CVE-2022-44649", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1619/advisory.json", "detail_path": "advisories/ZDI-22-1619", "id": "ZDI-22-1619", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Unauthorized Change Prevention Service Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1619/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17387", "zdi_id": "ZDI-22-1619" }, { "cve": "CVE-2022-44648", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-22-1618/advisory.json", "detail_path": "advisories/ZDI-22-1618", "id": "ZDI-22-1618", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1618/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16566", "zdi_id": "ZDI-22-1618" }, { "cve": "CVE-2022-44647", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-22-1617/advisory.json", "detail_path": "advisories/ZDI-22-1617", "id": "ZDI-22-1617", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-11-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1617/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16565", "zdi_id": "ZDI-22-1617" }, { "cve": "CVE-2022-44650", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1616/advisory.json", "detail_path": "advisories/ZDI-22-1616", "id": "ZDI-22-1616", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Trend Micro Apex One Unauthorized Change Prevention Service Memory Corruption Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1616/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17432", "zdi_id": "ZDI-22-1616" }, { "cve": "CVE-2022-43635", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, whi...", "detail_json": "/data/advisories/ZDI-22-1615/advisory.json", "detail_path": "advisories/ZDI-22-1615", "id": "ZDI-22-1615", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1615/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-17332", "zdi_id": "ZDI-22-1615" }, { "cve": "CVE-2022-43636", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listen...", "detail_json": "/data/advisories/ZDI-22-1614/advisory.json", "detail_path": "advisories/ZDI-22-1614", "id": "ZDI-22-1614", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability", "updated_date": "2023-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1614/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-18334", "zdi_id": "ZDI-22-1614" }, { "cve": "CVE-2022-40772", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The iss...", "detail_json": "/data/advisories/ZDI-22-1613/advisory.json", "detail_path": "advisories/ZDI-22-1613", "id": "ZDI-22-1613", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1613/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18609", "zdi_id": "ZDI-22-1613" }, { "cve": "CVE-2022-40771", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getAsDoc function. Due to th...", "detail_json": "/data/advisories/ZDI-22-1612/advisory.json", "detail_path": "advisories/ZDI-22-1612", "id": "ZDI-22-1612", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "ManageEngine ServiceDesk Plus getAsDoc XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1612/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18280", "zdi_id": "ZDI-22-1612" }, { "cve": "CVE-2022-40770", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the invokeDataUploadTool function. The i...", "detail_json": "/data/advisories/ZDI-22-1611/advisory.json", "detail_path": "advisories/ZDI-22-1611", "id": "ZDI-22-1611", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "ManageEngine ServiceDesk Plus invokeDataUploadTool Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1611/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18260", "zdi_id": "ZDI-22-1611" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the communication...", "detail_json": "/data/advisories/ZDI-22-1610/advisory.json", "detail_path": "advisories/ZDI-22-1610", "id": "ZDI-22-1610", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams electronSafeIpc Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1610/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17466", "zdi_id": "ZDI-22-1610" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the rendering of...", "detail_json": "/data/advisories/ZDI-22-1609/advisory.json", "detail_path": "advisories/ZDI-22-1609", "id": "ZDI-22-1609", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams chat Client-Side Template Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1609/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17462", "zdi_id": "ZDI-22-1609" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1608/advisory.json", "detail_path": "advisories/ZDI-22-1608", "id": "ZDI-22-1608", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams URL Allowlist Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1608/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17397", "zdi_id": "ZDI-22-1608" }, { "cve": null, "cvss": 4.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. An attacker must first obtain the ability to execute script within the application window in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1607/advisory.json", "detail_path": "advisories/ZDI-22-1607", "id": "ZDI-22-1607", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams Unnecessary Privileges Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1607/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17526", "zdi_id": "ZDI-22-1607" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Microsoft Teams. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-22-1606/advisory.json", "detail_path": "advisories/ZDI-22-1606", "id": "ZDI-22-1606", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams pluginHost Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1606/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17467", "zdi_id": "ZDI-22-1606" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization and are both participants in a meeting. The specif...", "detail_json": "/data/advisories/ZDI-22-1605/advisory.json", "detail_path": "advisories/ZDI-22-1605", "id": "ZDI-22-1605", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "(Pwn2Own) Microsoft Teams WebView Incorrect Privilege Assignment Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1605/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17393", "zdi_id": "ZDI-22-1605" }, { "cve": "CVE-2022-41079", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the SerializationTypeConverter class. The issue res...", "detail_json": "/data/advisories/ZDI-22-1604/advisory.json", "detail_path": "advisories/ZDI-22-1604", "id": "ZDI-22-1604", "kind": "published", "published_date": "2024-10-16", "status": "published", "title": "Microsoft Exchange SerializationTypeConverter Deserialization of Untrusted Data NTLM Relay Vulnerability", "updated_date": "2024-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1604/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18882", "zdi_id": "ZDI-22-1604" }, { "cve": "CVE-2022-41123", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-22-1603/advisory.json", "detail_path": "advisories/ZDI-22-1603", "id": "ZDI-22-1603", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1603/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19100", "zdi_id": "ZDI-22-1603" }, { "cve": "CVE-2022-41123", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-22-1602/advisory.json", "detail_path": "advisories/ZDI-22-1602", "id": "ZDI-22-1602", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Exchange TorusTryAccessCheck Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1602/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-19043", "zdi_id": "ZDI-22-1602" }, { "cve": "CVE-2022-41078", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the ApprovedApplication class. The issue results fr...", "detail_json": "/data/advisories/ZDI-22-1601/advisory.json", "detail_path": "advisories/ZDI-22-1601", "id": "ZDI-22-1601", "kind": "published", "published_date": "2024-10-16", "status": "published", "title": "Microsoft Exchange ApprovedApplication Exposed Dangerous Method NTLM Relay Vulnerability", "updated_date": "2024-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1601/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18881", "zdi_id": "ZDI-22-1601" }, { "cve": "CVE-2022-41107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1600/advisory.json", "detail_path": "advisories/ZDI-22-1600", "id": "ZDI-22-1600", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft PowerPoint FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1600/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18390", "zdi_id": "ZDI-22-1600" }, { "cve": "CVE-2022-41107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1599/advisory.json", "detail_path": "advisories/ZDI-22-1599", "id": "ZDI-22-1599", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Word FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1599/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18389", "zdi_id": "ZDI-22-1599" }, { "cve": "CVE-2022-41107", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1598/advisory.json", "detail_path": "advisories/ZDI-22-1598", "id": "ZDI-22-1598", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Excel FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1598/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18382", "zdi_id": "ZDI-22-1598" }, { "cve": "CVE-2022-41107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1597/advisory.json", "detail_path": "advisories/ZDI-22-1597", "id": "ZDI-22-1597", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Excel FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1597/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18371", "zdi_id": "ZDI-22-1597" }, { "cve": "CVE-2022-41052", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-1596/advisory.json", "detail_path": "advisories/ZDI-22-1596", "id": "ZDI-22-1596", "kind": "published", "published_date": "2022-11-21", "status": "published", "title": "Microsoft Raw Image Extension CR2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1596/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18224", "zdi_id": "ZDI-22-1596" }, { "cve": "CVE-2022-41040", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the l...", "detail_json": "/data/advisories/ZDI-22-1595/advisory.json", "detail_path": "advisories/ZDI-22-1595", "id": "ZDI-22-1595", "kind": "published", "published_date": "2022-10-17", "status": "published", "title": "Microsoft Exchange Autodiscover Server-Side Request Forgery Privilege Escalation Vulnerability", "updated_date": "2022-11-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1595/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18802", "zdi_id": "ZDI-22-1595" }, { "cve": "CVE-2022-39157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1594/advisory.json", "detail_path": "advisories/ZDI-22-1594", "id": "ZDI-22-1594", "kind": "published", "published_date": "2022-11-17", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1594/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17745", "zdi_id": "ZDI-22-1594" }, { "cve": "CVE-2022-43397", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1593/advisory.json", "detail_path": "advisories/ZDI-22-1593", "id": "ZDI-22-1593", "kind": "published", "published_date": "2022-11-17", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1593/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17854", "zdi_id": "ZDI-22-1593" }, { "cve": "CVE-2022-41879", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the \\_expandResultOnKeyPath function. The issue results f...", "detail_json": "/data/advisories/ZDI-22-1592/advisory.json", "detail_path": "advisories/ZDI-22-1592", "id": "ZDI-22-1592", "kind": "published", "published_date": "2022-11-15", "status": "published", "title": "Parse Server _expandResultOnKeyPath Prototype Pollution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1592/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-18806", "zdi_id": "ZDI-22-1592" }, { "cve": "CVE-2022-41878", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the buildUpdatedObject function. The issue results from t...", "detail_json": "/data/advisories/ZDI-22-1591/advisory.json", "detail_path": "advisories/ZDI-22-1591", "id": "ZDI-22-1591", "kind": "published", "published_date": "2022-11-15", "status": "published", "title": "Parse Server buildUpdatedObject Prototype Pollution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1591/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-18750", "zdi_id": "ZDI-22-1591" }, { "cve": "CVE-2022-39396", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the transformUpdate function. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1590/advisory.json", "detail_path": "advisories/ZDI-22-1590", "id": "ZDI-22-1590", "kind": "published", "published_date": "2022-11-15", "status": "published", "title": "Parse Server transformUpdate Prototype Pollution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1590/", "vendor": "Parse", "vendor_url": null, "zdi_can": "ZDI-CAN-18358", "zdi_id": "ZDI-22-1590" }, { "cve": "CVE-2022-41092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1589/advisory.json", "detail_path": "advisories/ZDI-22-1589", "id": "ZDI-22-1589", "kind": "published", "published_date": "2022-11-15", "status": "published", "title": "Microsoft Windows Output Protection Manager Integer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2022-11-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1589/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17568", "zdi_id": "ZDI-22-1589" }, { "cve": "CVE-2022-39804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1588/advisory.json", "detail_path": "advisories/ZDI-22-1588", "id": "ZDI-22-1588", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1588/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18153", "zdi_id": "ZDI-22-1588" }, { "cve": "CVE-2022-41176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1587/advisory.json", "detail_path": "advisories/ZDI-22-1587", "id": "ZDI-22-1587", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1587/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18152", "zdi_id": "ZDI-22-1587" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1586/advisory.json", "detail_path": "advisories/ZDI-22-1586", "id": "ZDI-22-1586", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1586/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18223", "zdi_id": "ZDI-22-1586" }, { "cve": "CVE-2022-41182", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1585/advisory.json", "detail_path": "advisories/ZDI-22-1585", "id": "ZDI-22-1585", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1585/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18222", "zdi_id": "ZDI-22-1585" }, { "cve": "CVE-2022-41182", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1584/advisory.json", "detail_path": "advisories/ZDI-22-1584", "id": "ZDI-22-1584", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1584/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18221", "zdi_id": "ZDI-22-1584" }, { "cve": "CVE-2022-41181", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1583/advisory.json", "detail_path": "advisories/ZDI-22-1583", "id": "ZDI-22-1583", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1583/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18220", "zdi_id": "ZDI-22-1583" }, { "cve": "CVE-2022-41180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1582/advisory.json", "detail_path": "advisories/ZDI-22-1582", "id": "ZDI-22-1582", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1582/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18219", "zdi_id": "ZDI-22-1582" }, { "cve": "CVE-2022-41180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1581/advisory.json", "detail_path": "advisories/ZDI-22-1581", "id": "ZDI-22-1581", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1581/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18218", "zdi_id": "ZDI-22-1581" }, { "cve": "CVE-2022-41180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1580/advisory.json", "detail_path": "advisories/ZDI-22-1580", "id": "ZDI-22-1580", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1580/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18217", "zdi_id": "ZDI-22-1580" }, { "cve": "CVE-2022-41180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1579/advisory.json", "detail_path": "advisories/ZDI-22-1579", "id": "ZDI-22-1579", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1579/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18216", "zdi_id": "ZDI-22-1579" }, { "cve": "CVE-2022-41179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1578/advisory.json", "detail_path": "advisories/ZDI-22-1578", "id": "ZDI-22-1578", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1578/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18215", "zdi_id": "ZDI-22-1578" }, { "cve": "CVE-2022-41179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1577/advisory.json", "detail_path": "advisories/ZDI-22-1577", "id": "ZDI-22-1577", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1577/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18214", "zdi_id": "ZDI-22-1577" }, { "cve": "CVE-2022-41179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1576/advisory.json", "detail_path": "advisories/ZDI-22-1576", "id": "ZDI-22-1576", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1576/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18213", "zdi_id": "ZDI-22-1576" }, { "cve": "CVE-2022-41179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1575/advisory.json", "detail_path": "advisories/ZDI-22-1575", "id": "ZDI-22-1575", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1575/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18212", "zdi_id": "ZDI-22-1575" }, { "cve": "CVE-2022-41172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1574/advisory.json", "detail_path": "advisories/ZDI-22-1574", "id": "ZDI-22-1574", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1574/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18211", "zdi_id": "ZDI-22-1574" }, { "cve": "CVE-2022-41173", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1573/advisory.json", "detail_path": "advisories/ZDI-22-1573", "id": "ZDI-22-1573", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1573/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18210", "zdi_id": "ZDI-22-1573" }, { "cve": "CVE-2022-41172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1572/advisory.json", "detail_path": "advisories/ZDI-22-1572", "id": "ZDI-22-1572", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1572/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18209", "zdi_id": "ZDI-22-1572" }, { "cve": "CVE-2022-41172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1571/advisory.json", "detail_path": "advisories/ZDI-22-1571", "id": "ZDI-22-1571", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1571/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18208", "zdi_id": "ZDI-22-1571" }, { "cve": "CVE-2022-41172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1570/advisory.json", "detail_path": "advisories/ZDI-22-1570", "id": "ZDI-22-1570", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1570/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18207", "zdi_id": "ZDI-22-1570" }, { "cve": "CVE-2022-41172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1569/advisory.json", "detail_path": "advisories/ZDI-22-1569", "id": "ZDI-22-1569", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1569/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18206", "zdi_id": "ZDI-22-1569" }, { "cve": "CVE-2022-41168", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1568/advisory.json", "detail_path": "advisories/ZDI-22-1568", "id": "ZDI-22-1568", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CATPart File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1568/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18205", "zdi_id": "ZDI-22-1568" }, { "cve": "CVE-2022-41187", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1567/advisory.json", "detail_path": "advisories/ZDI-22-1567", "id": "ZDI-22-1567", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer OBJ File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1567/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18159", "zdi_id": "ZDI-22-1567" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1566/advisory.json", "detail_path": "advisories/ZDI-22-1566", "id": "ZDI-22-1566", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1566/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18143", "zdi_id": "ZDI-22-1566" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1565/advisory.json", "detail_path": "advisories/ZDI-22-1565", "id": "ZDI-22-1565", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1565/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18142", "zdi_id": "ZDI-22-1565" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1564/advisory.json", "detail_path": "advisories/ZDI-22-1564", "id": "ZDI-22-1564", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1564/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18141", "zdi_id": "ZDI-22-1564" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1563/advisory.json", "detail_path": "advisories/ZDI-22-1563", "id": "ZDI-22-1563", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1563/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18140", "zdi_id": "ZDI-22-1563" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1562/advisory.json", "detail_path": "advisories/ZDI-22-1562", "id": "ZDI-22-1562", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1562/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18139", "zdi_id": "ZDI-22-1562" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1561/advisory.json", "detail_path": "advisories/ZDI-22-1561", "id": "ZDI-22-1561", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1561/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18138", "zdi_id": "ZDI-22-1561" }, { "cve": "CVE-2022-39808", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1560/advisory.json", "detail_path": "advisories/ZDI-22-1560", "id": "ZDI-22-1560", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author OBJ File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1560/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18137", "zdi_id": "ZDI-22-1560" }, { "cve": "CVE-2022-41170", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1559/advisory.json", "detail_path": "advisories/ZDI-22-1559", "id": "ZDI-22-1559", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1559/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18136", "zdi_id": "ZDI-22-1559" }, { "cve": "CVE-2022-41171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1558/advisory.json", "detail_path": "advisories/ZDI-22-1558", "id": "ZDI-22-1558", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1558/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18135", "zdi_id": "ZDI-22-1558" }, { "cve": "CVE-2022-41177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1557/advisory.json", "detail_path": "advisories/ZDI-22-1557", "id": "ZDI-22-1557", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author IGES File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1557/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18134", "zdi_id": "ZDI-22-1557" }, { "cve": "CVE-2022-41177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1556/advisory.json", "detail_path": "advisories/ZDI-22-1556", "id": "ZDI-22-1556", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author IGES File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1556/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18133", "zdi_id": "ZDI-22-1556" }, { "cve": "CVE-2022-41178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1555/advisory.json", "detail_path": "advisories/ZDI-22-1555", "id": "ZDI-22-1555", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author IGES File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1555/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18132", "zdi_id": "ZDI-22-1555" }, { "cve": "CVE-2022-41177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1554/advisory.json", "detail_path": "advisories/ZDI-22-1554", "id": "ZDI-22-1554", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author IGES File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1554/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18131", "zdi_id": "ZDI-22-1554" }, { "cve": "CVE-2022-41177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1553/advisory.json", "detail_path": "advisories/ZDI-22-1553", "id": "ZDI-22-1553", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author IGES File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1553/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18130", "zdi_id": "ZDI-22-1553" }, { "cve": "CVE-2022-41176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1552/advisory.json", "detail_path": "advisories/ZDI-22-1552", "id": "ZDI-22-1552", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1552/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18129", "zdi_id": "ZDI-22-1552" }, { "cve": "CVE-2022-41175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1551/advisory.json", "detail_path": "advisories/ZDI-22-1551", "id": "ZDI-22-1551", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author EMF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1551/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18128", "zdi_id": "ZDI-22-1551" }, { "cve": "CVE-2022-41167", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1550/advisory.json", "detail_path": "advisories/ZDI-22-1550", "id": "ZDI-22-1550", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1550/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18127", "zdi_id": "ZDI-22-1550" }, { "cve": "CVE-2022-41167", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1549/advisory.json", "detail_path": "advisories/ZDI-22-1549", "id": "ZDI-22-1549", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1549/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18126", "zdi_id": "ZDI-22-1549" }, { "cve": "CVE-2022-41184", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1548/advisory.json", "detail_path": "advisories/ZDI-22-1548", "id": "ZDI-22-1548", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CUR File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1548/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18125", "zdi_id": "ZDI-22-1548" }, { "cve": "CVE-2022-41183", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1547/advisory.json", "detail_path": "advisories/ZDI-22-1547", "id": "ZDI-22-1547", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CUR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1547/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18124", "zdi_id": "ZDI-22-1547" }, { "cve": "CVE-2022-41168", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1546/advisory.json", "detail_path": "advisories/ZDI-22-1546", "id": "ZDI-22-1546", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CATPart File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1546/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18123", "zdi_id": "ZDI-22-1546" }, { "cve": "CVE-2022-41169", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1545/advisory.json", "detail_path": "advisories/ZDI-22-1545", "id": "ZDI-22-1545", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CATPart File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1545/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18122", "zdi_id": "ZDI-22-1545" }, { "cve": "CVE-2022-41167", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1544/advisory.json", "detail_path": "advisories/ZDI-22-1544", "id": "ZDI-22-1544", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1544/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18121", "zdi_id": "ZDI-22-1544" }, { "cve": "CVE-2022-41166", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1543/advisory.json", "detail_path": "advisories/ZDI-22-1543", "id": "ZDI-22-1543", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1543/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18120", "zdi_id": "ZDI-22-1543" }, { "cve": "CVE-2022-41173", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1542/advisory.json", "detail_path": "advisories/ZDI-22-1542", "id": "ZDI-22-1542", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1542/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18119", "zdi_id": "ZDI-22-1542" }, { "cve": "CVE-2022-39805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1541/advisory.json", "detail_path": "advisories/ZDI-22-1541", "id": "ZDI-22-1541", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1541/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18117", "zdi_id": "ZDI-22-1541" }, { "cve": "CVE-2022-39804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1540/advisory.json", "detail_path": "advisories/ZDI-22-1540", "id": "ZDI-22-1540", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SLDPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1540/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18147", "zdi_id": "ZDI-22-1540" }, { "cve": "CVE-2022-39804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1539/advisory.json", "detail_path": "advisories/ZDI-22-1539", "id": "ZDI-22-1539", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SLDPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1539/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18146", "zdi_id": "ZDI-22-1539" }, { "cve": "CVE-2022-39806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1538/advisory.json", "detail_path": "advisories/ZDI-22-1538", "id": "ZDI-22-1538", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1538/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18145", "zdi_id": "ZDI-22-1538" }, { "cve": "CVE-2022-39807", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1537/advisory.json", "detail_path": "advisories/ZDI-22-1537", "id": "ZDI-22-1537", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SLDASM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1537/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18144", "zdi_id": "ZDI-22-1537" }, { "cve": "CVE-2022-39803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1536/advisory.json", "detail_path": "advisories/ZDI-22-1536", "id": "ZDI-22-1536", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Author SAT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1536/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18148", "zdi_id": "ZDI-22-1536" }, { "cve": "CVE-2022-41197", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1535/advisory.json", "detail_path": "advisories/ZDI-22-1535", "id": "ZDI-22-1535", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1535/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18067", "zdi_id": "ZDI-22-1535" }, { "cve": "CVE-2022-41202", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1534/advisory.json", "detail_path": "advisories/ZDI-22-1534", "id": "ZDI-22-1534", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer VDS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1534/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18010", "zdi_id": "ZDI-22-1534" }, { "cve": "CVE-2022-41199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1533/advisory.json", "detail_path": "advisories/ZDI-22-1533", "id": "ZDI-22-1533", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IV File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1533/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18009", "zdi_id": "ZDI-22-1533" }, { "cve": "CVE-2022-41196", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1532/advisory.json", "detail_path": "advisories/ZDI-22-1532", "id": "ZDI-22-1532", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer WRL File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1532/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18011", "zdi_id": "ZDI-22-1532" }, { "cve": "CVE-2022-41196", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1531/advisory.json", "detail_path": "advisories/ZDI-22-1531", "id": "ZDI-22-1531", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1531/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18020", "zdi_id": "ZDI-22-1531" }, { "cve": "CVE-2022-41191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1530/advisory.json", "detail_path": "advisories/ZDI-22-1530", "id": "ZDI-22-1530", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1530/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17926", "zdi_id": "ZDI-22-1530" }, { "cve": "CVE-2022-41192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1529/advisory.json", "detail_path": "advisories/ZDI-22-1529", "id": "ZDI-22-1529", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1529/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17924", "zdi_id": "ZDI-22-1529" }, { "cve": "CVE-2022-41190", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers todisclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-22-1528/advisory.json", "detail_path": "advisories/ZDI-22-1528", "id": "ZDI-22-1528", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1528/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-18012", "zdi_id": "ZDI-22-1528" }, { "cve": "CVE-2022-41195", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1527/advisory.json", "detail_path": "advisories/ZDI-22-1527", "id": "ZDI-22-1527", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1527/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17968", "zdi_id": "ZDI-22-1527" }, { "cve": "CVE-2022-41191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1526/advisory.json", "detail_path": "advisories/ZDI-22-1526", "id": "ZDI-22-1526", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1526/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17805", "zdi_id": "ZDI-22-1526" }, { "cve": "CVE-2022-41191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1525/advisory.json", "detail_path": "advisories/ZDI-22-1525", "id": "ZDI-22-1525", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1525/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17867", "zdi_id": "ZDI-22-1525" }, { "cve": "CVE-2022-41186", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1524/advisory.json", "detail_path": "advisories/ZDI-22-1524", "id": "ZDI-22-1524", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1524/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17895", "zdi_id": "ZDI-22-1524" }, { "cve": "CVE-2022-41186", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1523/advisory.json", "detail_path": "advisories/ZDI-22-1523", "id": "ZDI-22-1523", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1523/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17783", "zdi_id": "ZDI-22-1523" }, { "cve": "CVE-2022-41192", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1522/advisory.json", "detail_path": "advisories/ZDI-22-1522", "id": "ZDI-22-1522", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1522/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17780", "zdi_id": "ZDI-22-1522" }, { "cve": "CVE-2022-41200", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1521/advisory.json", "detail_path": "advisories/ZDI-22-1521", "id": "ZDI-22-1521", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SVG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1521/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17779", "zdi_id": "ZDI-22-1521" }, { "cve": "CVE-2022-41191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1520/advisory.json", "detail_path": "advisories/ZDI-22-1520", "id": "ZDI-22-1520", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1520/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17953", "zdi_id": "ZDI-22-1520" }, { "cve": "CVE-2022-41186", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1519/advisory.json", "detail_path": "advisories/ZDI-22-1519", "id": "ZDI-22-1519", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1519/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17914", "zdi_id": "ZDI-22-1519" }, { "cve": "CVE-2022-41195", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1518/advisory.json", "detail_path": "advisories/ZDI-22-1518", "id": "ZDI-22-1518", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1518/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17774", "zdi_id": "ZDI-22-1518" }, { "cve": "CVE-2022-41190", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1517/advisory.json", "detail_path": "advisories/ZDI-22-1517", "id": "ZDI-22-1517", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1517/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17773", "zdi_id": "ZDI-22-1517" }, { "cve": "CVE-2022-41192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1516/advisory.json", "detail_path": "advisories/ZDI-22-1516", "id": "ZDI-22-1516", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1516/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17776", "zdi_id": "ZDI-22-1516" }, { "cve": "CVE-2022-41186", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1515/advisory.json", "detail_path": "advisories/ZDI-22-1515", "id": "ZDI-22-1515", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1515/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17775", "zdi_id": "ZDI-22-1515" }, { "cve": "CVE-2022-41188", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1514/advisory.json", "detail_path": "advisories/ZDI-22-1514", "id": "ZDI-22-1514", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1514/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17761", "zdi_id": "ZDI-22-1514" }, { "cve": "CVE-2022-41187", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-22-1513/advisory.json", "detail_path": "advisories/ZDI-22-1513", "id": "ZDI-22-1513", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer OBJ File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1513/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17760", "zdi_id": "ZDI-22-1513" }, { "cve": "CVE-2022-41193", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1512/advisory.json", "detail_path": "advisories/ZDI-22-1512", "id": "ZDI-22-1512", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer EPS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1512/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17759", "zdi_id": "ZDI-22-1512" }, { "cve": "CVE-2022-41189", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1511/advisory.json", "detail_path": "advisories/ZDI-22-1511", "id": "ZDI-22-1511", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1511/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17758", "zdi_id": "ZDI-22-1511" }, { "cve": "CVE-2022-41190", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1510/advisory.json", "detail_path": "advisories/ZDI-22-1510", "id": "ZDI-22-1510", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1510/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17757", "zdi_id": "ZDI-22-1510" }, { "cve": "CVE-2022-41198", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1509/advisory.json", "detail_path": "advisories/ZDI-22-1509", "id": "ZDI-22-1509", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1509/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17756", "zdi_id": "ZDI-22-1509" }, { "cve": "CVE-2022-41189", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1508/advisory.json", "detail_path": "advisories/ZDI-22-1508", "id": "ZDI-22-1508", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1508/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-17777", "zdi_id": "ZDI-22-1508" }, { "cve": "CVE-2022-41189", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1507/advisory.json", "detail_path": "advisories/ZDI-22-1507", "id": "ZDI-22-1507", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1507/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16004", "zdi_id": "ZDI-22-1507" }, { "cve": "CVE-2022-41198", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1506/advisory.json", "detail_path": "advisories/ZDI-22-1506", "id": "ZDI-22-1506", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1506/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15993", "zdi_id": "ZDI-22-1506" }, { "cve": "CVE-2022-43633", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1505/advisory.json", "detail_path": "advisories/ZDI-22-1505", "id": "ZDI-22-1505", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetSysLogSettings IPAddress Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1505/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16154", "zdi_id": "ZDI-22-1505" }, { "cve": "CVE-2022-43632", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1504/advisory.json", "detail_path": "advisories/ZDI-22-1504", "id": "ZDI-22-1504", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetQoSSettings QoSInfo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1504/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16153", "zdi_id": "ZDI-22-1504" }, { "cve": "CVE-2022-43621", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login reques...", "detail_json": "/data/advisories/ZDI-22-1503/advisory.json", "detail_path": "advisories/ZDI-22-1503", "id": "ZDI-22-1503", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 HNAP Incorrect Comparison Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1503/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16152", "zdi_id": "ZDI-22-1503" }, { "cve": "CVE-2022-43631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1502/advisory.json", "detail_path": "advisories/ZDI-22-1502", "id": "ZDI-22-1502", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetVirtualServerSettings VirtualServerInfo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1502/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16151", "zdi_id": "ZDI-22-1502" }, { "cve": "CVE-2022-43630", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to...", "detail_json": "/data/advisories/ZDI-22-1501/advisory.json", "detail_path": "advisories/ZDI-22-1501", "id": "ZDI-22-1501", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1501/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16150", "zdi_id": "ZDI-22-1501" }, { "cve": "CVE-2022-43629", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1500/advisory.json", "detail_path": "advisories/ZDI-22-1500", "id": "ZDI-22-1500", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetSysEmailSettings Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1500/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16149", "zdi_id": "ZDI-22-1500" }, { "cve": "CVE-2022-43628", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1499/advisory.json", "detail_path": "advisories/ZDI-22-1499", "id": "ZDI-22-1499", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetIPv6FirewallSettings IPv6FirewallRule Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1499/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16148", "zdi_id": "ZDI-22-1499" }, { "cve": "CVE-2022-43627", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1498/advisory.json", "detail_path": "advisories/ZDI-22-1498", "id": "ZDI-22-1498", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetStaticRouteIPv4Settings StaticRouteIPv4Data Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1498/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16147", "zdi_id": "ZDI-22-1498" }, { "cve": "CVE-2022-43626", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1497/advisory.json", "detail_path": "advisories/ZDI-22-1497", "id": "ZDI-22-1497", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetIPv4FirewallSettings IPv4FirewallRule Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-11-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1497/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16146", "zdi_id": "ZDI-22-1497" }, { "cve": "CVE-2022-43624", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1496/advisory.json", "detail_path": "advisories/ZDI-22-1496", "id": "ZDI-22-1496", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetStaticRouteIPv6Settings Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1496/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16145", "zdi_id": "ZDI-22-1496" }, { "cve": "CVE-2022-43625", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1495/advisory.json", "detail_path": "advisories/ZDI-22-1495", "id": "ZDI-22-1495", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetStaticRouteIPv4Settings NetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1495/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16144", "zdi_id": "ZDI-22-1495" }, { "cve": "CVE-2022-43620", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login reques...", "detail_json": "/data/advisories/ZDI-22-1494/advisory.json", "detail_path": "advisories/ZDI-22-1494", "id": "ZDI-22-1494", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 HNAP PrivateLogin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1494/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16142", "zdi_id": "ZDI-22-1494" }, { "cve": "CVE-2022-43619", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1493/advisory.json", "detail_path": "advisories/ZDI-22-1493", "id": "ZDI-22-1493", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 ConfigFileUpload Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1493/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16141", "zdi_id": "ZDI-22-1493" }, { "cve": "CVE-2022-43623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1492/advisory.json", "detail_path": "advisories/ZDI-22-1492", "id": "ZDI-22-1492", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 SetWebFilterSetting WebFilterURLs Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1492/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16140", "zdi_id": "ZDI-22-1492" }, { "cve": "CVE-2022-43622", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests t...", "detail_json": "/data/advisories/ZDI-22-1491/advisory.json", "detail_path": "advisories/ZDI-22-1491", "id": "ZDI-22-1491", "kind": "published", "published_date": "2022-11-03", "status": "published", "title": "D-Link DIR-1935 HNAP_AUTH Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1491/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-16139", "zdi_id": "ZDI-22-1491" }, { "cve": "CVE-2022-40773", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportMickeyList action. The issue...", "detail_json": "/data/advisories/ZDI-22-1490/advisory.json", "detail_path": "advisories/ZDI-22-1490", "id": "ZDI-22-1490", "kind": "published", "published_date": "2022-11-15", "status": "published", "title": "ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability", "updated_date": "2022-11-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1490/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18608", "zdi_id": "ZDI-22-1490" }, { "cve": "CVE-2022-41776", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WriteConfi...", "detail_json": "/data/advisories/ZDI-22-1489/advisory.json", "detail_path": "advisories/ZDI-22-1489", "id": "ZDI-22-1489", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master WriteConfiguration Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1489/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17640", "zdi_id": "ZDI-22-1489" }, { "cve": "CVE-2022-41629", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the g...", "detail_json": "/data/advisories/ZDI-22-1488/advisory.json", "detail_path": "advisories/ZDI-22-1488", "id": "ZDI-22-1488", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master APRunning Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1488/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17641", "zdi_id": "ZDI-22-1488" }, { "cve": "CVE-2022-41779", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master Device-Monitor. User interaction is required to exploit this vulnerability in that the target client must co...", "detail_json": "/data/advisories/ZDI-22-1487/advisory.json", "detail_path": "advisories/ZDI-22-1487", "id": "ZDI-22-1487", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master DeSerializeBinary Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1487/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17701", "zdi_id": "ZDI-22-1487" }, { "cve": "CVE-2022-41644", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges or create a denial-of-service condition on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to create a denial-of-service condition...", "detail_json": "/data/advisories/ZDI-22-1486/advisory.json", "detail_path": "advisories/ZDI-22-1486", "id": "ZDI-22-1486", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master ModifyPrivByID Missing Authentication Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1486/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17681", "zdi_id": "ZDI-22-1486" }, { "cve": "CVE-2022-41688", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the A...", "detail_json": "/data/advisories/ZDI-22-1485/advisory.json", "detail_path": "advisories/ZDI-22-1485", "id": "ZDI-22-1485", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master AddNewUser Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1485/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17680", "zdi_id": "ZDI-22-1485" }, { "cve": "CVE-2022-40202", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExeComman...", "detail_json": "/data/advisories/ZDI-22-1484/advisory.json", "detail_path": "advisories/ZDI-22-1484", "id": "ZDI-22-1484", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master ExeCommandInCommandLineMode Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1484/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17573", "zdi_id": "ZDI-22-1484" }, { "cve": "CVE-2022-41772", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CheckLoad...", "detail_json": "/data/advisories/ZDI-22-1483/advisory.json", "detail_path": "advisories/ZDI-22-1483", "id": "ZDI-22-1483", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master CheckLoadingStartupConfig Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1483/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17549", "zdi_id": "ZDI-22-1483" }, { "cve": "CVE-2022-41657", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CtrlLayer...", "detail_json": "/data/advisories/ZDI-22-1482/advisory.json", "detail_path": "advisories/ZDI-22-1482", "id": "ZDI-22-1482", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1482/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17529", "zdi_id": "ZDI-22-1482" }, { "cve": "CVE-2022-41657", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within CtrlLayerNWCm...", "detail_json": "/data/advisories/ZDI-22-1481/advisory.json", "detail_path": "advisories/ZDI-22-1481", "id": "ZDI-22-1481", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master Device-Gateway CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1481/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17547", "zdi_id": "ZDI-22-1481" }, { "cve": "CVE-2022-38142", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Da...", "detail_json": "/data/advisories/ZDI-22-1480/advisory.json", "detail_path": "advisories/ZDI-22-1480", "id": "ZDI-22-1480", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master Device-DataCollect Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1480/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17445", "zdi_id": "ZDI-22-1480" }, { "cve": "CVE-2022-41657", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the C...", "detail_json": "/data/advisories/ZDI-22-1479/advisory.json", "detail_path": "advisories/ZDI-22-1479", "id": "ZDI-22-1479", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1479/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17546", "zdi_id": "ZDI-22-1479" }, { "cve": "CVE-2022-41778", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists exists within the De...", "detail_json": "/data/advisories/ZDI-22-1478/advisory.json", "detail_path": "advisories/ZDI-22-1478", "id": "ZDI-22-1478", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master Device-Gateway Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1478/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17439", "zdi_id": "ZDI-22-1478" }, { "cve": "CVE-2022-41657", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CtrlLayer...", "detail_json": "/data/advisories/ZDI-22-1477/advisory.json", "detail_path": "advisories/ZDI-22-1477", "id": "ZDI-22-1477", "kind": "published", "published_date": "2022-10-27", "status": "published", "title": "Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1477/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-17518", "zdi_id": "ZDI-22-1477" }, { "cve": "CVE-2022-43618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1476/advisory.json", "detail_path": "advisories/ZDI-22-1476", "id": "ZDI-22-1476", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1476/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16377", "zdi_id": "ZDI-22-1476" }, { "cve": "CVE-2022-43617", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1475/advisory.json", "detail_path": "advisories/ZDI-22-1475", "id": "ZDI-22-1475", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1475/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16372", "zdi_id": "ZDI-22-1475" }, { "cve": "CVE-2022-43616", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1474/advisory.json", "detail_path": "advisories/ZDI-22-1474", "id": "ZDI-22-1474", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1474/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16371", "zdi_id": "ZDI-22-1474" }, { "cve": "CVE-2022-43615", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-22-1473/advisory.json", "detail_path": "advisories/ZDI-22-1473", "id": "ZDI-22-1473", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1473/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16370", "zdi_id": "ZDI-22-1473" }, { "cve": "CVE-2022-43614", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1472/advisory.json", "detail_path": "advisories/ZDI-22-1472", "id": "ZDI-22-1472", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1472/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16357", "zdi_id": "ZDI-22-1472" }, { "cve": "CVE-2022-43613", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-1471/advisory.json", "detail_path": "advisories/ZDI-22-1471", "id": "ZDI-22-1471", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite CGM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1471/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16356", "zdi_id": "ZDI-22-1471" }, { "cve": "CVE-2022-43612", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-22-1470/advisory.json", "detail_path": "advisories/ZDI-22-1470", "id": "ZDI-22-1470", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1470/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16355", "zdi_id": "ZDI-22-1470" }, { "cve": "CVE-2022-43611", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-22-1469/advisory.json", "detail_path": "advisories/ZDI-22-1469", "id": "ZDI-22-1469", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1469/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16351", "zdi_id": "ZDI-22-1469" }, { "cve": "CVE-2022-43610", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-22-1468/advisory.json", "detail_path": "advisories/ZDI-22-1468", "id": "ZDI-22-1468", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) Corel CorelDRAW Graphics Suite GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1468/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-16350", "zdi_id": "ZDI-22-1468" }, { "cve": "CVE-2022-43609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-22-1467/advisory.json", "detail_path": "advisories/ZDI-22-1467", "id": "ZDI-22-1467", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "(0Day) IronCAD STP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1467/", "vendor": "IronCAD", "vendor_url": null, "zdi_can": "ZDI-CAN-17672", "zdi_id": "ZDI-22-1467" }, { "cve": "CVE-2022-42433", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...", "detail_json": "/data/advisories/ZDI-22-1466/advisory.json", "detail_path": "advisories/ZDI-22-1466", "id": "ZDI-22-1466", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1466/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-17356", "zdi_id": "ZDI-22-1466" }, { "cve": "CVE-2022-3515", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-22-1465/advisory.json", "detail_path": "advisories/ZDI-22-1465", "id": "ZDI-22-1465", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1465/", "vendor": "GnuPG", "vendor_url": null, "zdi_can": "ZDI-CAN-18927", "zdi_id": "ZDI-22-1465" }, { "cve": "CVE-2022-3515", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-22-1464/advisory.json", "detail_path": "advisories/ZDI-22-1464", "id": "ZDI-22-1464", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "GnuPG libksba CMS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1464/", "vendor": "GnuPG", "vendor_url": null, "zdi_can": "ZDI-CAN-18929", "zdi_id": "ZDI-22-1464" }, { "cve": "CVE-2022-3515", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific...", "detail_json": "/data/advisories/ZDI-22-1463/advisory.json", "detail_path": "advisories/ZDI-22-1463", "id": "ZDI-22-1463", "kind": "published", "published_date": "2022-10-25", "status": "published", "title": "GnuPG libksba CMS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1463/", "vendor": "GnuPG", "vendor_url": null, "zdi_can": "ZDI-CAN-18928", "zdi_id": "ZDI-22-1463" }, { "cve": "CVE-2022-2602", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1462/advisory.json", "detail_path": "advisories/ZDI-22-1462", "id": "ZDI-22-1462", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "(Pwn2Own) Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1462/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17428", "zdi_id": "ZDI-22-1462" }, { "cve": "CVE-2022-38108", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the MessageToBytes function. Th...", "detail_json": "/data/advisories/ZDI-22-1461/advisory.json", "detail_path": "advisories/ZDI-22-1461", "id": "ZDI-22-1461", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "SolarWinds Network Performance Monitor BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-12-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1461/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17531", "zdi_id": "ZDI-22-1461" }, { "cve": "CVE-2022-36957", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the PropertyBagJsonConverter. T...", "detail_json": "/data/advisories/ZDI-22-1460/advisory.json", "detail_path": "advisories/ZDI-22-1460", "id": "ZDI-22-1460", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "SolarWinds Network Performance Monitor PropertyBagJsonConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1460/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17530", "zdi_id": "ZDI-22-1460" }, { "cve": "CVE-2022-36958", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeserializeFromStrippedXml...", "detail_json": "/data/advisories/ZDI-22-1459/advisory.json", "detail_path": "advisories/ZDI-22-1459", "id": "ZDI-22-1459", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1459/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17567", "zdi_id": "ZDI-22-1459" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GNU Gzip. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw e...", "detail_json": "/data/advisories/ZDI-22-1458/advisory.json", "detail_path": "advisories/ZDI-22-1458", "id": "ZDI-22-1458", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "GNU Gzip zgrep Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1458/", "vendor": "GNU", "vendor_url": null, "zdi_can": "ZDI-CAN-16588", "zdi_id": "ZDI-22-1458" }, { "cve": "CVE-2022-42432", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-1457/advisory.json", "detail_path": "advisories/ZDI-22-1457", "id": "ZDI-22-1457", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Linux Kernel nftables Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1457/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18540", "zdi_id": "ZDI-22-1457" }, { "cve": "CVE-2022-3140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LibreOffice. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-22-1456/advisory.json", "detail_path": "advisories/ZDI-22-1456", "id": "ZDI-22-1456", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "LibreOffice Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1456/", "vendor": "LibreOffice", "vendor_url": null, "zdi_can": "ZDI-CAN-17859", "zdi_id": "ZDI-22-1456" }, { "cve": "CVE-2022-2825", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The...", "detail_json": "/data/advisories/ZDI-22-1455/advisory.json", "detail_path": "advisories/ZDI-22-1455", "id": "ZDI-22-1455", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "(Pwn2Own) Kepware KEPServerEX Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/", "vendor": "Kepware", "vendor_url": null, "zdi_can": "ZDI-CAN-18411", "zdi_id": "ZDI-22-1455" }, { "cve": "CVE-2022-2848", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The...", "detail_json": "/data/advisories/ZDI-22-1454/advisory.json", "detail_path": "advisories/ZDI-22-1454", "id": "ZDI-22-1454", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "(Pwn2Own) Kepware KEPServerEX Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/", "vendor": "Kepware", "vendor_url": null, "zdi_can": "ZDI-CAN-16486", "zdi_id": "ZDI-22-1454" }, { "cve": "CVE-2022-3214", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests t...", "detail_json": "/data/advisories/ZDI-22-1453/advisory.json", "detail_path": "advisories/ZDI-22-1453", "id": "ZDI-22-1453", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Delta Industrial Automation DIAEnergie Use Of Hard-Coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1453/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-16858", "zdi_id": "ZDI-22-1453" }, { "cve": "CVE-2022-3586", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1452/advisory.json", "detail_path": "advisories/ZDI-22-1452", "id": "ZDI-22-1452", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1452/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18231", "zdi_id": "ZDI-22-1452" }, { "cve": "CVE-2022-3385", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of POST requests sent to the sho...", "detail_json": "/data/advisories/ZDI-22-1451/advisory.json", "detail_path": "advisories/ZDI-22-1451", "id": "ZDI-22-1451", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Advantech R-SeeNet show_code Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1451/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-17409", "zdi_id": "ZDI-22-1451" }, { "cve": "CVE-2022-3386", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of POST requests sent to the out...", "detail_json": "/data/advisories/ZDI-22-1450/advisory.json", "detail_path": "advisories/ZDI-22-1450", "id": "ZDI-22-1450", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Advantech R-SeeNet out Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1450/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-17392", "zdi_id": "ZDI-22-1450" }, { "cve": "CVE-2022-3387", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-22-1449/advisory.json", "detail_path": "advisories/ZDI-22-1449", "id": "ZDI-22-1449", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Advantech R-SeeNet out.php Directory Traversal Arbitrary File Read and Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1449/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-17391", "zdi_id": "ZDI-22-1449" }, { "cve": "CVE-2022-38436", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1448/advisory.json", "detail_path": "advisories/ZDI-22-1448", "id": "ZDI-22-1448", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Adobe Illustrator CDR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1448/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17911", "zdi_id": "ZDI-22-1448" }, { "cve": "CVE-2022-38435", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1447/advisory.json", "detail_path": "advisories/ZDI-22-1447", "id": "ZDI-22-1447", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1447/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17671", "zdi_id": "ZDI-22-1447" }, { "cve": "CVE-2022-39424", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of smartcard I/O messages. The issu...", "detail_json": "/data/advisories/ZDI-22-1446/advisory.json", "detail_path": "advisories/ZDI-22-1446", "id": "ZDI-22-1446", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Oracle VirtualBox VRDP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1446/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17683", "zdi_id": "ZDI-22-1446" }, { "cve": "CVE-2022-39425", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB Request Block messages. The...", "detail_json": "/data/advisories/ZDI-22-1445/advisory.json", "detail_path": "advisories/ZDI-22-1445", "id": "ZDI-22-1445", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Oracle VirtualBox VRDP Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1445/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-18080", "zdi_id": "ZDI-22-1445" }, { "cve": "CVE-2022-39426", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of smartcard I/O messages. The issu...", "detail_json": "/data/advisories/ZDI-22-1444/advisory.json", "detail_path": "advisories/ZDI-22-1444", "id": "ZDI-22-1444", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Oracle VirtualBox VRDP Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1444/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17694", "zdi_id": "ZDI-22-1444" }, { "cve": "CVE-2022-39412", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Access Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ContextValue...", "detail_json": "/data/advisories/ZDI-22-1443/advisory.json", "detail_path": "advisories/ZDI-22-1443", "id": "ZDI-22-1443", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Oracle Access Management CustomReadServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1443/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17705", "zdi_id": "ZDI-22-1443" }, { "cve": "CVE-2022-39427", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-22-1442/advisory.json", "detail_path": "advisories/ZDI-22-1442", "id": "ZDI-22-1442", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Oracle VirtualBox COM RPC Interface Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1442/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17589", "zdi_id": "ZDI-22-1442" }, { "cve": "CVE-2022-37864", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1441/advisory.json", "detail_path": "advisories/ZDI-22-1441", "id": "ZDI-22-1441", "kind": "published", "published_date": "2022-10-21", "status": "published", "title": "Siemens Solid Edge Viewer DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1441/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17627", "zdi_id": "ZDI-22-1441" }, { "cve": "CVE-2022-41851", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1440/advisory.json", "detail_path": "advisories/ZDI-22-1440", "id": "ZDI-22-1440", "kind": "published", "published_date": "2022-10-17", "status": "published", "title": "Siemens Simcenter Femap JT File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1440/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-16973", "zdi_id": "ZDI-22-1440" }, { "cve": "CVE-2022-38446", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1439/advisory.json", "detail_path": "advisories/ZDI-22-1439", "id": "ZDI-22-1439", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1439/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18621", "zdi_id": "ZDI-22-1439" }, { "cve": "CVE-2022-2951", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Altair HyperView Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1438/advisory.json", "detail_path": "advisories/ZDI-22-1438", "id": "ZDI-22-1438", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Altair HyperView Player H3D File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1438/", "vendor": "Altair", "vendor_url": null, "zdi_can": "ZDI-CAN-15154", "zdi_id": "ZDI-22-1438" }, { "cve": "CVE-2022-2950", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Altair HyperView Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1437/advisory.json", "detail_path": "advisories/ZDI-22-1437", "id": "ZDI-22-1437", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Altair HyperView Player H3D File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1437/", "vendor": "Altair", "vendor_url": null, "zdi_can": "ZDI-CAN-14891", "zdi_id": "ZDI-22-1437" }, { "cve": "CVE-2022-2949", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Altair HyperView Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1436/advisory.json", "detail_path": "advisories/ZDI-22-1436", "id": "ZDI-22-1436", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Altair HyperView Player H3D File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1436/", "vendor": "Altair", "vendor_url": null, "zdi_can": "ZDI-CAN-14889", "zdi_id": "ZDI-22-1436" }, { "cve": "CVE-2022-2947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Altair HyperView Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1435/advisory.json", "detail_path": "advisories/ZDI-22-1435", "id": "ZDI-22-1435", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Altair HyperView Player H3D File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1435/", "vendor": "Altair", "vendor_url": null, "zdi_can": "ZDI-CAN-14888", "zdi_id": "ZDI-22-1435" }, { "cve": "CVE-2022-38418", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on...", "detail_json": "/data/advisories/ZDI-22-1434/advisory.json", "detail_path": "advisories/ZDI-22-1434", "id": "ZDI-22-1434", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1434/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16929", "zdi_id": "ZDI-22-1434" }, { "cve": "CVE-2022-38421", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-1433/advisory.json", "detail_path": "advisories/ZDI-22-1433", "id": "ZDI-22-1433", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1433/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16884", "zdi_id": "ZDI-22-1433" }, { "cve": "CVE-2022-38424", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose or delete sensitive files on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which li...", "detail_json": "/data/advisories/ZDI-22-1432/advisory.json", "detail_path": "advisories/ZDI-22-1432", "id": "ZDI-22-1432", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Application Server Directory Traversal Arbitrary File Disclosure Or Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1432/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16886", "zdi_id": "ZDI-22-1432" }, { "cve": "CVE-2022-42342", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1431/advisory.json", "detail_path": "advisories/ZDI-22-1431", "id": "ZDI-22-1431", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1431/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18262", "zdi_id": "ZDI-22-1431" }, { "cve": "CVE-2022-38449", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1430/advisory.json", "detail_path": "advisories/ZDI-22-1430", "id": "ZDI-22-1430", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Acrobat Reader DC JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1430/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18538", "zdi_id": "ZDI-22-1430" }, { "cve": "CVE-2022-38441", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1429/advisory.json", "detail_path": "advisories/ZDI-22-1429", "id": "ZDI-22-1429", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1429/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18616", "zdi_id": "ZDI-22-1429" }, { "cve": "CVE-2022-38443", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1428/advisory.json", "detail_path": "advisories/ZDI-22-1428", "id": "ZDI-22-1428", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1428/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18615", "zdi_id": "ZDI-22-1428" }, { "cve": "CVE-2022-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1427/advisory.json", "detail_path": "advisories/ZDI-22-1427", "id": "ZDI-22-1427", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1427/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18625", "zdi_id": "ZDI-22-1427" }, { "cve": "CVE-2022-38447", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1426/advisory.json", "detail_path": "advisories/ZDI-22-1426", "id": "ZDI-22-1426", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1426/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18624", "zdi_id": "ZDI-22-1426" }, { "cve": "CVE-2022-38445", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1425/advisory.json", "detail_path": "advisories/ZDI-22-1425", "id": "ZDI-22-1425", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1425/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18622", "zdi_id": "ZDI-22-1425" }, { "cve": "CVE-2022-38448", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1424/advisory.json", "detail_path": "advisories/ZDI-22-1424", "id": "ZDI-22-1424", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1424/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18620", "zdi_id": "ZDI-22-1424" }, { "cve": "CVE-2022-38440", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1423/advisory.json", "detail_path": "advisories/ZDI-22-1423", "id": "ZDI-22-1423", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1423/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18617", "zdi_id": "ZDI-22-1423" }, { "cve": "CVE-2022-38444", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1422/advisory.json", "detail_path": "advisories/ZDI-22-1422", "id": "ZDI-22-1422", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1422/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-18623", "zdi_id": "ZDI-22-1422" }, { "cve": "CVE-2022-35710", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. The issue results...", "detail_json": "/data/advisories/ZDI-22-1421/advisory.json", "detail_path": "advisories/ZDI-22-1421", "id": "ZDI-22-1421", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion ODBC Server Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1421/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16898", "zdi_id": "ZDI-22-1421" }, { "cve": "CVE-2022-38423", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listen...", "detail_json": "/data/advisories/ZDI-22-1420/advisory.json", "detail_path": "advisories/ZDI-22-1420", "id": "ZDI-22-1420", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1420/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16892", "zdi_id": "ZDI-22-1420" }, { "cve": "CVE-2022-38422", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which li...", "detail_json": "/data/advisories/ZDI-22-1419/advisory.json", "detail_path": "advisories/ZDI-22-1419", "id": "ZDI-22-1419", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1419/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16883", "zdi_id": "ZDI-22-1419" }, { "cve": "CVE-2022-38420", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Admin Component service. The service uses a ha...", "detail_json": "/data/advisories/ZDI-22-1418/advisory.json", "detail_path": "advisories/ZDI-22-1418", "id": "ZDI-22-1418", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Admin Component Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1418/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16921", "zdi_id": "ZDI-22-1418" }, { "cve": "CVE-2022-35712", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. The issue results...", "detail_json": "/data/advisories/ZDI-22-1417/advisory.json", "detail_path": "advisories/ZDI-22-1417", "id": "ZDI-22-1417", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16901", "zdi_id": "ZDI-22-1417" }, { "cve": "CVE-2022-35690", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. The issue results...", "detail_json": "/data/advisories/ZDI-22-1416/advisory.json", "detail_path": "advisories/ZDI-22-1416", "id": "ZDI-22-1416", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion ODBC Agent Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16900", "zdi_id": "ZDI-22-1416" }, { "cve": "CVE-2022-35711", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. The issue results...", "detail_json": "/data/advisories/ZDI-22-1415/advisory.json", "detail_path": "advisories/ZDI-22-1415", "id": "ZDI-22-1415", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1415/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16899", "zdi_id": "ZDI-22-1415" }, { "cve": "CVE-2022-38419", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache Solr service. Due to the impro...", "detail_json": "/data/advisories/ZDI-22-1414/advisory.json", "detail_path": "advisories/ZDI-22-1414", "id": "ZDI-22-1414", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Adobe ColdFusion Solr Service XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1414/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16885", "zdi_id": "ZDI-22-1414" }, { "cve": "CVE-2022-37989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1413/advisory.json", "detail_path": "advisories/ZDI-22-1413", "id": "ZDI-22-1413", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Windows CSRSS Activation Context Cache Poisoning Local Privilege Escalation Vulnerability", "updated_date": "2023-01-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1413/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18149", "zdi_id": "ZDI-22-1413" }, { "cve": "CVE-2022-37997", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1412/advisory.json", "detail_path": "advisories/ZDI-22-1412", "id": "ZDI-22-1412", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Windows win32kfull UMPD Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1412/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-18004", "zdi_id": "ZDI-22-1412" }, { "cve": "CVE-2022-38048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1411/advisory.json", "detail_path": "advisories/ZDI-22-1411", "id": "ZDI-22-1411", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1411/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17647", "zdi_id": "ZDI-22-1411" }, { "cve": "CVE-2022-37987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1410/advisory.json", "detail_path": "advisories/ZDI-22-1410", "id": "ZDI-22-1410", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Windows DosDevices Activation Context Cache Poisoning Local Privilege Escalation Vulnerability", "updated_date": "2023-01-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1410/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17847", "zdi_id": "ZDI-22-1410" }, { "cve": "CVE-2022-37986", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute code at low integrity on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-1409/advisory.json", "detail_path": "advisories/ZDI-22-1409", "id": "ZDI-22-1409", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Windows User-Mode Print Driver Insufficient Message Authentication Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17358", "zdi_id": "ZDI-22-1409" }, { "cve": "CVE-2022-38044", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1408/advisory.json", "detail_path": "advisories/ZDI-22-1408", "id": "ZDI-22-1408", "kind": "published", "published_date": "2022-10-14", "status": "published", "title": "Microsoft Windows CDFS Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1408/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17576", "zdi_id": "ZDI-22-1408" }, { "cve": "CVE-2022-42431", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-22-1407/advisory.json", "detail_path": "advisories/ZDI-22-1407", "id": "ZDI-22-1407", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Tesla bcmdhd Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1407/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-17544", "zdi_id": "ZDI-22-1407" }, { "cve": "CVE-2022-42430", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-22-1406/advisory.json", "detail_path": "advisories/ZDI-22-1406", "id": "ZDI-22-1406", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Tesla wowlan_config Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1406/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-17543", "zdi_id": "ZDI-22-1406" }, { "cve": null, "cvss": 2.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1405/advisory.json", "detail_path": "advisories/ZDI-22-1405", "id": "ZDI-22-1405", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Linux Kernel IPv4 FIB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1405/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-18902", "zdi_id": "ZDI-22-1405" }, { "cve": "CVE-2022-41744", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-1404/advisory.json", "detail_path": "advisories/ZDI-22-1404", "id": "ZDI-22-1404", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Trend Micro Apex One Vulnerability Protection Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16518", "zdi_id": "ZDI-22-1404" }, { "cve": "CVE-2022-41746", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the Apex One web console. By navigating directly to...", "detail_json": "/data/advisories/ZDI-22-1403/advisory.json", "detail_path": "advisories/ZDI-22-1403", "id": "ZDI-22-1403", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1403/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-18013", "zdi_id": "ZDI-22-1403" }, { "cve": "CVE-2022-41747", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-1402/advisory.json", "detail_path": "advisories/ZDI-22-1402", "id": "ZDI-22-1402", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Trend Micro Apex One Security Agent Improper Certificate Validation Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1402/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16923", "zdi_id": "ZDI-22-1402" }, { "cve": "CVE-2022-41745", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1401/advisory.json", "detail_path": "advisories/ZDI-22-1401", "id": "ZDI-22-1401", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Trend Micro Apex One Security Agent Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17542", "zdi_id": "ZDI-22-1401" }, { "cve": "CVE-2022-41749", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1400/advisory.json", "detail_path": "advisories/ZDI-22-1400", "id": "ZDI-22-1400", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1400/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-17084", "zdi_id": "ZDI-22-1400" }, { "cve": "CVE-2022-42428", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration....", "detail_json": "/data/advisories/ZDI-22-1399/advisory.json", "detail_path": "advisories/ZDI-22-1399", "id": "ZDI-22-1399", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1399/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18410", "zdi_id": "ZDI-22-1399" }, { "cve": "CVE-2022-42427", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from th...", "detail_json": "/data/advisories/ZDI-22-1398/advisory.json", "detail_path": "advisories/ZDI-22-1398", "id": "ZDI-22-1398", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Contact Group SQL Injection Privilege Escalation Vulnerability", "updated_date": "2022-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1398/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18541", "zdi_id": "ZDI-22-1398" }, { "cve": "CVE-2022-42426", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration....", "detail_json": "/data/advisories/ZDI-22-1397/advisory.json", "detail_path": "advisories/ZDI-22-1397", "id": "ZDI-22-1397", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1397/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18554", "zdi_id": "ZDI-22-1397" }, { "cve": "CVE-2022-42425", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration....", "detail_json": "/data/advisories/ZDI-22-1396/advisory.json", "detail_path": "advisories/ZDI-22-1396", "id": "ZDI-22-1396", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1396/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18555", "zdi_id": "ZDI-22-1396" }, { "cve": "CVE-2022-42424", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration....", "detail_json": "/data/advisories/ZDI-22-1395/advisory.json", "detail_path": "advisories/ZDI-22-1395", "id": "ZDI-22-1395", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1395/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18556", "zdi_id": "ZDI-22-1395" }, { "cve": "CVE-2022-42429", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration....", "detail_json": "/data/advisories/ZDI-22-1394/advisory.json", "detail_path": "advisories/ZDI-22-1394", "id": "ZDI-22-1394", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability", "updated_date": "2022-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1394/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18557", "zdi_id": "ZDI-22-1394" }, { "cve": "CVE-2022-42421", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1393/advisory.json", "detail_path": "advisories/ZDI-22-1393", "id": "ZDI-22-1393", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1393/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18703", "zdi_id": "ZDI-22-1393" }, { "cve": "CVE-2022-42394", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1392/advisory.json", "detail_path": "advisories/ZDI-22-1392", "id": "ZDI-22-1392", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1392/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18893", "zdi_id": "ZDI-22-1392" }, { "cve": "CVE-2022-42403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1391/advisory.json", "detail_path": "advisories/ZDI-22-1391", "id": "ZDI-22-1391", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1391/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18892", "zdi_id": "ZDI-22-1391" }, { "cve": "CVE-2022-42423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1390/advisory.json", "detail_path": "advisories/ZDI-22-1390", "id": "ZDI-22-1390", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1390/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18716", "zdi_id": "ZDI-22-1390" }, { "cve": "CVE-2022-42419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1389/advisory.json", "detail_path": "advisories/ZDI-22-1389", "id": "ZDI-22-1389", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1389/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18700", "zdi_id": "ZDI-22-1389" }, { "cve": "CVE-2022-42420", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1388/advisory.json", "detail_path": "advisories/ZDI-22-1388", "id": "ZDI-22-1388", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1388/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18686", "zdi_id": "ZDI-22-1388" }, { "cve": "CVE-2022-42418", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1387/advisory.json", "detail_path": "advisories/ZDI-22-1387", "id": "ZDI-22-1387", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1387/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18677", "zdi_id": "ZDI-22-1387" }, { "cve": "CVE-2022-42417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1386/advisory.json", "detail_path": "advisories/ZDI-22-1386", "id": "ZDI-22-1386", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1386/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18676", "zdi_id": "ZDI-22-1386" }, { "cve": "CVE-2022-42416", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1385/advisory.json", "detail_path": "advisories/ZDI-22-1385", "id": "ZDI-22-1385", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1385/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18673", "zdi_id": "ZDI-22-1385" }, { "cve": "CVE-2022-42393", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1384/advisory.json", "detail_path": "advisories/ZDI-22-1384", "id": "ZDI-22-1384", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1384/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18662", "zdi_id": "ZDI-22-1384" }, { "cve": "CVE-2022-42392", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1383/advisory.json", "detail_path": "advisories/ZDI-22-1383", "id": "ZDI-22-1383", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1383/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18661", "zdi_id": "ZDI-22-1383" }, { "cve": "CVE-2022-42391", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1382/advisory.json", "detail_path": "advisories/ZDI-22-1382", "id": "ZDI-22-1382", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1382/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18660", "zdi_id": "ZDI-22-1382" }, { "cve": "CVE-2022-42390", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1381/advisory.json", "detail_path": "advisories/ZDI-22-1381", "id": "ZDI-22-1381", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1381/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18659", "zdi_id": "ZDI-22-1381" }, { "cve": "CVE-2022-42389", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1380/advisory.json", "detail_path": "advisories/ZDI-22-1380", "id": "ZDI-22-1380", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1380/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18658", "zdi_id": "ZDI-22-1380" }, { "cve": "CVE-2022-42388", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1379/advisory.json", "detail_path": "advisories/ZDI-22-1379", "id": "ZDI-22-1379", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1379/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18657", "zdi_id": "ZDI-22-1379" }, { "cve": "CVE-2022-42387", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1378/advisory.json", "detail_path": "advisories/ZDI-22-1378", "id": "ZDI-22-1378", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1378/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18656", "zdi_id": "ZDI-22-1378" }, { "cve": "CVE-2022-42386", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1377/advisory.json", "detail_path": "advisories/ZDI-22-1377", "id": "ZDI-22-1377", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1377/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18655", "zdi_id": "ZDI-22-1377" }, { "cve": "CVE-2022-42385", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1376/advisory.json", "detail_path": "advisories/ZDI-22-1376", "id": "ZDI-22-1376", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1376/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18654", "zdi_id": "ZDI-22-1376" }, { "cve": "CVE-2022-42384", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1375/advisory.json", "detail_path": "advisories/ZDI-22-1375", "id": "ZDI-22-1375", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1375/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18653", "zdi_id": "ZDI-22-1375" }, { "cve": "CVE-2022-42383", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1374/advisory.json", "detail_path": "advisories/ZDI-22-1374", "id": "ZDI-22-1374", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1374/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18652", "zdi_id": "ZDI-22-1374" }, { "cve": "CVE-2022-42382", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1373/advisory.json", "detail_path": "advisories/ZDI-22-1373", "id": "ZDI-22-1373", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1373/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18651", "zdi_id": "ZDI-22-1373" }, { "cve": "CVE-2022-42381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1372/advisory.json", "detail_path": "advisories/ZDI-22-1372", "id": "ZDI-22-1372", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1372/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18650", "zdi_id": "ZDI-22-1372" }, { "cve": "CVE-2022-42380", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1371/advisory.json", "detail_path": "advisories/ZDI-22-1371", "id": "ZDI-22-1371", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1371/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18649", "zdi_id": "ZDI-22-1371" }, { "cve": "CVE-2022-42379", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1370/advisory.json", "detail_path": "advisories/ZDI-22-1370", "id": "ZDI-22-1370", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1370/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18648", "zdi_id": "ZDI-22-1370" }, { "cve": "CVE-2022-42402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1369/advisory.json", "detail_path": "advisories/ZDI-22-1369", "id": "ZDI-22-1369", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1369/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18632", "zdi_id": "ZDI-22-1369" }, { "cve": "CVE-2022-42378", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1368/advisory.json", "detail_path": "advisories/ZDI-22-1368", "id": "ZDI-22-1368", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1368/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18631", "zdi_id": "ZDI-22-1368" }, { "cve": "CVE-2022-42377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1367/advisory.json", "detail_path": "advisories/ZDI-22-1367", "id": "ZDI-22-1367", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1367/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18630", "zdi_id": "ZDI-22-1367" }, { "cve": "CVE-2022-42408", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1366/advisory.json", "detail_path": "advisories/ZDI-22-1366", "id": "ZDI-22-1366", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1366/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18543", "zdi_id": "ZDI-22-1366" }, { "cve": "CVE-2022-42407", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1365/advisory.json", "detail_path": "advisories/ZDI-22-1365", "id": "ZDI-22-1365", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1365/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18542", "zdi_id": "ZDI-22-1365" }, { "cve": "CVE-2022-42401", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1364/advisory.json", "detail_path": "advisories/ZDI-22-1364", "id": "ZDI-22-1364", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1364/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18533", "zdi_id": "ZDI-22-1364" }, { "cve": "CVE-2022-42376", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1363/advisory.json", "detail_path": "advisories/ZDI-22-1363", "id": "ZDI-22-1363", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1363/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18529", "zdi_id": "ZDI-22-1363" }, { "cve": "CVE-2022-42375", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1362/advisory.json", "detail_path": "advisories/ZDI-22-1362", "id": "ZDI-22-1362", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1362/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18404", "zdi_id": "ZDI-22-1362" }, { "cve": "CVE-2022-42374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1361/advisory.json", "detail_path": "advisories/ZDI-22-1361", "id": "ZDI-22-1361", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1361/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18403", "zdi_id": "ZDI-22-1361" }, { "cve": "CVE-2022-42373", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1360/advisory.json", "detail_path": "advisories/ZDI-22-1360", "id": "ZDI-22-1360", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1360/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18402", "zdi_id": "ZDI-22-1360" }, { "cve": "CVE-2022-42406", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1359/advisory.json", "detail_path": "advisories/ZDI-22-1359", "id": "ZDI-22-1359", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1359/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18369", "zdi_id": "ZDI-22-1359" }, { "cve": "CVE-2022-42413", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1358/advisory.json", "detail_path": "advisories/ZDI-22-1358", "id": "ZDI-22-1358", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1358/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18368", "zdi_id": "ZDI-22-1358" }, { "cve": "CVE-2022-42405", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1357/advisory.json", "detail_path": "advisories/ZDI-22-1357", "id": "ZDI-22-1357", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1357/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18367", "zdi_id": "ZDI-22-1357" }, { "cve": "CVE-2022-42415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1356/advisory.json", "detail_path": "advisories/ZDI-22-1356", "id": "ZDI-22-1356", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1356/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18366", "zdi_id": "ZDI-22-1356" }, { "cve": "CVE-2022-42410", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1355/advisory.json", "detail_path": "advisories/ZDI-22-1355", "id": "ZDI-22-1355", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1355/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18365", "zdi_id": "ZDI-22-1355" }, { "cve": "CVE-2022-42372", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1354/advisory.json", "detail_path": "advisories/ZDI-22-1354", "id": "ZDI-22-1354", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1354/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18347", "zdi_id": "ZDI-22-1354" }, { "cve": "CVE-2022-42371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1353/advisory.json", "detail_path": "advisories/ZDI-22-1353", "id": "ZDI-22-1353", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1353/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18346", "zdi_id": "ZDI-22-1353" }, { "cve": "CVE-2022-42370", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1352/advisory.json", "detail_path": "advisories/ZDI-22-1352", "id": "ZDI-22-1352", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1352/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18345", "zdi_id": "ZDI-22-1352" }, { "cve": "CVE-2022-42369", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1351/advisory.json", "detail_path": "advisories/ZDI-22-1351", "id": "ZDI-22-1351", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1351/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18344", "zdi_id": "ZDI-22-1351" }, { "cve": "CVE-2022-41153", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1350/advisory.json", "detail_path": "advisories/ZDI-22-1350", "id": "ZDI-22-1350", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1350/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18343", "zdi_id": "ZDI-22-1350" }, { "cve": "CVE-2022-41152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1349/advisory.json", "detail_path": "advisories/ZDI-22-1349", "id": "ZDI-22-1349", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1349/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18342", "zdi_id": "ZDI-22-1349" }, { "cve": "CVE-2022-41151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1348/advisory.json", "detail_path": "advisories/ZDI-22-1348", "id": "ZDI-22-1348", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1348/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18341", "zdi_id": "ZDI-22-1348" }, { "cve": "CVE-2022-41150", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1347/advisory.json", "detail_path": "advisories/ZDI-22-1347", "id": "ZDI-22-1347", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1347/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18340", "zdi_id": "ZDI-22-1347" }, { "cve": "CVE-2022-41149", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1346/advisory.json", "detail_path": "advisories/ZDI-22-1346", "id": "ZDI-22-1346", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1346/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18339", "zdi_id": "ZDI-22-1346" }, { "cve": "CVE-2022-41148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1345/advisory.json", "detail_path": "advisories/ZDI-22-1345", "id": "ZDI-22-1345", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1345/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18338", "zdi_id": "ZDI-22-1345" }, { "cve": "CVE-2022-42400", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1344/advisory.json", "detail_path": "advisories/ZDI-22-1344", "id": "ZDI-22-1344", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1344/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18328", "zdi_id": "ZDI-22-1344" }, { "cve": "CVE-2022-42399", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1343/advisory.json", "detail_path": "advisories/ZDI-22-1343", "id": "ZDI-22-1343", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1343/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18327", "zdi_id": "ZDI-22-1343" }, { "cve": "CVE-2022-42414", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1342/advisory.json", "detail_path": "advisories/ZDI-22-1342", "id": "ZDI-22-1342", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1342/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18326", "zdi_id": "ZDI-22-1342" }, { "cve": "CVE-2022-42412", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1341/advisory.json", "detail_path": "advisories/ZDI-22-1341", "id": "ZDI-22-1341", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1341/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18324", "zdi_id": "ZDI-22-1341" }, { "cve": "CVE-2022-42409", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1340/advisory.json", "detail_path": "advisories/ZDI-22-1340", "id": "ZDI-22-1340", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1340/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18315", "zdi_id": "ZDI-22-1340" }, { "cve": "CVE-2022-42398", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1339/advisory.json", "detail_path": "advisories/ZDI-22-1339", "id": "ZDI-22-1339", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1339/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18307", "zdi_id": "ZDI-22-1339" }, { "cve": "CVE-2022-42411", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1338/advisory.json", "detail_path": "advisories/ZDI-22-1338", "id": "ZDI-22-1338", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1338/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18306", "zdi_id": "ZDI-22-1338" }, { "cve": "CVE-2022-41147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1337/advisory.json", "detail_path": "advisories/ZDI-22-1337", "id": "ZDI-22-1337", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1337/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18286", "zdi_id": "ZDI-22-1337" }, { "cve": "CVE-2022-41146", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1336/advisory.json", "detail_path": "advisories/ZDI-22-1336", "id": "ZDI-22-1336", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1336/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18284", "zdi_id": "ZDI-22-1336" }, { "cve": "CVE-2022-41145", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1335/advisory.json", "detail_path": "advisories/ZDI-22-1335", "id": "ZDI-22-1335", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1335/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18283", "zdi_id": "ZDI-22-1335" }, { "cve": "CVE-2022-41144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1334/advisory.json", "detail_path": "advisories/ZDI-22-1334", "id": "ZDI-22-1334", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1334/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18282", "zdi_id": "ZDI-22-1334" }, { "cve": "CVE-2022-42397", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1333/advisory.json", "detail_path": "advisories/ZDI-22-1333", "id": "ZDI-22-1333", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1333/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18279", "zdi_id": "ZDI-22-1333" }, { "cve": "CVE-2022-42396", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1332/advisory.json", "detail_path": "advisories/ZDI-22-1332", "id": "ZDI-22-1332", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1332/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18278", "zdi_id": "ZDI-22-1332" }, { "cve": "CVE-2022-42395", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1331/advisory.json", "detail_path": "advisories/ZDI-22-1331", "id": "ZDI-22-1331", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1331/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18274", "zdi_id": "ZDI-22-1331" }, { "cve": "CVE-2022-42404", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1330/advisory.json", "detail_path": "advisories/ZDI-22-1330", "id": "ZDI-22-1330", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1330/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18273", "zdi_id": "ZDI-22-1330" }, { "cve": "CVE-2022-41143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1329/advisory.json", "detail_path": "advisories/ZDI-22-1329", "id": "ZDI-22-1329", "kind": "published", "published_date": "2022-10-07", "status": "published", "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1329/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18225", "zdi_id": "ZDI-22-1329" }, { "cve": "CVE-2022-38398", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The sp...", "detail_json": "/data/advisories/ZDI-22-1328/advisory.json", "detail_path": "advisories/ZDI-22-1328", "id": "ZDI-22-1328", "kind": "published", "published_date": "2022-10-04", "status": "published", "title": "Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1328/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-18357", "zdi_id": "ZDI-22-1328" }, { "cve": "CVE-2022-40146", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific f...", "detail_json": "/data/advisories/ZDI-22-1327/advisory.json", "detail_path": "advisories/ZDI-22-1327", "id": "ZDI-22-1327", "kind": "published", "published_date": "2022-10-04", "status": "published", "title": "Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1327/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-18356", "zdi_id": "ZDI-22-1327" }, { "cve": "CVE-2022-41142", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issu...", "detail_json": "/data/advisories/ZDI-22-1326/advisory.json", "detail_path": "advisories/ZDI-22-1326", "id": "ZDI-22-1326", "kind": "published", "published_date": "2022-10-03", "status": "published", "title": "Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1326/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-18304", "zdi_id": "ZDI-22-1326" }, { "cve": "CVE-2022-36961", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsDescriptions func...", "detail_json": "/data/advisories/ZDI-22-1325/advisory.json", "detail_path": "advisories/ZDI-22-1325", "id": "ZDI-22-1325", "kind": "published", "published_date": "2022-09-30", "status": "published", "title": "SolarWinds Network Performance Monitor UpdateActionsDescriptions SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1325/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-17666", "zdi_id": "ZDI-22-1325" }, { "cve": "CVE-2022-34691", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the iss...", "detail_json": "/data/advisories/ZDI-22-1324/advisory.json", "detail_path": "advisories/ZDI-22-1324", "id": "ZDI-22-1324", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1324/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16216", "zdi_id": "ZDI-22-1324" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1323/advisory.json", "detail_path": "advisories/ZDI-22-1323", "id": "ZDI-22-1323", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "(0Day) GE CIMPLICITY CIM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1323/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-15575", "zdi_id": "ZDI-22-1323" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1322/advisory.json", "detail_path": "advisories/ZDI-22-1322", "id": "ZDI-22-1322", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "(0Day) GE CIMPLICITY CIM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1322/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-15574", "zdi_id": "ZDI-22-1322" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1321/advisory.json", "detail_path": "advisories/ZDI-22-1321", "id": "ZDI-22-1321", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "(0Day) GE CIMPLICITY CIM File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1321/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-15573", "zdi_id": "ZDI-22-1321" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1320/advisory.json", "detail_path": "advisories/ZDI-22-1320", "id": "ZDI-22-1320", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "(0Day) GE CIMPLICITY CIM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1320/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-15572", "zdi_id": "ZDI-22-1320" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1319/advisory.json", "detail_path": "advisories/ZDI-22-1319", "id": "ZDI-22-1319", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "(0Day) GE CIMPLICITY CIM File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1319/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-15571", "zdi_id": "ZDI-22-1319" }, { "cve": "CVE-2022-33886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1318/advisory.json", "detail_path": "advisories/ZDI-22-1318", "id": "ZDI-22-1318", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1318/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17658", "zdi_id": "ZDI-22-1318" }, { "cve": "CVE-2022-33886", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1317/advisory.json", "detail_path": "advisories/ZDI-22-1317", "id": "ZDI-22-1317", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1317/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17657", "zdi_id": "ZDI-22-1317" }, { "cve": "CVE-2022-33884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1316/advisory.json", "detail_path": "advisories/ZDI-22-1316", "id": "ZDI-22-1316", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1316/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17348", "zdi_id": "ZDI-22-1316" }, { "cve": "CVE-2022-33884", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1315/advisory.json", "detail_path": "advisories/ZDI-22-1315", "id": "ZDI-22-1315", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1315/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17154", "zdi_id": "ZDI-22-1315" }, { "cve": "CVE-2022-33884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1314/advisory.json", "detail_path": "advisories/ZDI-22-1314", "id": "ZDI-22-1314", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1314/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17350", "zdi_id": "ZDI-22-1314" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1313/advisory.json", "detail_path": "advisories/ZDI-22-1313", "id": "ZDI-22-1313", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1313/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17151", "zdi_id": "ZDI-22-1313" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1312/advisory.json", "detail_path": "advisories/ZDI-22-1312", "id": "ZDI-22-1312", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1312/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17146", "zdi_id": "ZDI-22-1312" }, { "cve": "CVE-2022-33884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1311/advisory.json", "detail_path": "advisories/ZDI-22-1311", "id": "ZDI-22-1311", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1311/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17158", "zdi_id": "ZDI-22-1311" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1310/advisory.json", "detail_path": "advisories/ZDI-22-1310", "id": "ZDI-22-1310", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1310/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17159", "zdi_id": "ZDI-22-1310" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1309/advisory.json", "detail_path": "advisories/ZDI-22-1309", "id": "ZDI-22-1309", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1309/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17451", "zdi_id": "ZDI-22-1309" }, { "cve": "CVE-2022-33884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1308/advisory.json", "detail_path": "advisories/ZDI-22-1308", "id": "ZDI-22-1308", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1308/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17421", "zdi_id": "ZDI-22-1308" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1307/advisory.json", "detail_path": "advisories/ZDI-22-1307", "id": "ZDI-22-1307", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1307/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17455", "zdi_id": "ZDI-22-1307" }, { "cve": "CVE-2022-33887", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1306/advisory.json", "detail_path": "advisories/ZDI-22-1306", "id": "ZDI-22-1306", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1306/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17415", "zdi_id": "ZDI-22-1306" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1305/advisory.json", "detail_path": "advisories/ZDI-22-1305", "id": "ZDI-22-1305", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1305/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17437", "zdi_id": "ZDI-22-1305" }, { "cve": "CVE-2022-33885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1304/advisory.json", "detail_path": "advisories/ZDI-22-1304", "id": "ZDI-22-1304", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1304/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-17416", "zdi_id": "ZDI-22-1304" }, { "cve": "CVE-2022-23774", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-1303/advisory.json", "detail_path": "advisories/ZDI-22-1303", "id": "ZDI-22-1303", "kind": "published", "published_date": "2022-09-29", "status": "published", "title": "Docker Desktop Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1303/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-15310", "zdi_id": "ZDI-22-1303" }, { "cve": "CVE-2022-38742", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTPS traffic. W...", "detail_json": "/data/advisories/ZDI-22-1302/advisory.json", "detail_path": "advisories/ZDI-22-1302", "id": "ZDI-22-1302", "kind": "published", "published_date": "2022-09-28", "status": "published", "title": "Rockwell Automation ThinManager ThinServer URI Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1302/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17482", "zdi_id": "ZDI-22-1302" }, { "cve": "CVE-2022-3263", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1301/advisory.json", "detail_path": "advisories/ZDI-22-1301", "id": "ZDI-22-1301", "kind": "published", "published_date": "2022-09-26", "status": "published", "title": "Measuresoft ScadaPro Server Improper Access Control Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1301/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16729", "zdi_id": "ZDI-22-1301" }, { "cve": "CVE-2022-41141", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-22-1300/advisory.json", "detail_path": "advisories/ZDI-22-1300", "id": "ZDI-22-1300", "kind": "published", "published_date": "2022-09-26", "status": "published", "title": "Windscribe Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1300/", "vendor": "Windscribe", "vendor_url": null, "zdi_can": "ZDI-CAN-16859", "zdi_id": "ZDI-22-1300" }, { "cve": "CVE-2022-40709", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-22-1299/advisory.json", "detail_path": "advisories/ZDI-22-1299", "id": "ZDI-22-1299", "kind": "published", "published_date": "2022-09-23", "status": "published", "title": "Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16651", "zdi_id": "ZDI-22-1299" }, { "cve": "CVE-2022-40708", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-22-1298/advisory.json", "detail_path": "advisories/ZDI-22-1298", "id": "ZDI-22-1298", "kind": "published", "published_date": "2022-09-23", "status": "published", "title": "Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16595", "zdi_id": "ZDI-22-1298" }, { "cve": "CVE-2022-40707", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-22-1297/advisory.json", "detail_path": "advisories/ZDI-22-1297", "id": "ZDI-22-1297", "kind": "published", "published_date": "2022-09-23", "status": "published", "title": "Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16594", "zdi_id": "ZDI-22-1297" }, { "cve": "CVE-2022-40710", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-1296/advisory.json", "detail_path": "advisories/ZDI-22-1296", "id": "ZDI-22-1296", "kind": "published", "published_date": "2022-09-23", "status": "published", "title": "Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15467", "zdi_id": "ZDI-22-1296" }, { "cve": null, "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may vary depending on the implement...", "detail_json": "/data/advisories/ZDI-22-1295/advisory.json", "detail_path": "advisories/ZDI-22-1295", "id": "ZDI-22-1295", "kind": "published", "published_date": "2022-09-21", "status": "published", "title": "Apple macOS TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1295/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16749", "zdi_id": "ZDI-22-1295" }, { "cve": "CVE-2022-23086", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-22-1294/advisory.json", "detail_path": "advisories/ZDI-22-1294", "id": "ZDI-22-1294", "kind": "published", "published_date": "2022-09-20", "status": "published", "title": "FreeBSD Kernel MPT Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1294/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-16723", "zdi_id": "ZDI-22-1294" }, { "cve": "CVE-2022-23086", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-22-1293/advisory.json", "detail_path": "advisories/ZDI-22-1293", "id": "ZDI-22-1293", "kind": "published", "published_date": "2022-09-20", "status": "published", "title": "FreeBSD Kernel MPT Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1293/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-16722", "zdi_id": "ZDI-22-1293" }, { "cve": "CVE-2022-23085", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-22-1292/advisory.json", "detail_path": "advisories/ZDI-22-1292", "id": "ZDI-22-1292", "kind": "published", "published_date": "2022-09-20", "status": "published", "title": "FreeBSD Kernel Netmap Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1292/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-16687", "zdi_id": "ZDI-22-1292" }, { "cve": "CVE-2022-23084", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-22-1291/advisory.json", "detail_path": "advisories/ZDI-22-1291", "id": "ZDI-22-1291", "kind": "published", "published_date": "2022-09-20", "status": "published", "title": "FreeBSD Kernel Netmap Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1291/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-16683", "zdi_id": "ZDI-22-1291" }, { "cve": "CVE-2022-41140", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which list...", "detail_json": "/data/advisories/ZDI-22-1290/advisory.json", "detail_path": "advisories/ZDI-22-1290", "id": "ZDI-22-1290", "kind": "published", "published_date": "2022-09-20", "status": "published", "title": "D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1290/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13796", "zdi_id": "ZDI-22-1290" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-1289/advisory.json", "detail_path": "advisories/ZDI-22-1289", "id": "ZDI-22-1289", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Apple macOS vImage ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1289/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16520", "zdi_id": "ZDI-22-1289" }, { "cve": "CVE-2022-35823", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of custom workflows. The issue resul...", "detail_json": "/data/advisories/ZDI-22-1288/advisory.json", "detail_path": "advisories/ZDI-22-1288", "id": "ZDI-22-1288", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1288/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17652", "zdi_id": "ZDI-22-1288" }, { "cve": "CVE-2022-37963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1287/advisory.json", "detail_path": "advisories/ZDI-22-1287", "id": "ZDI-22-1287", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1287/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17708", "zdi_id": "ZDI-22-1287" }, { "cve": "CVE-2022-37962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1286/advisory.json", "detail_path": "advisories/ZDI-22-1286", "id": "ZDI-22-1286", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Microsoft PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1286/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16894", "zdi_id": "ZDI-22-1286" }, { "cve": "CVE-2022-37955", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. This vulnerability is dependent upon a Group Policy setting, and an attacker must first obtain the ability to execute low-privileged code on the t...", "detail_json": "/data/advisories/ZDI-22-1285/advisory.json", "detail_path": "advisories/ZDI-22-1285", "id": "ZDI-22-1285", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Microsoft Windows Group Policy Preference Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1285/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17112", "zdi_id": "ZDI-22-1285" }, { "cve": "CVE-2022-37954", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1284/advisory.json", "detail_path": "advisories/ZDI-22-1284", "id": "ZDI-22-1284", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Microsoft Windows DirectX Graphics Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16686", "zdi_id": "ZDI-22-1284" }, { "cve": "CVE-2022-38425", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1283/advisory.json", "detail_path": "advisories/ZDI-22-1283", "id": "ZDI-22-1283", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1283/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17762", "zdi_id": "ZDI-22-1283" }, { "cve": "CVE-2022-35713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1282/advisory.json", "detail_path": "advisories/ZDI-22-1282", "id": "ZDI-22-1282", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1282/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17712", "zdi_id": "ZDI-22-1282" }, { "cve": "CVE-2022-38426", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1281/advisory.json", "detail_path": "advisories/ZDI-22-1281", "id": "ZDI-22-1281", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1281/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17714", "zdi_id": "ZDI-22-1281" }, { "cve": "CVE-2022-38427", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1280/advisory.json", "detail_path": "advisories/ZDI-22-1280", "id": "ZDI-22-1280", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1280/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17713", "zdi_id": "ZDI-22-1280" }, { "cve": "CVE-2022-35708", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1279/advisory.json", "detail_path": "advisories/ZDI-22-1279", "id": "ZDI-22-1279", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1279/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17590", "zdi_id": "ZDI-22-1279" }, { "cve": "CVE-2022-38412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1278/advisory.json", "detail_path": "advisories/ZDI-22-1278", "id": "ZDI-22-1278", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1278/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17618", "zdi_id": "ZDI-22-1278" }, { "cve": "CVE-2022-38411", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-1277/advisory.json", "detail_path": "advisories/ZDI-22-1277", "id": "ZDI-22-1277", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Animate SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1277/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17619", "zdi_id": "ZDI-22-1277" }, { "cve": "CVE-2022-38403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1276/advisory.json", "detail_path": "advisories/ZDI-22-1276", "id": "ZDI-22-1276", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1276/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17612", "zdi_id": "ZDI-22-1276" }, { "cve": "CVE-2022-38402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1275/advisory.json", "detail_path": "advisories/ZDI-22-1275", "id": "ZDI-22-1275", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1275/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17611", "zdi_id": "ZDI-22-1275" }, { "cve": "CVE-2022-38404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1274/advisory.json", "detail_path": "advisories/ZDI-22-1274", "id": "ZDI-22-1274", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1274/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17610", "zdi_id": "ZDI-22-1274" }, { "cve": "CVE-2022-38405", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1273/advisory.json", "detail_path": "advisories/ZDI-22-1273", "id": "ZDI-22-1273", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1273/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17609", "zdi_id": "ZDI-22-1273" }, { "cve": "CVE-2022-38401", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1272/advisory.json", "detail_path": "advisories/ZDI-22-1272", "id": "ZDI-22-1272", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1272/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17608", "zdi_id": "ZDI-22-1272" }, { "cve": "CVE-2022-38407", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1271/advisory.json", "detail_path": "advisories/ZDI-22-1271", "id": "ZDI-22-1271", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1271/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17607", "zdi_id": "ZDI-22-1271" }, { "cve": "CVE-2022-38406", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1270/advisory.json", "detail_path": "advisories/ZDI-22-1270", "id": "ZDI-22-1270", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1270/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17603", "zdi_id": "ZDI-22-1270" }, { "cve": "CVE-2022-38433", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1269/advisory.json", "detail_path": "advisories/ZDI-22-1269", "id": "ZDI-22-1269", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1269/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17602", "zdi_id": "ZDI-22-1269" }, { "cve": "CVE-2022-38432", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1268/advisory.json", "detail_path": "advisories/ZDI-22-1268", "id": "ZDI-22-1268", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1268/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17601", "zdi_id": "ZDI-22-1268" }, { "cve": "CVE-2022-38431", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1267/advisory.json", "detail_path": "advisories/ZDI-22-1267", "id": "ZDI-22-1267", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1267/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17600", "zdi_id": "ZDI-22-1267" }, { "cve": "CVE-2022-38429", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1266/advisory.json", "detail_path": "advisories/ZDI-22-1266", "id": "ZDI-22-1266", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1266/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17599", "zdi_id": "ZDI-22-1266" }, { "cve": "CVE-2022-38434", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1265/advisory.json", "detail_path": "advisories/ZDI-22-1265", "id": "ZDI-22-1265", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop SVG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1265/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17598", "zdi_id": "ZDI-22-1265" }, { "cve": "CVE-2022-38428", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1264/advisory.json", "detail_path": "advisories/ZDI-22-1264", "id": "ZDI-22-1264", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1264/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17597", "zdi_id": "ZDI-22-1264" }, { "cve": "CVE-2022-38430", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1263/advisory.json", "detail_path": "advisories/ZDI-22-1263", "id": "ZDI-22-1263", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Photoshop MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1263/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17596", "zdi_id": "ZDI-22-1263" }, { "cve": "CVE-2022-38410", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1262/advisory.json", "detail_path": "advisories/ZDI-22-1262", "id": "ZDI-22-1262", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1262/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17595", "zdi_id": "ZDI-22-1262" }, { "cve": "CVE-2022-38409", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1261/advisory.json", "detail_path": "advisories/ZDI-22-1261", "id": "ZDI-22-1261", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1261/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17594", "zdi_id": "ZDI-22-1261" }, { "cve": "CVE-2022-38408", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1260/advisory.json", "detail_path": "advisories/ZDI-22-1260", "id": "ZDI-22-1260", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1260/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17593", "zdi_id": "ZDI-22-1260" }, { "cve": "CVE-2022-35707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1259/advisory.json", "detail_path": "advisories/ZDI-22-1259", "id": "ZDI-22-1259", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1259/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17592", "zdi_id": "ZDI-22-1259" }, { "cve": "CVE-2022-35706", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1258/advisory.json", "detail_path": "advisories/ZDI-22-1258", "id": "ZDI-22-1258", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1258/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17591", "zdi_id": "ZDI-22-1258" }, { "cve": "CVE-2022-35705", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1257/advisory.json", "detail_path": "advisories/ZDI-22-1257", "id": "ZDI-22-1257", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1257/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17380", "zdi_id": "ZDI-22-1257" }, { "cve": "CVE-2022-35709", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1256/advisory.json", "detail_path": "advisories/ZDI-22-1256", "id": "ZDI-22-1256", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1256/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17379", "zdi_id": "ZDI-22-1256" }, { "cve": "CVE-2022-35704", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1255/advisory.json", "detail_path": "advisories/ZDI-22-1255", "id": "ZDI-22-1255", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1255/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17378", "zdi_id": "ZDI-22-1255" }, { "cve": "CVE-2022-35702", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1254/advisory.json", "detail_path": "advisories/ZDI-22-1254", "id": "ZDI-22-1254", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1254/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17128", "zdi_id": "ZDI-22-1254" }, { "cve": "CVE-2022-35703", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1253/advisory.json", "detail_path": "advisories/ZDI-22-1253", "id": "ZDI-22-1253", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1253/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17127", "zdi_id": "ZDI-22-1253" }, { "cve": "CVE-2022-35700", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1252/advisory.json", "detail_path": "advisories/ZDI-22-1252", "id": "ZDI-22-1252", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1252/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17126", "zdi_id": "ZDI-22-1252" }, { "cve": "CVE-2022-35701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1251/advisory.json", "detail_path": "advisories/ZDI-22-1251", "id": "ZDI-22-1251", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1251/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17125", "zdi_id": "ZDI-22-1251" }, { "cve": "CVE-2022-35699", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1250/advisory.json", "detail_path": "advisories/ZDI-22-1250", "id": "ZDI-22-1250", "kind": "published", "published_date": "2022-09-19", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1250/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17062", "zdi_id": "ZDI-22-1250" }, { "cve": "CVE-2022-39156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1249/advisory.json", "detail_path": "advisories/ZDI-22-1249", "id": "ZDI-22-1249", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1249/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-18196", "zdi_id": "ZDI-22-1249" }, { "cve": "CVE-2022-39155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1248/advisory.json", "detail_path": "advisories/ZDI-22-1248", "id": "ZDI-22-1248", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1248/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-18192", "zdi_id": "ZDI-22-1248" }, { "cve": "CVE-2022-39154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1247/advisory.json", "detail_path": "advisories/ZDI-22-1247", "id": "ZDI-22-1247", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1247/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-18188", "zdi_id": "ZDI-22-1247" }, { "cve": "CVE-2022-39153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1246/advisory.json", "detail_path": "advisories/ZDI-22-1246", "id": "ZDI-22-1246", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1246/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-18187", "zdi_id": "ZDI-22-1246" }, { "cve": "CVE-2022-39152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1245/advisory.json", "detail_path": "advisories/ZDI-22-1245", "id": "ZDI-22-1245", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1245/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17740", "zdi_id": "ZDI-22-1245" }, { "cve": "CVE-2022-39151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1244/advisory.json", "detail_path": "advisories/ZDI-22-1244", "id": "ZDI-22-1244", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1244/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17736", "zdi_id": "ZDI-22-1244" }, { "cve": "CVE-2022-39150", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1243/advisory.json", "detail_path": "advisories/ZDI-22-1243", "id": "ZDI-22-1243", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1243/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17735", "zdi_id": "ZDI-22-1243" }, { "cve": "CVE-2022-39149", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1242/advisory.json", "detail_path": "advisories/ZDI-22-1242", "id": "ZDI-22-1242", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1242/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17733", "zdi_id": "ZDI-22-1242" }, { "cve": "CVE-2022-39148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1241/advisory.json", "detail_path": "advisories/ZDI-22-1241", "id": "ZDI-22-1241", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1241/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17513", "zdi_id": "ZDI-22-1241" }, { "cve": "CVE-2022-39147", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1240/advisory.json", "detail_path": "advisories/ZDI-22-1240", "id": "ZDI-22-1240", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1240/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17506", "zdi_id": "ZDI-22-1240" }, { "cve": "CVE-2022-39146", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1239/advisory.json", "detail_path": "advisories/ZDI-22-1239", "id": "ZDI-22-1239", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1239/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17502", "zdi_id": "ZDI-22-1239" }, { "cve": "CVE-2022-39145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1238/advisory.json", "detail_path": "advisories/ZDI-22-1238", "id": "ZDI-22-1238", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1238/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17496", "zdi_id": "ZDI-22-1238" }, { "cve": "CVE-2022-39144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1237/advisory.json", "detail_path": "advisories/ZDI-22-1237", "id": "ZDI-22-1237", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1237/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17494", "zdi_id": "ZDI-22-1237" }, { "cve": "CVE-2022-39143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1236/advisory.json", "detail_path": "advisories/ZDI-22-1236", "id": "ZDI-22-1236", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1236/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17493", "zdi_id": "ZDI-22-1236" }, { "cve": "CVE-2022-39142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1235/advisory.json", "detail_path": "advisories/ZDI-22-1235", "id": "ZDI-22-1235", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1235/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17485", "zdi_id": "ZDI-22-1235" }, { "cve": "CVE-2022-39141", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1234/advisory.json", "detail_path": "advisories/ZDI-22-1234", "id": "ZDI-22-1234", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1234/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17296", "zdi_id": "ZDI-22-1234" }, { "cve": "CVE-2022-39140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1233/advisory.json", "detail_path": "advisories/ZDI-22-1233", "id": "ZDI-22-1233", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1233/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17292", "zdi_id": "ZDI-22-1233" }, { "cve": "CVE-2022-39139", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1232/advisory.json", "detail_path": "advisories/ZDI-22-1232", "id": "ZDI-22-1232", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1232/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17289", "zdi_id": "ZDI-22-1232" }, { "cve": "CVE-2022-39138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1231/advisory.json", "detail_path": "advisories/ZDI-22-1231", "id": "ZDI-22-1231", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1231/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17284", "zdi_id": "ZDI-22-1231" }, { "cve": "CVE-2022-39137", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1230/advisory.json", "detail_path": "advisories/ZDI-22-1230", "id": "ZDI-22-1230", "kind": "published", "published_date": "2022-09-16", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1230/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17276", "zdi_id": "ZDI-22-1230" }, { "cve": "CVE-2022-38415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1229/advisory.json", "detail_path": "advisories/ZDI-22-1229", "id": "ZDI-22-1229", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1229/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17617", "zdi_id": "ZDI-22-1229" }, { "cve": "CVE-2022-38414", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1228/advisory.json", "detail_path": "advisories/ZDI-22-1228", "id": "ZDI-22-1228", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1228/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17616", "zdi_id": "ZDI-22-1228" }, { "cve": "CVE-2022-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1227/advisory.json", "detail_path": "advisories/ZDI-22-1227", "id": "ZDI-22-1227", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1227/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17615", "zdi_id": "ZDI-22-1227" }, { "cve": "CVE-2022-38417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1226/advisory.json", "detail_path": "advisories/ZDI-22-1226", "id": "ZDI-22-1226", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1226/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17614", "zdi_id": "ZDI-22-1226" }, { "cve": "CVE-2022-38416", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1225/advisory.json", "detail_path": "advisories/ZDI-22-1225", "id": "ZDI-22-1225", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1225/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17613", "zdi_id": "ZDI-22-1225" }, { "cve": "CVE-2022-40720", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the...", "detail_json": "/data/advisories/ZDI-22-1224/advisory.json", "detail_path": "advisories/ZDI-22-1224", "id": "ZDI-22-1224", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1224/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15935", "zdi_id": "ZDI-22-1224" }, { "cve": "CVE-2022-40719", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugi...", "detail_json": "/data/advisories/ZDI-22-1223/advisory.json", "detail_path": "advisories/ZDI-22-1223", "id": "ZDI-22-1223", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "D-Link DIR-2150 xupnpd_generic Plugin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1223/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15906", "zdi_id": "ZDI-22-1223" }, { "cve": "CVE-2022-3210", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which li...", "detail_json": "/data/advisories/ZDI-22-1222/advisory.json", "detail_path": "advisories/ZDI-22-1222", "id": "ZDI-22-1222", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "D-Link DIR-2150 xupnpd ui_upload Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1222/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15905", "zdi_id": "ZDI-22-1222" }, { "cve": "CVE-2022-40718", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80...", "detail_json": "/data/advisories/ZDI-22-1221/advisory.json", "detail_path": "advisories/ZDI-22-1221", "id": "ZDI-22-1221", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "D-Link DIR-2150 anweb websocket_data_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1221/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15728", "zdi_id": "ZDI-22-1221" }, { "cve": "CVE-2022-40717", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80...", "detail_json": "/data/advisories/ZDI-22-1220/advisory.json", "detail_path": "advisories/ZDI-22-1220", "id": "ZDI-22-1220", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1220/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15727", "zdi_id": "ZDI-22-1220" }, { "cve": "CVE-2022-40663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1219/advisory.json", "detail_path": "advisories/ZDI-22-1219", "id": "ZDI-22-1219", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1219/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15697", "zdi_id": "ZDI-22-1219" }, { "cve": "CVE-2022-40662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1218/advisory.json", "detail_path": "advisories/ZDI-22-1218", "id": "ZDI-22-1218", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1218/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15351", "zdi_id": "ZDI-22-1218" }, { "cve": "CVE-2022-40661", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1217/advisory.json", "detail_path": "advisories/ZDI-22-1217", "id": "ZDI-22-1217", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1217/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15134", "zdi_id": "ZDI-22-1217" }, { "cve": "CVE-2022-40660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1216/advisory.json", "detail_path": "advisories/ZDI-22-1216", "id": "ZDI-22-1216", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1216/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15135", "zdi_id": "ZDI-22-1216" }, { "cve": "CVE-2022-40659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1215/advisory.json", "detail_path": "advisories/ZDI-22-1215", "id": "ZDI-22-1215", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1215/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15214", "zdi_id": "ZDI-22-1215" }, { "cve": "CVE-2022-40658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1214/advisory.json", "detail_path": "advisories/ZDI-22-1214", "id": "ZDI-22-1214", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1214/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15166", "zdi_id": "ZDI-22-1214" }, { "cve": "CVE-2022-40657", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1213/advisory.json", "detail_path": "advisories/ZDI-22-1213", "id": "ZDI-22-1213", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1213/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15073", "zdi_id": "ZDI-22-1213" }, { "cve": "CVE-2022-40656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1212/advisory.json", "detail_path": "advisories/ZDI-22-1212", "id": "ZDI-22-1212", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer ND2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1212/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15072", "zdi_id": "ZDI-22-1212" }, { "cve": "CVE-2022-40655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1211/advisory.json", "detail_path": "advisories/ZDI-22-1211", "id": "ZDI-22-1211", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) NIKON NIS-Elements Viewer ND2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1211/", "vendor": "NIKON", "vendor_url": null, "zdi_can": "ZDI-CAN-15071", "zdi_id": "ZDI-22-1211" }, { "cve": "CVE-2022-40654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1210/advisory.json", "detail_path": "advisories/ZDI-22-1210", "id": "ZDI-22-1210", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1210/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-18351", "zdi_id": "ZDI-22-1210" }, { "cve": "CVE-2022-40653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1209/advisory.json", "detail_path": "advisories/ZDI-22-1209", "id": "ZDI-22-1209", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1209/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-18349", "zdi_id": "ZDI-22-1209" }, { "cve": "CVE-2022-40652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1208/advisory.json", "detail_path": "advisories/ZDI-22-1208", "id": "ZDI-22-1208", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1208/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17846", "zdi_id": "ZDI-22-1208" }, { "cve": "CVE-2022-40651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1207/advisory.json", "detail_path": "advisories/ZDI-22-1207", "id": "ZDI-22-1207", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1207/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17844", "zdi_id": "ZDI-22-1207" }, { "cve": "CVE-2022-40650", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1206/advisory.json", "detail_path": "advisories/ZDI-22-1206", "id": "ZDI-22-1206", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1206/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17838", "zdi_id": "ZDI-22-1206" }, { "cve": "CVE-2022-40649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1205/advisory.json", "detail_path": "advisories/ZDI-22-1205", "id": "ZDI-22-1205", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1205/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17565", "zdi_id": "ZDI-22-1205" }, { "cve": "CVE-2022-40648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1204/advisory.json", "detail_path": "advisories/ZDI-22-1204", "id": "ZDI-22-1204", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1204/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17563", "zdi_id": "ZDI-22-1204" }, { "cve": "CVE-2022-40647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1203/advisory.json", "detail_path": "advisories/ZDI-22-1203", "id": "ZDI-22-1203", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1203/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17558", "zdi_id": "ZDI-22-1203" }, { "cve": "CVE-2022-40646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1202/advisory.json", "detail_path": "advisories/ZDI-22-1202", "id": "ZDI-22-1202", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1202/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17541", "zdi_id": "ZDI-22-1202" }, { "cve": "CVE-2022-40645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1201/advisory.json", "detail_path": "advisories/ZDI-22-1201", "id": "ZDI-22-1201", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1201/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17540", "zdi_id": "ZDI-22-1201" }, { "cve": "CVE-2022-40644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1200/advisory.json", "detail_path": "advisories/ZDI-22-1200", "id": "ZDI-22-1200", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1200/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17408", "zdi_id": "ZDI-22-1200" }, { "cve": "CVE-2022-40643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1199/advisory.json", "detail_path": "advisories/ZDI-22-1199", "id": "ZDI-22-1199", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1199/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17407", "zdi_id": "ZDI-22-1199" }, { "cve": "CVE-2022-40642", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1198/advisory.json", "detail_path": "advisories/ZDI-22-1198", "id": "ZDI-22-1198", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1198/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17318", "zdi_id": "ZDI-22-1198" }, { "cve": "CVE-2022-40641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1197/advisory.json", "detail_path": "advisories/ZDI-22-1197", "id": "ZDI-22-1197", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1197/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17317", "zdi_id": "ZDI-22-1197" }, { "cve": "CVE-2022-40640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1196/advisory.json", "detail_path": "advisories/ZDI-22-1196", "id": "ZDI-22-1196", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1196/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17308", "zdi_id": "ZDI-22-1196" }, { "cve": "CVE-2022-40639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1195/advisory.json", "detail_path": "advisories/ZDI-22-1195", "id": "ZDI-22-1195", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1195/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17207", "zdi_id": "ZDI-22-1195" }, { "cve": "CVE-2022-40638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1194/advisory.json", "detail_path": "advisories/ZDI-22-1194", "id": "ZDI-22-1194", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim X_B File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1194/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17102", "zdi_id": "ZDI-22-1194" }, { "cve": "CVE-2022-40637", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1193/advisory.json", "detail_path": "advisories/ZDI-22-1193", "id": "ZDI-22-1193", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1193/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17045", "zdi_id": "ZDI-22-1193" }, { "cve": "CVE-2022-40636", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1192/advisory.json", "detail_path": "advisories/ZDI-22-1192", "id": "ZDI-22-1192", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "(0Day) Ansys SpaceClaim JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2023-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1192/", "vendor": "Ansys", "vendor_url": null, "zdi_can": "ZDI-CAN-17044", "zdi_id": "ZDI-22-1192" }, { "cve": "CVE-2022-40143", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-1191/advisory.json", "detail_path": "advisories/ZDI-22-1191", "id": "ZDI-22-1191", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1191/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16435", "zdi_id": "ZDI-22-1191" }, { "cve": "CVE-2022-40142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1190/advisory.json", "detail_path": "advisories/ZDI-22-1190", "id": "ZDI-22-1190", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1190/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16691", "zdi_id": "ZDI-22-1190" }, { "cve": "CVE-2022-40140", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...", "detail_json": "/data/advisories/ZDI-22-1189/advisory.json", "detail_path": "advisories/ZDI-22-1189", "id": "ZDI-22-1189", "kind": "published", "published_date": "2022-09-14", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1189/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16314", "zdi_id": "ZDI-22-1189" }, { "cve": "CVE-2022-3093", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-22-1188/advisory.json", "detail_path": "advisories/ZDI-22-1188", "id": "ZDI-22-1188", "kind": "published", "published_date": "2022-09-08", "status": "published", "title": "(Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1188/", "vendor": "Tesla", "vendor_url": null, "zdi_can": "ZDI-CAN-17463", "zdi_id": "ZDI-22-1188" }, { "cve": "CVE-2022-32292", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the received_data method. Crafted data in a HTTP...", "detail_json": "/data/advisories/ZDI-22-1187/advisory.json", "detail_path": "advisories/ZDI-22-1187", "id": "ZDI-22-1187", "kind": "published", "published_date": "2022-09-08", "status": "published", "title": "(Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1187/", "vendor": "ConnMan", "vendor_url": null, "zdi_can": "ZDI-CAN-17448", "zdi_id": "ZDI-22-1187" }, { "cve": "CVE-2022-32293", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wispr_portal_web_result method. The issue re...", "detail_json": "/data/advisories/ZDI-22-1186/advisory.json", "detail_path": "advisories/ZDI-22-1186", "id": "ZDI-22-1186", "kind": "published", "published_date": "2022-09-08", "status": "published", "title": "(Pwn2Own) ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1186/", "vendor": "ConnMan", "vendor_url": null, "zdi_can": "ZDI-CAN-17447", "zdi_id": "ZDI-22-1186" }, { "cve": "CVE-2022-34691", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the iss...", "detail_json": "/data/advisories/ZDI-22-1185/advisory.json", "detail_path": "advisories/ZDI-22-1185", "id": "ZDI-22-1185", "kind": "published", "published_date": "2022-09-06", "status": "published", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16214", "zdi_id": "ZDI-22-1185" }, { "cve": "CVE-2022-37024", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The issu...", "detail_json": "/data/advisories/ZDI-22-1184/advisory.json", "detail_path": "advisories/ZDI-22-1184", "id": "ZDI-22-1184", "kind": "published", "published_date": "2022-09-05", "status": "published", "title": "ManageEngine OpManager Plus getDNSResolveOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1184/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-17695", "zdi_id": "ZDI-22-1184" }, { "cve": "CVE-2022-37024", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The is...", "detail_json": "/data/advisories/ZDI-22-1183/advisory.json", "detail_path": "advisories/ZDI-22-1183", "id": "ZDI-22-1183", "kind": "published", "published_date": "2022-09-01", "status": "published", "title": "ManageEngine NetFlow Analyzer getDNSResolveOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1183/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-17697", "zdi_id": "ZDI-22-1183" }, { "cve": "CVE-2022-38772", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The issue re...", "detail_json": "/data/advisories/ZDI-22-1182/advisory.json", "detail_path": "advisories/ZDI-22-1182", "id": "ZDI-22-1182", "kind": "published", "published_date": "2022-09-01", "status": "published", "title": "ManageEngine OpManager getNmapInitialOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1182/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18090", "zdi_id": "ZDI-22-1182" }, { "cve": "CVE-2022-38772", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The iss...", "detail_json": "/data/advisories/ZDI-22-1181/advisory.json", "detail_path": "advisories/ZDI-22-1181", "id": "ZDI-22-1181", "kind": "published", "published_date": "2022-09-01", "status": "published", "title": "ManageEngine OpManager Plus getNmapInitialOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1181/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18091", "zdi_id": "ZDI-22-1181" }, { "cve": "CVE-2022-38772", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The i...", "detail_json": "/data/advisories/ZDI-22-1180/advisory.json", "detail_path": "advisories/ZDI-22-1180", "id": "ZDI-22-1180", "kind": "published", "published_date": "2022-09-01", "status": "published", "title": "ManageEngine NetFlow Analyzer getNmapInitialOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1180/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18092", "zdi_id": "ZDI-22-1180" }, { "cve": "CVE-2022-37024", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The issue res...", "detail_json": "/data/advisories/ZDI-22-1179/advisory.json", "detail_path": "advisories/ZDI-22-1179", "id": "ZDI-22-1179", "kind": "published", "published_date": "2022-09-01", "status": "published", "title": "ManageEngine OpManager getDNSResolveOption Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1179/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-17696", "zdi_id": "ZDI-22-1179" }, { "cve": "CVE-2022-38764", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-22-1178/advisory.json", "detail_path": "advisories/ZDI-22-1178", "id": "ZDI-22-1178", "kind": "published", "published_date": "2022-08-31", "status": "published", "title": "Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1178/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16829", "zdi_id": "ZDI-22-1178" }, { "cve": "CVE-2022-37348", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-22-1177/advisory.json", "detail_path": "advisories/ZDI-22-1177", "id": "ZDI-22-1177", "kind": "published", "published_date": "2022-08-31", "status": "published", "title": "Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16606", "zdi_id": "ZDI-22-1177" }, { "cve": "CVE-2022-37347", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-22-1176/advisory.json", "detail_path": "advisories/ZDI-22-1176", "id": "ZDI-22-1176", "kind": "published", "published_date": "2022-08-31", "status": "published", "title": "Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1176/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16605", "zdi_id": "ZDI-22-1176" }, { "cve": "CVE-2022-34893", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-1175/advisory.json", "detail_path": "advisories/ZDI-22-1175", "id": "ZDI-22-1175", "kind": "published", "published_date": "2022-08-31", "status": "published", "title": "Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1175/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14557", "zdi_id": "ZDI-22-1175" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1174/advisory.json", "detail_path": "advisories/ZDI-22-1174", "id": "ZDI-22-1174", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1174/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16362", "zdi_id": "ZDI-22-1174" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1173/advisory.json", "detail_path": "advisories/ZDI-22-1173", "id": "ZDI-22-1173", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1173/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16361", "zdi_id": "ZDI-22-1173" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1172/advisory.json", "detail_path": "advisories/ZDI-22-1172", "id": "ZDI-22-1172", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1172/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16360", "zdi_id": "ZDI-22-1172" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1171/advisory.json", "detail_path": "advisories/ZDI-22-1171", "id": "ZDI-22-1171", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1171/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16358", "zdi_id": "ZDI-22-1171" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1170/advisory.json", "detail_path": "advisories/ZDI-22-1170", "id": "ZDI-22-1170", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1170/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16304", "zdi_id": "ZDI-22-1170" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1169/advisory.json", "detail_path": "advisories/ZDI-22-1169", "id": "ZDI-22-1169", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1169/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16296", "zdi_id": "ZDI-22-1169" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1168/advisory.json", "detail_path": "advisories/ZDI-22-1168", "id": "ZDI-22-1168", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1168/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16271", "zdi_id": "ZDI-22-1168" }, { "cve": "CVE-2022-2866", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1167/advisory.json", "detail_path": "advisories/ZDI-22-1167", "id": "ZDI-22-1167", "kind": "published", "published_date": "2022-08-25", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1167/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16270", "zdi_id": "ZDI-22-1167" }, { "cve": "CVE-2022-2660", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of requests t...", "detail_json": "/data/advisories/ZDI-22-1166/advisory.json", "detail_path": "advisories/ZDI-22-1166", "id": "ZDI-22-1166", "kind": "published", "published_date": "2022-08-24", "status": "published", "title": "Delta Industrial Automation DIALink Hardcoded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1166/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-16889", "zdi_id": "ZDI-22-1166" }, { "cve": "CVE-2022-2959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1165/advisory.json", "detail_path": "advisories/ZDI-22-1165", "id": "ZDI-22-1165", "kind": "published", "published_date": "2022-08-24", "status": "published", "title": "Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17291", "zdi_id": "ZDI-22-1165" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1164/advisory.json", "detail_path": "advisories/ZDI-22-1164", "id": "ZDI-22-1164", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(0Day) Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1164/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-16212", "zdi_id": "ZDI-22-1164" }, { "cve": "CVE-2022-33320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1163/advisory.json", "detail_path": "advisories/ZDI-22-1163", "id": "ZDI-22-1163", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "ICONICS GENESIS64 PKGX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1163/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17361", "zdi_id": "ZDI-22-1163" }, { "cve": "CVE-2022-33317", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1162/advisory.json", "detail_path": "advisories/ZDI-22-1162", "id": "ZDI-22-1162", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "ICONICS GENESIS64 GDFX File Parsing Path Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1162/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17360", "zdi_id": "ZDI-22-1162" }, { "cve": "CVE-2022-2336", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user...", "detail_json": "/data/advisories/ZDI-22-1161/advisory.json", "detail_path": "advisories/ZDI-22-1161", "id": "ZDI-22-1161", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server Use of Default Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1161/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17056", "zdi_id": "ZDI-22-1161" }, { "cve": "CVE-2022-2335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-22-1160/advisory.json", "detail_path": "advisories/ZDI-22-1160", "id": "ZDI-22-1160", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Softing Secure Integration Server Content-Length Integer Underflow Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1160/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17058", "zdi_id": "ZDI-22-1160" }, { "cve": "CVE-2022-1069", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-22-1159/advisory.json", "detail_path": "advisories/ZDI-22-1159", "id": "ZDI-22-1159", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Softing Secure Integration Server Content-Length Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1159/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17060", "zdi_id": "ZDI-22-1159" }, { "cve": "CVE-2022-2547", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-22-1158/advisory.json", "detail_path": "advisories/ZDI-22-1158", "id": "ZDI-22-1158", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Softing Secure Integration Server Content-Type NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1158/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17059", "zdi_id": "ZDI-22-1158" }, { "cve": "CVE-2022-2337", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...", "detail_json": "/data/advisories/ZDI-22-1157/advisory.json", "detail_path": "advisories/ZDI-22-1157", "id": "ZDI-22-1157", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Softing Secure Integration Server URI NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1157/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17057", "zdi_id": "ZDI-22-1157" }, { "cve": "CVE-2022-1373", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-1156/advisory.json", "detail_path": "advisories/ZDI-22-1156", "id": "ZDI-22-1156", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server UnZipFolder Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1156/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17255", "zdi_id": "ZDI-22-1156" }, { "cve": "CVE-2022-2338", "cvss": 5.7, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing Secure Integration Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of administr...", "detail_json": "/data/advisories/ZDI-22-1155/advisory.json", "detail_path": "advisories/ZDI-22-1155", "id": "ZDI-22-1155", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1155/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17214", "zdi_id": "ZDI-22-1155" }, { "cve": "CVE-2022-2334", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1154/advisory.json", "detail_path": "advisories/ZDI-22-1154", "id": "ZDI-22-1154", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server wbemcomn Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1154/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-17234", "zdi_id": "ZDI-22-1154" }, { "cve": "CVE-2022-1748", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the the handling o...", "detail_json": "/data/advisories/ZDI-22-1153/advisory.json", "detail_path": "advisories/ZDI-22-1153", "id": "ZDI-22-1153", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) Softing Secure Integration Server OPC UA Messages NULL Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1153/", "vendor": "Softing", "vendor_url": null, "zdi_can": "ZDI-CAN-16442", "zdi_id": "ZDI-22-1153" }, { "cve": "CVE-2022-39422", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-1152/advisory.json", "detail_path": "advisories/ZDI-22-1152", "id": "ZDI-22-1152", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(0Day) (Pwn2Own) Oracle VirtualBox IEM PGMPhysRead Out-Of-Bounds Write Local Privilege Escalation Vulnerability", "updated_date": "2022-10-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1152/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17468", "zdi_id": "ZDI-22-1152" }, { "cve": "CVE-2022-39423", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1151/advisory.json", "detail_path": "advisories/ZDI-22-1151", "id": "ZDI-22-1151", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(0Day) (Pwn2Own) Oracle VirtualBox SLIRP sosendoob Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-10-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1151/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-17431", "zdi_id": "ZDI-22-1151" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1150/advisory.json", "detail_path": "advisories/ZDI-22-1150", "id": "ZDI-22-1150", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Omron CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1150/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-15341", "zdi_id": "ZDI-22-1150" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1149/advisory.json", "detail_path": "advisories/ZDI-22-1149", "id": "ZDI-22-1149", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1149/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16433", "zdi_id": "ZDI-22-1149" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1148/advisory.json", "detail_path": "advisories/ZDI-22-1148", "id": "ZDI-22-1148", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1148/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16426", "zdi_id": "ZDI-22-1148" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1147/advisory.json", "detail_path": "advisories/ZDI-22-1147", "id": "ZDI-22-1147", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1147/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16422", "zdi_id": "ZDI-22-1147" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1146/advisory.json", "detail_path": "advisories/ZDI-22-1146", "id": "ZDI-22-1146", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1146/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16417", "zdi_id": "ZDI-22-1146" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1145/advisory.json", "detail_path": "advisories/ZDI-22-1145", "id": "ZDI-22-1145", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1145/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16403", "zdi_id": "ZDI-22-1145" }, { "cve": "CVE-2022-2897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-1144/advisory.json", "detail_path": "advisories/ZDI-22-1144", "id": "ZDI-22-1144", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1144/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16402", "zdi_id": "ZDI-22-1144" }, { "cve": "CVE-2022-2896", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1143/advisory.json", "detail_path": "advisories/ZDI-22-1143", "id": "ZDI-22-1143", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1143/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16263", "zdi_id": "ZDI-22-1143" }, { "cve": "CVE-2022-2895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1142/advisory.json", "detail_path": "advisories/ZDI-22-1142", "id": "ZDI-22-1142", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1142/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16262", "zdi_id": "ZDI-22-1142" }, { "cve": "CVE-2022-2895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1141/advisory.json", "detail_path": "advisories/ZDI-22-1141", "id": "ZDI-22-1141", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1141/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16244", "zdi_id": "ZDI-22-1141" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1140/advisory.json", "detail_path": "advisories/ZDI-22-1140", "id": "ZDI-22-1140", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1140/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16261", "zdi_id": "ZDI-22-1140" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1139/advisory.json", "detail_path": "advisories/ZDI-22-1139", "id": "ZDI-22-1139", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1139/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16243", "zdi_id": "ZDI-22-1139" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1138/advisory.json", "detail_path": "advisories/ZDI-22-1138", "id": "ZDI-22-1138", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1138/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16236", "zdi_id": "ZDI-22-1138" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1137/advisory.json", "detail_path": "advisories/ZDI-22-1137", "id": "ZDI-22-1137", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1137/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16234", "zdi_id": "ZDI-22-1137" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1136/advisory.json", "detail_path": "advisories/ZDI-22-1136", "id": "ZDI-22-1136", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1136/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16233", "zdi_id": "ZDI-22-1136" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1135/advisory.json", "detail_path": "advisories/ZDI-22-1135", "id": "ZDI-22-1135", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1135/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16232", "zdi_id": "ZDI-22-1135" }, { "cve": "CVE-2022-2894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1134/advisory.json", "detail_path": "advisories/ZDI-22-1134", "id": "ZDI-22-1134", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1134/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16231", "zdi_id": "ZDI-22-1134" }, { "cve": "CVE-2022-2892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-1133/advisory.json", "detail_path": "advisories/ZDI-22-1133", "id": "ZDI-22-1133", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server ORM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1133/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16235", "zdi_id": "ZDI-22-1133" }, { "cve": "CVE-2022-2898", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Measuresoft ScadaPro Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-22-1132/advisory.json", "detail_path": "advisories/ZDI-22-1132", "id": "ZDI-22-1132", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Client Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1132/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16423", "zdi_id": "ZDI-22-1132" }, { "cve": "CVE-2022-2898", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-22-1131/advisory.json", "detail_path": "advisories/ZDI-22-1131", "id": "ZDI-22-1131", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Measuresoft ScadaPro Server Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1131/", "vendor": "Measuresoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16434", "zdi_id": "ZDI-22-1131" }, { "cve": "CVE-2022-32797", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-1130/advisory.json", "detail_path": "advisories/ZDI-22-1130", "id": "ZDI-22-1130", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "Apple macOS AppleScript TASUnparser_PrintObject Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1130/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17034", "zdi_id": "ZDI-22-1130" }, { "cve": "CVE-2022-36970", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1129/advisory.json", "detail_path": "advisories/ZDI-22-1129", "id": "ZDI-22-1129", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "AVEVA Edge APP File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1129/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-17370", "zdi_id": "ZDI-22-1129" }, { "cve": "CVE-2022-36969", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1128/advisory.json", "detail_path": "advisories/ZDI-22-1128", "id": "ZDI-22-1128", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "AVEVA Edge LoadImportedLibraries XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1128/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-17394", "zdi_id": "ZDI-22-1128" }, { "cve": "CVE-2022-28688", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1127/advisory.json", "detail_path": "advisories/ZDI-22-1127", "id": "ZDI-22-1127", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1127/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-17201", "zdi_id": "ZDI-22-1127" }, { "cve": "CVE-2022-28687", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1126/advisory.json", "detail_path": "advisories/ZDI-22-1126", "id": "ZDI-22-1126", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1126/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-16257", "zdi_id": "ZDI-22-1126" }, { "cve": "CVE-2022-28686", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1125/advisory.json", "detail_path": "advisories/ZDI-22-1125", "id": "ZDI-22-1125", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1125/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-17114", "zdi_id": "ZDI-22-1125" }, { "cve": "CVE-2022-28685", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1124/advisory.json", "detail_path": "advisories/ZDI-22-1124", "id": "ZDI-22-1124", "kind": "published", "published_date": "2022-08-23", "status": "published", "title": "(Pwn2Own) AVEVA Edge SetBytesToManagedControl Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1124/", "vendor": "AVEVA", "vendor_url": null, "zdi_can": "ZDI-CAN-17212", "zdi_id": "ZDI-22-1124" }, { "cve": "CVE-2024-27834", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1123/advisory.json", "detail_path": "advisories/ZDI-22-1123", "id": "ZDI-22-1123", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Apple Safari Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-06-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1123/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-17417", "zdi_id": "ZDI-22-1123" }, { "cve": "CVE-2022-36923", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine OpManager Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue r...", "detail_json": "/data/advisories/ZDI-22-1122/advisory.json", "detail_path": "advisories/ZDI-22-1122", "id": "ZDI-22-1122", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "ManageEngine OpManager Plus getUserAPIKey Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1122/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18088", "zdi_id": "ZDI-22-1122" }, { "cve": "CVE-2022-36923", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue...", "detail_json": "/data/advisories/ZDI-22-1121/advisory.json", "detail_path": "advisories/ZDI-22-1121", "id": "ZDI-22-1121", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1121/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18089", "zdi_id": "ZDI-22-1121" }, { "cve": "CVE-2022-36923", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue result...", "detail_json": "/data/advisories/ZDI-22-1120/advisory.json", "detail_path": "advisories/ZDI-22-1120", "id": "ZDI-22-1120", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "ManageEngine OpManager getUserAPIKey Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1120/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-18087", "zdi_id": "ZDI-22-1120" }, { "cve": "CVE-2022-36923", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey functi...", "detail_json": "/data/advisories/ZDI-22-1119/advisory.json", "detail_path": "advisories/ZDI-22-1119", "id": "ZDI-22-1119", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "ManageEngine Network Configuration Manager getUserAPIKey Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1119/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-17698", "zdi_id": "ZDI-22-1119" }, { "cve": "CVE-2022-2586", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1118/advisory.json", "detail_path": "advisories/ZDI-22-1118", "id": "ZDI-22-1118", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Linux Kernel nft_object Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17470", "zdi_id": "ZDI-22-1118" }, { "cve": "CVE-2022-2588", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1117/advisory.json", "detail_path": "advisories/ZDI-22-1117", "id": "ZDI-22-1117", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1117/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17440", "zdi_id": "ZDI-22-1117" }, { "cve": "CVE-2022-35678", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1116/advisory.json", "detail_path": "advisories/ZDI-22-1116", "id": "ZDI-22-1116", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1116/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16989", "zdi_id": "ZDI-22-1116" }, { "cve": "CVE-2022-35671", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1115/advisory.json", "detail_path": "advisories/ZDI-22-1115", "id": "ZDI-22-1115", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1115/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16999", "zdi_id": "ZDI-22-1115" }, { "cve": "CVE-2022-35675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1114/advisory.json", "detail_path": "advisories/ZDI-22-1114", "id": "ZDI-22-1114", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1114/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17622", "zdi_id": "ZDI-22-1114" }, { "cve": "CVE-2022-35674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1113/advisory.json", "detail_path": "advisories/ZDI-22-1113", "id": "ZDI-22-1113", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1113/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17623", "zdi_id": "ZDI-22-1113" }, { "cve": "CVE-2022-35667", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1112/advisory.json", "detail_path": "advisories/ZDI-22-1112", "id": "ZDI-22-1112", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1112/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17377", "zdi_id": "ZDI-22-1112" }, { "cve": "CVE-2022-35673", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1111/advisory.json", "detail_path": "advisories/ZDI-22-1111", "id": "ZDI-22-1111", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1111/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17624", "zdi_id": "ZDI-22-1111" }, { "cve": "CVE-2022-35676", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1110/advisory.json", "detail_path": "advisories/ZDI-22-1110", "id": "ZDI-22-1110", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17625", "zdi_id": "ZDI-22-1110" }, { "cve": "CVE-2022-35677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1109/advisory.json", "detail_path": "advisories/ZDI-22-1109", "id": "ZDI-22-1109", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1109/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17626", "zdi_id": "ZDI-22-1109" }, { "cve": "CVE-2022-34263", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1108/advisory.json", "detail_path": "advisories/ZDI-22-1108", "id": "ZDI-22-1108", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1108/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17080", "zdi_id": "ZDI-22-1108" }, { "cve": "CVE-2022-34262", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1107/advisory.json", "detail_path": "advisories/ZDI-22-1107", "id": "ZDI-22-1107", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1107/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17074", "zdi_id": "ZDI-22-1107" }, { "cve": "CVE-2022-34264", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1106/advisory.json", "detail_path": "advisories/ZDI-22-1106", "id": "ZDI-22-1106", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1106/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17073", "zdi_id": "ZDI-22-1106" }, { "cve": "CVE-2022-34261", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-1105/advisory.json", "detail_path": "advisories/ZDI-22-1105", "id": "ZDI-22-1105", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1105/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17071", "zdi_id": "ZDI-22-1105" }, { "cve": "CVE-2022-34260", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1104/advisory.json", "detail_path": "advisories/ZDI-22-1104", "id": "ZDI-22-1104", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1104/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17066", "zdi_id": "ZDI-22-1104" }, { "cve": "CVE-2022-37375", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1103/advisory.json", "detail_path": "advisories/ZDI-22-1103", "id": "ZDI-22-1103", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1103/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18069", "zdi_id": "ZDI-22-1103" }, { "cve": "CVE-2022-37374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1102/advisory.json", "detail_path": "advisories/ZDI-22-1102", "id": "ZDI-22-1102", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PNG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1102/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-18068", "zdi_id": "ZDI-22-1102" }, { "cve": "CVE-2022-37373", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1101/advisory.json", "detail_path": "advisories/ZDI-22-1101", "id": "ZDI-22-1101", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1101/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17810", "zdi_id": "ZDI-22-1101" }, { "cve": "CVE-2022-37372", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1100/advisory.json", "detail_path": "advisories/ZDI-22-1100", "id": "ZDI-22-1100", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1100/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17809", "zdi_id": "ZDI-22-1100" }, { "cve": "CVE-2022-37371", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1099/advisory.json", "detail_path": "advisories/ZDI-22-1099", "id": "ZDI-22-1099", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1099/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17772", "zdi_id": "ZDI-22-1099" }, { "cve": "CVE-2022-37370", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1098/advisory.json", "detail_path": "advisories/ZDI-22-1098", "id": "ZDI-22-1098", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1098/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17725", "zdi_id": "ZDI-22-1098" }, { "cve": "CVE-2022-37369", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1097/advisory.json", "detail_path": "advisories/ZDI-22-1097", "id": "ZDI-22-1097", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1097/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17724", "zdi_id": "ZDI-22-1097" }, { "cve": "CVE-2022-37368", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1096/advisory.json", "detail_path": "advisories/ZDI-22-1096", "id": "ZDI-22-1096", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1096/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17728", "zdi_id": "ZDI-22-1096" }, { "cve": "CVE-2022-37367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1095/advisory.json", "detail_path": "advisories/ZDI-22-1095", "id": "ZDI-22-1095", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1095/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17726", "zdi_id": "ZDI-22-1095" }, { "cve": "CVE-2022-37366", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1094/advisory.json", "detail_path": "advisories/ZDI-22-1094", "id": "ZDI-22-1094", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1094/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17727", "zdi_id": "ZDI-22-1094" }, { "cve": "CVE-2022-37365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1093/advisory.json", "detail_path": "advisories/ZDI-22-1093", "id": "ZDI-22-1093", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor saveAs Exposed Dangerous Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1093/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17527", "zdi_id": "ZDI-22-1093" }, { "cve": "CVE-2022-37364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1092/advisory.json", "detail_path": "advisories/ZDI-22-1092", "id": "ZDI-22-1092", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1092/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17634", "zdi_id": "ZDI-22-1092" }, { "cve": "CVE-2022-37363", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1091/advisory.json", "detail_path": "advisories/ZDI-22-1091", "id": "ZDI-22-1091", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1091/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17673", "zdi_id": "ZDI-22-1091" }, { "cve": "CVE-2022-37362", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1090/advisory.json", "detail_path": "advisories/ZDI-22-1090", "id": "ZDI-22-1090", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1090/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17660", "zdi_id": "ZDI-22-1090" }, { "cve": "CVE-2022-37361", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1089/advisory.json", "detail_path": "advisories/ZDI-22-1089", "id": "ZDI-22-1089", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1089/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17674", "zdi_id": "ZDI-22-1089" }, { "cve": "CVE-2022-37360", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1088/advisory.json", "detail_path": "advisories/ZDI-22-1088", "id": "ZDI-22-1088", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1088/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17635", "zdi_id": "ZDI-22-1088" }, { "cve": "CVE-2022-37359", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1087/advisory.json", "detail_path": "advisories/ZDI-22-1087", "id": "ZDI-22-1087", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1087/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17633", "zdi_id": "ZDI-22-1087" }, { "cve": "CVE-2022-37358", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1086/advisory.json", "detail_path": "advisories/ZDI-22-1086", "id": "ZDI-22-1086", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1086/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17632", "zdi_id": "ZDI-22-1086" }, { "cve": "CVE-2022-37357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1085/advisory.json", "detail_path": "advisories/ZDI-22-1085", "id": "ZDI-22-1085", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor ICO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1085/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17631", "zdi_id": "ZDI-22-1085" }, { "cve": "CVE-2022-37356", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1084/advisory.json", "detail_path": "advisories/ZDI-22-1084", "id": "ZDI-22-1084", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1084/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17630", "zdi_id": "ZDI-22-1084" }, { "cve": "CVE-2022-37355", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1083/advisory.json", "detail_path": "advisories/ZDI-22-1083", "id": "ZDI-22-1083", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1083/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17629", "zdi_id": "ZDI-22-1083" }, { "cve": "CVE-2022-37354", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1082/advisory.json", "detail_path": "advisories/ZDI-22-1082", "id": "ZDI-22-1082", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1082/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17628", "zdi_id": "ZDI-22-1082" }, { "cve": "CVE-2022-37353", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1081/advisory.json", "detail_path": "advisories/ZDI-22-1081", "id": "ZDI-22-1081", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1081/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17637", "zdi_id": "ZDI-22-1081" }, { "cve": "CVE-2022-37352", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1080/advisory.json", "detail_path": "advisories/ZDI-22-1080", "id": "ZDI-22-1080", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor WMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1080/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17638", "zdi_id": "ZDI-22-1080" }, { "cve": "CVE-2022-37351", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-1079/advisory.json", "detail_path": "advisories/ZDI-22-1079", "id": "ZDI-22-1079", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1079/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17636", "zdi_id": "ZDI-22-1079" }, { "cve": "CVE-2022-37350", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1078/advisory.json", "detail_path": "advisories/ZDI-22-1078", "id": "ZDI-22-1078", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor Collab Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1078/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17144", "zdi_id": "ZDI-22-1078" }, { "cve": "CVE-2022-34699", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1077/advisory.json", "detail_path": "advisories/ZDI-22-1077", "id": "ZDI-22-1077", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kbase Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1077/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17444", "zdi_id": "ZDI-22-1077" }, { "cve": "CVE-2022-37349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-22-1076/advisory.json", "detail_path": "advisories/ZDI-22-1076", "id": "ZDI-22-1076", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "PDF-XChange Editor submitForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1076/", "vendor": "PDF-XChange", "vendor_url": null, "zdi_can": "ZDI-CAN-17142", "zdi_id": "ZDI-22-1076" }, { "cve": "CVE-2022-35750", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1075/advisory.json", "detail_path": "advisories/ZDI-22-1075", "id": "ZDI-22-1075", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Microsoft Windows win32kfull Bitmap Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17679", "zdi_id": "ZDI-22-1075" }, { "cve": "CVE-2022-35742", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Outlook. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MIME headers. Craf...", "detail_json": "/data/advisories/ZDI-22-1074/advisory.json", "detail_path": "advisories/ZDI-22-1074", "id": "ZDI-22-1074", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Microsoft Outlook MIME Header Heap Corruption Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1074/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17384", "zdi_id": "ZDI-22-1074" }, { "cve": "CVE-2022-30194", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1073/advisory.json", "detail_path": "advisories/ZDI-22-1073", "id": "ZDI-22-1073", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1073/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13069", "zdi_id": "ZDI-22-1073" }, { "cve": "CVE-2022-34703", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1072/advisory.json", "detail_path": "advisories/ZDI-22-1072", "id": "ZDI-22-1072", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows partmgr Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1072/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17396", "zdi_id": "ZDI-22-1072" }, { "cve": "CVE-2022-33670", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1071/advisory.json", "detail_path": "advisories/ZDI-22-1071", "id": "ZDI-22-1071", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows partmgr Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1071/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17426", "zdi_id": "ZDI-22-1071" }, { "cve": "CVE-2022-35751", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1070/advisory.json", "detail_path": "advisories/ZDI-22-1070", "id": "ZDI-22-1070", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows vhdmp Driver Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1070/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17429", "zdi_id": "ZDI-22-1070" }, { "cve": "CVE-2022-35750", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1069/advisory.json", "detail_path": "advisories/ZDI-22-1069", "id": "ZDI-22-1069", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows cdd Driver Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1069/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17441", "zdi_id": "ZDI-22-1069" }, { "cve": "CVE-2022-35820", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1068/advisory.json", "detail_path": "advisories/ZDI-22-1068", "id": "ZDI-22-1068", "kind": "published", "published_date": "2022-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows bthport Driver Improper Authorization Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1068/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17430", "zdi_id": "ZDI-22-1068" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-1067/advisory.json", "detail_path": "advisories/ZDI-22-1067", "id": "ZDI-22-1067", "kind": "published", "published_date": "2022-08-15", "status": "published", "title": "NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1067/", "vendor": "NetBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-14808", "zdi_id": "ZDI-22-1067" }, { "cve": "CVE-2022-26696", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-1066/advisory.json", "detail_path": "advisories/ZDI-22-1066", "id": "ZDI-22-1066", "kind": "published", "published_date": "2022-08-15", "status": "published", "title": "Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1066/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15588", "zdi_id": "ZDI-22-1066" }, { "cve": "CVE-2022-22630", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within Apple Remote Events. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-22-1065/advisory.json", "detail_path": "advisories/ZDI-22-1065", "id": "ZDI-22-1065", "kind": "published", "published_date": "2022-08-15", "status": "published", "title": "Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1065/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15191", "zdi_id": "ZDI-22-1065" }, { "cve": "CVE-2022-33916", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA Bro...", "detail_json": "/data/advisories/ZDI-22-1064/advisory.json", "detail_path": "advisories/ZDI-22-1064", "id": "ZDI-22-1064", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1064/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-17371", "zdi_id": "ZDI-22-1064" }, { "cve": "CVE-2022-37391", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1063/advisory.json", "detail_path": "advisories/ZDI-22-1063", "id": "ZDI-22-1063", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1063/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17661", "zdi_id": "ZDI-22-1063" }, { "cve": "CVE-2022-37390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1062/advisory.json", "detail_path": "advisories/ZDI-22-1062", "id": "ZDI-22-1062", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1062/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17551", "zdi_id": "ZDI-22-1062" }, { "cve": "CVE-2022-37389", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1061/advisory.json", "detail_path": "advisories/ZDI-22-1061", "id": "ZDI-22-1061", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1061/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17545", "zdi_id": "ZDI-22-1061" }, { "cve": "CVE-2022-37388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1060/advisory.json", "detail_path": "advisories/ZDI-22-1060", "id": "ZDI-22-1060", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1060/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17516", "zdi_id": "ZDI-22-1060" }, { "cve": "CVE-2022-37387", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1059/advisory.json", "detail_path": "advisories/ZDI-22-1059", "id": "ZDI-22-1059", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1059/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17552", "zdi_id": "ZDI-22-1059" }, { "cve": "CVE-2022-37386", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1058/advisory.json", "detail_path": "advisories/ZDI-22-1058", "id": "ZDI-22-1058", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AcroForm resetForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1058/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17550", "zdi_id": "ZDI-22-1058" }, { "cve": "CVE-2022-37385", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1057/advisory.json", "detail_path": "advisories/ZDI-22-1057", "id": "ZDI-22-1057", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1057/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17301", "zdi_id": "ZDI-22-1057" }, { "cve": "CVE-2022-37384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1056/advisory.json", "detail_path": "advisories/ZDI-22-1056", "id": "ZDI-22-1056", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader delay Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1056/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17327", "zdi_id": "ZDI-22-1056" }, { "cve": "CVE-2022-37383", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1055/advisory.json", "detail_path": "advisories/ZDI-22-1055", "id": "ZDI-22-1055", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1055/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17111", "zdi_id": "ZDI-22-1055" }, { "cve": "CVE-2022-37382", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1054/advisory.json", "detail_path": "advisories/ZDI-22-1054", "id": "ZDI-22-1054", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader removeIcon Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1054/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17383", "zdi_id": "ZDI-22-1054" }, { "cve": "CVE-2022-37381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1053/advisory.json", "detail_path": "advisories/ZDI-22-1053", "id": "ZDI-22-1053", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AFSpecial_KeystrokeEx Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2023-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1053/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17110", "zdi_id": "ZDI-22-1053" }, { "cve": "CVE-2022-37380", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1052/advisory.json", "detail_path": "advisories/ZDI-22-1052", "id": "ZDI-22-1052", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1052/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17169", "zdi_id": "ZDI-22-1052" }, { "cve": "CVE-2022-37379", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1051/advisory.json", "detail_path": "advisories/ZDI-22-1051", "id": "ZDI-22-1051", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Reader AFSpecial_KeystrokeEx Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1051/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17168", "zdi_id": "ZDI-22-1051" }, { "cve": "CVE-2022-37378", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1050/advisory.json", "detail_path": "advisories/ZDI-22-1050", "id": "ZDI-22-1050", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Editor JavaScript Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1050/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16867", "zdi_id": "ZDI-22-1050" }, { "cve": "CVE-2022-37377", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1049/advisory.json", "detail_path": "advisories/ZDI-22-1049", "id": "ZDI-22-1049", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Editor JavaScript Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1049/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16733", "zdi_id": "ZDI-22-1049" }, { "cve": "CVE-2022-37376", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1048/advisory.json", "detail_path": "advisories/ZDI-22-1048", "id": "ZDI-22-1048", "kind": "published", "published_date": "2022-08-05", "status": "published", "title": "Foxit PDF Editor JavaScript Array Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1048/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16599", "zdi_id": "ZDI-22-1048" }, { "cve": "CVE-2022-20827", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wfapp application. A crafted ser...", "detail_json": "/data/advisories/ZDI-22-1047/advisory.json", "detail_path": "advisories/ZDI-22-1047", "id": "ZDI-22-1047", "kind": "published", "published_date": "2022-08-04", "status": "published", "title": "Cisco RV340 wfapp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1047/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15984", "zdi_id": "ZDI-22-1047" }, { "cve": "CVE-2022-23774", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1046/advisory.json", "detail_path": "advisories/ZDI-22-1046", "id": "ZDI-22-1046", "kind": "published", "published_date": "2022-08-04", "status": "published", "title": "Docker Desktop Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1046/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-15361", "zdi_id": "ZDI-22-1046" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1045/advisory.json", "detail_path": "advisories/ZDI-22-1045", "id": "ZDI-22-1045", "kind": "published", "published_date": "2022-08-04", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1045/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16766", "zdi_id": "ZDI-22-1045" }, { "cve": "CVE-2022-33319", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64 GenBroker64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GenBroker64 service, whi...", "detail_json": "/data/advisories/ZDI-22-1044/advisory.json", "detail_path": "advisories/ZDI-22-1044", "id": "ZDI-22-1044", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "ICONICS GENESIS64 GenBroker64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1044/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17389", "zdi_id": "ZDI-22-1044" }, { "cve": "CVE-2022-33315", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1043/advisory.json", "detail_path": "advisories/ZDI-22-1043", "id": "ZDI-22-1043", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "ICONICS GENESIS64 GraphWorX64 TDFX File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1043/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-16253", "zdi_id": "ZDI-22-1043" }, { "cve": "CVE-2022-29834", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the colorpalletes endpoint. When parsing...", "detail_json": "/data/advisories/ZDI-22-1042/advisory.json", "detail_path": "advisories/ZDI-22-1042", "id": "ZDI-22-1042", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1042/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-16509", "zdi_id": "ZDI-22-1042" }, { "cve": "CVE-2022-33318", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GenBroker64 service. The issue results from...", "detail_json": "/data/advisories/ZDI-22-1041/advisory.json", "detail_path": "advisories/ZDI-22-1041", "id": "ZDI-22-1041", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "(Pwn2Own) ICONICS GENESIS64 genbroker64 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1041/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17200", "zdi_id": "ZDI-22-1041" }, { "cve": "CVE-2022-33316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1040/advisory.json", "detail_path": "advisories/ZDI-22-1040", "id": "ZDI-22-1040", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "(Pwn2Own) ICONICS GENESIS64 ColorPaletteEntry Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1040/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17215", "zdi_id": "ZDI-22-1040" }, { "cve": "CVE-2022-33317", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1039/advisory.json", "detail_path": "advisories/ZDI-22-1039", "id": "ZDI-22-1039", "kind": "published", "published_date": "2022-08-03", "status": "published", "title": "(Pwn2Own) ICONICS GENESIS64 TDFX File Parsing Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1039/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-17198", "zdi_id": "ZDI-22-1039" }, { "cve": "CVE-2022-24935", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. T...", "detail_json": "/data/advisories/ZDI-22-1038/advisory.json", "detail_path": "advisories/ZDI-22-1038", "id": "ZDI-22-1038", "kind": "published", "published_date": "2022-08-02", "status": "published", "title": "Lexmark MC3224i Firmware Downgrade Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1038/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15981", "zdi_id": "ZDI-22-1038" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-1037/advisory.json", "detail_path": "advisories/ZDI-22-1037", "id": "ZDI-22-1037", "kind": "published", "published_date": "2022-08-02", "status": "published", "title": "NetBSD Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1037/", "vendor": "NetBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-14809", "zdi_id": "ZDI-22-1037" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-1036/advisory.json", "detail_path": "advisories/ZDI-22-1036", "id": "ZDI-22-1036", "kind": "published", "published_date": "2022-08-02", "status": "published", "title": "NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2022-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1036/", "vendor": "NetBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-14807", "zdi_id": "ZDI-22-1036" }, { "cve": "CVE-2022-33882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk Desktop App. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-1035/advisory.json", "detail_path": "advisories/ZDI-22-1035", "id": "ZDI-22-1035", "kind": "published", "published_date": "2022-07-29", "status": "published", "title": "Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1035/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16887", "zdi_id": "ZDI-22-1035" }, { "cve": "CVE-2022-33882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk Desktop App. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-1034/advisory.json", "detail_path": "advisories/ZDI-22-1034", "id": "ZDI-22-1034", "kind": "published", "published_date": "2022-07-29", "status": "published", "title": "Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1034/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16882", "zdi_id": "ZDI-22-1034" }, { "cve": "CVE-2022-36336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-1033/advisory.json", "detail_path": "advisories/ZDI-22-1033", "id": "ZDI-22-1033", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16692", "zdi_id": "ZDI-22-1033" }, { "cve": "CVE-2022-2560", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue resu...", "detail_json": "/data/advisories/ZDI-22-1032/advisory.json", "detail_path": "advisories/ZDI-22-1032", "id": "ZDI-22-1032", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1032/", "vendor": "EnterpriseDT", "vendor_url": null, "zdi_can": "ZDI-CAN-17481", "zdi_id": "ZDI-22-1032" }, { "cve": "CVE-2022-2561", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-1031/advisory.json", "detail_path": "advisories/ZDI-22-1031", "id": "ZDI-22-1031", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1031/", "vendor": "OPC Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-16596", "zdi_id": "ZDI-22-1031" }, { "cve": "CVE-2022-37012", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_...", "detail_json": "/data/advisories/ZDI-22-1030/advisory.json", "detail_path": "advisories/ZDI-22-1030", "id": "ZDI-22-1030", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "(Pwn2Own) Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability", "updated_date": "2022-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1030/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16927", "zdi_id": "ZDI-22-1030" }, { "cve": "CVE-2022-37013", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handli...", "detail_json": "/data/advisories/ZDI-22-1029/advisory.json", "detail_path": "advisories/ZDI-22-1029", "id": "ZDI-22-1029", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "(Pwn2Own) Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability", "updated_date": "2022-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1029/", "vendor": "Unified Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17203", "zdi_id": "ZDI-22-1029" }, { "cve": "CVE-2022-35672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1028/advisory.json", "detail_path": "advisories/ZDI-22-1028", "id": "ZDI-22-1028", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1028/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16967", "zdi_id": "ZDI-22-1028" }, { "cve": "CVE-2022-35669", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-1027/advisory.json", "detail_path": "advisories/ZDI-22-1027", "id": "ZDI-22-1027", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1027/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16961", "zdi_id": "ZDI-22-1027" }, { "cve": "CVE-2022-21550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-1026/advisory.json", "detail_path": "advisories/ZDI-22-1026", "id": "ZDI-22-1026", "kind": "published", "published_date": "2022-07-27", "status": "published", "title": "Oracle MySQL Cluster Data Node Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1026/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16769", "zdi_id": "ZDI-22-1026" }, { "cve": "CVE-2022-27653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1025/advisory.json", "detail_path": "advisories/ZDI-22-1025", "id": "ZDI-22-1025", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1025/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15594", "zdi_id": "ZDI-22-1025" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1024/advisory.json", "detail_path": "advisories/ZDI-22-1024", "id": "ZDI-22-1024", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStartBanding Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16768", "zdi_id": "ZDI-22-1024" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1023/advisory.json", "detail_path": "advisories/ZDI-22-1023", "id": "ZDI-22-1023", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvFillPath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16767", "zdi_id": "ZDI-22-1023" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-1022/advisory.json", "detail_path": "advisories/ZDI-22-1022", "id": "ZDI-22-1022", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvFontManagement Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16760", "zdi_id": "ZDI-22-1022" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP/IP kernel module. The issue results from the l...", "detail_json": "/data/advisories/ZDI-22-1021/advisory.json", "detail_path": "advisories/ZDI-22-1021", "id": "ZDI-22-1021", "kind": "published", "published_date": "2022-07-28", "status": "published", "title": "VMware ESXi TCP/IP Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2022-07-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1021/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-16259", "zdi_id": "ZDI-22-1021" }, { "cve": "CVE-2022-35873", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-1020/advisory.json", "detail_path": "advisories/ZDI-22-1020", "id": "ZDI-22-1020", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition ZIP File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-16949", "zdi_id": "ZDI-22-1020" }, { "cve": "CVE-2022-35872", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-1019/advisory.json", "detail_path": "advisories/ZDI-22-1019", "id": "ZDI-22-1019", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17115", "zdi_id": "ZDI-22-1019" }, { "cve": "CVE-2022-35871", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The is...", "detail_json": "/data/advisories/ZDI-22-1018/advisory.json", "detail_path": "advisories/ZDI-22-1018", "id": "ZDI-22-1018", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17206", "zdi_id": "ZDI-22-1018" }, { "cve": "CVE-2022-35870", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-1017/advisory.json", "detail_path": "advisories/ZDI-22-1017", "id": "ZDI-22-1017", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17265", "zdi_id": "ZDI-22-1017" }, { "cve": "CVE-2022-35869", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gate...", "detail_json": "/data/advisories/ZDI-22-1016/advisory.json", "detail_path": "advisories/ZDI-22-1016", "id": "ZDI-22-1016", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-17211", "zdi_id": "ZDI-22-1016" }, { "cve": "CVE-2022-31219", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-1015/advisory.json", "detail_path": "advisories/ZDI-22-1015", "id": "ZDI-22-1015", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1015/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16321", "zdi_id": "ZDI-22-1015" }, { "cve": "CVE-2022-31218", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-1014/advisory.json", "detail_path": "advisories/ZDI-22-1014", "id": "ZDI-22-1014", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1014/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16281", "zdi_id": "ZDI-22-1014" }, { "cve": "CVE-2022-31217", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-1013/advisory.json", "detail_path": "advisories/ZDI-22-1013", "id": "ZDI-22-1013", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1013/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16277", "zdi_id": "ZDI-22-1013" }, { "cve": "CVE-2022-31216", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-1012/advisory.json", "detail_path": "advisories/ZDI-22-1012", "id": "ZDI-22-1012", "kind": "published", "published_date": "2022-07-15", "status": "published", "title": "ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1012/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16276", "zdi_id": "ZDI-22-1012" }, { "cve": "CVE-2022-33881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1011/advisory.json", "detail_path": "advisories/ZDI-22-1011", "id": "ZDI-22-1011", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1011/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15933", "zdi_id": "ZDI-22-1011" }, { "cve": "CVE-2022-33881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-1010/advisory.json", "detail_path": "advisories/ZDI-22-1010", "id": "ZDI-22-1010", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1010/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15931", "zdi_id": "ZDI-22-1010" }, { "cve": "CVE-2022-34249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1009/advisory.json", "detail_path": "advisories/ZDI-22-1009", "id": "ZDI-22-1009", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1009/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17078", "zdi_id": "ZDI-22-1009" }, { "cve": "CVE-2022-34250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1008/advisory.json", "detail_path": "advisories/ZDI-22-1008", "id": "ZDI-22-1008", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1008/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17083", "zdi_id": "ZDI-22-1008" }, { "cve": "CVE-2022-34252", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-1007/advisory.json", "detail_path": "advisories/ZDI-22-1007", "id": "ZDI-22-1007", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1007/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17075", "zdi_id": "ZDI-22-1007" }, { "cve": "CVE-2022-34251", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-1006/advisory.json", "detail_path": "advisories/ZDI-22-1006", "id": "ZDI-22-1006", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1006/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17068", "zdi_id": "ZDI-22-1006" }, { "cve": "CVE-2022-34246", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1005/advisory.json", "detail_path": "advisories/ZDI-22-1005", "id": "ZDI-22-1005", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1005/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17082", "zdi_id": "ZDI-22-1005" }, { "cve": "CVE-2022-34245", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1004/advisory.json", "detail_path": "advisories/ZDI-22-1004", "id": "ZDI-22-1004", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1004/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17079", "zdi_id": "ZDI-22-1004" }, { "cve": "CVE-2022-34248", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-1003/advisory.json", "detail_path": "advisories/ZDI-22-1003", "id": "ZDI-22-1003", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1003/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17076", "zdi_id": "ZDI-22-1003" }, { "cve": "CVE-2022-34247", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-1002/advisory.json", "detail_path": "advisories/ZDI-22-1002", "id": "ZDI-22-1002", "kind": "published", "published_date": "2022-07-14", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1002/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17067", "zdi_id": "ZDI-22-1002" }, { "cve": "CVE-2022-34216", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1001/advisory.json", "detail_path": "advisories/ZDI-22-1001", "id": "ZDI-22-1001", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1001/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16919", "zdi_id": "ZDI-22-1001" }, { "cve": "CVE-2022-34227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-1000/advisory.json", "detail_path": "advisories/ZDI-22-1000", "id": "ZDI-22-1000", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1000/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17277", "zdi_id": "ZDI-22-1000" }, { "cve": "CVE-2022-34241", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-999/advisory.json", "detail_path": "advisories/ZDI-22-999", "id": "ZDI-22-999", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Character Animator SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-999/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17621", "zdi_id": "ZDI-22-999" }, { "cve": "CVE-2022-34220", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-998/advisory.json", "detail_path": "advisories/ZDI-22-998", "id": "ZDI-22-998", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-998/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16955", "zdi_id": "ZDI-22-998" }, { "cve": "CVE-2022-34242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-997/advisory.json", "detail_path": "advisories/ZDI-22-997", "id": "ZDI-22-997", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-997/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17620", "zdi_id": "ZDI-22-997" }, { "cve": "CVE-2022-34225", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-996/advisory.json", "detail_path": "advisories/ZDI-22-996", "id": "ZDI-22-996", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-996/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17324", "zdi_id": "ZDI-22-996" }, { "cve": "CVE-2022-34223", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-995/advisory.json", "detail_path": "advisories/ZDI-22-995", "id": "ZDI-22-995", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm currentValueIndices Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-995/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17319", "zdi_id": "ZDI-22-995" }, { "cve": "CVE-2022-34226", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-994/advisory.json", "detail_path": "advisories/ZDI-22-994", "id": "ZDI-22-994", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-994/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17018", "zdi_id": "ZDI-22-994" }, { "cve": "CVE-2022-34229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-993/advisory.json", "detail_path": "advisories/ZDI-22-993", "id": "ZDI-22-993", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm rect Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-993/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17307", "zdi_id": "ZDI-22-993" }, { "cve": "CVE-2022-34224", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-992/advisory.json", "detail_path": "advisories/ZDI-22-992", "id": "ZDI-22-992", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm setItems Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-992/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17303", "zdi_id": "ZDI-22-992" }, { "cve": "CVE-2022-34228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-991/advisory.json", "detail_path": "advisories/ZDI-22-991", "id": "ZDI-22-991", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-991/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17385", "zdi_id": "ZDI-22-991" }, { "cve": "CVE-2022-34217", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-990/advisory.json", "detail_path": "advisories/ZDI-22-990", "id": "ZDI-22-990", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-990/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16952", "zdi_id": "ZDI-22-990" }, { "cve": "CVE-2022-34219", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-989/advisory.json", "detail_path": "advisories/ZDI-22-989", "id": "ZDI-22-989", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-989/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17063", "zdi_id": "ZDI-22-989" }, { "cve": "CVE-2022-34222", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-988/advisory.json", "detail_path": "advisories/ZDI-22-988", "id": "ZDI-22-988", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC query Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-988/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17026", "zdi_id": "ZDI-22-988" }, { "cve": "CVE-2022-34243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-987/advisory.json", "detail_path": "advisories/ZDI-22-987", "id": "ZDI-22-987", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-987/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17001", "zdi_id": "ZDI-22-987" }, { "cve": "CVE-2022-34244", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-986/advisory.json", "detail_path": "advisories/ZDI-22-986", "id": "ZDI-22-986", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Photoshop U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-986/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17002", "zdi_id": "ZDI-22-986" }, { "cve": "CVE-2022-34233", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-985/advisory.json", "detail_path": "advisories/ZDI-22-985", "id": "ZDI-22-985", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Doc print Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-985/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16998", "zdi_id": "ZDI-22-985" }, { "cve": "CVE-2022-34234", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-984/advisory.json", "detail_path": "advisories/ZDI-22-984", "id": "ZDI-22-984", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-984/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17167", "zdi_id": "ZDI-22-984" }, { "cve": "CVE-2022-34215", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-983/advisory.json", "detail_path": "advisories/ZDI-22-983", "id": "ZDI-22-983", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-983/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16826", "zdi_id": "ZDI-22-983" }, { "cve": "CVE-2022-34232", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-982/advisory.json", "detail_path": "advisories/ZDI-22-982", "id": "ZDI-22-982", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Annotation print Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-982/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16876", "zdi_id": "ZDI-22-982" }, { "cve": "CVE-2022-34237", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-981/advisory.json", "detail_path": "advisories/ZDI-22-981", "id": "ZDI-22-981", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-981/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16953", "zdi_id": "ZDI-22-981" }, { "cve": "CVE-2022-34239", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-980/advisory.json", "detail_path": "advisories/ZDI-22-980", "id": "ZDI-22-980", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-980/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16965", "zdi_id": "ZDI-22-980" }, { "cve": "CVE-2022-34236", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-979/advisory.json", "detail_path": "advisories/ZDI-22-979", "id": "ZDI-22-979", "kind": "published", "published_date": "2022-07-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-979/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16966", "zdi_id": "ZDI-22-979" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-978/advisory.json", "detail_path": "advisories/ZDI-22-978", "id": "ZDI-22-978", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStretchBltROP Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-978/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16801", "zdi_id": "ZDI-22-978" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-977/advisory.json", "detail_path": "advisories/ZDI-22-977", "id": "ZDI-22-977", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvAlphaBlend Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-977/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16800", "zdi_id": "ZDI-22-977" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-976/advisory.json", "detail_path": "advisories/ZDI-22-976", "id": "ZDI-22-976", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-976/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16799", "zdi_id": "ZDI-22-976" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-975/advisory.json", "detail_path": "advisories/ZDI-22-975", "id": "ZDI-22-975", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStretchBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-975/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16798", "zdi_id": "ZDI-22-975" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-974/advisory.json", "detail_path": "advisories/ZDI-22-974", "id": "ZDI-22-974", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvPlgBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-974/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16797", "zdi_id": "ZDI-22-974" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-973/advisory.json", "detail_path": "advisories/ZDI-22-973", "id": "ZDI-22-973", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvTransparentBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-973/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16796", "zdi_id": "ZDI-22-973" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-972/advisory.json", "detail_path": "advisories/ZDI-22-972", "id": "ZDI-22-972", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-972/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16795", "zdi_id": "ZDI-22-972" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-971/advisory.json", "detail_path": "advisories/ZDI-22-971", "id": "ZDI-22-971", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvStrokePath Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-971/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16765", "zdi_id": "ZDI-22-971" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-970/advisory.json", "detail_path": "advisories/ZDI-22-970", "id": "ZDI-22-970", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvGradientFill Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-970/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16764", "zdi_id": "ZDI-22-970" }, { "cve": "CVE-2022-22034", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-969/advisory.json", "detail_path": "advisories/ZDI-22-969", "id": "ZDI-22-969", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Microsoft Windows win32kfull UMPDDrvTextOut Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-969/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16762", "zdi_id": "ZDI-22-969" }, { "cve": "CVE-2022-35865", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue result...", "detail_json": "/data/advisories/ZDI-22-968/advisory.json", "detail_path": "advisories/ZDI-22-968", "id": "ZDI-22-968", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "BMC Track-It! HTTP Module Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/", "vendor": "BMC", "vendor_url": null, "zdi_can": "ZDI-CAN-16709", "zdi_id": "ZDI-22-968" }, { "cve": "CVE-2022-35864", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue...", "detail_json": "/data/advisories/ZDI-22-967/advisory.json", "detail_path": "advisories/ZDI-22-967", "id": "ZDI-22-967", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "BMC Track-It! GetPopupSubQueryDetails SQL Injection Information Disclosure Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/", "vendor": "BMC", "vendor_url": null, "zdi_can": "ZDI-CAN-16690", "zdi_id": "ZDI-22-967" }, { "cve": "CVE-2022-34748", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-966/advisory.json", "detail_path": "advisories/ZDI-22-966", "id": "ZDI-22-966", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-966/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-17293", "zdi_id": "ZDI-22-966" }, { "cve": "CVE-2022-34465", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-965/advisory.json", "detail_path": "advisories/ZDI-22-965", "id": "ZDI-22-965", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-965/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15420", "zdi_id": "ZDI-22-965" }, { "cve": "CVE-2022-2319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-964/advisory.json", "detail_path": "advisories/ZDI-22-964", "id": "ZDI-22-964", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-964/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-16062", "zdi_id": "ZDI-22-964" }, { "cve": "CVE-2022-2320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-963/advisory.json", "detail_path": "advisories/ZDI-22-963", "id": "ZDI-22-963", "kind": "published", "published_date": "2022-07-12", "status": "published", "title": "X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-963/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-16070", "zdi_id": "ZDI-22-963" }, { "cve": "CVE-2022-35234", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-22-962/advisory.json", "detail_path": "advisories/ZDI-22-962", "id": "ZDI-22-962", "kind": "published", "published_date": "2022-07-11", "status": "published", "title": "Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-962/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16650", "zdi_id": "ZDI-22-962" }, { "cve": null, "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-22-961/advisory.json", "detail_path": "advisories/ZDI-22-961", "id": "ZDI-22-961", "kind": "published", "published_date": "2022-07-11", "status": "published", "title": "Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-961/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17325", "zdi_id": "ZDI-22-961" }, { "cve": "CVE-2022-2991", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-22-960/advisory.json", "detail_path": "advisories/ZDI-22-960", "id": "ZDI-22-960", "kind": "published", "published_date": "2022-07-11", "status": "published", "title": "Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-960/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-17194", "zdi_id": "ZDI-22-960" }, { "cve": "CVE-2022-35866", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server....", "detail_json": "/data/advisories/ZDI-22-959/advisory.json", "detail_path": "advisories/ZDI-22-959", "id": "ZDI-22-959", "kind": "published", "published_date": "2022-07-08", "status": "published", "title": "(0Day) Vinchin Backup and Recovery MySQL Server Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-959/", "vendor": "Vinchin", "vendor_url": null, "zdi_can": "ZDI-CAN-17139", "zdi_id": "ZDI-22-959" }, { "cve": "CVE-2022-32238", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-958/advisory.json", "detail_path": "advisories/ZDI-22-958", "id": "ZDI-22-958", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-958/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16526", "zdi_id": "ZDI-22-958" }, { "cve": "CVE-2022-32236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-957/advisory.json", "detail_path": "advisories/ZDI-22-957", "id": "ZDI-22-957", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-957/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16510", "zdi_id": "ZDI-22-957" }, { "cve": "CVE-2022-32242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-956/advisory.json", "detail_path": "advisories/ZDI-22-956", "id": "ZDI-22-956", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-956/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16305", "zdi_id": "ZDI-22-956" }, { "cve": "CVE-2022-2272", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. Wh...", "detail_json": "/data/advisories/ZDI-22-955/advisory.json", "detail_path": "advisories/ZDI-22-955", "id": "ZDI-22-955", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Sante PACS Server SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-955/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-17331", "zdi_id": "ZDI-22-955" }, { "cve": "CVE-2022-34872", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results...", "detail_json": "/data/advisories/ZDI-22-954/advisory.json", "detail_path": "advisories/ZDI-22-954", "id": "ZDI-22-954", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability", "updated_date": "2022-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-954/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-16336", "zdi_id": "ZDI-22-954" }, { "cve": "CVE-2022-34871", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from th...", "detail_json": "/data/advisories/ZDI-22-953/advisory.json", "detail_path": "advisories/ZDI-22-953", "id": "ZDI-22-953", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability", "updated_date": "2022-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-953/", "vendor": "Centreon", "vendor_url": null, "zdi_can": "ZDI-CAN-16335", "zdi_id": "ZDI-22-953" }, { "cve": "CVE-2022-34873", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-952/advisory.json", "detail_path": "advisories/ZDI-22-952", "id": "ZDI-22-952", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-952/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16777", "zdi_id": "ZDI-22-952" }, { "cve": "CVE-2022-34874", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-951/advisory.json", "detail_path": "advisories/ZDI-22-951", "id": "ZDI-22-951", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-951/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-17474", "zdi_id": "ZDI-22-951" }, { "cve": "CVE-2022-34875", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-950/advisory.json", "detail_path": "advisories/ZDI-22-950", "id": "ZDI-22-950", "kind": "published", "published_date": "2022-07-07", "status": "published", "title": "Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-950/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16981", "zdi_id": "ZDI-22-950" }, { "cve": "CVE-2022-35867", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-949/advisory.json", "detail_path": "advisories/ZDI-22-949", "id": "ZDI-22-949", "kind": "published", "published_date": "2022-07-06", "status": "published", "title": "(0Day) xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-949/", "vendor": "xhyve", "vendor_url": null, "zdi_can": "ZDI-CAN-15056", "zdi_id": "ZDI-22-949" }, { "cve": "CVE-2022-34901", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-948/advisory.json", "detail_path": "advisories/ZDI-22-948", "id": "ZDI-22-948", "kind": "published", "published_date": "2022-07-01", "status": "published", "title": "Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-948/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16137", "zdi_id": "ZDI-22-948" }, { "cve": "CVE-2022-34899", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-22-947/advisory.json", "detail_path": "advisories/ZDI-22-947", "id": "ZDI-22-947", "kind": "published", "published_date": "2022-07-01", "status": "published", "title": "Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-947/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16134", "zdi_id": "ZDI-22-947" }, { "cve": "CVE-2022-34902", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-22-946/advisory.json", "detail_path": "advisories/ZDI-22-946", "id": "ZDI-22-946", "kind": "published", "published_date": "2022-07-01", "status": "published", "title": "Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-946/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-15787", "zdi_id": "ZDI-22-946" }, { "cve": "CVE-2022-34900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-22-945/advisory.json", "detail_path": "advisories/ZDI-22-945", "id": "ZDI-22-945", "kind": "published", "published_date": "2022-07-01", "status": "published", "title": "Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-945/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-15213", "zdi_id": "ZDI-22-945" }, { "cve": "CVE-2022-27868", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-944/advisory.json", "detail_path": "advisories/ZDI-22-944", "id": "ZDI-22-944", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Autodesk AutoCAD CATPart File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-944/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15934", "zdi_id": "ZDI-22-944" }, { "cve": "CVE-2022-34892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-943/advisory.json", "detail_path": "advisories/ZDI-22-943", "id": "ZDI-22-943", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Parallels Desktop Updater Race Condition Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-943/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16396", "zdi_id": "ZDI-22-943" }, { "cve": "CVE-2022-34891", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-942/advisory.json", "detail_path": "advisories/ZDI-22-942", "id": "ZDI-22-942", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-942/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16395", "zdi_id": "ZDI-22-942" }, { "cve": "CVE-2022-34890", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-941/advisory.json", "detail_path": "advisories/ZDI-22-941", "id": "ZDI-22-941", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Parallels Desktop Tools Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-941/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16653", "zdi_id": "ZDI-22-941" }, { "cve": "CVE-2022-34889", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-940/advisory.json", "detail_path": "advisories/ZDI-22-940", "id": "ZDI-22-940", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-940/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-16554", "zdi_id": "ZDI-22-940" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-939/advisory.json", "detail_path": "advisories/ZDI-22-939", "id": "ZDI-22-939", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-939/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-16210", "zdi_id": "ZDI-22-939" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-938/advisory.json", "detail_path": "advisories/ZDI-22-938", "id": "ZDI-22-938", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-938/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-16211", "zdi_id": "ZDI-22-938" }, { "cve": "CVE-2022-2136", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-937/advisory.json", "detail_path": "advisories/ZDI-22-937", "id": "ZDI-22-937", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-937/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16773", "zdi_id": "ZDI-22-937" }, { "cve": "CVE-2022-2143", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-936/advisory.json", "detail_path": "advisories/ZDI-22-936", "id": "ZDI-22-936", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView runProViewUpgrade fwfilename Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-936/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16685", "zdi_id": "ZDI-22-936" }, { "cve": "CVE-2022-2143", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-935/advisory.json", "detail_path": "advisories/ZDI-22-935", "id": "ZDI-22-935", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView NetworkServlet backupDatabase backup_filename Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-935/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16528", "zdi_id": "ZDI-22-935" }, { "cve": "CVE-2022-2142", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-934/advisory.json", "detail_path": "advisories/ZDI-22-934", "id": "ZDI-22-934", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getModulePageContent SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-934/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16607", "zdi_id": "ZDI-22-934" }, { "cve": "CVE-2022-2139", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-933/advisory.json", "detail_path": "advisories/ZDI-22-933", "id": "ZDI-22-933", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView MenuServlet getUserPrefMenuFragment page Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-933/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16783", "zdi_id": "ZDI-22-933" }, { "cve": "CVE-2022-2139", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-932/advisory.json", "detail_path": "advisories/ZDI-22-932", "id": "ZDI-22-932", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceListDetailsExport filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-932/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16702", "zdi_id": "ZDI-22-932" }, { "cve": "CVE-2022-2139", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-931/advisory.json", "detail_path": "advisories/ZDI-22-931", "id": "ZDI-22-931", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView exportDeviceList filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-931/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16701", "zdi_id": "ZDI-22-931" }, { "cve": "CVE-2022-2138", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which l...", "detail_json": "/data/advisories/ZDI-22-930/advisory.json", "detail_path": "advisories/ZDI-22-930", "id": "ZDI-22-930", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView removeDevices Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-930/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16774", "zdi_id": "ZDI-22-930" }, { "cve": "CVE-2022-2138", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which l...", "detail_json": "/data/advisories/ZDI-22-929/advisory.json", "detail_path": "advisories/ZDI-22-929", "id": "ZDI-22-929", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView removeSegment Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-929/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16776", "zdi_id": "ZDI-22-929" }, { "cve": "CVE-2022-2138", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which l...", "detail_json": "/data/advisories/ZDI-22-928/advisory.json", "detail_path": "advisories/ZDI-22-928", "id": "ZDI-22-928", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView NetworkServlet clearDatabase Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-928/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16688", "zdi_id": "ZDI-22-928" }, { "cve": "CVE-2022-2137", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-927/advisory.json", "detail_path": "advisories/ZDI-22-927", "id": "ZDI-22-927", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-927/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16746", "zdi_id": "ZDI-22-927" }, { "cve": "CVE-2022-2137", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-926/advisory.json", "detail_path": "advisories/ZDI-22-926", "id": "ZDI-22-926", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-926/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16745", "zdi_id": "ZDI-22-926" }, { "cve": "CVE-2022-2136", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-925/advisory.json", "detail_path": "advisories/ZDI-22-925", "id": "ZDI-22-925", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updateSystemSettings SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-925/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16772", "zdi_id": "ZDI-22-925" }, { "cve": "CVE-2022-2136", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-924/advisory.json", "detail_path": "advisories/ZDI-22-924", "id": "ZDI-22-924", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updateLDAPSettings SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-924/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16771", "zdi_id": "ZDI-22-924" }, { "cve": "CVE-2022-2136", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-22-923/advisory.json", "detail_path": "advisories/ZDI-22-923", "id": "ZDI-22-923", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView exportInventoryTable SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-923/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16775", "zdi_id": "ZDI-22-923" }, { "cve": "CVE-2022-2136", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-922/advisory.json", "detail_path": "advisories/ZDI-22-922", "id": "ZDI-22-922", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView exportTaskMgrReport col_list2 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-922/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16752", "zdi_id": "ZDI-22-922" }, { "cve": "CVE-2022-2136", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-921/advisory.json", "detail_path": "advisories/ZDI-22-921", "id": "ZDI-22-921", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView exportPSInventoryTable SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-921/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16744", "zdi_id": "ZDI-22-921" }, { "cve": "CVE-2022-2136", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-920/advisory.json", "detail_path": "advisories/ZDI-22-920", "id": "ZDI-22-920", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updatePROMFile ipaddress SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-920/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16748", "zdi_id": "ZDI-22-920" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-919/advisory.json", "detail_path": "advisories/ZDI-22-919", "id": "ZDI-22-919", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView setTaskEditorItem DESCRIPTION SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-919/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16750", "zdi_id": "ZDI-22-919" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-918/advisory.json", "detail_path": "advisories/ZDI-22-918", "id": "ZDI-22-918", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView performListSortUpdate SORT_ORDER SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-918/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16529", "zdi_id": "ZDI-22-918" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-917/advisory.json", "detail_path": "advisories/ZDI-22-917", "id": "ZDI-22-917", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updateSegmentInfo ID SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-917/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16535", "zdi_id": "ZDI-22-917" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-916/advisory.json", "detail_path": "advisories/ZDI-22-916", "id": "ZDI-22-916", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updatePROMSelect SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-916/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16561", "zdi_id": "ZDI-22-916" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-915/advisory.json", "detail_path": "advisories/ZDI-22-915", "id": "ZDI-22-915", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updatePROMFilesWithLogin SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-915/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16585", "zdi_id": "ZDI-22-915" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-914/advisory.json", "detail_path": "advisories/ZDI-22-914", "id": "ZDI-22-914", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView updateCfgFileSelect CREATE_DATE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-914/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16562", "zdi_id": "ZDI-22-914" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-913/advisory.json", "detail_path": "advisories/ZDI-22-913", "id": "ZDI-22-913", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView setTaskMgrItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-913/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16591", "zdi_id": "ZDI-22-913" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-912/advisory.json", "detail_path": "advisories/ZDI-22-912", "id": "ZDI-22-912", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView setTaskEditorItem TASKTYPEDESC SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-912/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16751", "zdi_id": "ZDI-22-912" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet endpoint, which l...", "detail_json": "/data/advisories/ZDI-22-911/advisory.json", "detail_path": "advisories/ZDI-22-911", "id": "ZDI-22-911", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView setConfiguration column_value SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-911/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16531", "zdi_id": "ZDI-22-911" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-910/advisory.json", "detail_path": "advisories/ZDI-22-910", "id": "ZDI-22-910", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView saveSearchDevicesToTask CREATE_DATE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-910/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16659", "zdi_id": "ZDI-22-910" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-909/advisory.json", "detail_path": "advisories/ZDI-22-909", "id": "ZDI-22-909", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView savePSInfo dtInstallDate SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-909/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16660", "zdi_id": "ZDI-22-909" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-908/advisory.json", "detail_path": "advisories/ZDI-22-908", "id": "ZDI-22-908", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView saveEditDeviceValues SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-908/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16747", "zdi_id": "ZDI-22-908" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-907/advisory.json", "detail_path": "advisories/ZDI-22-907", "id": "ZDI-22-907", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView runTaskEditorSearch sortname/sortorder SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-907/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16549", "zdi_id": "ZDI-22-907" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-906/advisory.json", "detail_path": "advisories/ZDI-22-906", "id": "ZDI-22-906", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView retrieveAllTaskMgrUpdateItems sort_field/sort_type SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-906/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16546", "zdi_id": "ZDI-22-906" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP p...", "detail_json": "/data/advisories/ZDI-22-905/advisory.json", "detail_path": "advisories/ZDI-22-905", "id": "ZDI-22-905", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView restoreDatabase restore_filename SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-905/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16583", "zdi_id": "ZDI-22-905" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-904/advisory.json", "detail_path": "advisories/ZDI-22-904", "id": "ZDI-22-904", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView removeSearchDevicesFromTask CREATE_DATE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-904/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16592", "zdi_id": "ZDI-22-904" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-903/advisory.json", "detail_path": "advisories/ZDI-22-903", "id": "ZDI-22-903", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView performZTPConfig SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-903/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16724", "zdi_id": "ZDI-22-903" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-902/advisory.json", "detail_path": "advisories/ZDI-22-902", "id": "ZDI-22-902", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView performSearchDevice SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-902/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16731", "zdi_id": "ZDI-22-902" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-901/advisory.json", "detail_path": "advisories/ZDI-22-901", "id": "ZDI-22-901", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView performListSortUpdate DB_COLUMN SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-901/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16530", "zdi_id": "ZDI-22-901" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-900/advisory.json", "detail_path": "advisories/ZDI-22-900", "id": "ZDI-22-900", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getPSInventoryInfo sortname/sortorder SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-900/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16548", "zdi_id": "ZDI-22-900" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-899/advisory.json", "detail_path": "advisories/ZDI-22-899", "id": "ZDI-22-899", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getInventoryReportData sortname/sortorder SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-899/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16545", "zdi_id": "ZDI-22-899" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-898/advisory.json", "detail_path": "advisories/ZDI-22-898", "id": "ZDI-22-898", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getChassisList strIPAddress SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-898/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16693", "zdi_id": "ZDI-22-898" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-897/advisory.json", "detail_path": "advisories/ZDI-22-897", "id": "ZDI-22-897", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getChassisList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-897/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16695", "zdi_id": "ZDI-22-897" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-896/advisory.json", "detail_path": "advisories/ZDI-22-896", "id": "ZDI-22-896", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getChassisList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-896/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16694", "zdi_id": "ZDI-22-896" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-895/advisory.json", "detail_path": "advisories/ZDI-22-895", "id": "ZDI-22-895", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView getAllActiveTraps search_date_from/search_date_to SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-895/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16544", "zdi_id": "ZDI-22-895" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-894/advisory.json", "detail_path": "advisories/ZDI-22-894", "id": "ZDI-22-894", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findUpdateDeviceListExport sort_type/search_json SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-894/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16649", "zdi_id": "ZDI-22-894" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-893/advisory.json", "detail_path": "advisories/ZDI-22-893", "id": "ZDI-22-893", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findUpdateDeviceList sort_field/sort_type SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-893/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16648", "zdi_id": "ZDI-22-893" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-892/advisory.json", "detail_path": "advisories/ZDI-22-892", "id": "ZDI-22-892", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findTaskMgrItems sort_field/sort_type SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-892/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16547", "zdi_id": "ZDI-22-892" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-891/advisory.json", "detail_path": "advisories/ZDI-22-891", "id": "ZDI-22-891", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findSummaryUpdateDeviceListExport VALUE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-891/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16564", "zdi_id": "ZDI-22-891" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-890/advisory.json", "detail_path": "advisories/ZDI-22-890", "id": "ZDI-22-890", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findSummaryUpdateDeviceList VALUE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-890/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16656", "zdi_id": "ZDI-22-890" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-889/advisory.json", "detail_path": "advisories/ZDI-22-889", "id": "ZDI-22-889", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findSummaryUpdateDeviceList COLUMN/VALUE SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-889/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16550", "zdi_id": "ZDI-22-889" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-888/advisory.json", "detail_path": "advisories/ZDI-22-888", "id": "ZDI-22-888", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findSummaryCfgDeviceListExport VALUE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-888/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16563", "zdi_id": "ZDI-22-888" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-887/advisory.json", "detail_path": "advisories/ZDI-22-887", "id": "ZDI-22-887", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findSummaryCfgDeviceList VALUE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-887/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16645", "zdi_id": "ZDI-22-887" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-886/advisory.json", "detail_path": "advisories/ZDI-22-886", "id": "ZDI-22-886", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceListExport segment SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-886/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16560", "zdi_id": "ZDI-22-886" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-885/advisory.json", "detail_path": "advisories/ZDI-22-885", "id": "ZDI-22-885", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceListDetailsExport segment SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-885/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16584", "zdi_id": "ZDI-22-885" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-884/advisory.json", "detail_path": "advisories/ZDI-22-884", "id": "ZDI-22-884", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceListDetails segment/sort_field/sort_type SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-884/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16658", "zdi_id": "ZDI-22-884" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-883/advisory.json", "detail_path": "advisories/ZDI-22-883", "id": "ZDI-22-883", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceList VALUE SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-883/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16646", "zdi_id": "ZDI-22-883" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-882/advisory.json", "detail_path": "advisories/ZDI-22-882", "id": "ZDI-22-882", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceList segment SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-882/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16647", "zdi_id": "ZDI-22-882" }, { "cve": "CVE-2022-2135", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-22-881/advisory.json", "detail_path": "advisories/ZDI-22-881", "id": "ZDI-22-881", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView findCfgDeviceList COLUMN/VALUE SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-881/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16552", "zdi_id": "ZDI-22-881" }, { "cve": "CVE-2022-2135", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens...", "detail_json": "/data/advisories/ZDI-22-880/advisory.json", "detail_path": "advisories/ZDI-22-880", "id": "ZDI-22-880", "kind": "published", "published_date": "2022-06-30", "status": "published", "title": "Advantech iView DeviceTreeTable addDeviceTreeItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-880/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-16782", "zdi_id": "ZDI-22-880" }, { "cve": "CVE-2022-0556", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ZyXel AP Configurator. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-22-879/advisory.json", "detail_path": "advisories/ZDI-22-879", "id": "ZDI-22-879", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "ZyXel AP Configurator Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-879/", "vendor": "ZyXel", "vendor_url": null, "zdi_can": "ZDI-CAN-14791", "zdi_id": "ZDI-22-879" }, { "cve": "CVE-2022-22676", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-878/advisory.json", "detail_path": "advisories/ZDI-22-878", "id": "ZDI-22-878", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-878/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16111", "zdi_id": "ZDI-22-878" }, { "cve": "CVE-2022-26688", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-877/advisory.json", "detail_path": "advisories/ZDI-22-877", "id": "ZDI-22-877", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-877/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16052", "zdi_id": "ZDI-22-877" }, { "cve": "CVE-2022-22721", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ap_escape_html2 function. The issue result...", "detail_json": "/data/advisories/ZDI-22-876/advisory.json", "detail_path": "advisories/ZDI-22-876", "id": "ZDI-22-876", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-876/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-16119", "zdi_id": "ZDI-22-876" }, { "cve": "CVE-2022-28702", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-22-875/advisory.json", "detail_path": "advisories/ZDI-22-875", "id": "ZDI-22-875", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "ABB e-Design Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-875/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16322", "zdi_id": "ZDI-22-875" }, { "cve": "CVE-2022-29483", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-874/advisory.json", "detail_path": "advisories/ZDI-22-874", "id": "ZDI-22-874", "kind": "published", "published_date": "2022-06-29", "status": "published", "title": "ABB e-Design Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-874/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-16278", "zdi_id": "ZDI-22-874" }, { "cve": "CVE-2022-30551", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA SDK for Java. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of OPC UA messag...", "detail_json": "/data/advisories/ZDI-22-873/advisory.json", "detail_path": "advisories/ZDI-22-873", "id": "ZDI-22-873", "kind": "published", "published_date": "2022-06-27", "status": "published", "title": "(Pwn2Own) Prosys OPC UA SDK for Java OPC UA Messages Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-873/", "vendor": "Prosys OPC", "vendor_url": null, "zdi_can": "ZDI-CAN-16441", "zdi_id": "ZDI-22-873" }, { "cve": "CVE-2022-28684", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the...", "detail_json": "/data/advisories/ZDI-22-872/advisory.json", "detail_path": "advisories/ZDI-22-872", "id": "ZDI-22-872", "kind": "published", "published_date": "2022-06-24", "status": "published", "title": "DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-872/", "vendor": "DevExpress", "vendor_url": null, "zdi_can": "ZDI-CAN-16710", "zdi_id": "ZDI-22-872" }, { "cve": "CVE-2022-30157", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of charts. Tampering with c...", "detail_json": "/data/advisories/ZDI-22-871/advisory.json", "detail_path": "advisories/ZDI-22-871", "id": "ZDI-22-871", "kind": "published", "published_date": "2022-06-23", "status": "published", "title": "Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-871/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-17014", "zdi_id": "ZDI-22-871" }, { "cve": "CVE-2022-26106", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-870/advisory.json", "detail_path": "advisories/ZDI-22-870", "id": "ZDI-22-870", "kind": "published", "published_date": "2022-06-17", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-870/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16006", "zdi_id": "ZDI-22-870" }, { "cve": "CVE-2022-27655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-869/advisory.json", "detail_path": "advisories/ZDI-22-869", "id": "ZDI-22-869", "kind": "published", "published_date": "2022-06-17", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-869/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15996", "zdi_id": "ZDI-22-869" }, { "cve": "CVE-2022-27655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-868/advisory.json", "detail_path": "advisories/ZDI-22-868", "id": "ZDI-22-868", "kind": "published", "published_date": "2022-06-17", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-868/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15995", "zdi_id": "ZDI-22-868" }, { "cve": "CVE-2022-27655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-867/advisory.json", "detail_path": "advisories/ZDI-22-867", "id": "ZDI-22-867", "kind": "published", "published_date": "2022-06-17", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-867/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15994", "zdi_id": "ZDI-22-867" }, { "cve": "CVE-2022-27655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-866/advisory.json", "detail_path": "advisories/ZDI-22-866", "id": "ZDI-22-866", "kind": "published", "published_date": "2022-06-17", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-866/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16007", "zdi_id": "ZDI-22-866" }, { "cve": "CVE-2022-26106", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-865/advisory.json", "detail_path": "advisories/ZDI-22-865", "id": "ZDI-22-865", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-865/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16279", "zdi_id": "ZDI-22-865" }, { "cve": "CVE-2022-26108", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-864/advisory.json", "detail_path": "advisories/ZDI-22-864", "id": "ZDI-22-864", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-864/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16274", "zdi_id": "ZDI-22-864" }, { "cve": "CVE-2022-27654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-863/advisory.json", "detail_path": "advisories/ZDI-22-863", "id": "ZDI-22-863", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-863/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16273", "zdi_id": "ZDI-22-863" }, { "cve": "CVE-2022-26108", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-862/advisory.json", "detail_path": "advisories/ZDI-22-862", "id": "ZDI-22-862", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-862/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16272", "zdi_id": "ZDI-22-862" }, { "cve": "CVE-2022-26107", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-861/advisory.json", "detail_path": "advisories/ZDI-22-861", "id": "ZDI-22-861", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-06-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-861/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16002", "zdi_id": "ZDI-22-861" }, { "cve": "CVE-2022-22538", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-860/advisory.json", "detail_path": "advisories/ZDI-22-860", "id": "ZDI-22-860", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer AI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-860/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15999", "zdi_id": "ZDI-22-860" }, { "cve": "CVE-2022-22539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-859/advisory.json", "detail_path": "advisories/ZDI-22-859", "id": "ZDI-22-859", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-07-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-859/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-15997", "zdi_id": "ZDI-22-859" }, { "cve": "CVE-2022-26109", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-858/advisory.json", "detail_path": "advisories/ZDI-22-858", "id": "ZDI-22-858", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-858/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-14735", "zdi_id": "ZDI-22-858" }, { "cve": "CVE-2022-26109", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-857/advisory.json", "detail_path": "advisories/ZDI-22-857", "id": "ZDI-22-857", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-857/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-14733", "zdi_id": "ZDI-22-857" }, { "cve": "CVE-2022-29865", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The i...", "detail_json": "/data/advisories/ZDI-22-856/advisory.json", "detail_path": "advisories/ZDI-22-856", "id": "ZDI-22-856", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "(Pwn2Own) OPC Foundation UA .NET Standard Improper Input Validation Authentication Bypass Vulnerability", "updated_date": "2022-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-856/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-17205", "zdi_id": "ZDI-22-856" }, { "cve": "CVE-2022-29866", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TranslateBrowseP...", "detail_json": "/data/advisories/ZDI-22-855/advisory.json", "detail_path": "advisories/ZDI-22-855", "id": "ZDI-22-855", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "(Pwn2Own) OPC Foundation UA .NET Standard TranslateBrowsePathsToNodeId Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": "2022-06-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-855/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-17197", "zdi_id": "ZDI-22-855" }, { "cve": "CVE-2022-29864", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of mess...", "detail_json": "/data/advisories/ZDI-22-854/advisory.json", "detail_path": "advisories/ZDI-22-854", "id": "ZDI-22-854", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "(Pwn2Own) OPC Foundation UA .NET Standard Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": "2022-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-854/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-16440", "zdi_id": "ZDI-22-854" }, { "cve": "CVE-2022-33158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-853/advisory.json", "detail_path": "advisories/ZDI-22-853", "id": "ZDI-22-853", "kind": "published", "published_date": "2022-06-16", "status": "published", "title": "Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-853/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16303", "zdi_id": "ZDI-22-853" }, { "cve": "CVE-2022-30664", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-852/advisory.json", "detail_path": "advisories/ZDI-22-852", "id": "ZDI-22-852", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Animate SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-852/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16485", "zdi_id": "ZDI-22-852" }, { "cve": "CVE-2022-30665", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-851/advisory.json", "detail_path": "advisories/ZDI-22-851", "id": "ZDI-22-851", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-851/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16467", "zdi_id": "ZDI-22-851" }, { "cve": "CVE-2022-30663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-850/advisory.json", "detail_path": "advisories/ZDI-22-850", "id": "ZDI-22-850", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-850/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16465", "zdi_id": "ZDI-22-850" }, { "cve": "CVE-2022-30662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-849/advisory.json", "detail_path": "advisories/ZDI-22-849", "id": "ZDI-22-849", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-849/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16466", "zdi_id": "ZDI-22-849" }, { "cve": "CVE-2022-30661", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-848/advisory.json", "detail_path": "advisories/ZDI-22-848", "id": "ZDI-22-848", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-848/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16462", "zdi_id": "ZDI-22-848" }, { "cve": "CVE-2022-30660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-847/advisory.json", "detail_path": "advisories/ZDI-22-847", "id": "ZDI-22-847", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-847/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16464", "zdi_id": "ZDI-22-847" }, { "cve": "CVE-2022-30659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-846/advisory.json", "detail_path": "advisories/ZDI-22-846", "id": "ZDI-22-846", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-846/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16461", "zdi_id": "ZDI-22-846" }, { "cve": "CVE-2022-30658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-845/advisory.json", "detail_path": "advisories/ZDI-22-845", "id": "ZDI-22-845", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-845/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16463", "zdi_id": "ZDI-22-845" }, { "cve": "CVE-2022-28850", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-844/advisory.json", "detail_path": "advisories/ZDI-22-844", "id": "ZDI-22-844", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-844/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17072", "zdi_id": "ZDI-22-844" }, { "cve": "CVE-2022-28849", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-843/advisory.json", "detail_path": "advisories/ZDI-22-843", "id": "ZDI-22-843", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-843/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17081", "zdi_id": "ZDI-22-843" }, { "cve": "CVE-2022-28848", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-842/advisory.json", "detail_path": "advisories/ZDI-22-842", "id": "ZDI-22-842", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-842/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16567", "zdi_id": "ZDI-22-842" }, { "cve": "CVE-2022-28847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-841/advisory.json", "detail_path": "advisories/ZDI-22-841", "id": "ZDI-22-841", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-841/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16476", "zdi_id": "ZDI-22-841" }, { "cve": "CVE-2022-28846", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-840/advisory.json", "detail_path": "advisories/ZDI-22-840", "id": "ZDI-22-840", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-840/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16481", "zdi_id": "ZDI-22-840" }, { "cve": "CVE-2022-28845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-839/advisory.json", "detail_path": "advisories/ZDI-22-839", "id": "ZDI-22-839", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-839/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16494", "zdi_id": "ZDI-22-839" }, { "cve": "CVE-2022-28844", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-838/advisory.json", "detail_path": "advisories/ZDI-22-838", "id": "ZDI-22-838", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-838/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16484", "zdi_id": "ZDI-22-838" }, { "cve": "CVE-2022-28843", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-837/advisory.json", "detail_path": "advisories/ZDI-22-837", "id": "ZDI-22-837", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-837/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16482", "zdi_id": "ZDI-22-837" }, { "cve": "CVE-2022-28842", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-836/advisory.json", "detail_path": "advisories/ZDI-22-836", "id": "ZDI-22-836", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-836/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16493", "zdi_id": "ZDI-22-836" }, { "cve": "CVE-2022-28841", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-835/advisory.json", "detail_path": "advisories/ZDI-22-835", "id": "ZDI-22-835", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-835/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16491", "zdi_id": "ZDI-22-835" }, { "cve": "CVE-2022-28840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-834/advisory.json", "detail_path": "advisories/ZDI-22-834", "id": "ZDI-22-834", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-834/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16483", "zdi_id": "ZDI-22-834" }, { "cve": "CVE-2022-28839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-833/advisory.json", "detail_path": "advisories/ZDI-22-833", "id": "ZDI-22-833", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-833/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16492", "zdi_id": "ZDI-22-833" }, { "cve": "CVE-2022-30657", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-832/advisory.json", "detail_path": "advisories/ZDI-22-832", "id": "ZDI-22-832", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-832/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16459", "zdi_id": "ZDI-22-832" }, { "cve": "CVE-2022-30656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-831/advisory.json", "detail_path": "advisories/ZDI-22-831", "id": "ZDI-22-831", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-831/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16456", "zdi_id": "ZDI-22-831" }, { "cve": "CVE-2022-30655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-830/advisory.json", "detail_path": "advisories/ZDI-22-830", "id": "ZDI-22-830", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-830/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16460", "zdi_id": "ZDI-22-830" }, { "cve": "CVE-2022-30654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-829/advisory.json", "detail_path": "advisories/ZDI-22-829", "id": "ZDI-22-829", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-829/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16455", "zdi_id": "ZDI-22-829" }, { "cve": "CVE-2022-30653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-828/advisory.json", "detail_path": "advisories/ZDI-22-828", "id": "ZDI-22-828", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-828/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16453", "zdi_id": "ZDI-22-828" }, { "cve": "CVE-2022-30652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-827/advisory.json", "detail_path": "advisories/ZDI-22-827", "id": "ZDI-22-827", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-827/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16457", "zdi_id": "ZDI-22-827" }, { "cve": "CVE-2022-30651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-826/advisory.json", "detail_path": "advisories/ZDI-22-826", "id": "ZDI-22-826", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-826/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16458", "zdi_id": "ZDI-22-826" }, { "cve": "CVE-2022-30650", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-825/advisory.json", "detail_path": "advisories/ZDI-22-825", "id": "ZDI-22-825", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-825/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16454", "zdi_id": "ZDI-22-825" }, { "cve": "CVE-2022-30648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-824/advisory.json", "detail_path": "advisories/ZDI-22-824", "id": "ZDI-22-824", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-824/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16452", "zdi_id": "ZDI-22-824" }, { "cve": "CVE-2022-30647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-823/advisory.json", "detail_path": "advisories/ZDI-22-823", "id": "ZDI-22-823", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-823/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16450", "zdi_id": "ZDI-22-823" }, { "cve": "CVE-2022-30646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-822/advisory.json", "detail_path": "advisories/ZDI-22-822", "id": "ZDI-22-822", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-822/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16451", "zdi_id": "ZDI-22-822" }, { "cve": "CVE-2022-30644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-821/advisory.json", "detail_path": "advisories/ZDI-22-821", "id": "ZDI-22-821", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-821/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16448", "zdi_id": "ZDI-22-821" }, { "cve": "CVE-2022-30643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-820/advisory.json", "detail_path": "advisories/ZDI-22-820", "id": "ZDI-22-820", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-820/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16449", "zdi_id": "ZDI-22-820" }, { "cve": "CVE-2022-30642", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-819/advisory.json", "detail_path": "advisories/ZDI-22-819", "id": "ZDI-22-819", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-819/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16436", "zdi_id": "ZDI-22-819" }, { "cve": "CVE-2022-30641, CVE-2022-30645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-818/advisory.json", "detail_path": "advisories/ZDI-22-818", "id": "ZDI-22-818", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-818/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16444", "zdi_id": "ZDI-22-818" }, { "cve": "CVE-2022-30640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-817/advisory.json", "detail_path": "advisories/ZDI-22-817", "id": "ZDI-22-817", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-817/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16489", "zdi_id": "ZDI-22-817" }, { "cve": "CVE-2022-30639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-816/advisory.json", "detail_path": "advisories/ZDI-22-816", "id": "ZDI-22-816", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-816/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16488", "zdi_id": "ZDI-22-816" }, { "cve": "CVE-2022-30638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-815/advisory.json", "detail_path": "advisories/ZDI-22-815", "id": "ZDI-22-815", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-815/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16487", "zdi_id": "ZDI-22-815" }, { "cve": "CVE-2022-30637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-814/advisory.json", "detail_path": "advisories/ZDI-22-814", "id": "ZDI-22-814", "kind": "published", "published_date": "2022-06-15", "status": "published", "title": "Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-814/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16490", "zdi_id": "ZDI-22-814" }, { "cve": "CVE-2021-43875", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-813/advisory.json", "detail_path": "advisories/ZDI-22-813", "id": "ZDI-22-813", "kind": "published", "published_date": "2022-06-02", "status": "published", "title": "Microsoft Word glTF-SDK Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-813/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15443", "zdi_id": "ZDI-22-813" }, { "cve": "CVE-2022-26698", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-812/advisory.json", "detail_path": "advisories/ZDI-22-812", "id": "ZDI-22-812", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-812/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16125", "zdi_id": "ZDI-22-812" }, { "cve": "CVE-2022-22583", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-22-811/advisory.json", "detail_path": "advisories/ZDI-22-811", "id": "ZDI-22-811", "kind": "published", "published_date": "2022-06-02", "status": "published", "title": "Apple macOS PackageKit PKInstallSandbox SIP Bypass vulnerability", "updated_date": "2022-06-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-811/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16024", "zdi_id": "ZDI-22-811" }, { "cve": "CVE-2022-24499", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-810/advisory.json", "detail_path": "advisories/ZDI-22-810", "id": "ZDI-22-810", "kind": "published", "published_date": "2022-06-01", "status": "published", "title": "Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-810/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16065", "zdi_id": "ZDI-22-810" }, { "cve": "CVE-2022-26901", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-809/advisory.json", "detail_path": "advisories/ZDI-22-809", "id": "ZDI-22-809", "kind": "published", "published_date": "2022-06-01", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-809/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16249", "zdi_id": "ZDI-22-809" }, { "cve": "CVE-2022-24479", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-808/advisory.json", "detail_path": "advisories/ZDI-22-808", "id": "ZDI-22-808", "kind": "published", "published_date": "2022-06-01", "status": "published", "title": "Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-808/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15973", "zdi_id": "ZDI-22-808" }, { "cve": "CVE-2022-24513", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-22-807/advisory.json", "detail_path": "advisories/ZDI-22-807", "id": "ZDI-22-807", "kind": "published", "published_date": "2022-06-01", "status": "published", "title": "Microsoft Visual Studio VSIX Auto Update Deserialization of Untrusted Data Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-807/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15294", "zdi_id": "ZDI-22-807" }, { "cve": "CVE-2022-23088", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of 802.11 Wi-Fi beacon frame...", "detail_json": "/data/advisories/ZDI-22-806/advisory.json", "detail_path": "advisories/ZDI-22-806", "id": "ZDI-22-806", "kind": "published", "published_date": "2022-05-31", "status": "published", "title": "FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-806/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-15980", "zdi_id": "ZDI-22-806" }, { "cve": "CVE-2022-1661", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserFirmwareRequestHandler c...", "detail_json": "/data/advisories/ZDI-22-805/advisory.json", "detail_path": "advisories/ZDI-22-805", "id": "ZDI-22-805", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-805/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-15525", "zdi_id": "ZDI-22-805" }, { "cve": "CVE-2022-1660", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Spring Framework. T...", "detail_json": "/data/advisories/ZDI-22-804/advisory.json", "detail_path": "advisories/ZDI-22-804", "id": "ZDI-22-804", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-804/", "vendor": "KeySight", "vendor_url": null, "zdi_can": "ZDI-CAN-15470", "zdi_id": "ZDI-22-804" }, { "cve": "CVE-2022-20753", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-803/advisory.json", "detail_path": "advisories/ZDI-22-803", "id": "ZDI-22-803", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-803/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15636", "zdi_id": "ZDI-22-803" }, { "cve": "CVE-2022-20753", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-802/advisory.json", "detail_path": "advisories/ZDI-22-802", "id": "ZDI-22-802", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-802/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15634", "zdi_id": "ZDI-22-802" }, { "cve": "CVE-2022-30703", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-801/advisory.json", "detail_path": "advisories/ZDI-22-801", "id": "ZDI-22-801", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15757", "zdi_id": "ZDI-22-801" }, { "cve": "CVE-2022-30702", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-800/advisory.json", "detail_path": "advisories/ZDI-22-800", "id": "ZDI-22-800", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-800/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15756", "zdi_id": "ZDI-22-800" }, { "cve": "CVE-2022-1802", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-799/advisory.json", "detail_path": "advisories/ZDI-22-799", "id": "ZDI-22-799", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-799/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-17469", "zdi_id": "ZDI-22-799" }, { "cve": "CVE-2022-1529", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-22-798/advisory.json", "detail_path": "advisories/ZDI-22-798", "id": "ZDI-22-798", "kind": "published", "published_date": "2022-05-27", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-798/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-17418", "zdi_id": "ZDI-22-798" }, { "cve": "CVE-2022-30701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-797/advisory.json", "detail_path": "advisories/ZDI-22-797", "id": "ZDI-22-797", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-797/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16098", "zdi_id": "ZDI-22-797" }, { "cve": "CVE-2022-1403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-796/advisory.json", "detail_path": "advisories/ZDI-22-796", "id": "ZDI-22-796", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Delta Industrial Automation ASDA-Soft PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-796/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14481", "zdi_id": "ZDI-22-796" }, { "cve": "CVE-2022-1402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-795/advisory.json", "detail_path": "advisories/ZDI-22-795", "id": "ZDI-22-795", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Delta Industrial Automation ASDA-Soft SCP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-795/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14471", "zdi_id": "ZDI-22-795" }, { "cve": "CVE-2022-26751", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-22-794/advisory.json", "detail_path": "advisories/ZDI-22-794", "id": "ZDI-22-794", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-794/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16806", "zdi_id": "ZDI-22-794" }, { "cve": "CVE-2022-26748", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-793/advisory.json", "detail_path": "advisories/ZDI-22-793", "id": "ZDI-22-793", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Apple Safari WebGL generateMipmap Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-793/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16206", "zdi_id": "ZDI-22-793" }, { "cve": "CVE-2022-26711", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-22-792/advisory.json", "detail_path": "advisories/ZDI-22-792", "id": "ZDI-22-792", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-792/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16158", "zdi_id": "ZDI-22-792" }, { "cve": "CVE-2022-26697", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-791/advisory.json", "detail_path": "advisories/ZDI-22-791", "id": "ZDI-22-791", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-791/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16073", "zdi_id": "ZDI-22-791" }, { "cve": "CVE-2022-30700", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-22-790/advisory.json", "detail_path": "advisories/ZDI-22-790", "id": "ZDI-22-790", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-790/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15738", "zdi_id": "ZDI-22-790" }, { "cve": "CVE-2022-30687", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-789/advisory.json", "detail_path": "advisories/ZDI-22-789", "id": "ZDI-22-789", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15739", "zdi_id": "ZDI-22-789" }, { "cve": "CVE-2022-36983", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the...", "detail_json": "/data/advisories/ZDI-22-788/advisory.json", "detail_path": "advisories/ZDI-22-788", "id": "ZDI-22-788", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche SetSettings Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-788/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15919", "zdi_id": "ZDI-22-788" }, { "cve": "CVE-2022-36982", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-22-787/advisory.json", "detail_path": "advisories/ZDI-22-787", "id": "ZDI-22-787", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche AgentTaskHandler Directory Traversal Information Disclosure Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-787/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15967", "zdi_id": "ZDI-22-787" }, { "cve": "CVE-2022-36981", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-22-786/advisory.json", "detail_path": "advisories/ZDI-22-786", "id": "ZDI-22-786", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche DeviceLogResource Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-786/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15966", "zdi_id": "ZDI-22-786" }, { "cve": "CVE-2022-36980", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-785/advisory.json", "detail_path": "advisories/ZDI-22-785", "id": "ZDI-22-785", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service Race Condition Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-785/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15528", "zdi_id": "ZDI-22-785" }, { "cve": "CVE-2022-36979", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-784/advisory.json", "detail_path": "advisories/ZDI-22-784", "id": "ZDI-22-784", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-784/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15493", "zdi_id": "ZDI-22-784" }, { "cve": "CVE-2022-36978", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-22-783/advisory.json", "detail_path": "advisories/ZDI-22-783", "id": "ZDI-22-783", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche Notification Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-783/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15448", "zdi_id": "ZDI-22-783" }, { "cve": "CVE-2022-36977", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-22-782/advisory.json", "detail_path": "advisories/ZDI-22-782", "id": "ZDI-22-782", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche Certificate Management Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-782/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15449", "zdi_id": "ZDI-22-782" }, { "cve": "CVE-2022-36976", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied str...", "detail_json": "/data/advisories/ZDI-22-781/advisory.json", "detail_path": "advisories/ZDI-22-781", "id": "ZDI-22-781", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-781/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15333", "zdi_id": "ZDI-22-781" }, { "cve": "CVE-2022-36975", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied s...", "detail_json": "/data/advisories/ZDI-22-780/advisory.json", "detail_path": "advisories/ZDI-22-780", "id": "ZDI-22-780", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-780/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15332", "zdi_id": "ZDI-22-780" }, { "cve": "CVE-2022-36974", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-22-779/advisory.json", "detail_path": "advisories/ZDI-22-779", "id": "ZDI-22-779", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche Web File Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-779/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15330", "zdi_id": "ZDI-22-779" }, { "cve": "CVE-2022-36973", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-22-778/advisory.json", "detail_path": "advisories/ZDI-22-778", "id": "ZDI-22-778", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-778/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15329", "zdi_id": "ZDI-22-778" }, { "cve": "CVE-2022-36972", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied s...", "detail_json": "/data/advisories/ZDI-22-777/advisory.json", "detail_path": "advisories/ZDI-22-777", "id": "ZDI-22-777", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-777/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15328", "zdi_id": "ZDI-22-777" }, { "cve": "CVE-2022-36971", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-22-776/advisory.json", "detail_path": "advisories/ZDI-22-776", "id": "ZDI-22-776", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Ivanti Avalanche JwtTokenUtility Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-07-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-776/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15301", "zdi_id": "ZDI-22-776" }, { "cve": "CVE-2022-25793", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-775/advisory.json", "detail_path": "advisories/ZDI-22-775", "id": "ZDI-22-775", "kind": "published", "published_date": "2022-05-26", "status": "published", "title": "Autodesk 3DS Max ABC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-775/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15690", "zdi_id": "ZDI-22-775" }, { "cve": "CVE-2022-28683", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-774/advisory.json", "detail_path": "advisories/ZDI-22-774", "id": "ZDI-22-774", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader deletePages Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-774/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16828", "zdi_id": "ZDI-22-774" }, { "cve": "CVE-2022-28682", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-773/advisory.json", "detail_path": "advisories/ZDI-22-773", "id": "ZDI-22-773", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-773/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16778", "zdi_id": "ZDI-22-773" }, { "cve": "CVE-2022-28681", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-772/advisory.json", "detail_path": "advisories/ZDI-22-772", "id": "ZDI-22-772", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader deletePages Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-772/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16825", "zdi_id": "ZDI-22-772" }, { "cve": "CVE-2022-28680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-771/advisory.json", "detail_path": "advisories/ZDI-22-771", "id": "ZDI-22-771", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-771/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16821", "zdi_id": "ZDI-22-771" }, { "cve": "CVE-2022-28679", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-770/advisory.json", "detail_path": "advisories/ZDI-22-770", "id": "ZDI-22-770", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-770/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16861", "zdi_id": "ZDI-22-770" }, { "cve": "CVE-2022-28678", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-769/advisory.json", "detail_path": "advisories/ZDI-22-769", "id": "ZDI-22-769", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-769/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16805", "zdi_id": "ZDI-22-769" }, { "cve": "CVE-2022-28677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-768/advisory.json", "detail_path": "advisories/ZDI-22-768", "id": "ZDI-22-768", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-768/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16663", "zdi_id": "ZDI-22-768" }, { "cve": "CVE-2022-28676", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-767/advisory.json", "detail_path": "advisories/ZDI-22-767", "id": "ZDI-22-767", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-767/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16643", "zdi_id": "ZDI-22-767" }, { "cve": "CVE-2022-28675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-766/advisory.json", "detail_path": "advisories/ZDI-22-766", "id": "ZDI-22-766", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-766/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16642", "zdi_id": "ZDI-22-766" }, { "cve": "CVE-2022-28674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-765/advisory.json", "detail_path": "advisories/ZDI-22-765", "id": "ZDI-22-765", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-765/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16644", "zdi_id": "ZDI-22-765" }, { "cve": "CVE-2022-28673", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-764/advisory.json", "detail_path": "advisories/ZDI-22-764", "id": "ZDI-22-764", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-764/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16641", "zdi_id": "ZDI-22-764" }, { "cve": "CVE-2022-28672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-763/advisory.json", "detail_path": "advisories/ZDI-22-763", "id": "ZDI-22-763", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-763/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16640", "zdi_id": "ZDI-22-763" }, { "cve": "CVE-2022-28671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-762/advisory.json", "detail_path": "advisories/ZDI-22-762", "id": "ZDI-22-762", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-762/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16639", "zdi_id": "ZDI-22-762" }, { "cve": "CVE-2022-28670", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-761/advisory.json", "detail_path": "advisories/ZDI-22-761", "id": "ZDI-22-761", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-761/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16523", "zdi_id": "ZDI-22-761" }, { "cve": "CVE-2022-28669", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-760/advisory.json", "detail_path": "advisories/ZDI-22-760", "id": "ZDI-22-760", "kind": "published", "published_date": "2022-05-12", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-760/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16420", "zdi_id": "ZDI-22-760" }, { "cve": "CVE-2022-30523", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-759/advisory.json", "detail_path": "advisories/ZDI-22-759", "id": "ZDI-22-759", "kind": "published", "published_date": "2022-05-11", "status": "published", "title": "Trend Micro Password Manager Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-759/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16159", "zdi_id": "ZDI-22-759" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Netatalk library that is ins...", "detail_json": "/data/advisories/ZDI-22-758/advisory.json", "detail_path": "advisories/ZDI-22-758", "id": "ZDI-22-758", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability", "updated_date": "2022-05-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-758/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15803", "zdi_id": "ZDI-22-758" }, { "cve": "CVE-2022-22597", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-757/advisory.json", "detail_path": "advisories/ZDI-22-757", "id": "ZDI-22-757", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-05-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-757/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16083", "zdi_id": "ZDI-22-757" }, { "cve": "CVE-2022-20753", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-756/advisory.json", "detail_path": "advisories/ZDI-22-756", "id": "ZDI-22-756", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-756/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15635", "zdi_id": "ZDI-22-756" }, { "cve": "CVE-2022-28829", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-755/advisory.json", "detail_path": "advisories/ZDI-22-755", "id": "ZDI-22-755", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-755/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17065", "zdi_id": "ZDI-22-755" }, { "cve": "CVE-2022-28837", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-754/advisory.json", "detail_path": "advisories/ZDI-22-754", "id": "ZDI-22-754", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-754/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17012", "zdi_id": "ZDI-22-754" }, { "cve": "CVE-2022-28838", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-753/advisory.json", "detail_path": "advisories/ZDI-22-753", "id": "ZDI-22-753", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-753/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17000", "zdi_id": "ZDI-22-753" }, { "cve": "CVE-2022-28819", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-752/advisory.json", "detail_path": "advisories/ZDI-22-752", "id": "ZDI-22-752", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe Character Animator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-752/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16515", "zdi_id": "ZDI-22-752" }, { "cve": "CVE-2022-28831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-751/advisory.json", "detail_path": "advisories/ZDI-22-751", "id": "ZDI-22-751", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-751/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16503", "zdi_id": "ZDI-22-751" }, { "cve": "CVE-2022-28833", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-750/advisory.json", "detail_path": "advisories/ZDI-22-750", "id": "ZDI-22-750", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-750/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16502", "zdi_id": "ZDI-22-750" }, { "cve": "CVE-2022-28832", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-749/advisory.json", "detail_path": "advisories/ZDI-22-749", "id": "ZDI-22-749", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-749/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16501", "zdi_id": "ZDI-22-749" }, { "cve": "CVE-2022-28834", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-748/advisory.json", "detail_path": "advisories/ZDI-22-748", "id": "ZDI-22-748", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-748/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16500", "zdi_id": "ZDI-22-748" }, { "cve": "CVE-2022-28836", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-747/advisory.json", "detail_path": "advisories/ZDI-22-747", "id": "ZDI-22-747", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-747/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16499", "zdi_id": "ZDI-22-747" }, { "cve": "CVE-2022-28835", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-746/advisory.json", "detail_path": "advisories/ZDI-22-746", "id": "ZDI-22-746", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-746/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16498", "zdi_id": "ZDI-22-746" }, { "cve": "CVE-2022-28823", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-745/advisory.json", "detail_path": "advisories/ZDI-22-745", "id": "ZDI-22-745", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-745/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16497", "zdi_id": "ZDI-22-745" }, { "cve": "CVE-2022-28822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-744/advisory.json", "detail_path": "advisories/ZDI-22-744", "id": "ZDI-22-744", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-744/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16496", "zdi_id": "ZDI-22-744" }, { "cve": "CVE-2022-28824", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-743/advisory.json", "detail_path": "advisories/ZDI-22-743", "id": "ZDI-22-743", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-743/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16495", "zdi_id": "ZDI-22-743" }, { "cve": "CVE-2022-28828", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-742/advisory.json", "detail_path": "advisories/ZDI-22-742", "id": "ZDI-22-742", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-742/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16432", "zdi_id": "ZDI-22-742" }, { "cve": "CVE-2022-28827", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-741/advisory.json", "detail_path": "advisories/ZDI-22-741", "id": "ZDI-22-741", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-741/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16431", "zdi_id": "ZDI-22-741" }, { "cve": "CVE-2022-28830", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-740/advisory.json", "detail_path": "advisories/ZDI-22-740", "id": "ZDI-22-740", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-740/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16430", "zdi_id": "ZDI-22-740" }, { "cve": "CVE-2022-28821", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-739/advisory.json", "detail_path": "advisories/ZDI-22-739", "id": "ZDI-22-739", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-739/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16429", "zdi_id": "ZDI-22-739" }, { "cve": "CVE-2022-28825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-738/advisory.json", "detail_path": "advisories/ZDI-22-738", "id": "ZDI-22-738", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-738/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16428", "zdi_id": "ZDI-22-738" }, { "cve": "CVE-2022-28826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-737/advisory.json", "detail_path": "advisories/ZDI-22-737", "id": "ZDI-22-737", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-737/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16427", "zdi_id": "ZDI-22-737" }, { "cve": "CVE-2022-29114", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-736/advisory.json", "detail_path": "advisories/ZDI-22-736", "id": "ZDI-22-736", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Print Spooler Service Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-736/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16218", "zdi_id": "ZDI-22-736" }, { "cve": "CVE-2022-29140", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-735/advisory.json", "detail_path": "advisories/ZDI-22-735", "id": "ZDI-22-735", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Print Spooler Service Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-735/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16215", "zdi_id": "ZDI-22-735" }, { "cve": "CVE-2022-29104", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-734/advisory.json", "detail_path": "advisories/ZDI-22-734", "id": "ZDI-22-734", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-734/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16251", "zdi_id": "ZDI-22-734" }, { "cve": "CVE-2022-29148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-733/advisory.json", "detail_path": "advisories/ZDI-22-733", "id": "ZDI-22-733", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-733/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16189", "zdi_id": "ZDI-22-733" }, { "cve": "CVE-2022-30138", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-732/advisory.json", "detail_path": "advisories/ZDI-22-732", "id": "ZDI-22-732", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability", "updated_date": "2022-06-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-732/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16228", "zdi_id": "ZDI-22-732" }, { "cve": "CVE-2022-29105", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-731/advisory.json", "detail_path": "advisories/ZDI-22-731", "id": "ZDI-22-731", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Media Foundation AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-731/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16507", "zdi_id": "ZDI-22-731" }, { "cve": "CVE-2022-29104", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-730/advisory.json", "detail_path": "advisories/ZDI-22-730", "id": "ZDI-22-730", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-730/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16229", "zdi_id": "ZDI-22-730" }, { "cve": "CVE-2022-26923", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the iss...", "detail_json": "/data/advisories/ZDI-22-729/advisory.json", "detail_path": "advisories/ZDI-22-729", "id": "ZDI-22-729", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-729/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16168", "zdi_id": "ZDI-22-729" }, { "cve": "CVE-2022-26927", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-728/advisory.json", "detail_path": "advisories/ZDI-22-728", "id": "ZDI-22-728", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows OpenType Font File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-728/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15915", "zdi_id": "ZDI-22-728" }, { "cve": "CVE-2022-24542", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-727/advisory.json", "detail_path": "advisories/ZDI-22-727", "id": "ZDI-22-727", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows Kernel Bitmap Surface Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-727/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15914", "zdi_id": "ZDI-22-727" }, { "cve": "CVE-2022-24550", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-726/advisory.json", "detail_path": "advisories/ZDI-22-726", "id": "ZDI-22-726", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "Microsoft Windows CreateObjectHandler Deserialization of Untrusted Data Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-726/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15974", "zdi_id": "ZDI-22-726" }, { "cve": "CVE-2022-24099", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-725/advisory.json", "detail_path": "advisories/ZDI-22-725", "id": "ZDI-22-725", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-725/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17077", "zdi_id": "ZDI-22-725" }, { "cve": "CVE-2022-20801", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-724/advisory.json", "detail_path": "advisories/ZDI-22-724", "id": "ZDI-22-724", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-724/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15637", "zdi_id": "ZDI-22-724" }, { "cve": "CVE-2022-20801", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-723/advisory.json", "detail_path": "advisories/ZDI-22-723", "id": "ZDI-22-723", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-723/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15633", "zdi_id": "ZDI-22-723" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-722/advisory.json", "detail_path": "advisories/ZDI-22-722", "id": "ZDI-22-722", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "(0Day) Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-05-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-722/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16042", "zdi_id": "ZDI-22-722" }, { "cve": "CVE-2022-27532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-721/advisory.json", "detail_path": "advisories/ZDI-22-721", "id": "ZDI-22-721", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "(0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-05-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-721/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15689", "zdi_id": "ZDI-22-721" }, { "cve": "CVE-2022-27532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-720/advisory.json", "detail_path": "advisories/ZDI-22-720", "id": "ZDI-22-720", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "(0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-05-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-720/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15687", "zdi_id": "ZDI-22-720" }, { "cve": "CVE-2022-27532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-719/advisory.json", "detail_path": "advisories/ZDI-22-719", "id": "ZDI-22-719", "kind": "published", "published_date": "2022-05-10", "status": "published", "title": "(0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-05-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-719/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15677", "zdi_id": "ZDI-22-719" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation ISaGRAF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-22-718/advisory.json", "detail_path": "advisories/ZDI-22-718", "id": "ZDI-22-718", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "(0Day) Rockwell Automation ISaGRAF isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2022-05-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-718/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15178", "zdi_id": "ZDI-22-718" }, { "cve": "CVE-2022-22782", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Zoom Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-717/advisory.json", "detail_path": "advisories/ZDI-22-717", "id": "ZDI-22-717", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "Zoom Client Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-717/", "vendor": "Zoom", "vendor_url": null, "zdi_can": "ZDI-CAN-16164", "zdi_id": "ZDI-22-717" }, { "cve": "CVE-2022-22782", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Zoom Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-716/advisory.json", "detail_path": "advisories/ZDI-22-716", "id": "ZDI-22-716", "kind": "published", "published_date": "2022-05-09", "status": "published", "title": "Zoom Client Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-716/", "vendor": "Zoom", "vendor_url": null, "zdi_can": "ZDI-CAN-16162", "zdi_id": "ZDI-22-716" }, { "cve": "CVE-2022-22648", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-715/advisory.json", "detail_path": "advisories/ZDI-22-715", "id": "ZDI-22-715", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-715/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16076", "zdi_id": "ZDI-22-715" }, { "cve": "CVE-2022-22627", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-714/advisory.json", "detail_path": "advisories/ZDI-22-714", "id": "ZDI-22-714", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-714/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16074", "zdi_id": "ZDI-22-714" }, { "cve": "CVE-2022-22648", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-713/advisory.json", "detail_path": "advisories/ZDI-22-713", "id": "ZDI-22-713", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-713/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16072", "zdi_id": "ZDI-22-713" }, { "cve": "CVE-2022-22625", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-712/advisory.json", "detail_path": "advisories/ZDI-22-712", "id": "ZDI-22-712", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-712/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16084", "zdi_id": "ZDI-22-712" }, { "cve": "CVE-2022-22626", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-711/advisory.json", "detail_path": "advisories/ZDI-22-711", "id": "ZDI-22-711", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-711/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-16075", "zdi_id": "ZDI-22-711" }, { "cve": "CVE-2022-25794", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-710/advisory.json", "detail_path": "advisories/ZDI-22-710", "id": "ZDI-22-710", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Autodesk FBX Review ABC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-710/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15543", "zdi_id": "ZDI-22-710" }, { "cve": "CVE-2022-21490", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-709/advisory.json", "detail_path": "advisories/ZDI-22-709", "id": "ZDI-22-709", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-709/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16407", "zdi_id": "ZDI-22-709" }, { "cve": "CVE-2022-21489", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-708/advisory.json", "detail_path": "advisories/ZDI-22-708", "id": "ZDI-22-708", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-708/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16408", "zdi_id": "ZDI-22-708" }, { "cve": "CVE-2022-21482", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-707/advisory.json", "detail_path": "advisories/ZDI-22-707", "id": "ZDI-22-707", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-707/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16406", "zdi_id": "ZDI-22-707" }, { "cve": "CVE-2022-21486", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-706/advisory.json", "detail_path": "advisories/ZDI-22-706", "id": "ZDI-22-706", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-706/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16704", "zdi_id": "ZDI-22-706" }, { "cve": "CVE-2022-21485", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-705/advisory.json", "detail_path": "advisories/ZDI-22-705", "id": "ZDI-22-705", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-705/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16703", "zdi_id": "ZDI-22-705" }, { "cve": "CVE-2022-21484", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-704/advisory.json", "detail_path": "advisories/ZDI-22-704", "id": "ZDI-22-704", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-704/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16409", "zdi_id": "ZDI-22-704" }, { "cve": "CVE-2022-21483", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-703/advisory.json", "detail_path": "advisories/ZDI-22-703", "id": "ZDI-22-703", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-703/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16445", "zdi_id": "ZDI-22-703" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-22-702/advisory.json", "detail_path": "advisories/ZDI-22-702", "id": "ZDI-22-702", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "(0Day) Delta Industrial Automation DRAS Project File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-702/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14479", "zdi_id": "ZDI-22-702" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-22-701/advisory.json", "detail_path": "advisories/ZDI-22-701", "id": "ZDI-22-701", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "(0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-701/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14654", "zdi_id": "ZDI-22-701" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-22-700/advisory.json", "detail_path": "advisories/ZDI-22-700", "id": "ZDI-22-700", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "(0Day) Delta Industrial Automation DRAS XML Point File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-700/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14653", "zdi_id": "ZDI-22-700" }, { "cve": "CVE-2022-1331", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-22-699/advisory.json", "detail_path": "advisories/ZDI-22-699", "id": "ZDI-22-699", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Delta Industrial Automation DMARS Project File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-699/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14480", "zdi_id": "ZDI-22-699" }, { "cve": "CVE-2022-1331", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-22-698/advisory.json", "detail_path": "advisories/ZDI-22-698", "id": "ZDI-22-698", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Delta Industrial Automation DMARS Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-698/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14651", "zdi_id": "ZDI-22-698" }, { "cve": "CVE-2022-1331", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-22-697/advisory.json", "detail_path": "advisories/ZDI-22-697", "id": "ZDI-22-697", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Delta Industrial Automation DMARS ScopeConfig File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-697/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14650", "zdi_id": "ZDI-22-697" }, { "cve": "CVE-2022-1331", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-22-696/advisory.json", "detail_path": "advisories/ZDI-22-696", "id": "ZDI-22-696", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Delta Industrial Automation DMARS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-696/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14647", "zdi_id": "ZDI-22-696" }, { "cve": "CVE-2022-28271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-695/advisory.json", "detail_path": "advisories/ZDI-22-695", "id": "ZDI-22-695", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-695/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16132", "zdi_id": "ZDI-22-695" }, { "cve": "CVE-2022-23205", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-694/advisory.json", "detail_path": "advisories/ZDI-22-694", "id": "ZDI-22-694", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-694/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-17069", "zdi_id": "ZDI-22-694" }, { "cve": "CVE-2022-28240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-693/advisory.json", "detail_path": "advisories/ZDI-22-693", "id": "ZDI-22-693", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-693/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16725", "zdi_id": "ZDI-22-693" }, { "cve": "CVE-2022-28268", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-692/advisory.json", "detail_path": "advisories/ZDI-22-692", "id": "ZDI-22-692", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-692/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16708", "zdi_id": "ZDI-22-692" }, { "cve": "CVE-2022-28239", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-691/advisory.json", "detail_path": "advisories/ZDI-22-691", "id": "ZDI-22-691", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-691/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16707", "zdi_id": "ZDI-22-691" }, { "cve": "CVE-2022-28269", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-690/advisory.json", "detail_path": "advisories/ZDI-22-690", "id": "ZDI-22-690", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-690/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16579", "zdi_id": "ZDI-22-690" }, { "cve": "CVE-2022-28236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-689/advisory.json", "detail_path": "advisories/ZDI-22-689", "id": "ZDI-22-689", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-689/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16553", "zdi_id": "ZDI-22-689" }, { "cve": "CVE-2022-28235", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-688/advisory.json", "detail_path": "advisories/ZDI-22-688", "id": "ZDI-22-688", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-688/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16537", "zdi_id": "ZDI-22-688" }, { "cve": "CVE-2022-28237", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-687/advisory.json", "detail_path": "advisories/ZDI-22-687", "id": "ZDI-22-687", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-687/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16536", "zdi_id": "ZDI-22-687" }, { "cve": "CVE-2022-27800", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-686/advisory.json", "detail_path": "advisories/ZDI-22-686", "id": "ZDI-22-686", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-686/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16534", "zdi_id": "ZDI-22-686" }, { "cve": "CVE-2022-27802", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-685/advisory.json", "detail_path": "advisories/ZDI-22-685", "id": "ZDI-22-685", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-685/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16533", "zdi_id": "ZDI-22-685" }, { "cve": "CVE-2022-28230", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-684/advisory.json", "detail_path": "advisories/ZDI-22-684", "id": "ZDI-22-684", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm calculateNow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-684/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16404", "zdi_id": "ZDI-22-684" }, { "cve": "CVE-2022-28232", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-683/advisory.json", "detail_path": "advisories/ZDI-22-683", "id": "ZDI-22-683", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Collab Object Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-683/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16385", "zdi_id": "ZDI-22-683" }, { "cve": "CVE-2022-27801", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-682/advisory.json", "detail_path": "advisories/ZDI-22-682", "id": "ZDI-22-682", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-682/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16375", "zdi_id": "ZDI-22-682" }, { "cve": "CVE-2022-27797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-681/advisory.json", "detail_path": "advisories/ZDI-22-681", "id": "ZDI-22-681", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-681/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16374", "zdi_id": "ZDI-22-681" }, { "cve": "CVE-2022-28233", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-680/advisory.json", "detail_path": "advisories/ZDI-22-680", "id": "ZDI-22-680", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-680/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16373", "zdi_id": "ZDI-22-680" }, { "cve": "CVE-2022-27796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-679/advisory.json", "detail_path": "advisories/ZDI-22-679", "id": "ZDI-22-679", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm isBoxChecked Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-679/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16353", "zdi_id": "ZDI-22-679" }, { "cve": "CVE-2022-27795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-678/advisory.json", "detail_path": "advisories/ZDI-22-678", "id": "ZDI-22-678", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm isDefaultChecked Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-678/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16352", "zdi_id": "ZDI-22-678" }, { "cve": "CVE-2022-27799", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-677/advisory.json", "detail_path": "advisories/ZDI-22-677", "id": "ZDI-22-677", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-677/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16349", "zdi_id": "ZDI-22-677" }, { "cve": "CVE-2022-27798", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-676/advisory.json", "detail_path": "advisories/ZDI-22-676", "id": "ZDI-22-676", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC zoomType Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-676/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16348", "zdi_id": "ZDI-22-676" }, { "cve": "CVE-2022-27786", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-675/advisory.json", "detail_path": "advisories/ZDI-22-675", "id": "ZDI-22-675", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-675/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16298", "zdi_id": "ZDI-22-675" }, { "cve": "CVE-2022-27785", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-674/advisory.json", "detail_path": "advisories/ZDI-22-674", "id": "ZDI-22-674", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-674/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16293", "zdi_id": "ZDI-22-674" }, { "cve": "CVE-2022-27788", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-673/advisory.json", "detail_path": "advisories/ZDI-22-673", "id": "ZDI-22-673", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-673/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16292", "zdi_id": "ZDI-22-673" }, { "cve": "CVE-2022-27787", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-672/advisory.json", "detail_path": "advisories/ZDI-22-672", "id": "ZDI-22-672", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-672/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16291", "zdi_id": "ZDI-22-672" }, { "cve": "CVE-2022-27790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-671/advisory.json", "detail_path": "advisories/ZDI-22-671", "id": "ZDI-22-671", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-671/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16095", "zdi_id": "ZDI-22-671" }, { "cve": "CVE-2022-28231", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-670/advisory.json", "detail_path": "advisories/ZDI-22-670", "id": "ZDI-22-670", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-670/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16053", "zdi_id": "ZDI-22-670" }, { "cve": "CVE-2022-28245", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-669/advisory.json", "detail_path": "advisories/ZDI-22-669", "id": "ZDI-22-669", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-669/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16705", "zdi_id": "ZDI-22-669" }, { "cve": "CVE-2022-28256", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-668/advisory.json", "detail_path": "advisories/ZDI-22-668", "id": "ZDI-22-668", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-668/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16865", "zdi_id": "ZDI-22-668" }, { "cve": "CVE-2022-28250", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-667/advisory.json", "detail_path": "advisories/ZDI-22-667", "id": "ZDI-22-667", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-667/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16864", "zdi_id": "ZDI-22-667" }, { "cve": "CVE-2022-28251", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-666/advisory.json", "detail_path": "advisories/ZDI-22-666", "id": "ZDI-22-666", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-666/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16863", "zdi_id": "ZDI-22-666" }, { "cve": "CVE-2022-28241", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-665/advisory.json", "detail_path": "advisories/ZDI-22-665", "id": "ZDI-22-665", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-665/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16817", "zdi_id": "ZDI-22-665" }, { "cve": "CVE-2022-28242", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-664/advisory.json", "detail_path": "advisories/ZDI-22-664", "id": "ZDI-22-664", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-664/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16809", "zdi_id": "ZDI-22-664" }, { "cve": "CVE-2022-28243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-663/advisory.json", "detail_path": "advisories/ZDI-22-663", "id": "ZDI-22-663", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-663/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16803", "zdi_id": "ZDI-22-663" }, { "cve": "CVE-2022-28252", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-662/advisory.json", "detail_path": "advisories/ZDI-22-662", "id": "ZDI-22-662", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-662/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16794", "zdi_id": "ZDI-22-662" }, { "cve": "CVE-2022-28253", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-661/advisory.json", "detail_path": "advisories/ZDI-22-661", "id": "ZDI-22-661", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-661/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16793", "zdi_id": "ZDI-22-661" }, { "cve": "CVE-2022-28254", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-660/advisory.json", "detail_path": "advisories/ZDI-22-660", "id": "ZDI-22-660", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-660/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16792", "zdi_id": "ZDI-22-660" }, { "cve": "CVE-2022-28255", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-659/advisory.json", "detail_path": "advisories/ZDI-22-659", "id": "ZDI-22-659", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-659/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16791", "zdi_id": "ZDI-22-659" }, { "cve": "CVE-2022-28257", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-658/advisory.json", "detail_path": "advisories/ZDI-22-658", "id": "ZDI-22-658", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-658/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16790", "zdi_id": "ZDI-22-658" }, { "cve": "CVE-2022-28265", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-657/advisory.json", "detail_path": "advisories/ZDI-22-657", "id": "ZDI-22-657", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-657/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16789", "zdi_id": "ZDI-22-657" }, { "cve": "CVE-2022-28258", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-656/advisory.json", "detail_path": "advisories/ZDI-22-656", "id": "ZDI-22-656", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-656/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16788", "zdi_id": "ZDI-22-656" }, { "cve": "CVE-2022-28263", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-655/advisory.json", "detail_path": "advisories/ZDI-22-655", "id": "ZDI-22-655", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-655/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16787", "zdi_id": "ZDI-22-655" }, { "cve": "CVE-2022-28259", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-654/advisory.json", "detail_path": "advisories/ZDI-22-654", "id": "ZDI-22-654", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-654/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16786", "zdi_id": "ZDI-22-654" }, { "cve": "CVE-2022-28267", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-653/advisory.json", "detail_path": "advisories/ZDI-22-653", "id": "ZDI-22-653", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-653/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16785", "zdi_id": "ZDI-22-653" }, { "cve": "CVE-2022-28264", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-652/advisory.json", "detail_path": "advisories/ZDI-22-652", "id": "ZDI-22-652", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-652/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16784", "zdi_id": "ZDI-22-652" }, { "cve": "CVE-2022-28262", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-651/advisory.json", "detail_path": "advisories/ZDI-22-651", "id": "ZDI-22-651", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-651/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16757", "zdi_id": "ZDI-22-651" }, { "cve": "CVE-2022-28260", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-650/advisory.json", "detail_path": "advisories/ZDI-22-650", "id": "ZDI-22-650", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-650/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16756", "zdi_id": "ZDI-22-650" }, { "cve": "CVE-2022-28261", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-649/advisory.json", "detail_path": "advisories/ZDI-22-649", "id": "ZDI-22-649", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-649/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16755", "zdi_id": "ZDI-22-649" }, { "cve": "CVE-2022-28266", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-648/advisory.json", "detail_path": "advisories/ZDI-22-648", "id": "ZDI-22-648", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-648/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16754", "zdi_id": "ZDI-22-648" }, { "cve": "CVE-2022-28248", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-647/advisory.json", "detail_path": "advisories/ZDI-22-647", "id": "ZDI-22-647", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-647/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16734", "zdi_id": "ZDI-22-647" }, { "cve": "CVE-2022-28246", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-646/advisory.json", "detail_path": "advisories/ZDI-22-646", "id": "ZDI-22-646", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-646/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16730", "zdi_id": "ZDI-22-646" }, { "cve": "CVE-2022-28249", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-645/advisory.json", "detail_path": "advisories/ZDI-22-645", "id": "ZDI-22-645", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-645/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16711", "zdi_id": "ZDI-22-645" }, { "cve": "CVE-2022-28238", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-644/advisory.json", "detail_path": "advisories/ZDI-22-644", "id": "ZDI-22-644", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-644/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16538", "zdi_id": "ZDI-22-644" }, { "cve": "CVE-2022-28272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-643/advisory.json", "detail_path": "advisories/ZDI-22-643", "id": "ZDI-22-643", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-643/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16506", "zdi_id": "ZDI-22-643" }, { "cve": "CVE-2022-28273", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-642/advisory.json", "detail_path": "advisories/ZDI-22-642", "id": "ZDI-22-642", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-642/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16505", "zdi_id": "ZDI-22-642" }, { "cve": "CVE-2022-28274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-641/advisory.json", "detail_path": "advisories/ZDI-22-641", "id": "ZDI-22-641", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-641/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16504", "zdi_id": "ZDI-22-641" }, { "cve": "CVE-2022-28279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-640/advisory.json", "detail_path": "advisories/ZDI-22-640", "id": "ZDI-22-640", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-640/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16475", "zdi_id": "ZDI-22-640" }, { "cve": "CVE-2022-28275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-639/advisory.json", "detail_path": "advisories/ZDI-22-639", "id": "ZDI-22-639", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-639/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16474", "zdi_id": "ZDI-22-639" }, { "cve": "CVE-2022-28278", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-638/advisory.json", "detail_path": "advisories/ZDI-22-638", "id": "ZDI-22-638", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-638/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16473", "zdi_id": "ZDI-22-638" }, { "cve": "CVE-2022-28277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-637/advisory.json", "detail_path": "advisories/ZDI-22-637", "id": "ZDI-22-637", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-637/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16472", "zdi_id": "ZDI-22-637" }, { "cve": "CVE-2022-28276", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-636/advisory.json", "detail_path": "advisories/ZDI-22-636", "id": "ZDI-22-636", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-636/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16471", "zdi_id": "ZDI-22-636" }, { "cve": "CVE-2022-24098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-635/advisory.json", "detail_path": "advisories/ZDI-22-635", "id": "ZDI-22-635", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-635/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16414", "zdi_id": "ZDI-22-635" }, { "cve": "CVE-2022-24105", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-634/advisory.json", "detail_path": "advisories/ZDI-22-634", "id": "ZDI-22-634", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-634/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16410", "zdi_id": "ZDI-22-634" }, { "cve": "CVE-2022-27789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-633/advisory.json", "detail_path": "advisories/ZDI-22-633", "id": "ZDI-22-633", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-633/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16183", "zdi_id": "ZDI-22-633" }, { "cve": "CVE-2022-28270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-632/advisory.json", "detail_path": "advisories/ZDI-22-632", "id": "ZDI-22-632", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Photoshop SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-632/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16131", "zdi_id": "ZDI-22-632" }, { "cve": "CVE-2022-27794", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-631/advisory.json", "detail_path": "advisories/ZDI-22-631", "id": "ZDI-22-631", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-631/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16096", "zdi_id": "ZDI-22-631" }, { "cve": "CVE-2022-27792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-630/advisory.json", "detail_path": "advisories/ZDI-22-630", "id": "ZDI-22-630", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-630/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16091", "zdi_id": "ZDI-22-630" }, { "cve": "CVE-2022-27793", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-629/advisory.json", "detail_path": "advisories/ZDI-22-629", "id": "ZDI-22-629", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-629/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16090", "zdi_id": "ZDI-22-629" }, { "cve": "CVE-2022-27791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-628/advisory.json", "detail_path": "advisories/ZDI-22-628", "id": "ZDI-22-628", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-628/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16089", "zdi_id": "ZDI-22-628" }, { "cve": "CVE-2022-24101", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-627/advisory.json", "detail_path": "advisories/ZDI-22-627", "id": "ZDI-22-627", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-627/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16025", "zdi_id": "ZDI-22-627" }, { "cve": "CVE-2022-24102", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-626/advisory.json", "detail_path": "advisories/ZDI-22-626", "id": "ZDI-22-626", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-626/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15838", "zdi_id": "ZDI-22-626" }, { "cve": "CVE-2022-24104", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-625/advisory.json", "detail_path": "advisories/ZDI-22-625", "id": "ZDI-22-625", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-625/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15763", "zdi_id": "ZDI-22-625" }, { "cve": "CVE-2022-24103", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-624/advisory.json", "detail_path": "advisories/ZDI-22-624", "id": "ZDI-22-624", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-624/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15809", "zdi_id": "ZDI-22-624" }, { "cve": "CVE-2022-28663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-623/advisory.json", "detail_path": "advisories/ZDI-22-623", "id": "ZDI-22-623", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-623/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15592", "zdi_id": "ZDI-22-623" }, { "cve": "CVE-2022-28668", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-622/advisory.json", "detail_path": "advisories/ZDI-22-622", "id": "ZDI-22-622", "kind": "published", "published_date": "2022-04-28", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-622/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-16679", "zdi_id": "ZDI-22-622" }, { "cve": "CVE-2022-1230", "cvss": 3.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-621/advisory.json", "detail_path": "advisories/ZDI-22-621", "id": "ZDI-22-621", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-621/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-15918", "zdi_id": "ZDI-22-621" }, { "cve": "CVE-2022-28339", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-22-620/advisory.json", "detail_path": "advisories/ZDI-22-620", "id": "ZDI-22-620", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-620/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-16316", "zdi_id": "ZDI-22-620" }, { "cve": "CVE-2022-1271", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tukaani XZ Utils. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specifi...", "detail_json": "/data/advisories/ZDI-22-619/advisory.json", "detail_path": "advisories/ZDI-22-619", "id": "ZDI-22-619", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-619/", "vendor": "Tukaani", "vendor_url": null, "zdi_can": "ZDI-CAN-16587", "zdi_id": "ZDI-22-619" }, { "cve": "CVE-2022-28318", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-618/advisory.json", "detail_path": "advisories/ZDI-22-618", "id": "ZDI-22-618", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-618/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16379", "zdi_id": "ZDI-22-618" }, { "cve": "CVE-2022-28647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-617/advisory.json", "detail_path": "advisories/ZDI-22-617", "id": "ZDI-22-617", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-617/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16573", "zdi_id": "ZDI-22-617" }, { "cve": "CVE-2022-28646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-616/advisory.json", "detail_path": "advisories/ZDI-22-616", "id": "ZDI-22-616", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-616/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16570", "zdi_id": "ZDI-22-616" }, { "cve": "CVE-2022-1229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-615/advisory.json", "detail_path": "advisories/ZDI-22-615", "id": "ZDI-22-615", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-615/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16581", "zdi_id": "ZDI-22-615" }, { "cve": "CVE-2022-28302", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-614/advisory.json", "detail_path": "advisories/ZDI-22-614", "id": "ZDI-22-614", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-614/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16446", "zdi_id": "ZDI-22-614" }, { "cve": "CVE-2022-28641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-613/advisory.json", "detail_path": "advisories/ZDI-22-613", "id": "ZDI-22-613", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-613/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16390", "zdi_id": "ZDI-22-613" }, { "cve": "CVE-2022-28301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-612/advisory.json", "detail_path": "advisories/ZDI-22-612", "id": "ZDI-22-612", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-612/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16392", "zdi_id": "ZDI-22-612" }, { "cve": "CVE-2022-28644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-611/advisory.json", "detail_path": "advisories/ZDI-22-611", "id": "ZDI-22-611", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-611/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16469", "zdi_id": "ZDI-22-611" }, { "cve": "CVE-2022-28645", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-610/advisory.json", "detail_path": "advisories/ZDI-22-610", "id": "ZDI-22-610", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-610/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16470", "zdi_id": "ZDI-22-610" }, { "cve": "CVE-2022-28643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-609/advisory.json", "detail_path": "advisories/ZDI-22-609", "id": "ZDI-22-609", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-609/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16468", "zdi_id": "ZDI-22-609" }, { "cve": "CVE-2022-28642", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-608/advisory.json", "detail_path": "advisories/ZDI-22-608", "id": "ZDI-22-608", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-608/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16424", "zdi_id": "ZDI-22-608" }, { "cve": "CVE-2022-28316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-607/advisory.json", "detail_path": "advisories/ZDI-22-607", "id": "ZDI-22-607", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-607/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16368", "zdi_id": "ZDI-22-607" }, { "cve": "CVE-2022-28315", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-606/advisory.json", "detail_path": "advisories/ZDI-22-606", "id": "ZDI-22-606", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-606/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16367", "zdi_id": "ZDI-22-606" }, { "cve": "CVE-2022-28314", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-605/advisory.json", "detail_path": "advisories/ZDI-22-605", "id": "ZDI-22-605", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-605/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16332", "zdi_id": "ZDI-22-605" }, { "cve": "CVE-2022-28317", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-604/advisory.json", "detail_path": "advisories/ZDI-22-604", "id": "ZDI-22-604", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT IFC File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": "2023-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-604/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16369", "zdi_id": "ZDI-22-604" }, { "cve": "CVE-2022-28313", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-603/advisory.json", "detail_path": "advisories/ZDI-22-603", "id": "ZDI-22-603", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-603/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16343", "zdi_id": "ZDI-22-603" }, { "cve": "CVE-2022-28312", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-602/advisory.json", "detail_path": "advisories/ZDI-22-602", "id": "ZDI-22-602", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-602/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16342", "zdi_id": "ZDI-22-602" }, { "cve": "CVE-2022-28311", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-601/advisory.json", "detail_path": "advisories/ZDI-22-601", "id": "ZDI-22-601", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-601/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16341", "zdi_id": "ZDI-22-601" }, { "cve": "CVE-2022-28309", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-600/advisory.json", "detail_path": "advisories/ZDI-22-600", "id": "ZDI-22-600", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-600/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16308", "zdi_id": "ZDI-22-600" }, { "cve": "CVE-2022-28308", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-599/advisory.json", "detail_path": "advisories/ZDI-22-599", "id": "ZDI-22-599", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-599/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16307", "zdi_id": "ZDI-22-599" }, { "cve": "CVE-2022-28307", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-598/advisory.json", "detail_path": "advisories/ZDI-22-598", "id": "ZDI-22-598", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley View DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-598/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16306", "zdi_id": "ZDI-22-598" }, { "cve": "CVE-2022-28320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-597/advisory.json", "detail_path": "advisories/ZDI-22-597", "id": "ZDI-22-597", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley View 3DM File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-597/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16282", "zdi_id": "ZDI-22-597" }, { "cve": "CVE-2022-28303", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-596/advisory.json", "detail_path": "advisories/ZDI-22-596", "id": "ZDI-22-596", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-596/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16280", "zdi_id": "ZDI-22-596" }, { "cve": "CVE-2022-28306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-595/advisory.json", "detail_path": "advisories/ZDI-22-595", "id": "ZDI-22-595", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-595/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16174", "zdi_id": "ZDI-22-595" }, { "cve": "CVE-2022-28304", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-594/advisory.json", "detail_path": "advisories/ZDI-22-594", "id": "ZDI-22-594", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-594/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16171", "zdi_id": "ZDI-22-594" }, { "cve": "CVE-2022-28305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-593/advisory.json", "detail_path": "advisories/ZDI-22-593", "id": "ZDI-22-593", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-593/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16172", "zdi_id": "ZDI-22-593" }, { "cve": "CVE-2022-28300", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-592/advisory.json", "detail_path": "advisories/ZDI-22-592", "id": "ZDI-22-592", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-592/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16202", "zdi_id": "ZDI-22-592" }, { "cve": "CVE-2022-28319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-591/advisory.json", "detail_path": "advisories/ZDI-22-591", "id": "ZDI-22-591", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT 3DM File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-591/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16340", "zdi_id": "ZDI-22-591" }, { "cve": "CVE-2022-28310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-590/advisory.json", "detail_path": "advisories/ZDI-22-590", "id": "ZDI-22-590", "kind": "published", "published_date": "2022-04-12", "status": "published", "title": "Bentley MicroStation CONNECT SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-590/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-16339", "zdi_id": "ZDI-22-590" }, { "cve": "CVE-2022-1118", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-22-589/advisory.json", "detail_path": "advisories/ZDI-22-589", "id": "ZDI-22-589", "kind": "published", "published_date": "2022-04-08", "status": "published", "title": "Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-589/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15176", "zdi_id": "ZDI-22-589" }, { "cve": "CVE-2022-1118", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-22-588/advisory.json", "detail_path": "advisories/ZDI-22-588", "id": "ZDI-22-588", "kind": "published", "published_date": "2022-04-08", "status": "published", "title": "Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-588/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15175", "zdi_id": "ZDI-22-588" }, { "cve": "CVE-2022-1118", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-22-587/advisory.json", "detail_path": "advisories/ZDI-22-587", "id": "ZDI-22-587", "kind": "published", "published_date": "2022-04-08", "status": "published", "title": "Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-587/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15174", "zdi_id": "ZDI-22-587" }, { "cve": "CVE-2022-1118", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-22-586/advisory.json", "detail_path": "advisories/ZDI-22-586", "id": "ZDI-22-586", "kind": "published", "published_date": "2022-04-08", "status": "published", "title": "Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-586/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15173", "zdi_id": "ZDI-22-586" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-22-585/advisory.json", "detail_path": "advisories/ZDI-22-585", "id": "ZDI-22-585", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-585/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15179", "zdi_id": "ZDI-22-585" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-22-584/advisory.json", "detail_path": "advisories/ZDI-22-584", "id": "ZDI-22-584", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-584/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15177", "zdi_id": "ZDI-22-584" }, { "cve": "CVE-2022-0221", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-22-583/advisory.json", "detail_path": "advisories/ZDI-22-583", "id": "ZDI-22-583", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-583/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15180", "zdi_id": "ZDI-22-583" }, { "cve": "CVE-2022-0221", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-22-582/advisory.json", "detail_path": "advisories/ZDI-22-582", "id": "ZDI-22-582", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-582/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15181", "zdi_id": "ZDI-22-582" }, { "cve": "CVE-2022-26022", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-581/advisory.json", "detail_path": "advisories/ZDI-22-581", "id": "ZDI-22-581", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-581/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14778", "zdi_id": "ZDI-22-581" }, { "cve": "CVE-2022-26419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-580/advisory.json", "detail_path": "advisories/ZDI-22-580", "id": "ZDI-22-580", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14776", "zdi_id": "ZDI-22-580" }, { "cve": "CVE-2022-26419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-579/advisory.json", "detail_path": "advisories/ZDI-22-579", "id": "ZDI-22-579", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14775", "zdi_id": "ZDI-22-579" }, { "cve": "CVE-2022-26417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-578/advisory.json", "detail_path": "advisories/ZDI-22-578", "id": "ZDI-22-578", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-578/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14753", "zdi_id": "ZDI-22-578" }, { "cve": "CVE-2022-25959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-577/advisory.json", "detail_path": "advisories/ZDI-22-577", "id": "ZDI-22-577", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14677", "zdi_id": "ZDI-22-577" }, { "cve": "CVE-2022-26419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-576/advisory.json", "detail_path": "advisories/ZDI-22-576", "id": "ZDI-22-576", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14676", "zdi_id": "ZDI-22-576" }, { "cve": "CVE-2022-26419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-575/advisory.json", "detail_path": "advisories/ZDI-22-575", "id": "ZDI-22-575", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14674", "zdi_id": "ZDI-22-575" }, { "cve": "CVE-2022-25796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-574/advisory.json", "detail_path": "advisories/ZDI-22-574", "id": "ZDI-22-574", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-574/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16015", "zdi_id": "ZDI-22-574" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-573/advisory.json", "detail_path": "advisories/ZDI-22-573", "id": "ZDI-22-573", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-573/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16048", "zdi_id": "ZDI-22-573" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-572/advisory.json", "detail_path": "advisories/ZDI-22-572", "id": "ZDI-22-572", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-572/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16047", "zdi_id": "ZDI-22-572" }, { "cve": "CVE-2022-25789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-571/advisory.json", "detail_path": "advisories/ZDI-22-571", "id": "ZDI-22-571", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-571/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16046", "zdi_id": "ZDI-22-571" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-570/advisory.json", "detail_path": "advisories/ZDI-22-570", "id": "ZDI-22-570", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-570/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16044", "zdi_id": "ZDI-22-570" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-569/advisory.json", "detail_path": "advisories/ZDI-22-569", "id": "ZDI-22-569", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-569/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16043", "zdi_id": "ZDI-22-569" }, { "cve": "CVE-2022-27528", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-568/advisory.json", "detail_path": "advisories/ZDI-22-568", "id": "ZDI-22-568", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-568/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16041", "zdi_id": "ZDI-22-568" }, { "cve": "CVE-2022-25792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-567/advisory.json", "detail_path": "advisories/ZDI-22-567", "id": "ZDI-22-567", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-567/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16040", "zdi_id": "ZDI-22-567" }, { "cve": "CVE-2022-27528", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-566/advisory.json", "detail_path": "advisories/ZDI-22-566", "id": "ZDI-22-566", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-566/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16045", "zdi_id": "ZDI-22-566" }, { "cve": "CVE-2022-25792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-565/advisory.json", "detail_path": "advisories/ZDI-22-565", "id": "ZDI-22-565", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-565/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16012", "zdi_id": "ZDI-22-565" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-564/advisory.json", "detail_path": "advisories/ZDI-22-564", "id": "ZDI-22-564", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-564/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16016", "zdi_id": "ZDI-22-564" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-563/advisory.json", "detail_path": "advisories/ZDI-22-563", "id": "ZDI-22-563", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-563/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16014", "zdi_id": "ZDI-22-563" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-562/advisory.json", "detail_path": "advisories/ZDI-22-562", "id": "ZDI-22-562", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-562/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16009", "zdi_id": "ZDI-22-562" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-561/advisory.json", "detail_path": "advisories/ZDI-22-561", "id": "ZDI-22-561", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-561/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16018", "zdi_id": "ZDI-22-561" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-560/advisory.json", "detail_path": "advisories/ZDI-22-560", "id": "ZDI-22-560", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-560/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16011", "zdi_id": "ZDI-22-560" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-559/advisory.json", "detail_path": "advisories/ZDI-22-559", "id": "ZDI-22-559", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-559/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16013", "zdi_id": "ZDI-22-559" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-558/advisory.json", "detail_path": "advisories/ZDI-22-558", "id": "ZDI-22-558", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-558/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16017", "zdi_id": "ZDI-22-558" }, { "cve": "CVE-2022-27528", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-557/advisory.json", "detail_path": "advisories/ZDI-22-557", "id": "ZDI-22-557", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-557/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-16010", "zdi_id": "ZDI-22-557" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-556/advisory.json", "detail_path": "advisories/ZDI-22-556", "id": "ZDI-22-556", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-556/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15522", "zdi_id": "ZDI-22-556" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-555/advisory.json", "detail_path": "advisories/ZDI-22-555", "id": "ZDI-22-555", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-555/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15521", "zdi_id": "ZDI-22-555" }, { "cve": "CVE-2022-25792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-554/advisory.json", "detail_path": "advisories/ZDI-22-554", "id": "ZDI-22-554", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-554/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15686", "zdi_id": "ZDI-22-554" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-553/advisory.json", "detail_path": "advisories/ZDI-22-553", "id": "ZDI-22-553", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-553/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15672", "zdi_id": "ZDI-22-553" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-552/advisory.json", "detail_path": "advisories/ZDI-22-552", "id": "ZDI-22-552", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-552/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15466", "zdi_id": "ZDI-22-552" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-551/advisory.json", "detail_path": "advisories/ZDI-22-551", "id": "ZDI-22-551", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-551/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15451", "zdi_id": "ZDI-22-551" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-550/advisory.json", "detail_path": "advisories/ZDI-22-550", "id": "ZDI-22-550", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-550/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15519", "zdi_id": "ZDI-22-550" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-549/advisory.json", "detail_path": "advisories/ZDI-22-549", "id": "ZDI-22-549", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-549/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15518", "zdi_id": "ZDI-22-549" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-22-548/advisory.json", "detail_path": "advisories/ZDI-22-548", "id": "ZDI-22-548", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-548/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15517", "zdi_id": "ZDI-22-548" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-547/advisory.json", "detail_path": "advisories/ZDI-22-547", "id": "ZDI-22-547", "kind": "published", "published_date": "2022-04-05", "status": "published", "title": "(0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-547/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-15917", "zdi_id": "ZDI-22-547" }, { "cve": "CVE-2022-27883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-22-546/advisory.json", "detail_path": "advisories/ZDI-22-546", "id": "ZDI-22-546", "kind": "published", "published_date": "2022-04-01", "status": "published", "title": "Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-546/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14816", "zdi_id": "ZDI-22-546" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-545/advisory.json", "detail_path": "advisories/ZDI-22-545", "id": "ZDI-22-545", "kind": "published", "published_date": "2022-03-29", "status": "published", "title": "(0Day) Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-545/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15307", "zdi_id": "ZDI-22-545" }, { "cve": "CVE-2022-27641", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue res...", "detail_json": "/data/advisories/ZDI-22-544/advisory.json", "detail_path": "advisories/ZDI-22-544", "id": "ZDI-22-544", "kind": "published", "published_date": "2022-03-29", "status": "published", "title": "(Pwn2Own) Netgear R6700v3 NetUSB Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-544/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15806", "zdi_id": "ZDI-22-544" }, { "cve": "CVE-2022-27648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-543/advisory.json", "detail_path": "advisories/ZDI-22-543", "id": "ZDI-22-543", "kind": "published", "published_date": "2022-03-29", "status": "published", "title": "KOYO Screen Creator SCA2 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-543/", "vendor": "KOYO", "vendor_url": null, "zdi_can": "ZDI-CAN-14868", "zdi_id": "ZDI-22-543" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-542/advisory.json", "detail_path": "advisories/ZDI-22-542", "id": "ZDI-22-542", "kind": "published", "published_date": "2022-03-28", "status": "published", "title": "(0Day) Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-542/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15114", "zdi_id": "ZDI-22-542" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Array Networks MotionPro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-541/advisory.json", "detail_path": "advisories/ZDI-22-541", "id": "ZDI-22-541", "kind": "published", "published_date": "2022-04-04", "status": "published", "title": "(0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-04-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-541/", "vendor": "Array Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-14468", "zdi_id": "ZDI-22-541" }, { "cve": "CVE-2021-44705", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-540/advisory.json", "detail_path": "advisories/ZDI-22-540", "id": "ZDI-22-540", "kind": "published", "published_date": "2022-03-25", "status": "published", "title": "Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-540/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16128", "zdi_id": "ZDI-22-540" }, { "cve": "CVE-2021-44707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-539/advisory.json", "detail_path": "advisories/ZDI-22-539", "id": "ZDI-22-539", "kind": "published", "published_date": "2022-03-25", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-539/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16127", "zdi_id": "ZDI-22-539" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-22-538/advisory.json", "detail_path": "advisories/ZDI-22-538", "id": "ZDI-22-538", "kind": "published", "published_date": "2022-03-24", "status": "published", "title": "(0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-538/", "vendor": "Epic Games", "vendor_url": null, "zdi_can": "ZDI-CAN-14615", "zdi_id": "ZDI-22-538" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-22-537/advisory.json", "detail_path": "advisories/ZDI-22-537", "id": "ZDI-22-537", "kind": "published", "published_date": "2022-03-24", "status": "published", "title": "(0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-537/", "vendor": "Epic Games", "vendor_url": null, "zdi_can": "ZDI-CAN-14604", "zdi_id": "ZDI-22-537" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Electronic Arts Origin. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-22-536/advisory.json", "detail_path": "advisories/ZDI-22-536", "id": "ZDI-22-536", "kind": "published", "published_date": "2022-03-24", "status": "published", "title": "(0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-536/", "vendor": "Electronic Arts", "vendor_url": null, "zdi_can": "ZDI-CAN-14470", "zdi_id": "ZDI-22-536" }, { "cve": "CVE-2022-24292", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PostScript interp...", "detail_json": "/data/advisories/ZDI-22-535/advisory.json", "detail_path": "advisories/ZDI-22-535", "id": "ZDI-22-535", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP M283fdw CFF Font Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-535/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-15832", "zdi_id": "ZDI-22-535" }, { "cve": "CVE-2022-24291", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScanJobs AP...", "detail_json": "/data/advisories/ZDI-22-534/advisory.json", "detail_path": "advisories/ZDI-22-534", "id": "ZDI-22-534", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP M283fdw ScanJobs Memory Corruption Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-534/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-15897", "zdi_id": "ZDI-22-534" }, { "cve": "CVE-2022-24293", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP M283fdw printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-22-533/advisory.json", "detail_path": "advisories/ZDI-22-533", "id": "ZDI-22-533", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP M283fdw eContactRestore Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-533/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-15896", "zdi_id": "ZDI-22-533" }, { "cve": "CVE-2022-3942", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation...", "detail_json": "/data/advisories/ZDI-22-532/advisory.json", "detail_path": "advisories/ZDI-22-532", "id": "ZDI-22-532", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) HP LaserJet Pro MFP M283fdw LLMNR Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-532/", "vendor": "HP", "vendor_url": null, "zdi_can": "ZDI-CAN-15831", "zdi_id": "ZDI-22-532" }, { "cve": "CVE-2021-45465", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens syngo fastView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-531/advisory.json", "detail_path": "advisories/ZDI-22-531", "id": "ZDI-22-531", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "Siemens syngo fastView BMP File Parsing Write-what-where Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-531/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15696", "zdi_id": "ZDI-22-531" }, { "cve": "CVE-2022-0194", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the la...", "detail_json": "/data/advisories/ZDI-22-530/advisory.json", "detail_path": "advisories/ZDI-22-530", "id": "ZDI-22-530", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk ad_addcomment Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15876", "zdi_id": "ZDI-22-530" }, { "cve": "CVE-2022-23122", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lac...", "detail_json": "/data/advisories/ZDI-22-529/advisory.json", "detail_path": "advisories/ZDI-22-529", "id": "ZDI-22-529", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk setfilparams Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15837", "zdi_id": "ZDI-22-529" }, { "cve": "CVE-2022-23123", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from t...", "detail_json": "/data/advisories/ZDI-22-528/advisory.json", "detail_path": "advisories/ZDI-22-528", "id": "ZDI-22-528", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk getdirparams Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15830", "zdi_id": "ZDI-22-528" }, { "cve": "CVE-2022-23121", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the la...", "detail_json": "/data/advisories/ZDI-22-527/advisory.json", "detail_path": "advisories/ZDI-22-527", "id": "ZDI-22-527", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk parse_entries Improper Handling of Exceptional Conditions Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15819", "zdi_id": "ZDI-22-527" }, { "cve": "CVE-2022-23125", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element,...", "detail_json": "/data/advisories/ZDI-22-526/advisory.json", "detail_path": "advisories/ZDI-22-526", "id": "ZDI-22-526", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk copyapplfile Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15869", "zdi_id": "ZDI-22-526" }, { "cve": "CVE-2022-23124", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from...", "detail_json": "/data/advisories/ZDI-22-525/advisory.json", "detail_path": "advisories/ZDI-22-525", "id": "ZDI-22-525", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) Netatalk get_finderinfo Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/", "vendor": "Netatalk", "vendor_url": null, "zdi_can": "ZDI-CAN-15870", "zdi_id": "ZDI-22-525" }, { "cve": "CVE-2022-27647", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-524/advisory.json", "detail_path": "advisories/ZDI-22-524", "id": "ZDI-22-524", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 libreadycloud.so Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15874", "zdi_id": "ZDI-22-524" }, { "cve": "CVE-2022-27646", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-523/advisory.json", "detail_path": "advisories/ZDI-22-523", "id": "ZDI-22-523", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 circled Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-523/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15879", "zdi_id": "ZDI-22-523" }, { "cve": "CVE-2022-27645", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue...", "detail_json": "/data/advisories/ZDI-22-522/advisory.json", "detail_path": "advisories/ZDI-22-522", "id": "ZDI-22-522", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15762", "zdi_id": "ZDI-22-522" }, { "cve": null, "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to upload arbitrary files on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Circle Parental Control feat...", "detail_json": "/data/advisories/ZDI-22-521/advisory.json", "detail_path": "advisories/ZDI-22-521", "id": "ZDI-22-521", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 Missing Authentication for Critical Function Arbitrary File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-521/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15782", "zdi_id": "ZDI-22-521" }, { "cve": "CVE-2022-27644", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-22-520/advisory.json", "detail_path": "advisories/ZDI-22-520", "id": "ZDI-22-520", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 Improper Certificate Validation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15797", "zdi_id": "ZDI-22-520" }, { "cve": "CVE-2022-27643", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. W...", "detail_json": "/data/advisories/ZDI-22-519/advisory.json", "detail_path": "advisories/ZDI-22-519", "id": "ZDI-22-519", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15692", "zdi_id": "ZDI-22-519" }, { "cve": "CVE-2022-27642", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue resu...", "detail_json": "/data/advisories/ZDI-22-518/advisory.json", "detail_path": "advisories/ZDI-22-518", "id": "ZDI-22-518", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(Pwn2Own) NETGEAR R6700v3 httpd Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-15854", "zdi_id": "ZDI-22-518" }, { "cve": "CVE-2022-22629", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-517/advisory.json", "detail_path": "advisories/ZDI-22-517", "id": "ZDI-22-517", "kind": "published", "published_date": "2022-03-22", "status": "published", "title": "Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-517/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15747", "zdi_id": "ZDI-22-517" }, { "cve": "CVE-2022-24674", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The i...", "detail_json": "/data/advisories/ZDI-22-516/advisory.json", "detail_path": "advisories/ZDI-22-516", "id": "ZDI-22-516", "kind": "published", "published_date": "2022-03-18", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF644Cdw privet Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-03-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-516/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-15834", "zdi_id": "ZDI-22-516" }, { "cve": "CVE-2022-24673", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP p...", "detail_json": "/data/advisories/ZDI-22-515/advisory.json", "detail_path": "advisories/ZDI-22-515", "id": "ZDI-22-515", "kind": "published", "published_date": "2022-03-18", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF644Cdw SLP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-515/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-15845", "zdi_id": "ZDI-22-515" }, { "cve": "CVE-2022-24672", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The...", "detail_json": "/data/advisories/ZDI-22-514/advisory.json", "detail_path": "advisories/ZDI-22-514", "id": "ZDI-22-514", "kind": "published", "published_date": "2023-03-01", "status": "published", "title": "(Pwn2Own) Canon imageCLASS MF644Cdw CADM Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-03-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-514/", "vendor": "Canon", "vendor_url": null, "zdi_can": "ZDI-CAN-15802", "zdi_id": "ZDI-22-514" }, { "cve": "CVE-2022-24092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-513/advisory.json", "detail_path": "advisories/ZDI-22-513", "id": "ZDI-22-513", "kind": "published", "published_date": "2022-03-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-513/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16130", "zdi_id": "ZDI-22-513" }, { "cve": "CVE-2022-24091", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-512/advisory.json", "detail_path": "advisories/ZDI-22-512", "id": "ZDI-22-512", "kind": "published", "published_date": "2022-03-18", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-512/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-16129", "zdi_id": "ZDI-22-512" }, { "cve": "CVE-2021-46162", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-511/advisory.json", "detail_path": "advisories/ZDI-22-511", "id": "ZDI-22-511", "kind": "published", "published_date": "2022-03-18", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-511/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15048", "zdi_id": "ZDI-22-511" }, { "cve": "CVE-2022-22584", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS ColorSync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-510/advisory.json", "detail_path": "advisories/ZDI-22-510", "id": "ZDI-22-510", "kind": "published", "published_date": "2022-03-16", "status": "published", "title": "Apple macOS ColorSync ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-510/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15943", "zdi_id": "ZDI-22-510" }, { "cve": "CVE-2021-46699", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-509/advisory.json", "detail_path": "advisories/ZDI-22-509", "id": "ZDI-22-509", "kind": "published", "published_date": "2022-03-16", "status": "published", "title": "Siemens Simcenter Femap BDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-509/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15061", "zdi_id": "ZDI-22-509" }, { "cve": "CVE-2015-3269", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of th...", "detail_json": "/data/advisories/ZDI-22-508/advisory.json", "detail_path": "advisories/ZDI-22-508", "id": "ZDI-22-508", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15192", "zdi_id": "ZDI-22-508" }, { "cve": "CVE-2017-5641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Cisco Nexus Dashboard Fabric Controller. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-22-507/advisory.json", "detail_path": "advisories/ZDI-22-507", "id": "ZDI-22-507", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "Cisco Nexus Dashboard Fabric Controller Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-507/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-14806", "zdi_id": "ZDI-22-507" }, { "cve": "CVE-2017-5641", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AMF pr...", "detail_json": "/data/advisories/ZDI-22-506/advisory.json", "detail_path": "advisories/ZDI-22-506", "id": "ZDI-22-506", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "Cisco Nexus Dashboard Fabric Controller AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-506/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-14805", "zdi_id": "ZDI-22-506" }, { "cve": "CVE-2021-27039", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-505/advisory.json", "detail_path": "advisories/ZDI-22-505", "id": "ZDI-22-505", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "Autodesk AutoCAD PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-505/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15564", "zdi_id": "ZDI-22-505" }, { "cve": "CVE-2022-25788", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-504/advisory.json", "detail_path": "advisories/ZDI-22-504", "id": "ZDI-22-504", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-504/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15662", "zdi_id": "ZDI-22-504" }, { "cve": "CVE-2022-24734", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MyBB. Authentication is required to exploit this vulnerability. The specific flaw exists within the Control Panel. The issue results from the lack of proper vali...", "detail_json": "/data/advisories/ZDI-22-503/advisory.json", "detail_path": "advisories/ZDI-22-503", "id": "ZDI-22-503", "kind": "published", "published_date": "2022-03-11", "status": "published", "title": "MyBB Admin Control Panel Code Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", "vendor": "MyBB", "vendor_url": null, "zdi_can": "ZDI-CAN-16517", "zdi_id": "ZDI-22-503" }, { "cve": "CVE-2022-26381", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-502/advisory.json", "detail_path": "advisories/ZDI-22-502", "id": "ZDI-22-502", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Mozilla Firefox textPath Element Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-502/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-16716", "zdi_id": "ZDI-22-502" }, { "cve": "CVE-2022-24509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-501/advisory.json", "detail_path": "advisories/ZDI-22-501", "id": "ZDI-22-501", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-501/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15764", "zdi_id": "ZDI-22-501" }, { "cve": "CVE-2022-24461", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-500/advisory.json", "detail_path": "advisories/ZDI-22-500", "id": "ZDI-22-500", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-500/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15730", "zdi_id": "ZDI-22-500" }, { "cve": "CVE-2022-24455", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-499/advisory.json", "detail_path": "advisories/ZDI-22-499", "id": "ZDI-22-499", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Windows CD-ROM Driver Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-499/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7819", "zdi_id": "ZDI-22-499" }, { "cve": "CVE-2022-24455", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-498/advisory.json", "detail_path": "advisories/ZDI-22-498", "id": "ZDI-22-498", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Windows CD-ROM Driver Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-498/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7818", "zdi_id": "ZDI-22-498" }, { "cve": "CVE-2022-23281", "cvss": 4.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-497/advisory.json", "detail_path": "advisories/ZDI-22-497", "id": "ZDI-22-497", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Windows CLFS Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-497/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15986", "zdi_id": "ZDI-22-497" }, { "cve": "CVE-2022-23266", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. Authentication is required to exploit this vulnerability. The specific flaw exists within the password change mechanism. The issue...", "detail_json": "/data/advisories/ZDI-22-496/advisory.json", "detail_path": "advisories/ZDI-22-496", "id": "ZDI-22-496", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Azure Defender for IoT Password Change Command Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-496/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16123", "zdi_id": "ZDI-22-496" }, { "cve": "CVE-2022-23265", "cvss": 4.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. An attacker must first obtain the ability to execute code as the www-data user on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-22-495/advisory.json", "detail_path": "advisories/ZDI-22-495", "id": "ZDI-22-495", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Azure Defender for IoT Password Change Command Injection Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-495/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15761", "zdi_id": "ZDI-22-495" }, { "cve": "CVE-2022-24510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-494/advisory.json", "detail_path": "advisories/ZDI-22-494", "id": "ZDI-22-494", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-494/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15754", "zdi_id": "ZDI-22-494" }, { "cve": "CVE-2022-23299", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-493/advisory.json", "detail_path": "advisories/ZDI-22-493", "id": "ZDI-22-493", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Microsoft Windows win32kfull PDEV Use-After-Free Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-493/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16030", "zdi_id": "ZDI-22-493" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-492/advisory.json", "detail_path": "advisories/ZDI-22-492", "id": "ZDI-22-492", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-492/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14446", "zdi_id": "ZDI-22-492" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-491/advisory.json", "detail_path": "advisories/ZDI-22-491", "id": "ZDI-22-491", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-491/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14445", "zdi_id": "ZDI-22-491" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-490/advisory.json", "detail_path": "advisories/ZDI-22-490", "id": "ZDI-22-490", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-490/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14444", "zdi_id": "ZDI-22-490" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-489/advisory.json", "detail_path": "advisories/ZDI-22-489", "id": "ZDI-22-489", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-489/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14384", "zdi_id": "ZDI-22-489" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-488/advisory.json", "detail_path": "advisories/ZDI-22-488", "id": "ZDI-22-488", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-488/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14383", "zdi_id": "ZDI-22-488" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-487/advisory.json", "detail_path": "advisories/ZDI-22-487", "id": "ZDI-22-487", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-487/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14382", "zdi_id": "ZDI-22-487" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-486/advisory.json", "detail_path": "advisories/ZDI-22-486", "id": "ZDI-22-486", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-486/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14381", "zdi_id": "ZDI-22-486" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-485/advisory.json", "detail_path": "advisories/ZDI-22-485", "id": "ZDI-22-485", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "(0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": "2022-03-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-485/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-14275", "zdi_id": "ZDI-22-485" }, { "cve": "CVE-2021-4199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-484/advisory.json", "detail_path": "advisories/ZDI-22-484", "id": "ZDI-22-484", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Bitdefender Total Security Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-484/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-15206", "zdi_id": "ZDI-22-484" }, { "cve": "CVE-2021-4198", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v...", "detail_json": "/data/advisories/ZDI-22-483/advisory.json", "detail_path": "advisories/ZDI-22-483", "id": "ZDI-22-483", "kind": "published", "published_date": "2022-03-09", "status": "published", "title": "Bitdefender Total Security Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-15197", "zdi_id": "ZDI-22-483" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-482/advisory.json", "detail_path": "advisories/ZDI-22-482", "id": "ZDI-22-482", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-482/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15560", "zdi_id": "ZDI-22-482" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-481/advisory.json", "detail_path": "advisories/ZDI-22-481", "id": "ZDI-22-481", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-481/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15561", "zdi_id": "ZDI-22-481" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-480/advisory.json", "detail_path": "advisories/ZDI-22-480", "id": "ZDI-22-480", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PCX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-480/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15562", "zdi_id": "ZDI-22-480" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-479/advisory.json", "detail_path": "advisories/ZDI-22-479", "id": "ZDI-22-479", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-479/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15563", "zdi_id": "ZDI-22-479" }, { "cve": "CVE-2021-27041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-478/advisory.json", "detail_path": "advisories/ZDI-22-478", "id": "ZDI-22-478", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-478/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15565", "zdi_id": "ZDI-22-478" }, { "cve": "CVE-2022-25789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-477/advisory.json", "detail_path": "advisories/ZDI-22-477", "id": "ZDI-22-477", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-477/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15566", "zdi_id": "ZDI-22-477" }, { "cve": "CVE-2022-25792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-476/advisory.json", "detail_path": "advisories/ZDI-22-476", "id": "ZDI-22-476", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-476/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15567", "zdi_id": "ZDI-22-476" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-475/advisory.json", "detail_path": "advisories/ZDI-22-475", "id": "ZDI-22-475", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-475/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15568", "zdi_id": "ZDI-22-475" }, { "cve": "CVE-2021-40160", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-474/advisory.json", "detail_path": "advisories/ZDI-22-474", "id": "ZDI-22-474", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-474/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15569", "zdi_id": "ZDI-22-474" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-473/advisory.json", "detail_path": "advisories/ZDI-22-473", "id": "ZDI-22-473", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15570", "zdi_id": "ZDI-22-473" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-472/advisory.json", "detail_path": "advisories/ZDI-22-472", "id": "ZDI-22-472", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-472/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15576", "zdi_id": "ZDI-22-472" }, { "cve": "CVE-2022-25789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-471/advisory.json", "detail_path": "advisories/ZDI-22-471", "id": "ZDI-22-471", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-471/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15577", "zdi_id": "ZDI-22-471" }, { "cve": "CVE-2021-27043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-470/advisory.json", "detail_path": "advisories/ZDI-22-470", "id": "ZDI-22-470", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-470/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15578", "zdi_id": "ZDI-22-470" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-469/advisory.json", "detail_path": "advisories/ZDI-22-469", "id": "ZDI-22-469", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-469/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15579", "zdi_id": "ZDI-22-469" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-468/advisory.json", "detail_path": "advisories/ZDI-22-468", "id": "ZDI-22-468", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-468/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15614", "zdi_id": "ZDI-22-468" }, { "cve": "CVE-2022-25795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-467/advisory.json", "detail_path": "advisories/ZDI-22-467", "id": "ZDI-22-467", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-467/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15615", "zdi_id": "ZDI-22-467" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-466/advisory.json", "detail_path": "advisories/ZDI-22-466", "id": "ZDI-22-466", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15616", "zdi_id": "ZDI-22-466" }, { "cve": "CVE-2022-25789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-465/advisory.json", "detail_path": "advisories/ZDI-22-465", "id": "ZDI-22-465", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-465/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15552", "zdi_id": "ZDI-22-465" }, { "cve": "CVE-2022-25791", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-464/advisory.json", "detail_path": "advisories/ZDI-22-464", "id": "ZDI-22-464", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-464/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15553", "zdi_id": "ZDI-22-464" }, { "cve": "CVE-2022-25790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-463/advisory.json", "detail_path": "advisories/ZDI-22-463", "id": "ZDI-22-463", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-463/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15554", "zdi_id": "ZDI-22-463" }, { "cve": "CVE-2021-27036", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-462/advisory.json", "detail_path": "advisories/ZDI-22-462", "id": "ZDI-22-462", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-462/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15555", "zdi_id": "ZDI-22-462" }, { "cve": "CVE-2022-25789", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-461/advisory.json", "detail_path": "advisories/ZDI-22-461", "id": "ZDI-22-461", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-461/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15556", "zdi_id": "ZDI-22-461" }, { "cve": "CVE-2022-25792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-460/advisory.json", "detail_path": "advisories/ZDI-22-460", "id": "ZDI-22-460", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-460/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15557", "zdi_id": "ZDI-22-460" }, { "cve": "CVE-2021-27037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-459/advisory.json", "detail_path": "advisories/ZDI-22-459", "id": "ZDI-22-459", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD TIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-459/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15558", "zdi_id": "ZDI-22-459" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-458/advisory.json", "detail_path": "advisories/ZDI-22-458", "id": "ZDI-22-458", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-458/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15559", "zdi_id": "ZDI-22-458" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-457/advisory.json", "detail_path": "advisories/ZDI-22-457", "id": "ZDI-22-457", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-457/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15273", "zdi_id": "ZDI-22-457" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-456/advisory.json", "detail_path": "advisories/ZDI-22-456", "id": "ZDI-22-456", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-456/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15298", "zdi_id": "ZDI-22-456" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-455/advisory.json", "detail_path": "advisories/ZDI-22-455", "id": "ZDI-22-455", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15618", "zdi_id": "ZDI-22-455" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-454/advisory.json", "detail_path": "advisories/ZDI-22-454", "id": "ZDI-22-454", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15619", "zdi_id": "ZDI-22-454" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-453/advisory.json", "detail_path": "advisories/ZDI-22-453", "id": "ZDI-22-453", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15620", "zdi_id": "ZDI-22-453" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-452/advisory.json", "detail_path": "advisories/ZDI-22-452", "id": "ZDI-22-452", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15617", "zdi_id": "ZDI-22-452" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-451/advisory.json", "detail_path": "advisories/ZDI-22-451", "id": "ZDI-22-451", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15622", "zdi_id": "ZDI-22-451" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-450/advisory.json", "detail_path": "advisories/ZDI-22-450", "id": "ZDI-22-450", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15621", "zdi_id": "ZDI-22-450" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-449/advisory.json", "detail_path": "advisories/ZDI-22-449", "id": "ZDI-22-449", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15623", "zdi_id": "ZDI-22-449" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-448/advisory.json", "detail_path": "advisories/ZDI-22-448", "id": "ZDI-22-448", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15657", "zdi_id": "ZDI-22-448" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-447/advisory.json", "detail_path": "advisories/ZDI-22-447", "id": "ZDI-22-447", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15656", "zdi_id": "ZDI-22-447" }, { "cve": "CVE-2021-27042", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-446/advisory.json", "detail_path": "advisories/ZDI-22-446", "id": "ZDI-22-446", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-446/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15625", "zdi_id": "ZDI-22-446" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-445/advisory.json", "detail_path": "advisories/ZDI-22-445", "id": "ZDI-22-445", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15661", "zdi_id": "ZDI-22-445" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-444/advisory.json", "detail_path": "advisories/ZDI-22-444", "id": "ZDI-22-444", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15659", "zdi_id": "ZDI-22-444" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-443/advisory.json", "detail_path": "advisories/ZDI-22-443", "id": "ZDI-22-443", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15660", "zdi_id": "ZDI-22-443" }, { "cve": "CVE-2022-25788", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-442/advisory.json", "detail_path": "advisories/ZDI-22-442", "id": "ZDI-22-442", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-442/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15658", "zdi_id": "ZDI-22-442" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-441/advisory.json", "detail_path": "advisories/ZDI-22-441", "id": "ZDI-22-441", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Autodesk AutoCAD JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15624", "zdi_id": "ZDI-22-441" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-440/advisory.json", "detail_path": "advisories/ZDI-22-440", "id": "ZDI-22-440", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-440/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14854", "zdi_id": "ZDI-22-440" }, { "cve": "CVE-2022-21209", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-439/advisory.json", "detail_path": "advisories/ZDI-22-439", "id": "ZDI-22-439", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-439/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14858", "zdi_id": "ZDI-22-439" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-438/advisory.json", "detail_path": "advisories/ZDI-22-438", "id": "ZDI-22-438", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-438/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14855", "zdi_id": "ZDI-22-438" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-437/advisory.json", "detail_path": "advisories/ZDI-22-437", "id": "ZDI-22-437", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-437/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14852", "zdi_id": "ZDI-22-437" }, { "cve": "CVE-2022-21209", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-436/advisory.json", "detail_path": "advisories/ZDI-22-436", "id": "ZDI-22-436", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-436/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14853", "zdi_id": "ZDI-22-436" }, { "cve": "CVE-2022-21209", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-435/advisory.json", "detail_path": "advisories/ZDI-22-435", "id": "ZDI-22-435", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-435/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14591", "zdi_id": "ZDI-22-435" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-434/advisory.json", "detail_path": "advisories/ZDI-22-434", "id": "ZDI-22-434", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-434/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14802", "zdi_id": "ZDI-22-434" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-433/advisory.json", "detail_path": "advisories/ZDI-22-433", "id": "ZDI-22-433", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-433/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14800", "zdi_id": "ZDI-22-433" }, { "cve": "CVE-2022-23985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-432/advisory.json", "detail_path": "advisories/ZDI-22-432", "id": "ZDI-22-432", "kind": "published", "published_date": "2022-03-07", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-432/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14797", "zdi_id": "ZDI-22-432" }, { "cve": "CVE-2021-35053", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Kaspersky Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-22-431/advisory.json", "detail_path": "advisories/ZDI-22-431", "id": "ZDI-22-431", "kind": "published", "published_date": "2022-03-03", "status": "published", "title": "Kaspersky Total Security Link Following Denial-of-Service Vulnerability", "updated_date": "2022-03-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-14233", "zdi_id": "ZDI-22-431" }, { "cve": "CVE-2021-42734", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-430/advisory.json", "detail_path": "advisories/ZDI-22-430", "id": "ZDI-22-430", "kind": "published", "published_date": "2022-03-02", "status": "published", "title": "Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-430/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15141", "zdi_id": "ZDI-22-430" }, { "cve": "CVE-2021-39865", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-429/advisory.json", "detail_path": "advisories/ZDI-22-429", "id": "ZDI-22-429", "kind": "published", "published_date": "2022-03-02", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-429/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15246", "zdi_id": "ZDI-22-429" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-428/advisory.json", "detail_path": "advisories/ZDI-22-428", "id": "ZDI-22-428", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-428/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14533", "zdi_id": "ZDI-22-428" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-427/advisory.json", "detail_path": "advisories/ZDI-22-427", "id": "ZDI-22-427", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-427/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14534", "zdi_id": "ZDI-22-427" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft .NET. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-22-426/advisory.json", "detail_path": "advisories/ZDI-22-426", "id": "ZDI-22-426", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Microsoft .NET Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-426/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14528", "zdi_id": "ZDI-22-426" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-425/advisory.json", "detail_path": "advisories/ZDI-22-425", "id": "ZDI-22-425", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-425/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14586", "zdi_id": "ZDI-22-425" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DIAEnergie. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be b...", "detail_json": "/data/advisories/ZDI-22-424/advisory.json", "detail_path": "advisories/ZDI-22-424", "id": "ZDI-22-424", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Delta Industrial Automation DIAEnergie AM_Handler SQL Injection Information Disclosure Vulnerability", "updated_date": "2022-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-424/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15581", "zdi_id": "ZDI-22-424" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAEnergie. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-22-423/advisory.json", "detail_path": "advisories/ZDI-22-423", "id": "ZDI-22-423", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": "2022-03-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-423/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15580", "zdi_id": "ZDI-22-423" }, { "cve": "CVE-2022-1404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-22-422/advisory.json", "detail_path": "advisories/ZDI-22-422", "id": "ZDI-22-422", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-05-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-422/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15202", "zdi_id": "ZDI-22-422" }, { "cve": "CVE-2022-1404", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-22-421/advisory.json", "detail_path": "advisories/ZDI-22-421", "id": "ZDI-22-421", "kind": "published", "published_date": "2022-03-01", "status": "published", "title": "(0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-05-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-421/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-15201", "zdi_id": "ZDI-22-421" }, { "cve": "CVE-2022-20702", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-420/advisory.json", "detail_path": "advisories/ZDI-22-420", "id": "ZDI-22-420", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 utility-ping-request Insecure Temporary File Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-420/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15946", "zdi_id": "ZDI-22-420" }, { "cve": "CVE-2022-20707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-419/advisory.json", "detail_path": "advisories/ZDI-22-419", "id": "ZDI-22-419", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 JSON RPC file-copy Command Injection Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-419/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15940", "zdi_id": "ZDI-22-419" }, { "cve": "CVE-2022-20706", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue re...", "detail_json": "/data/advisories/ZDI-22-418/advisory.json", "detail_path": "advisories/ZDI-22-418", "id": "ZDI-22-418", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 Plug and Play Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-418/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15774", "zdi_id": "ZDI-22-418" }, { "cve": "CVE-2022-20708", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-417/advisory.json", "detail_path": "advisories/ZDI-22-417", "id": "ZDI-22-417", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 update-clients Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-417/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15893", "zdi_id": "ZDI-22-417" }, { "cve": "CVE-2022-20709, CVE-2022-20711", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGI...", "detail_json": "/data/advisories/ZDI-22-416/advisory.json", "detail_path": "advisories/ZDI-22-416", "id": "ZDI-22-416", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-416/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15892", "zdi_id": "ZDI-22-416" }, { "cve": "CVE-2022-20705", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-22-415/advisory.json", "detail_path": "advisories/ZDI-22-415", "id": "ZDI-22-415", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-415/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15848", "zdi_id": "ZDI-22-415" }, { "cve": "CVE-2022-20699", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSL VPN service, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-22-414/advisory.json", "detail_path": "advisories/ZDI-22-414", "id": "ZDI-22-414", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-414/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15784", "zdi_id": "ZDI-22-414" }, { "cve": "CVE-2022-20703, CVE-2022-20704", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device....", "detail_json": "/data/advisories/ZDI-22-413/advisory.json", "detail_path": "advisories/ZDI-22-413", "id": "ZDI-22-413", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-413/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15810", "zdi_id": "ZDI-22-413" }, { "cve": "CVE-2022-20701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-22-412/advisory.json", "detail_path": "advisories/ZDI-22-412", "id": "ZDI-22-412", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-412/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15886", "zdi_id": "ZDI-22-412" }, { "cve": "CVE-2022-20707", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...", "detail_json": "/data/advisories/ZDI-22-411/advisory.json", "detail_path": "advisories/ZDI-22-411", "id": "ZDI-22-411", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-411/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15883", "zdi_id": "ZDI-22-411" }, { "cve": "CVE-2022-20705", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the sessionid paramet...", "detail_json": "/data/advisories/ZDI-22-410/advisory.json", "detail_path": "advisories/ZDI-22-410", "id": "ZDI-22-410", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 upload.cgi sessionid Improper Input Validation Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-410/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15882", "zdi_id": "ZDI-22-410" }, { "cve": "CVE-2022-20705, CVE-2022-20707", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGINX web se...", "detail_json": "/data/advisories/ZDI-22-409/advisory.json", "detail_path": "advisories/ZDI-22-409", "id": "ZDI-22-409", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 NGINX sessionid Directory Traversal Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-409/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15610", "zdi_id": "ZDI-22-409" }, { "cve": "CVE-2022-20703", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. Th...", "detail_json": "/data/advisories/ZDI-22-408/advisory.json", "detail_path": "advisories/ZDI-22-408", "id": "ZDI-22-408", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(Pwn2Own) Cisco RV340 Firmware Update Missing Integrity Check Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-408/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-15611", "zdi_id": "ZDI-22-408" }, { "cve": "CVE-2022-0650", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens o...", "detail_json": "/data/advisories/ZDI-22-407/advisory.json", "detail_path": "advisories/ZDI-22-407", "id": "ZDI-22-407", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "TP-Link TL-WR940N httpd newBridgessid Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-407/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13993", "zdi_id": "ZDI-22-407" }, { "cve": "CVE-2022-24973", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens o...", "detail_json": "/data/advisories/ZDI-22-406/advisory.json", "detail_path": "advisories/ZDI-22-406", "id": "ZDI-22-406", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "TP-Link TL-WR940N httpd ssid1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-406/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13992", "zdi_id": "ZDI-22-406" }, { "cve": "CVE-2022-24972", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, whi...", "detail_json": "/data/advisories/ZDI-22-405/advisory.json", "detail_path": "advisories/ZDI-22-405", "id": "ZDI-22-405", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "TP-Link TL-WR940N httpd Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-405/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13911", "zdi_id": "ZDI-22-405" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-404/advisory.json", "detail_path": "advisories/ZDI-22-404", "id": "ZDI-22-404", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-404/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14724", "zdi_id": "ZDI-22-404" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-403/advisory.json", "detail_path": "advisories/ZDI-22-403", "id": "ZDI-22-403", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing XY Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-403/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14723", "zdi_id": "ZDI-22-403" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-402/advisory.json", "detail_path": "advisories/ZDI-22-402", "id": "ZDI-22-402", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-402/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14721", "zdi_id": "ZDI-22-402" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-401/advisory.json", "detail_path": "advisories/ZDI-22-401", "id": "ZDI-22-401", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-401/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14713", "zdi_id": "ZDI-22-401" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-400/advisory.json", "detail_path": "advisories/ZDI-22-400", "id": "ZDI-22-400", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-400/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14711", "zdi_id": "ZDI-22-400" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-399/advisory.json", "detail_path": "advisories/ZDI-22-399", "id": "ZDI-22-399", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Extra Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-399/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14710", "zdi_id": "ZDI-22-399" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-398/advisory.json", "detail_path": "advisories/ZDI-22-398", "id": "ZDI-22-398", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Alarm Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-398/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14709", "zdi_id": "ZDI-22-398" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-397/advisory.json", "detail_path": "advisories/ZDI-22-397", "id": "ZDI-22-397", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Extra Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-397/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14707", "zdi_id": "ZDI-22-397" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-396/advisory.json", "detail_path": "advisories/ZDI-22-396", "id": "ZDI-22-396", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-396/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14706", "zdi_id": "ZDI-22-396" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-395/advisory.json", "detail_path": "advisories/ZDI-22-395", "id": "ZDI-22-395", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-395/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14705", "zdi_id": "ZDI-22-395" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-394/advisory.json", "detail_path": "advisories/ZDI-22-394", "id": "ZDI-22-394", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-394/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14704", "zdi_id": "ZDI-22-394" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-393/advisory.json", "detail_path": "advisories/ZDI-22-393", "id": "ZDI-22-393", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP FIle Parsing Disc Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-393/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14703", "zdi_id": "ZDI-22-393" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-392/advisory.json", "detail_path": "advisories/ZDI-22-392", "id": "ZDI-22-392", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-392/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14702", "zdi_id": "ZDI-22-392" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-391/advisory.json", "detail_path": "advisories/ZDI-22-391", "id": "ZDI-22-391", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-391/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14701", "zdi_id": "ZDI-22-391" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-390/advisory.json", "detail_path": "advisories/ZDI-22-390", "id": "ZDI-22-390", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-02-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-390/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14700", "zdi_id": "ZDI-22-390" }, { "cve": "CVE-2022-21228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-389/advisory.json", "detail_path": "advisories/ZDI-22-389", "id": "ZDI-22-389", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-389/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13990", "zdi_id": "ZDI-22-389" }, { "cve": "CVE-2022-21202", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-388/advisory.json", "detail_path": "advisories/ZDI-22-388", "id": "ZDI-22-388", "kind": "published", "published_date": "2022-03-23", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-388/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13938", "zdi_id": "ZDI-22-388" }, { "cve": "CVE-2022-21168", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-387/advisory.json", "detail_path": "advisories/ZDI-22-387", "id": "ZDI-22-387", "kind": "published", "published_date": "2022-02-22", "status": "published", "title": "(0Day) Fuji Electric Alpha5 C5V File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-387/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13876", "zdi_id": "ZDI-22-387" }, { "cve": "CVE-2021-34987", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-386/advisory.json", "detail_path": "advisories/ZDI-22-386", "id": "ZDI-22-386", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Parallels Desktop HDAudio Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-386/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-14969", "zdi_id": "ZDI-22-386" }, { "cve": "CVE-2021-34986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-385/advisory.json", "detail_path": "advisories/ZDI-22-385", "id": "ZDI-22-385", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Parallels Desktop Service Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-385/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13932", "zdi_id": "ZDI-22-385" }, { "cve": "CVE-2022-21988", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-384/advisory.json", "detail_path": "advisories/ZDI-22-384", "id": "ZDI-22-384", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Microsoft Office Visio EMF EMR_DELETEOBJECT Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-384/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15731", "zdi_id": "ZDI-22-384" }, { "cve": "CVE-2022-22716", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-383/advisory.json", "detail_path": "advisories/ZDI-22-383", "id": "ZDI-22-383", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Microsoft Office Excel XLS File Parsing Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-383/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15585", "zdi_id": "ZDI-22-383" }, { "cve": "CVE-2021-44738", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data....", "detail_json": "/data/advisories/ZDI-22-382/advisory.json", "detail_path": "advisories/ZDI-22-382", "id": "ZDI-22-382", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-382/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15982", "zdi_id": "ZDI-22-382" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disguise the target of hyperlinks on affected installations of Microsoft Outlook for Mac. User interaction is required to exploit this vulnerability in that the target must view a malicious email. The specific fla...", "detail_json": "/data/advisories/ZDI-22-381/advisory.json", "detail_path": "advisories/ZDI-22-381", "id": "ZDI-22-381", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "Microsoft Outlook for Mac Hyperlink UI Misrepresentation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-381/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14886", "zdi_id": "ZDI-22-381" }, { "cve": null, "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-380/advisory.json", "detail_path": "advisories/ZDI-22-380", "id": "ZDI-22-380", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S21 Improper Error Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-380/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-15916", "zdi_id": "ZDI-22-380" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-379/advisory.json", "detail_path": "advisories/ZDI-22-379", "id": "ZDI-22-379", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S21 Open Redirect Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-379/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-15871", "zdi_id": "ZDI-22-379" }, { "cve": "CVE-2021-27040", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-378/advisory.json", "detail_path": "advisories/ZDI-22-378", "id": "ZDI-22-378", "kind": "published", "published_date": "2022-02-18", "status": "published", "title": "ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-14059", "zdi_id": "ZDI-22-378" }, { "cve": "CVE-2021-30771", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-22-377/advisory.json", "detail_path": "advisories/ZDI-22-377", "id": "ZDI-22-377", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-377/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13835", "zdi_id": "ZDI-22-377" }, { "cve": "CVE-2022-23200", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-22-376/advisory.json", "detail_path": "advisories/ZDI-22-376", "id": "ZDI-22-376", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Adobe After Effects 3GP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-376/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15254", "zdi_id": "ZDI-22-376" }, { "cve": "CVE-2021-35244", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of alert creation. The issue re...", "detail_json": "/data/advisories/ZDI-22-375/advisory.json", "detail_path": "advisories/ZDI-22-375", "id": "ZDI-22-375", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "SolarWinds Orion Platform Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-13664", "zdi_id": "ZDI-22-375" }, { "cve": "CVE-2022-21137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-374/advisory.json", "detail_path": "advisories/ZDI-22-374", "id": "ZDI-22-374", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Omron CX-One FLN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-374/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14204", "zdi_id": "ZDI-22-374" }, { "cve": "CVE-2022-21137", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-373/advisory.json", "detail_path": "advisories/ZDI-22-373", "id": "ZDI-22-373", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Omron CX-One SDD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-373/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-14038", "zdi_id": "ZDI-22-373" }, { "cve": "CVE-2022-24678", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging of r...", "detail_json": "/data/advisories/ZDI-22-372/advisory.json", "detail_path": "advisories/ZDI-22-372", "id": "ZDI-22-372", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Trend Micro Apex One Security Agent Resource Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-15047", "zdi_id": "ZDI-22-372" }, { "cve": "CVE-2022-24671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-22-371/advisory.json", "detail_path": "advisories/ZDI-22-371", "id": "ZDI-22-371", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-371/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14998", "zdi_id": "ZDI-22-371" }, { "cve": "CVE-2022-24679", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-370/advisory.json", "detail_path": "advisories/ZDI-22-370", "id": "ZDI-22-370", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14926", "zdi_id": "ZDI-22-370" }, { "cve": "CVE-2022-24680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-369/advisory.json", "detail_path": "advisories/ZDI-22-369", "id": "ZDI-22-369", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14815", "zdi_id": "ZDI-22-369" }, { "cve": "CVE-2022-24048", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-368/advisory.json", "detail_path": "advisories/ZDI-22-368", "id": "ZDI-22-368", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-368/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16192", "zdi_id": "ZDI-22-368" }, { "cve": "CVE-2022-24052", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-367/advisory.json", "detail_path": "advisories/ZDI-22-367", "id": "ZDI-22-367", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-367/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16190", "zdi_id": "ZDI-22-367" }, { "cve": "CVE-2022-24052", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-366/advisory.json", "detail_path": "advisories/ZDI-22-366", "id": "ZDI-22-366", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-366/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16209", "zdi_id": "ZDI-22-366" }, { "cve": "CVE-2022-24051", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-365/advisory.json", "detail_path": "advisories/ZDI-22-365", "id": "ZDI-22-365", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-365/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16208", "zdi_id": "ZDI-22-365" }, { "cve": "CVE-2022-24050", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-364/advisory.json", "detail_path": "advisories/ZDI-22-364", "id": "ZDI-22-364", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-364/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16207", "zdi_id": "ZDI-22-364" }, { "cve": "CVE-2022-24048", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-363/advisory.json", "detail_path": "advisories/ZDI-22-363", "id": "ZDI-22-363", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-363/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16191", "zdi_id": "ZDI-22-363" }, { "cve": "CVE-2022-1043", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-362/advisory.json", "detail_path": "advisories/ZDI-22-362", "id": "ZDI-22-362", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2022-07-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-362/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-14621", "zdi_id": "ZDI-22-362" }, { "cve": "CVE-2022-22579", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-22-361/advisory.json", "detail_path": "advisories/ZDI-22-361", "id": "ZDI-22-361", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-361/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15639", "zdi_id": "ZDI-22-361" }, { "cve": "CVE-2021-30995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-360/advisory.json", "detail_path": "advisories/ZDI-22-360", "id": "ZDI-22-360", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-360/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15320", "zdi_id": "ZDI-22-360" }, { "cve": "CVE-2021-30939", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-22-359/advisory.json", "detail_path": "advisories/ZDI-22-359", "id": "ZDI-22-359", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-359/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15199", "zdi_id": "ZDI-22-359" }, { "cve": "CVE-2021-30979", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-22-358/advisory.json", "detail_path": "advisories/ZDI-22-358", "id": "ZDI-22-358", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS ModelIO ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-358/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-15171", "zdi_id": "ZDI-22-358" }, { "cve": "CVE-2021-30919", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-22-357/advisory.json", "detail_path": "advisories/ZDI-22-357", "id": "ZDI-22-357", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-357/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14385", "zdi_id": "ZDI-22-357" }, { "cve": "CVE-2021-30928", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementat...", "detail_json": "/data/advisories/ZDI-22-356/advisory.json", "detail_path": "advisories/ZDI-22-356", "id": "ZDI-22-356", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-356/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14515", "zdi_id": "ZDI-22-356" }, { "cve": "CVE-2021-30832", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-22-355/advisory.json", "detail_path": "advisories/ZDI-22-355", "id": "ZDI-22-355", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS CVMServer Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-355/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14040", "zdi_id": "ZDI-22-355" }, { "cve": "CVE-2021-30825", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreML library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-22-354/advisory.json", "detail_path": "advisories/ZDI-22-354", "id": "ZDI-22-354", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS CoreML MLMODEL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-354/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13804", "zdi_id": "ZDI-22-354" }, { "cve": "CVE-2021-30785", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-22-353/advisory.json", "detail_path": "advisories/ZDI-22-353", "id": "ZDI-22-353", "kind": "published", "published_date": "2022-02-16", "status": "published", "title": "Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-353/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13806", "zdi_id": "ZDI-22-353" }, { "cve": "CVE-2022-22005", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of charts. Tampering with c...", "detail_json": "/data/advisories/ZDI-22-352/advisory.json", "detail_path": "advisories/ZDI-22-352", "id": "ZDI-22-352", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-352/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-16027", "zdi_id": "ZDI-22-352" }, { "cve": "CVE-2022-24908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-351/advisory.json", "detail_path": "advisories/ZDI-22-351", "id": "ZDI-22-351", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-351/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16187", "zdi_id": "ZDI-22-351" }, { "cve": "CVE-2022-24907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-350/advisory.json", "detail_path": "advisories/ZDI-22-350", "id": "ZDI-22-350", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-350/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16186", "zdi_id": "ZDI-22-350" }, { "cve": "CVE-2022-22994", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConnectivityService s...", "detail_json": "/data/advisories/ZDI-22-349/advisory.json", "detail_path": "advisories/ZDI-22-349", "id": "ZDI-22-349", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Western Digital My Cloud Pro Series PR4100 ConnectivityService Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-349/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15859", "zdi_id": "ZDI-22-349" }, { "cve": "CVE-2022-22993", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-22-348/advisory.json", "detail_path": "advisories/ZDI-22-348", "id": "ZDI-22-348", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 cgi_api Server-Side Request Forgery Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-348/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15889", "zdi_id": "ZDI-22-348" }, { "cve": "CVE-2022-22990", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, whic...", "detail_json": "/data/advisories/ZDI-22-347/advisory.json", "detail_path": "advisories/ZDI-22-347", "id": "ZDI-22-347", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-347/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15888", "zdi_id": "ZDI-22-347" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the...", "detail_json": "/data/advisories/ZDI-22-346/advisory.json", "detail_path": "advisories/ZDI-22-346", "id": "ZDI-22-346", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 samba Configuration Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-346/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15804", "zdi_id": "ZDI-22-346" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-345/advisory.json", "detail_path": "advisories/ZDI-22-345", "id": "ZDI-22-345", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing XY Tag WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-02-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-345/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14408", "zdi_id": "ZDI-22-345" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-344/advisory.json", "detail_path": "advisories/ZDI-22-344", "id": "ZDI-22-344", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr8 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-02-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-344/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14410", "zdi_id": "ZDI-22-344" }, { "cve": "CVE-2022-23200", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-343/advisory.json", "detail_path": "advisories/ZDI-22-343", "id": "ZDI-22-343", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Adobe FrameMaker PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-343/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15245", "zdi_id": "ZDI-22-343" }, { "cve": "CVE-2022-23204", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-342/advisory.json", "detail_path": "advisories/ZDI-22-342", "id": "ZDI-22-342", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Adobe Premiere Rush JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-342/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15277", "zdi_id": "ZDI-22-342" }, { "cve": "CVE-2021-36483", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress XtraReports. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue resu...", "detail_json": "/data/advisories/ZDI-22-341/advisory.json", "detail_path": "advisories/ZDI-22-341", "id": "ZDI-22-341", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-03-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-341/", "vendor": "DevExpress", "vendor_url": null, "zdi_can": "ZDI-CAN-14619", "zdi_id": "ZDI-22-341" }, { "cve": "CVE-2021-44018", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-340/advisory.json", "detail_path": "advisories/ZDI-22-340", "id": "ZDI-22-340", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15112", "zdi_id": "ZDI-22-340" }, { "cve": "CVE-2021-38405", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-339/advisory.json", "detail_path": "advisories/ZDI-22-339", "id": "ZDI-22-339", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-339/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15113", "zdi_id": "ZDI-22-339" }, { "cve": "CVE-2021-44016", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-338/advisory.json", "detail_path": "advisories/ZDI-22-338", "id": "ZDI-22-338", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PAR File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15110", "zdi_id": "ZDI-22-338" }, { "cve": "CVE-2021-38405", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-337/advisory.json", "detail_path": "advisories/ZDI-22-337", "id": "ZDI-22-337", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-337/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15108", "zdi_id": "ZDI-22-337" }, { "cve": "CVE-2021-38405", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-336/advisory.json", "detail_path": "advisories/ZDI-22-336", "id": "ZDI-22-336", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-336/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15106", "zdi_id": "ZDI-22-336" }, { "cve": "CVE-2021-44000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-335/advisory.json", "detail_path": "advisories/ZDI-22-335", "id": "ZDI-22-335", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15053", "zdi_id": "ZDI-22-335" }, { "cve": "CVE-2021-43336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-334/advisory.json", "detail_path": "advisories/ZDI-22-334", "id": "ZDI-22-334", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15107", "zdi_id": "ZDI-22-334" }, { "cve": "CVE-2021-44737", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of PJL commands. T...", "detail_json": "/data/advisories/ZDI-22-333/advisory.json", "detail_path": "advisories/ZDI-22-333", "id": "ZDI-22-333", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-333/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15820", "zdi_id": "ZDI-22-333" }, { "cve": "CVE-2021-44734", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue resu...", "detail_json": "/data/advisories/ZDI-22-332/advisory.json", "detail_path": "advisories/ZDI-22-332", "id": "ZDI-22-332", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-332/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15844", "zdi_id": "ZDI-22-332" }, { "cve": "CVE-2021-44736", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within URL handling. The issue results from the l...", "detail_json": "/data/advisories/ZDI-22-331/advisory.json", "detail_path": "advisories/ZDI-22-331", "id": "ZDI-22-331", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-331/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15800", "zdi_id": "ZDI-22-331" }, { "cve": "CVE-2021-44735", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-22-330/advisory.json", "detail_path": "advisories/ZDI-22-330", "id": "ZDI-22-330", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-330/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15894", "zdi_id": "ZDI-22-330" }, { "cve": "CVE-2021-44735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-22-329/advisory.json", "detail_path": "advisories/ZDI-22-329", "id": "ZDI-22-329", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-329/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15895", "zdi_id": "ZDI-22-329" }, { "cve": "CVE-2021-44738", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data....", "detail_json": "/data/advisories/ZDI-22-328/advisory.json", "detail_path": "advisories/ZDI-22-328", "id": "ZDI-22-328", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-328/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15924", "zdi_id": "ZDI-22-328" }, { "cve": "CVE-2021-44738", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-327/advisory.json", "detail_path": "advisories/ZDI-22-327", "id": "ZDI-22-327", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i pagemaker Insufficient Session Expiration Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-327/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15925", "zdi_id": "ZDI-22-327" }, { "cve": "CVE-2021-44735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-326/advisory.json", "detail_path": "advisories/ZDI-22-326", "id": "ZDI-22-326", "kind": "published", "published_date": "2022-02-15", "status": "published", "title": "(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-326/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-15927", "zdi_id": "ZDI-22-326" }, { "cve": "CVE-2022-24313", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process, which listens...", "detail_json": "/data/advisories/ZDI-22-325/advisory.json", "detail_path": "advisories/ZDI-22-325", "id": "ZDI-22-325", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS IGSSDataServer Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-325/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15198", "zdi_id": "ZDI-22-325" }, { "cve": "CVE-2022-24317", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process, which...", "detail_json": "/data/advisories/ZDI-22-324/advisory.json", "detail_path": "advisories/ZDI-22-324", "id": "ZDI-22-324", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS Missing Authentication Information Disclosure Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-324/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15193", "zdi_id": "ZDI-22-324" }, { "cve": "CVE-2022-24316", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process, which...", "detail_json": "/data/advisories/ZDI-22-323/advisory.json", "detail_path": "advisories/ZDI-22-323", "id": "ZDI-22-323", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-323/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15119", "zdi_id": "ZDI-22-323" }, { "cve": "CVE-2022-24315", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process,...", "detail_json": "/data/advisories/ZDI-22-322/advisory.json", "detail_path": "advisories/ZDI-22-322", "id": "ZDI-22-322", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS Out-Of-Bounds Read Denial-of-Service Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-322/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-15118", "zdi_id": "ZDI-22-322" }, { "cve": "CVE-2022-24312", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process, which listens...", "detail_json": "/data/advisories/ZDI-22-321/advisory.json", "detail_path": "advisories/ZDI-22-321", "id": "ZDI-22-321", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-321/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-14943", "zdi_id": "ZDI-22-321" }, { "cve": "CVE-2022-24311", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSDataServer process, which listens...", "detail_json": "/data/advisories/ZDI-22-320/advisory.json", "detail_path": "advisories/ZDI-22-320", "id": "ZDI-22-320", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Schneider Electric IGSS IGSSdataServer Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-320/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-14942", "zdi_id": "ZDI-22-320" }, { "cve": "CVE-2022-24971", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-319/advisory.json", "detail_path": "advisories/ZDI-22-319", "id": "ZDI-22-319", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Foxit PDF Reader JPEG2000 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-319/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15812", "zdi_id": "ZDI-22-319" }, { "cve": "CVE-2022-24051", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-22-318/advisory.json", "detail_path": "advisories/ZDI-22-318", "id": "ZDI-22-318", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-318/", "vendor": "MariaDB", "vendor_url": null, "zdi_can": "ZDI-CAN-16193", "zdi_id": "ZDI-22-318" }, { "cve": "CVE-2022-22002", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-317/advisory.json", "detail_path": "advisories/ZDI-22-317", "id": "ZDI-22-317", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Microsoft Windows User Profile Picture Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-317/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15296", "zdi_id": "ZDI-22-317" }, { "cve": "CVE-2021-46161", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-316/advisory.json", "detail_path": "advisories/ZDI-22-316", "id": "ZDI-22-316", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-316/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15302", "zdi_id": "ZDI-22-316" }, { "cve": "CVE-2021-46160", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-315/advisory.json", "detail_path": "advisories/ZDI-22-315", "id": "ZDI-22-315", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-315/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15286", "zdi_id": "ZDI-22-315" }, { "cve": "CVE-2021-46159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-314/advisory.json", "detail_path": "advisories/ZDI-22-314", "id": "ZDI-22-314", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-314/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15050", "zdi_id": "ZDI-22-314" }, { "cve": "CVE-2021-46158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-313/advisory.json", "detail_path": "advisories/ZDI-22-313", "id": "ZDI-22-313", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-313/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15602", "zdi_id": "ZDI-22-313" }, { "cve": "CVE-2021-46158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-312/advisory.json", "detail_path": "advisories/ZDI-22-312", "id": "ZDI-22-312", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-312/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15289", "zdi_id": "ZDI-22-312" }, { "cve": "CVE-2021-46158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-311/advisory.json", "detail_path": "advisories/ZDI-22-311", "id": "ZDI-22-311", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-311/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15085", "zdi_id": "ZDI-22-311" }, { "cve": "CVE-2021-46157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-310/advisory.json", "detail_path": "advisories/ZDI-22-310", "id": "ZDI-22-310", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-310/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14757", "zdi_id": "ZDI-22-310" }, { "cve": "CVE-2021-46156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-309/advisory.json", "detail_path": "advisories/ZDI-22-309", "id": "ZDI-22-309", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-309/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14684", "zdi_id": "ZDI-22-309" }, { "cve": "CVE-2021-46155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-308/advisory.json", "detail_path": "advisories/ZDI-22-308", "id": "ZDI-22-308", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-308/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15593", "zdi_id": "ZDI-22-308" }, { "cve": "CVE-2021-46155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-307/advisory.json", "detail_path": "advisories/ZDI-22-307", "id": "ZDI-22-307", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-307/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15303", "zdi_id": "ZDI-22-307" }, { "cve": "CVE-2021-46155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-306/advisory.json", "detail_path": "advisories/ZDI-22-306", "id": "ZDI-22-306", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-306/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15283", "zdi_id": "ZDI-22-306" }, { "cve": "CVE-2021-46155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-305/advisory.json", "detail_path": "advisories/ZDI-22-305", "id": "ZDI-22-305", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-305/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14683", "zdi_id": "ZDI-22-305" }, { "cve": "CVE-2021-46154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-304/advisory.json", "detail_path": "advisories/ZDI-22-304", "id": "ZDI-22-304", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-304/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15304", "zdi_id": "ZDI-22-304" }, { "cve": "CVE-2021-46154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-303/advisory.json", "detail_path": "advisories/ZDI-22-303", "id": "ZDI-22-303", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-303/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15084", "zdi_id": "ZDI-22-303" }, { "cve": "CVE-2021-46154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-302/advisory.json", "detail_path": "advisories/ZDI-22-302", "id": "ZDI-22-302", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-302/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14679", "zdi_id": "ZDI-22-302" }, { "cve": "CVE-2021-46154", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-301/advisory.json", "detail_path": "advisories/ZDI-22-301", "id": "ZDI-22-301", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-301/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14646", "zdi_id": "ZDI-22-301" }, { "cve": "CVE-2021-46153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-300/advisory.json", "detail_path": "advisories/ZDI-22-300", "id": "ZDI-22-300", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-300/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15599", "zdi_id": "ZDI-22-300" }, { "cve": "CVE-2021-46153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-299/advisory.json", "detail_path": "advisories/ZDI-22-299", "id": "ZDI-22-299", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-299/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15589", "zdi_id": "ZDI-22-299" }, { "cve": "CVE-2021-46153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-298/advisory.json", "detail_path": "advisories/ZDI-22-298", "id": "ZDI-22-298", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-298/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15305", "zdi_id": "ZDI-22-298" }, { "cve": "CVE-2021-46153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-297/advisory.json", "detail_path": "advisories/ZDI-22-297", "id": "ZDI-22-297", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-297/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14645", "zdi_id": "ZDI-22-297" }, { "cve": "CVE-2021-46152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-296/advisory.json", "detail_path": "advisories/ZDI-22-296", "id": "ZDI-22-296", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-296/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15183", "zdi_id": "ZDI-22-296" }, { "cve": "CVE-2021-46152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-295/advisory.json", "detail_path": "advisories/ZDI-22-295", "id": "ZDI-22-295", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-295/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14755", "zdi_id": "ZDI-22-295" }, { "cve": "CVE-2021-46152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-294/advisory.json", "detail_path": "advisories/ZDI-22-294", "id": "ZDI-22-294", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-294/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14644", "zdi_id": "ZDI-22-294" }, { "cve": "CVE-2021-46152", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-293/advisory.json", "detail_path": "advisories/ZDI-22-293", "id": "ZDI-22-293", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-293/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14643", "zdi_id": "ZDI-22-293" }, { "cve": "CVE-2021-46151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-292/advisory.json", "detail_path": "advisories/ZDI-22-292", "id": "ZDI-22-292", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-292/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14754", "zdi_id": "ZDI-22-292" }, { "cve": "CVE-2021-46151", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-291/advisory.json", "detail_path": "advisories/ZDI-22-291", "id": "ZDI-22-291", "kind": "published", "published_date": "2022-02-11", "status": "published", "title": "Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-291/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15082", "zdi_id": "ZDI-22-291" }, { "cve": "CVE-2022-24047", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It!. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results...", "detail_json": "/data/advisories/ZDI-22-290/advisory.json", "detail_path": "advisories/ZDI-22-290", "id": "ZDI-22-290", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "BMC Track-It! HTTP Module Improper Access Control Authentication Bypass Vulnerability", "updated_date": "2022-02-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/", "vendor": "BMC", "vendor_url": null, "zdi_can": "ZDI-CAN-14618", "zdi_id": "ZDI-22-290" }, { "cve": "CVE-2021-40159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-289/advisory.json", "detail_path": "advisories/ZDI-22-289", "id": "ZDI-22-289", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15668", "zdi_id": "ZDI-22-289" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-288/advisory.json", "detail_path": "advisories/ZDI-22-288", "id": "ZDI-22-288", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15667", "zdi_id": "ZDI-22-288" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-287/advisory.json", "detail_path": "advisories/ZDI-22-287", "id": "ZDI-22-287", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15666", "zdi_id": "ZDI-22-287" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-286/advisory.json", "detail_path": "advisories/ZDI-22-286", "id": "ZDI-22-286", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15665", "zdi_id": "ZDI-22-286" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-285/advisory.json", "detail_path": "advisories/ZDI-22-285", "id": "ZDI-22-285", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15664", "zdi_id": "ZDI-22-285" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-284/advisory.json", "detail_path": "advisories/ZDI-22-284", "id": "ZDI-22-284", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15670", "zdi_id": "ZDI-22-284" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-283/advisory.json", "detail_path": "advisories/ZDI-22-283", "id": "ZDI-22-283", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15669", "zdi_id": "ZDI-22-283" }, { "cve": "CVE-2021-40159", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-282/advisory.json", "detail_path": "advisories/ZDI-22-282", "id": "ZDI-22-282", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15671", "zdi_id": "ZDI-22-282" }, { "cve": "CVE-2021-40158", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Inventor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-281/advisory.json", "detail_path": "advisories/ZDI-22-281", "id": "ZDI-22-281", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-15675", "zdi_id": "ZDI-22-281" }, { "cve": "CVE-2022-24369", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-280/advisory.json", "detail_path": "advisories/ZDI-22-280", "id": "ZDI-22-280", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-280/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16087", "zdi_id": "ZDI-22-280" }, { "cve": "CVE-2022-24368", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-279/advisory.json", "detail_path": "advisories/ZDI-22-279", "id": "ZDI-22-279", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Doc Use-After-Free Information Disclosure Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-279/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-16115", "zdi_id": "ZDI-22-279" }, { "cve": "CVE-2022-24367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-278/advisory.json", "detail_path": "advisories/ZDI-22-278", "id": "ZDI-22-278", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-278/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15877", "zdi_id": "ZDI-22-278" }, { "cve": "CVE-2022-24366", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-277/advisory.json", "detail_path": "advisories/ZDI-22-277", "id": "ZDI-22-277", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-277/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15853", "zdi_id": "ZDI-22-277" }, { "cve": "CVE-2022-24365", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-276/advisory.json", "detail_path": "advisories/ZDI-22-276", "id": "ZDI-22-276", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-276/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15852", "zdi_id": "ZDI-22-276" }, { "cve": "CVE-2022-24364", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-275/advisory.json", "detail_path": "advisories/ZDI-22-275", "id": "ZDI-22-275", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-275/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15851", "zdi_id": "ZDI-22-275" }, { "cve": "CVE-2022-24363", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-274/advisory.json", "detail_path": "advisories/ZDI-22-274", "id": "ZDI-22-274", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-274/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15861", "zdi_id": "ZDI-22-274" }, { "cve": "CVE-2022-24362", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-273/advisory.json", "detail_path": "advisories/ZDI-22-273", "id": "ZDI-22-273", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-273/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15987", "zdi_id": "ZDI-22-273" }, { "cve": "CVE-2022-24361", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-272/advisory.json", "detail_path": "advisories/ZDI-22-272", "id": "ZDI-22-272", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader JPG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-272/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15811", "zdi_id": "ZDI-22-272" }, { "cve": "CVE-2022-24360", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-271/advisory.json", "detail_path": "advisories/ZDI-22-271", "id": "ZDI-22-271", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-271/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15744", "zdi_id": "ZDI-22-271" }, { "cve": "CVE-2022-24359", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-270/advisory.json", "detail_path": "advisories/ZDI-22-270", "id": "ZDI-22-270", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-270/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15702", "zdi_id": "ZDI-22-270" }, { "cve": "CVE-2022-24358", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-269/advisory.json", "detail_path": "advisories/ZDI-22-269", "id": "ZDI-22-269", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-269/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15703", "zdi_id": "ZDI-22-269" }, { "cve": "CVE-2022-24357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-268/advisory.json", "detail_path": "advisories/ZDI-22-268", "id": "ZDI-22-268", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-268/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15743", "zdi_id": "ZDI-22-268" }, { "cve": "CVE-2022-24356", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-22-267/advisory.json", "detail_path": "advisories/ZDI-22-267", "id": "ZDI-22-267", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader OnMouseExit Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-267/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14848", "zdi_id": "ZDI-22-267" }, { "cve": "CVE-2022-24370", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-266/advisory.json", "detail_path": "advisories/ZDI-22-266", "id": "ZDI-22-266", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "Foxit PDF Reader XFA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-266/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14819", "zdi_id": "ZDI-22-266" }, { "cve": "CVE-2022-24355", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name exten...", "detail_json": "/data/advisories/ZDI-22-265/advisory.json", "detail_path": "advisories/ZDI-22-265", "id": "ZDI-22-265", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "TP-Link TL-WR940N httpd httpRpmFs Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-265/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13910", "zdi_id": "ZDI-22-265" }, { "cve": "CVE-2022-24354", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue r...", "detail_json": "/data/advisories/ZDI-22-264/advisory.json", "detail_path": "advisories/ZDI-22-264", "id": "ZDI-22-264", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "TP-Link AC1750 NetUSB Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-264/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15835", "zdi_id": "ZDI-22-264" }, { "cve": "CVE-2022-24353", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue r...", "detail_json": "/data/advisories/ZDI-22-263/advisory.json", "detail_path": "advisories/ZDI-22-263", "id": "ZDI-22-263", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "(Pwn2Own) TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-263/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15769", "zdi_id": "ZDI-22-263" }, { "cve": "CVE-2022-24352", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The...", "detail_json": "/data/advisories/ZDI-22-262/advisory.json", "detail_path": "advisories/ZDI-22-262", "id": "ZDI-22-262", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "(Pwn2Own) TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-262/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-15773", "zdi_id": "ZDI-22-262" }, { "cve": "CVE-2022-24049", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the...", "detail_json": "/data/advisories/ZDI-22-261/advisory.json", "detail_path": "advisories/ZDI-22-261", "id": "ZDI-22-261", "kind": "published", "published_date": "2022-02-10", "status": "published", "title": "(Pwn2Own) Sonos One Speaker ALAC Frame Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-02-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-261/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-15798", "zdi_id": "ZDI-22-261" }, { "cve": "CVE-2022-24046", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results...", "detail_json": "/data/advisories/ZDI-22-260/advisory.json", "detail_path": "advisories/ZDI-22-260", "id": "ZDI-22-260", "kind": "published", "published_date": "2022-02-14", "status": "published", "title": "(Pwn2Own) Sonos One Speaker Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2022-12-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-260/", "vendor": "Sonos", "vendor_url": null, "zdi_can": "ZDI-CAN-15828", "zdi_id": "ZDI-22-260" }, { "cve": "CVE-2021-38389", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x1138B. The issue resul...", "detail_json": "/data/advisories/ZDI-22-259/advisory.json", "detail_path": "advisories/ZDI-22-259", "id": "ZDI-22-259", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Advantech WebAccess IOCTL 0x1138B Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-259/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12966", "zdi_id": "ZDI-22-259" }, { "cve": "CVE-2021-33023", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2722. The issue result...", "detail_json": "/data/advisories/ZDI-22-258/advisory.json", "detail_path": "advisories/ZDI-22-258", "id": "ZDI-22-258", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Advantech WebAccess IOCTL 0x2722 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-258/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12944", "zdi_id": "ZDI-22-258" }, { "cve": "CVE-2021-33023", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2722. The issue result...", "detail_json": "/data/advisories/ZDI-22-257/advisory.json", "detail_path": "advisories/ZDI-22-257", "id": "ZDI-22-257", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Advantech WebAccess IOCTL 0x2722 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-257/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12942", "zdi_id": "ZDI-22-257" }, { "cve": "CVE-2022-24064", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-256/advisory.json", "detail_path": "advisories/ZDI-22-256", "id": "ZDI-22-256", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-256/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15161", "zdi_id": "ZDI-22-256" }, { "cve": "CVE-2022-24063", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-255/advisory.json", "detail_path": "advisories/ZDI-22-255", "id": "ZDI-22-255", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-255/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15105", "zdi_id": "ZDI-22-255" }, { "cve": "CVE-2022-24062", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-254/advisory.json", "detail_path": "advisories/ZDI-22-254", "id": "ZDI-22-254", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-254/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15104", "zdi_id": "ZDI-22-254" }, { "cve": "CVE-2022-24061", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-253/advisory.json", "detail_path": "advisories/ZDI-22-253", "id": "ZDI-22-253", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-253/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15100", "zdi_id": "ZDI-22-253" }, { "cve": "CVE-2022-24060", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-252/advisory.json", "detail_path": "advisories/ZDI-22-252", "id": "ZDI-22-252", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-252/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15099", "zdi_id": "ZDI-22-252" }, { "cve": "CVE-2022-24059", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-251/advisory.json", "detail_path": "advisories/ZDI-22-251", "id": "ZDI-22-251", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-251/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15098", "zdi_id": "ZDI-22-251" }, { "cve": "CVE-2022-24058", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-250/advisory.json", "detail_path": "advisories/ZDI-22-250", "id": "ZDI-22-250", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-250/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15095", "zdi_id": "ZDI-22-250" }, { "cve": "CVE-2022-24057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-249/advisory.json", "detail_path": "advisories/ZDI-22-249", "id": "ZDI-22-249", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-249/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15077", "zdi_id": "ZDI-22-249" }, { "cve": "CVE-2022-24056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-248/advisory.json", "detail_path": "advisories/ZDI-22-248", "id": "ZDI-22-248", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-248/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-15076", "zdi_id": "ZDI-22-248" }, { "cve": "CVE-2022-24055", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-22-247/advisory.json", "detail_path": "advisories/ZDI-22-247", "id": "ZDI-22-247", "kind": "published", "published_date": "2022-02-02", "status": "published", "title": "Sante DICOM Viewer Pro GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-247/", "vendor": "Sante", "vendor_url": null, "zdi_can": "ZDI-CAN-14972", "zdi_id": "ZDI-22-247" }, { "cve": "CVE-2021-44142", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fruit_pwrite function. The issue results from the lack o...", "detail_json": "/data/advisories/ZDI-22-246/advisory.json", "detail_path": "advisories/ZDI-22-246", "id": "ZDI-22-246", "kind": "published", "published_date": "2022-02-01", "status": "published", "title": "(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-02-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-246/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-15846", "zdi_id": "ZDI-22-246" }, { "cve": "CVE-2021-44142", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fruit_pread method. The issue results from the l...", "detail_json": "/data/advisories/ZDI-22-245/advisory.json", "detail_path": "advisories/ZDI-22-245", "id": "ZDI-22-245", "kind": "published", "published_date": "2022-02-01", "status": "published", "title": "(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-02-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-245/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-15833", "zdi_id": "ZDI-22-245" }, { "cve": "CVE-2021-44142", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of AppleDouble entries. The issue results from...", "detail_json": "/data/advisories/ZDI-22-244/advisory.json", "detail_path": "advisories/ZDI-22-244", "id": "ZDI-22-244", "kind": "published", "published_date": "2022-02-01", "status": "published", "title": "Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-244/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-16156", "zdi_id": "ZDI-22-244" }, { "cve": "CVE-2021-46656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-243/advisory.json", "detail_path": "advisories/ZDI-22-243", "id": "ZDI-22-243", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-243/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15631", "zdi_id": "ZDI-22-243" }, { "cve": "CVE-2021-46655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-242/advisory.json", "detail_path": "advisories/ZDI-22-242", "id": "ZDI-22-242", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-242/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15630", "zdi_id": "ZDI-22-242" }, { "cve": "CVE-2021-46654", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-241/advisory.json", "detail_path": "advisories/ZDI-22-241", "id": "ZDI-22-241", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-241/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15540", "zdi_id": "ZDI-22-241" }, { "cve": "CVE-2021-46653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-240/advisory.json", "detail_path": "advisories/ZDI-22-240", "id": "ZDI-22-240", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-240/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15539", "zdi_id": "ZDI-22-240" }, { "cve": "CVE-2021-46652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-239/advisory.json", "detail_path": "advisories/ZDI-22-239", "id": "ZDI-22-239", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-239/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15538", "zdi_id": "ZDI-22-239" }, { "cve": "CVE-2021-46651", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-238/advisory.json", "detail_path": "advisories/ZDI-22-238", "id": "ZDI-22-238", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-238/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15537", "zdi_id": "ZDI-22-238" }, { "cve": "CVE-2021-46650", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-237/advisory.json", "detail_path": "advisories/ZDI-22-237", "id": "ZDI-22-237", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-237/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15536", "zdi_id": "ZDI-22-237" }, { "cve": "CVE-2021-46649", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-236/advisory.json", "detail_path": "advisories/ZDI-22-236", "id": "ZDI-22-236", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-236/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15535", "zdi_id": "ZDI-22-236" }, { "cve": "CVE-2021-46648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-235/advisory.json", "detail_path": "advisories/ZDI-22-235", "id": "ZDI-22-235", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-235/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15534", "zdi_id": "ZDI-22-235" }, { "cve": "CVE-2021-46647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-234/advisory.json", "detail_path": "advisories/ZDI-22-234", "id": "ZDI-22-234", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-234/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15533", "zdi_id": "ZDI-22-234" }, { "cve": "CVE-2021-46646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-233/advisory.json", "detail_path": "advisories/ZDI-22-233", "id": "ZDI-22-233", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-233/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15532", "zdi_id": "ZDI-22-233" }, { "cve": "CVE-2021-46645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-232/advisory.json", "detail_path": "advisories/ZDI-22-232", "id": "ZDI-22-232", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-232/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15531", "zdi_id": "ZDI-22-232" }, { "cve": "CVE-2021-46644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-231/advisory.json", "detail_path": "advisories/ZDI-22-231", "id": "ZDI-22-231", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-231/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15530", "zdi_id": "ZDI-22-231" }, { "cve": "CVE-2021-46643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-230/advisory.json", "detail_path": "advisories/ZDI-22-230", "id": "ZDI-22-230", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-230/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15515", "zdi_id": "ZDI-22-230" }, { "cve": "CVE-2021-46642", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-229/advisory.json", "detail_path": "advisories/ZDI-22-229", "id": "ZDI-22-229", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-229/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15514", "zdi_id": "ZDI-22-229" }, { "cve": "CVE-2021-46641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-228/advisory.json", "detail_path": "advisories/ZDI-22-228", "id": "ZDI-22-228", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-228/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15513", "zdi_id": "ZDI-22-228" }, { "cve": "CVE-2021-46640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-227/advisory.json", "detail_path": "advisories/ZDI-22-227", "id": "ZDI-22-227", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-227/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15512", "zdi_id": "ZDI-22-227" }, { "cve": "CVE-2021-46639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-226/advisory.json", "detail_path": "advisories/ZDI-22-226", "id": "ZDI-22-226", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-226/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15511", "zdi_id": "ZDI-22-226" }, { "cve": "CVE-2021-46638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-225/advisory.json", "detail_path": "advisories/ZDI-22-225", "id": "ZDI-22-225", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-225/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15510", "zdi_id": "ZDI-22-225" }, { "cve": "CVE-2021-46637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-224/advisory.json", "detail_path": "advisories/ZDI-22-224", "id": "ZDI-22-224", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-224/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15509", "zdi_id": "ZDI-22-224" }, { "cve": "CVE-2021-46636", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-223/advisory.json", "detail_path": "advisories/ZDI-22-223", "id": "ZDI-22-223", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-223/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15508", "zdi_id": "ZDI-22-223" }, { "cve": "CVE-2021-46635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-222/advisory.json", "detail_path": "advisories/ZDI-22-222", "id": "ZDI-22-222", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-222/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15507", "zdi_id": "ZDI-22-222" }, { "cve": "CVE-2021-46634", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-221/advisory.json", "detail_path": "advisories/ZDI-22-221", "id": "ZDI-22-221", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-221/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15464", "zdi_id": "ZDI-22-221" }, { "cve": "CVE-2021-46633", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-220/advisory.json", "detail_path": "advisories/ZDI-22-220", "id": "ZDI-22-220", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-220/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15463", "zdi_id": "ZDI-22-220" }, { "cve": "CVE-2021-46632", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-219/advisory.json", "detail_path": "advisories/ZDI-22-219", "id": "ZDI-22-219", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-219/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15462", "zdi_id": "ZDI-22-219" }, { "cve": "CVE-2021-46631", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-218/advisory.json", "detail_path": "advisories/ZDI-22-218", "id": "ZDI-22-218", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-218/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15461", "zdi_id": "ZDI-22-218" }, { "cve": "CVE-2021-46630", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-217/advisory.json", "detail_path": "advisories/ZDI-22-217", "id": "ZDI-22-217", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-217/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15460", "zdi_id": "ZDI-22-217" }, { "cve": "CVE-2021-46629", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-216/advisory.json", "detail_path": "advisories/ZDI-22-216", "id": "ZDI-22-216", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-216/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15459", "zdi_id": "ZDI-22-216" }, { "cve": "CVE-2021-46628", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-215/advisory.json", "detail_path": "advisories/ZDI-22-215", "id": "ZDI-22-215", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-215/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15458", "zdi_id": "ZDI-22-215" }, { "cve": "CVE-2021-46627", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-214/advisory.json", "detail_path": "advisories/ZDI-22-214", "id": "ZDI-22-214", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-214/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15457", "zdi_id": "ZDI-22-214" }, { "cve": "CVE-2021-46626", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-213/advisory.json", "detail_path": "advisories/ZDI-22-213", "id": "ZDI-22-213", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-213/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15456", "zdi_id": "ZDI-22-213" }, { "cve": "CVE-2021-46625", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-212/advisory.json", "detail_path": "advisories/ZDI-22-212", "id": "ZDI-22-212", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JT File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-212/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15455", "zdi_id": "ZDI-22-212" }, { "cve": "CVE-2021-46624", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-211/advisory.json", "detail_path": "advisories/ZDI-22-211", "id": "ZDI-22-211", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-211/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15454", "zdi_id": "ZDI-22-211" }, { "cve": "CVE-2021-46623", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-210/advisory.json", "detail_path": "advisories/ZDI-22-210", "id": "ZDI-22-210", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-210/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15453", "zdi_id": "ZDI-22-210" }, { "cve": "CVE-2021-46622", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-209/advisory.json", "detail_path": "advisories/ZDI-22-209", "id": "ZDI-22-209", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-209/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15416", "zdi_id": "ZDI-22-209" }, { "cve": "CVE-2021-46621", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-208/advisory.json", "detail_path": "advisories/ZDI-22-208", "id": "ZDI-22-208", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-208/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15415", "zdi_id": "ZDI-22-208" }, { "cve": "CVE-2021-46620", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-207/advisory.json", "detail_path": "advisories/ZDI-22-207", "id": "ZDI-22-207", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-207/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15414", "zdi_id": "ZDI-22-207" }, { "cve": "CVE-2021-46619", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-206/advisory.json", "detail_path": "advisories/ZDI-22-206", "id": "ZDI-22-206", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-206/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15413", "zdi_id": "ZDI-22-206" }, { "cve": "CVE-2021-46618", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-205/advisory.json", "detail_path": "advisories/ZDI-22-205", "id": "ZDI-22-205", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-205/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15412", "zdi_id": "ZDI-22-205" }, { "cve": "CVE-2021-46617", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-204/advisory.json", "detail_path": "advisories/ZDI-22-204", "id": "ZDI-22-204", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-204/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15411", "zdi_id": "ZDI-22-204" }, { "cve": "CVE-2021-46616", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-203/advisory.json", "detail_path": "advisories/ZDI-22-203", "id": "ZDI-22-203", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-203/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15410", "zdi_id": "ZDI-22-203" }, { "cve": "CVE-2021-46615", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-202/advisory.json", "detail_path": "advisories/ZDI-22-202", "id": "ZDI-22-202", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-202/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15409", "zdi_id": "ZDI-22-202" }, { "cve": "CVE-2021-46614", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-201/advisory.json", "detail_path": "advisories/ZDI-22-201", "id": "ZDI-22-201", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-201/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15408", "zdi_id": "ZDI-22-201" }, { "cve": "CVE-2021-46613", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-200/advisory.json", "detail_path": "advisories/ZDI-22-200", "id": "ZDI-22-200", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DXF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-200/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15407", "zdi_id": "ZDI-22-200" }, { "cve": "CVE-2021-46612", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-199/advisory.json", "detail_path": "advisories/ZDI-22-199", "id": "ZDI-22-199", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-199/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15406", "zdi_id": "ZDI-22-199" }, { "cve": "CVE-2021-46611", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-198/advisory.json", "detail_path": "advisories/ZDI-22-198", "id": "ZDI-22-198", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-198/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15405", "zdi_id": "ZDI-22-198" }, { "cve": "CVE-2021-46610", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-197/advisory.json", "detail_path": "advisories/ZDI-22-197", "id": "ZDI-22-197", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-197/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15404", "zdi_id": "ZDI-22-197" }, { "cve": "CVE-2021-46609", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-196/advisory.json", "detail_path": "advisories/ZDI-22-196", "id": "ZDI-22-196", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-196/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15403", "zdi_id": "ZDI-22-196" }, { "cve": "CVE-2021-46608", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-195/advisory.json", "detail_path": "advisories/ZDI-22-195", "id": "ZDI-22-195", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-195/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15402", "zdi_id": "ZDI-22-195" }, { "cve": "CVE-2021-46607", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-194/advisory.json", "detail_path": "advisories/ZDI-22-194", "id": "ZDI-22-194", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-194/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15401", "zdi_id": "ZDI-22-194" }, { "cve": "CVE-2021-46606", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-193/advisory.json", "detail_path": "advisories/ZDI-22-193", "id": "ZDI-22-193", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-193/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15400", "zdi_id": "ZDI-22-193" }, { "cve": "CVE-2021-46605", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-192/advisory.json", "detail_path": "advisories/ZDI-22-192", "id": "ZDI-22-192", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-192/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15399", "zdi_id": "ZDI-22-192" }, { "cve": "CVE-2021-46604", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-191/advisory.json", "detail_path": "advisories/ZDI-22-191", "id": "ZDI-22-191", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-191/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15398", "zdi_id": "ZDI-22-191" }, { "cve": "CVE-2021-46603", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-190/advisory.json", "detail_path": "advisories/ZDI-22-190", "id": "ZDI-22-190", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT J2K File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-190/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15397", "zdi_id": "ZDI-22-190" }, { "cve": "CVE-2021-46602", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-189/advisory.json", "detail_path": "advisories/ZDI-22-189", "id": "ZDI-22-189", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-189/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15396", "zdi_id": "ZDI-22-189" }, { "cve": "CVE-2021-46601", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-188/advisory.json", "detail_path": "advisories/ZDI-22-188", "id": "ZDI-22-188", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-188/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15395", "zdi_id": "ZDI-22-188" }, { "cve": "CVE-2021-46600", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-187/advisory.json", "detail_path": "advisories/ZDI-22-187", "id": "ZDI-22-187", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-187/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15394", "zdi_id": "ZDI-22-187" }, { "cve": "CVE-2021-46599", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-186/advisory.json", "detail_path": "advisories/ZDI-22-186", "id": "ZDI-22-186", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-186/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15393", "zdi_id": "ZDI-22-186" }, { "cve": "CVE-2021-46598", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-185/advisory.json", "detail_path": "advisories/ZDI-22-185", "id": "ZDI-22-185", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-185/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15392", "zdi_id": "ZDI-22-185" }, { "cve": "CVE-2021-46597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-184/advisory.json", "detail_path": "advisories/ZDI-22-184", "id": "ZDI-22-184", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-184/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15391", "zdi_id": "ZDI-22-184" }, { "cve": "CVE-2021-46596", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-183/advisory.json", "detail_path": "advisories/ZDI-22-183", "id": "ZDI-22-183", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-183/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15390", "zdi_id": "ZDI-22-183" }, { "cve": "CVE-2021-46595", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-182/advisory.json", "detail_path": "advisories/ZDI-22-182", "id": "ZDI-22-182", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-182/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15389", "zdi_id": "ZDI-22-182" }, { "cve": "CVE-2021-46594", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-181/advisory.json", "detail_path": "advisories/ZDI-22-181", "id": "ZDI-22-181", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-181/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15388", "zdi_id": "ZDI-22-181" }, { "cve": "CVE-2021-46593", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-180/advisory.json", "detail_path": "advisories/ZDI-22-180", "id": "ZDI-22-180", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-180/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15387", "zdi_id": "ZDI-22-180" }, { "cve": "CVE-2021-46592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-179/advisory.json", "detail_path": "advisories/ZDI-22-179", "id": "ZDI-22-179", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-179/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15386", "zdi_id": "ZDI-22-179" }, { "cve": "CVE-2021-46591", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-178/advisory.json", "detail_path": "advisories/ZDI-22-178", "id": "ZDI-22-178", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-178/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15385", "zdi_id": "ZDI-22-178" }, { "cve": "CVE-2021-46590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-177/advisory.json", "detail_path": "advisories/ZDI-22-177", "id": "ZDI-22-177", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-177/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15384", "zdi_id": "ZDI-22-177" }, { "cve": "CVE-2021-46589", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-22-176/advisory.json", "detail_path": "advisories/ZDI-22-176", "id": "ZDI-22-176", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-176/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15383", "zdi_id": "ZDI-22-176" }, { "cve": "CVE-2021-46588", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-175/advisory.json", "detail_path": "advisories/ZDI-22-175", "id": "ZDI-22-175", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-175/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15382", "zdi_id": "ZDI-22-175" }, { "cve": "CVE-2021-46587", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-174/advisory.json", "detail_path": "advisories/ZDI-22-174", "id": "ZDI-22-174", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-174/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15381", "zdi_id": "ZDI-22-174" }, { "cve": "CVE-2021-46586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-173/advisory.json", "detail_path": "advisories/ZDI-22-173", "id": "ZDI-22-173", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-173/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15380", "zdi_id": "ZDI-22-173" }, { "cve": "CVE-2021-46585", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-172/advisory.json", "detail_path": "advisories/ZDI-22-172", "id": "ZDI-22-172", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-172/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15379", "zdi_id": "ZDI-22-172" }, { "cve": "CVE-2021-46584", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-171/advisory.json", "detail_path": "advisories/ZDI-22-171", "id": "ZDI-22-171", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-171/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15378", "zdi_id": "ZDI-22-171" }, { "cve": "CVE-2021-46583", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-170/advisory.json", "detail_path": "advisories/ZDI-22-170", "id": "ZDI-22-170", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-170/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15377", "zdi_id": "ZDI-22-170" }, { "cve": "CVE-2021-46582", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-169/advisory.json", "detail_path": "advisories/ZDI-22-169", "id": "ZDI-22-169", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-169/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15376", "zdi_id": "ZDI-22-169" }, { "cve": "CVE-2021-46581", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-168/advisory.json", "detail_path": "advisories/ZDI-22-168", "id": "ZDI-22-168", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-168/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15375", "zdi_id": "ZDI-22-168" }, { "cve": "CVE-2021-46580", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-167/advisory.json", "detail_path": "advisories/ZDI-22-167", "id": "ZDI-22-167", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-167/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15374", "zdi_id": "ZDI-22-167" }, { "cve": "CVE-2021-46579", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-166/advisory.json", "detail_path": "advisories/ZDI-22-166", "id": "ZDI-22-166", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-166/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15373", "zdi_id": "ZDI-22-166" }, { "cve": "CVE-2021-46578", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-165/advisory.json", "detail_path": "advisories/ZDI-22-165", "id": "ZDI-22-165", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-165/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15372", "zdi_id": "ZDI-22-165" }, { "cve": "CVE-2021-46577", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-164/advisory.json", "detail_path": "advisories/ZDI-22-164", "id": "ZDI-22-164", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-164/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15371", "zdi_id": "ZDI-22-164" }, { "cve": "CVE-2021-46576", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-163/advisory.json", "detail_path": "advisories/ZDI-22-163", "id": "ZDI-22-163", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-163/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15370", "zdi_id": "ZDI-22-163" }, { "cve": "CVE-2021-46575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-162/advisory.json", "detail_path": "advisories/ZDI-22-162", "id": "ZDI-22-162", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-162/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15369", "zdi_id": "ZDI-22-162" }, { "cve": "CVE-2021-46574", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-161/advisory.json", "detail_path": "advisories/ZDI-22-161", "id": "ZDI-22-161", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-161/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15368", "zdi_id": "ZDI-22-161" }, { "cve": "CVE-2021-46573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-160/advisory.json", "detail_path": "advisories/ZDI-22-160", "id": "ZDI-22-160", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-160/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15367", "zdi_id": "ZDI-22-160" }, { "cve": "CVE-2021-46572", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-159/advisory.json", "detail_path": "advisories/ZDI-22-159", "id": "ZDI-22-159", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-159/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15366", "zdi_id": "ZDI-22-159" }, { "cve": "CVE-2021-46571", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-158/advisory.json", "detail_path": "advisories/ZDI-22-158", "id": "ZDI-22-158", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-158/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15365", "zdi_id": "ZDI-22-158" }, { "cve": "CVE-2021-46570", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-157/advisory.json", "detail_path": "advisories/ZDI-22-157", "id": "ZDI-22-157", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley View JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-157/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15364", "zdi_id": "ZDI-22-157" }, { "cve": "CVE-2021-46569", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-156/advisory.json", "detail_path": "advisories/ZDI-22-156", "id": "ZDI-22-156", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-156/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15031", "zdi_id": "ZDI-22-156" }, { "cve": "CVE-2021-46568", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-155/advisory.json", "detail_path": "advisories/ZDI-22-155", "id": "ZDI-22-155", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-155/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15030", "zdi_id": "ZDI-22-155" }, { "cve": "CVE-2021-46567", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-154/advisory.json", "detail_path": "advisories/ZDI-22-154", "id": "ZDI-22-154", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-154/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15028", "zdi_id": "ZDI-22-154" }, { "cve": "CVE-2021-46566", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-153/advisory.json", "detail_path": "advisories/ZDI-22-153", "id": "ZDI-22-153", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-153/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15027", "zdi_id": "ZDI-22-153" }, { "cve": "CVE-2021-46565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-152/advisory.json", "detail_path": "advisories/ZDI-22-152", "id": "ZDI-22-152", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-152/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15024", "zdi_id": "ZDI-22-152" }, { "cve": "CVE-2021-46564", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-151/advisory.json", "detail_path": "advisories/ZDI-22-151", "id": "ZDI-22-151", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-151/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15023", "zdi_id": "ZDI-22-151" }, { "cve": "CVE-2021-46563", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-150/advisory.json", "detail_path": "advisories/ZDI-22-150", "id": "ZDI-22-150", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-150/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14990", "zdi_id": "ZDI-22-150" }, { "cve": "CVE-2021-46562", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-22-149/advisory.json", "detail_path": "advisories/ZDI-22-149", "id": "ZDI-22-149", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-149/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14987", "zdi_id": "ZDI-22-149" }, { "cve": "CVE-2021-37852", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-22-148/advisory.json", "detail_path": "advisories/ZDI-22-148", "id": "ZDI-22-148", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-148/", "vendor": "ESET", "vendor_url": null, "zdi_can": "ZDI-CAN-14162", "zdi_id": "ZDI-22-148" }, { "cve": "CVE-2022-23805", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...", "detail_json": "/data/advisories/ZDI-22-147/advisory.json", "detail_path": "advisories/ZDI-22-147", "id": "ZDI-22-147", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Trend Micro Worry-Free Business Security Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13856", "zdi_id": "ZDI-22-147" }, { "cve": "CVE-2021-29117", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-146/advisory.json", "detail_path": "advisories/ZDI-22-146", "id": "ZDI-22-146", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-146/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-14433", "zdi_id": "ZDI-22-146" }, { "cve": "CVE-2021-29118", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-145/advisory.json", "detail_path": "advisories/ZDI-22-145", "id": "ZDI-22-145", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-145/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-14439", "zdi_id": "ZDI-22-145" }, { "cve": "CVE-2021-29112", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-144/advisory.json", "detail_path": "advisories/ZDI-22-144", "id": "ZDI-22-144", "kind": "published", "published_date": "2022-01-31", "status": "published", "title": "Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-144/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-14267", "zdi_id": "ZDI-22-144" }, { "cve": "CVE-2021-3641", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-143/advisory.json", "detail_path": "advisories/ZDI-22-143", "id": "ZDI-22-143", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "Bitdefender GravityZone Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-143/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13801", "zdi_id": "ZDI-22-143" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-142/advisory.json", "detail_path": "advisories/ZDI-22-142", "id": "ZDI-22-142", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Trend Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14722", "zdi_id": "ZDI-22-142" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-141/advisory.json", "detail_path": "advisories/ZDI-22-141", "id": "ZDI-22-141", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Trend Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14720", "zdi_id": "ZDI-22-141" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-140/advisory.json", "detail_path": "advisories/ZDI-22-140", "id": "ZDI-22-140", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14719", "zdi_id": "ZDI-22-140" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-139/advisory.json", "detail_path": "advisories/ZDI-22-139", "id": "ZDI-22-139", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14718", "zdi_id": "ZDI-22-139" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-138/advisory.json", "detail_path": "advisories/ZDI-22-138", "id": "ZDI-22-138", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14717", "zdi_id": "ZDI-22-138" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-137/advisory.json", "detail_path": "advisories/ZDI-22-137", "id": "ZDI-22-137", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU XML File Parsing Add Tag DigitCount Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14582", "zdi_id": "ZDI-22-137" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-136/advisory.json", "detail_path": "advisories/ZDI-22-136", "id": "ZDI-22-136", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU XML File Parsing BitAddr Tag ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14581", "zdi_id": "ZDI-22-136" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-135/advisory.json", "detail_path": "advisories/ZDI-22-135", "id": "ZDI-22-135", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU XML File Parsing Add Tag DstAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14580", "zdi_id": "ZDI-22-135" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-134/advisory.json", "detail_path": "advisories/ZDI-22-134", "id": "ZDI-22-134", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU XML File Parsing BitAddr Tag ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14579", "zdi_id": "ZDI-22-134" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-133/advisory.json", "detail_path": "advisories/ZDI-22-133", "id": "ZDI-22-133", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP FIle Parsing HmiSet Tag Type Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14578", "zdi_id": "ZDI-22-133" }, { "cve": "CVE-2021-23157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-132/advisory.json", "detail_path": "advisories/ZDI-22-132", "id": "ZDI-22-132", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing ScreenInfo Tag ScrnFile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14584", "zdi_id": "ZDI-22-132" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-131/advisory.json", "detail_path": "advisories/ZDI-22-131", "id": "ZDI-22-131", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU XML File Parsing Add Tag PLCAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14577", "zdi_id": "ZDI-22-131" }, { "cve": "CVE-2021-23157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-130/advisory.json", "detail_path": "advisories/ZDI-22-130", "id": "ZDI-22-130", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing ScreenInfo Tag ScrnName Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14576", "zdi_id": "ZDI-22-130" }, { "cve": "CVE-2021-23138", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-129/advisory.json", "detail_path": "advisories/ZDI-22-129", "id": "ZDI-22-129", "kind": "published", "published_date": "2022-01-27", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag BgOnOffBitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14575", "zdi_id": "ZDI-22-129" }, { "cve": "CVE-2022-21394", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-128/advisory.json", "detail_path": "advisories/ZDI-22-128", "id": "ZDI-22-128", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle VirtualBox TFTP Server Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-128/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16026", "zdi_id": "ZDI-22-128" }, { "cve": "CVE-2022-21380", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-127/advisory.json", "detail_path": "advisories/ZDI-22-127", "id": "ZDI-22-127", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-127/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-16120", "zdi_id": "ZDI-22-127" }, { "cve": "CVE-2022-21356", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-126/advisory.json", "detail_path": "advisories/ZDI-22-126", "id": "ZDI-22-126", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-126/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-15121", "zdi_id": "ZDI-22-126" }, { "cve": "CVE-2022-21357", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-125/advisory.json", "detail_path": "advisories/ZDI-22-125", "id": "ZDI-22-125", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-125/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-15122", "zdi_id": "ZDI-22-125" }, { "cve": "CVE-2022-21355", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-124/advisory.json", "detail_path": "advisories/ZDI-22-124", "id": "ZDI-22-124", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-124/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-15120", "zdi_id": "ZDI-22-124" }, { "cve": "CVE-2022-21346", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportTemplateService end...", "detail_json": "/data/advisories/ZDI-22-123/advisory.json", "detail_path": "advisories/ZDI-22-123", "id": "ZDI-22-123", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle Business Intelligence ReportTemplateService XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-123/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-15063", "zdi_id": "ZDI-22-123" }, { "cve": "CVE-2022-21337", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-122/advisory.json", "detail_path": "advisories/ZDI-22-122", "id": "ZDI-22-122", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-122/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14524", "zdi_id": "ZDI-22-122" }, { "cve": "CVE-2022-21336", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-121/advisory.json", "detail_path": "advisories/ZDI-22-121", "id": "ZDI-22-121", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-121/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14523", "zdi_id": "ZDI-22-121" }, { "cve": "CVE-2022-21335", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-120/advisory.json", "detail_path": "advisories/ZDI-22-120", "id": "ZDI-22-120", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-120/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14522", "zdi_id": "ZDI-22-120" }, { "cve": "CVE-2022-21334", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-119/advisory.json", "detail_path": "advisories/ZDI-22-119", "id": "ZDI-22-119", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-119/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14521", "zdi_id": "ZDI-22-119" }, { "cve": "CVE-2022-21333", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-118/advisory.json", "detail_path": "advisories/ZDI-22-118", "id": "ZDI-22-118", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-118/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14520", "zdi_id": "ZDI-22-118" }, { "cve": "CVE-2022-21332", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-117/advisory.json", "detail_path": "advisories/ZDI-22-117", "id": "ZDI-22-117", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-117/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14509", "zdi_id": "ZDI-22-117" }, { "cve": "CVE-2022-21331", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-116/advisory.json", "detail_path": "advisories/ZDI-22-116", "id": "ZDI-22-116", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-116/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14507", "zdi_id": "ZDI-22-116" }, { "cve": "CVE-2022-21330", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-115/advisory.json", "detail_path": "advisories/ZDI-22-115", "id": "ZDI-22-115", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-115/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14506", "zdi_id": "ZDI-22-115" }, { "cve": "CVE-2022-21329", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-114/advisory.json", "detail_path": "advisories/ZDI-22-114", "id": "ZDI-22-114", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-114/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14505", "zdi_id": "ZDI-22-114" }, { "cve": "CVE-2022-21328", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-113/advisory.json", "detail_path": "advisories/ZDI-22-113", "id": "ZDI-22-113", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-113/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14504", "zdi_id": "ZDI-22-113" }, { "cve": "CVE-2022-21327", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-112/advisory.json", "detail_path": "advisories/ZDI-22-112", "id": "ZDI-22-112", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-112/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14503", "zdi_id": "ZDI-22-112" }, { "cve": "CVE-2022-21326", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-111/advisory.json", "detail_path": "advisories/ZDI-22-111", "id": "ZDI-22-111", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-111/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14502", "zdi_id": "ZDI-22-111" }, { "cve": "CVE-2022-21325", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-110/advisory.json", "detail_path": "advisories/ZDI-22-110", "id": "ZDI-22-110", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-110/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14501", "zdi_id": "ZDI-22-110" }, { "cve": "CVE-2022-21324", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-109/advisory.json", "detail_path": "advisories/ZDI-22-109", "id": "ZDI-22-109", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-109/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14500", "zdi_id": "ZDI-22-109" }, { "cve": "CVE-2022-21323", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-108/advisory.json", "detail_path": "advisories/ZDI-22-108", "id": "ZDI-22-108", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-108/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14499", "zdi_id": "ZDI-22-108" }, { "cve": "CVE-2022-21322", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-107/advisory.json", "detail_path": "advisories/ZDI-22-107", "id": "ZDI-22-107", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-107/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14498", "zdi_id": "ZDI-22-107" }, { "cve": "CVE-2022-21321", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-106/advisory.json", "detail_path": "advisories/ZDI-22-106", "id": "ZDI-22-106", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-106/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14497", "zdi_id": "ZDI-22-106" }, { "cve": "CVE-2022-21320", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-105/advisory.json", "detail_path": "advisories/ZDI-22-105", "id": "ZDI-22-105", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-105/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14496", "zdi_id": "ZDI-22-105" }, { "cve": "CVE-2022-21319", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-104/advisory.json", "detail_path": "advisories/ZDI-22-104", "id": "ZDI-22-104", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-104/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14495", "zdi_id": "ZDI-22-104" }, { "cve": "CVE-2022-21318", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-103/advisory.json", "detail_path": "advisories/ZDI-22-103", "id": "ZDI-22-103", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-103/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14494", "zdi_id": "ZDI-22-103" }, { "cve": "CVE-2022-21317", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-102/advisory.json", "detail_path": "advisories/ZDI-22-102", "id": "ZDI-22-102", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-102/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14493", "zdi_id": "ZDI-22-102" }, { "cve": "CVE-2022-21316", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-101/advisory.json", "detail_path": "advisories/ZDI-22-101", "id": "ZDI-22-101", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-101/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14492", "zdi_id": "ZDI-22-101" }, { "cve": "CVE-2022-21315", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-100/advisory.json", "detail_path": "advisories/ZDI-22-100", "id": "ZDI-22-100", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-100/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14491", "zdi_id": "ZDI-22-100" }, { "cve": "CVE-2022-21314", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-099/advisory.json", "detail_path": "advisories/ZDI-22-099", "id": "ZDI-22-099", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-099/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14490", "zdi_id": "ZDI-22-099" }, { "cve": "CVE-2022-21313", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-098/advisory.json", "detail_path": "advisories/ZDI-22-098", "id": "ZDI-22-098", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-098/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14489", "zdi_id": "ZDI-22-098" }, { "cve": "CVE-2022-21312", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-097/advisory.json", "detail_path": "advisories/ZDI-22-097", "id": "ZDI-22-097", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-097/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14488", "zdi_id": "ZDI-22-097" }, { "cve": "CVE-2022-21311", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The...", "detail_json": "/data/advisories/ZDI-22-096/advisory.json", "detail_path": "advisories/ZDI-22-096", "id": "ZDI-22-096", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-096/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14487", "zdi_id": "ZDI-22-096" }, { "cve": "CVE-2022-21310", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-095/advisory.json", "detail_path": "advisories/ZDI-22-095", "id": "ZDI-22-095", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-095/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14486", "zdi_id": "ZDI-22-095" }, { "cve": "CVE-2022-21309", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-094/advisory.json", "detail_path": "advisories/ZDI-22-094", "id": "ZDI-22-094", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-094/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14458", "zdi_id": "ZDI-22-094" }, { "cve": "CVE-2022-21308", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-093/advisory.json", "detail_path": "advisories/ZDI-22-093", "id": "ZDI-22-093", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-093/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14222", "zdi_id": "ZDI-22-093" }, { "cve": "CVE-2022-21307", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-092/advisory.json", "detail_path": "advisories/ZDI-22-092", "id": "ZDI-22-092", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-092/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14206", "zdi_id": "ZDI-22-092" }, { "cve": "CVE-2022-21284", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-091/advisory.json", "detail_path": "advisories/ZDI-22-091", "id": "ZDI-22-091", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-091/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13925", "zdi_id": "ZDI-22-091" }, { "cve": "CVE-2022-21289", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-090/advisory.json", "detail_path": "advisories/ZDI-22-090", "id": "ZDI-22-090", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-090/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13924", "zdi_id": "ZDI-22-090" }, { "cve": "CVE-2022-21285", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-089/advisory.json", "detail_path": "advisories/ZDI-22-089", "id": "ZDI-22-089", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-089/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13986", "zdi_id": "ZDI-22-089" }, { "cve": "CVE-2022-21286", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-088/advisory.json", "detail_path": "advisories/ZDI-22-088", "id": "ZDI-22-088", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-088/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13966", "zdi_id": "ZDI-22-088" }, { "cve": "CVE-2022-21287", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-087/advisory.json", "detail_path": "advisories/ZDI-22-087", "id": "ZDI-22-087", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-087/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13964", "zdi_id": "ZDI-22-087" }, { "cve": "CVE-2022-21290", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-086/advisory.json", "detail_path": "advisories/ZDI-22-086", "id": "ZDI-22-086", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-086/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13963", "zdi_id": "ZDI-22-086" }, { "cve": "CVE-2022-21288", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-22-085/advisory.json", "detail_path": "advisories/ZDI-22-085", "id": "ZDI-22-085", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-085/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13922", "zdi_id": "ZDI-22-085" }, { "cve": "CVE-2022-21280", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from th...", "detail_json": "/data/advisories/ZDI-22-084/advisory.json", "detail_path": "advisories/ZDI-22-084", "id": "ZDI-22-084", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-084/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13866", "zdi_id": "ZDI-22-084" }, { "cve": "CVE-2022-21279", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from th...", "detail_json": "/data/advisories/ZDI-22-083/advisory.json", "detail_path": "advisories/ZDI-22-083", "id": "ZDI-22-083", "kind": "published", "published_date": "2022-01-21", "status": "published", "title": "Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-083/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13865", "zdi_id": "ZDI-22-083" }, { "cve": "CVE-2021-35005", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-22-082/advisory.json", "detail_path": "advisories/ZDI-22-082", "id": "ZDI-22-082", "kind": "published", "published_date": "2022-01-20", "status": "published", "title": "TeamViewer Improper Validation of Array Index Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-082/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-13818", "zdi_id": "ZDI-22-082" }, { "cve": "CVE-2021-35004", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS respo...", "detail_json": "/data/advisories/ZDI-22-081/advisory.json", "detail_path": "advisories/ZDI-22-081", "id": "ZDI-22-081", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-081/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-14656", "zdi_id": "ZDI-22-081" }, { "cve": "CVE-2021-35003", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafte...", "detail_json": "/data/advisories/ZDI-22-080/advisory.json", "detail_path": "advisories/ZDI-22-080", "id": "ZDI-22-080", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-080/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-14655", "zdi_id": "ZDI-22-080" }, { "cve": "CVE-2021-43746", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-079/advisory.json", "detail_path": "advisories/ZDI-22-079", "id": "ZDI-22-079", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "Adobe Illustrator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-079/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14371", "zdi_id": "ZDI-22-079" }, { "cve": "CVE-2021-26089", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient Network Access Control. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v...", "detail_json": "/data/advisories/ZDI-22-078/advisory.json", "detail_path": "advisories/ZDI-22-078", "id": "ZDI-22-078", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "Fortinet FortiClient Network Access Control Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-078/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-14137", "zdi_id": "ZDI-22-078" }, { "cve": "CVE-2022-22991", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConnectivityService s...", "detail_json": "/data/advisories/ZDI-22-077/advisory.json", "detail_path": "advisories/ZDI-22-077", "id": "ZDI-22-077", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 ConnectivityService Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-01-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-077/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15856", "zdi_id": "ZDI-22-077" }, { "cve": "CVE-2022-22992", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-22-076/advisory.json", "detail_path": "advisories/ZDI-22-076", "id": "ZDI-22-076", "kind": "published", "published_date": "2022-01-17", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 cloudAccess Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-02-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-076/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-15872", "zdi_id": "ZDI-22-076" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-075/advisory.json", "detail_path": "advisories/ZDI-22-075", "id": "ZDI-22-075", "kind": "published", "published_date": "2022-01-14", "status": "published", "title": "NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-075/", "vendor": "NetBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-14539", "zdi_id": "ZDI-22-075" }, { "cve": "CVE-2021-42309", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of server-side controls. An unsafe s...", "detail_json": "/data/advisories/ZDI-22-074/advisory.json", "detail_path": "advisories/ZDI-22-074", "id": "ZDI-22-074", "kind": "published", "published_date": "2022-01-14", "status": "published", "title": "Microsoft SharePoint Server-Side Control Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14978", "zdi_id": "ZDI-22-074" }, { "cve": "CVE-2021-34999", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-073/advisory.json", "detail_path": "advisories/ZDI-22-073", "id": "ZDI-22-073", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-073/", "vendor": "OpenBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-14540", "zdi_id": "ZDI-22-073" }, { "cve": "CVE-2021-45053", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-072/advisory.json", "detail_path": "advisories/ZDI-22-072", "id": "ZDI-22-072", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InCopy JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-072/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15148", "zdi_id": "ZDI-22-072" }, { "cve": "CVE-2021-45054", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-071/advisory.json", "detail_path": "advisories/ZDI-22-071", "id": "ZDI-22-071", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InCopy JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-071/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15151", "zdi_id": "ZDI-22-071" }, { "cve": "CVE-2021-45055", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-070/advisory.json", "detail_path": "advisories/ZDI-22-070", "id": "ZDI-22-070", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InCopy TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15234", "zdi_id": "ZDI-22-070" }, { "cve": "CVE-2021-45056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-069/advisory.json", "detail_path": "advisories/ZDI-22-069", "id": "ZDI-22-069", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InCopy JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-069/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15233", "zdi_id": "ZDI-22-069" }, { "cve": "CVE-2021-45058", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-068/advisory.json", "detail_path": "advisories/ZDI-22-068", "id": "ZDI-22-068", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-068/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15232", "zdi_id": "ZDI-22-068" }, { "cve": "CVE-2021-45059", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-067/advisory.json", "detail_path": "advisories/ZDI-22-067", "id": "ZDI-22-067", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InDesign JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-067/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15150", "zdi_id": "ZDI-22-067" }, { "cve": "CVE-2021-45057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-22-066/advisory.json", "detail_path": "advisories/ZDI-22-066", "id": "ZDI-22-066", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-066/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15144", "zdi_id": "ZDI-22-066" }, { "cve": "CVE-2021-45051", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-065/advisory.json", "detail_path": "advisories/ZDI-22-065", "id": "ZDI-22-065", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Bridge JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-065/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15152", "zdi_id": "ZDI-22-065" }, { "cve": "CVE-2021-45052", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-22-064/advisory.json", "detail_path": "advisories/ZDI-22-064", "id": "ZDI-22-064", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Bridge TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-064/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15142", "zdi_id": "ZDI-22-064" }, { "cve": "CVE-2021-44743", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-22-063/advisory.json", "detail_path": "advisories/ZDI-22-063", "id": "ZDI-22-063", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-063/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15146", "zdi_id": "ZDI-22-063" }, { "cve": "CVE-2021-44700", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-062/advisory.json", "detail_path": "advisories/ZDI-22-062", "id": "ZDI-22-062", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Illustrator JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-062/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15244", "zdi_id": "ZDI-22-062" }, { "cve": "CVE-2021-43752", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-22-061/advisory.json", "detail_path": "advisories/ZDI-22-061", "id": "ZDI-22-061", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Illustrator TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-061/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15143", "zdi_id": "ZDI-22-061" }, { "cve": "CVE-2021-45060", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-060/advisory.json", "detail_path": "advisories/ZDI-22-060", "id": "ZDI-22-060", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC TTF Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-060/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15698", "zdi_id": "ZDI-22-060" }, { "cve": "CVE-2021-45063", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-22-059/advisory.json", "detail_path": "advisories/ZDI-22-059", "id": "ZDI-22-059", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-059/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15902", "zdi_id": "ZDI-22-059" }, { "cve": "CVE-2021-45068", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-058/advisory.json", "detail_path": "advisories/ZDI-22-058", "id": "ZDI-22-058", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-058/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15900", "zdi_id": "ZDI-22-058" }, { "cve": "CVE-2021-44701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-057/advisory.json", "detail_path": "advisories/ZDI-22-057", "id": "ZDI-22-057", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-057/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15196", "zdi_id": "ZDI-22-057" }, { "cve": "CVE-2021-45061", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-056/advisory.json", "detail_path": "advisories/ZDI-22-056", "id": "ZDI-22-056", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-056/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15903", "zdi_id": "ZDI-22-056" }, { "cve": "CVE-2021-45064", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-055/advisory.json", "detail_path": "advisories/ZDI-22-055", "id": "ZDI-22-055", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-055/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15586", "zdi_id": "ZDI-22-055" }, { "cve": "CVE-2021-45062", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-22-054/advisory.json", "detail_path": "advisories/ZDI-22-054", "id": "ZDI-22-054", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-054/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15901", "zdi_id": "ZDI-22-054" }, { "cve": "CVE-2022-23095", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-22-053/advisory.json", "detail_path": "advisories/ZDI-22-053", "id": "ZDI-22-053", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-053/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14727", "zdi_id": "ZDI-22-053" }, { "cve": "CVE-2022-21899", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-052/advisory.json", "detail_path": "advisories/ZDI-22-052", "id": "ZDI-22-052", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Microsoft Windows EFI Partition Incorrect Authorization Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-052/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15212", "zdi_id": "ZDI-22-052" }, { "cve": "CVE-2022-21876", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-051/advisory.json", "detail_path": "advisories/ZDI-22-051", "id": "ZDI-22-051", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Microsoft Windows DirectComposition Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-051/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15188", "zdi_id": "ZDI-22-051" }, { "cve": "CVE-2022-21895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-050/advisory.json", "detail_path": "advisories/ZDI-22-050", "id": "ZDI-22-050", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-050/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-15331", "zdi_id": "ZDI-22-050" }, { "cve": "CVE-2022-21838", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-22-049/advisory.json", "detail_path": "advisories/ZDI-22-049", "id": "ZDI-22-049", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Microsoft Windows SilentCleanup Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-049/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14660", "zdi_id": "ZDI-22-049" }, { "cve": "CVE-2022-21877", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-22-048/advisory.json", "detail_path": "advisories/ZDI-22-048", "id": "ZDI-22-048", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Microsoft Windows Storage Spaces Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14957", "zdi_id": "ZDI-22-048" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-047/advisory.json", "detail_path": "advisories/ZDI-22-047", "id": "ZDI-22-047", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14411", "zdi_id": "ZDI-22-047" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-046/advisory.json", "detail_path": "advisories/ZDI-22-046", "id": "ZDI-22-046", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Alarm Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14413", "zdi_id": "ZDI-22-046" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-045/advisory.json", "detail_path": "advisories/ZDI-22-045", "id": "ZDI-22-045", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14417", "zdi_id": "ZDI-22-045" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-044/advisory.json", "detail_path": "advisories/ZDI-22-044", "id": "ZDI-22-044", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Trend Tag WordAddr12 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14419", "zdi_id": "ZDI-22-044" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-043/advisory.json", "detail_path": "advisories/ZDI-22-043", "id": "ZDI-22-043", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr7 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14420", "zdi_id": "ZDI-22-043" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-042/advisory.json", "detail_path": "advisories/ZDI-22-042", "id": "ZDI-22-042", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing Trend Tag WordAddr11 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14421", "zdi_id": "ZDI-22-042" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-041/advisory.json", "detail_path": "advisories/ZDI-22-041", "id": "ZDI-22-041", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr5 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14422", "zdi_id": "ZDI-22-041" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-040/advisory.json", "detail_path": "advisories/ZDI-22-040", "id": "ZDI-22-040", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing XY Tag WordAddr6 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14423", "zdi_id": "ZDI-22-040" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-039/advisory.json", "detail_path": "advisories/ZDI-22-039", "id": "ZDI-22-039", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag HMINAME Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14569", "zdi_id": "ZDI-22-039" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-038/advisory.json", "detail_path": "advisories/ZDI-22-038", "id": "ZDI-22-038", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing HmiSet Tag Style Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14570", "zdi_id": "ZDI-22-038" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-037/advisory.json", "detail_path": "advisories/ZDI-22-037", "id": "ZDI-22-037", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag CurScrIdAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14574", "zdi_id": "ZDI-22-037" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-036/advisory.json", "detail_path": "advisories/ZDI-22-036", "id": "ZDI-22-036", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag ScrIdWordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14573", "zdi_id": "ZDI-22-036" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-035/advisory.json", "detail_path": "advisories/ZDI-22-035", "id": "ZDI-22-035", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag PowerEnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14572", "zdi_id": "ZDI-22-035" }, { "cve": "CVE-2021-43983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-22-034/advisory.json", "detail_path": "advisories/ZDI-22-034", "id": "ZDI-22-034", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "WECON LeviStudioU UMP File Parsing BaseSet Tag EnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-14571", "zdi_id": "ZDI-22-034" }, { "cve": "CVE-2021-43554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-033/advisory.json", "detail_path": "advisories/ZDI-22-033", "id": "ZDI-22-033", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-033/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14634", "zdi_id": "ZDI-22-033" }, { "cve": "CVE-2021-43556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-032/advisory.json", "detail_path": "advisories/ZDI-22-032", "id": "ZDI-22-032", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-032/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14568", "zdi_id": "ZDI-22-032" }, { "cve": "CVE-2021-43556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-031/advisory.json", "detail_path": "advisories/ZDI-22-031", "id": "ZDI-22-031", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder TAB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-031/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14465", "zdi_id": "ZDI-22-031" }, { "cve": "CVE-2021-43554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-030/advisory.json", "detail_path": "advisories/ZDI-22-030", "id": "ZDI-22-030", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-030/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14225", "zdi_id": "ZDI-22-030" }, { "cve": "CVE-2021-43556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-029/advisory.json", "detail_path": "advisories/ZDI-22-029", "id": "ZDI-22-029", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder SPF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-029/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14566", "zdi_id": "ZDI-22-029" }, { "cve": "CVE-2021-43554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-22-028/advisory.json", "detail_path": "advisories/ZDI-22-028", "id": "ZDI-22-028", "kind": "published", "published_date": "2022-01-13", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-028/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14517", "zdi_id": "ZDI-22-028" }, { "cve": "CVE-2021-32965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-027/advisory.json", "detail_path": "advisories/ZDI-22-027", "id": "ZDI-22-027", "kind": "published", "published_date": "2022-01-11", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-027/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13030", "zdi_id": "ZDI-22-027" }, { "cve": "CVE-2021-32965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-026/advisory.json", "detail_path": "advisories/ZDI-22-026", "id": "ZDI-22-026", "kind": "published", "published_date": "2022-01-11", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-026/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13029", "zdi_id": "ZDI-22-026" }, { "cve": "CVE-2021-32965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-025/advisory.json", "detail_path": "advisories/ZDI-22-025", "id": "ZDI-22-025", "kind": "published", "published_date": "2022-01-11", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-025/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13033", "zdi_id": "ZDI-22-025" }, { "cve": "CVE-2021-32969", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-024/advisory.json", "detail_path": "advisories/ZDI-22-024", "id": "ZDI-22-024", "kind": "published", "published_date": "2022-01-11", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-024/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13032", "zdi_id": "ZDI-22-024" }, { "cve": "CVE-2021-32969", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-22-023/advisory.json", "detail_path": "advisories/ZDI-22-023", "id": "ZDI-22-023", "kind": "published", "published_date": "2022-01-11", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-023/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13031", "zdi_id": "ZDI-22-023" }, { "cve": "CVE-2021-42028", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens syngo fastView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-22-022/advisory.json", "detail_path": "advisories/ZDI-22-022", "id": "ZDI-22-022", "kind": "published", "published_date": "2022-01-10", "status": "published", "title": "Siemens syngo fastView BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-022/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14860", "zdi_id": "ZDI-22-022" }, { "cve": "CVE-2021-40367", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens syngo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-021/advisory.json", "detail_path": "advisories/ZDI-22-021", "id": "ZDI-22-021", "kind": "published", "published_date": "2022-01-10", "status": "published", "title": "Siemens syngo DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-021/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15097", "zdi_id": "ZDI-22-021" }, { "cve": "CVE-2022-21661", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WP_Query class. The issue results from...", "detail_json": "/data/advisories/ZDI-22-020/advisory.json", "detail_path": "advisories/ZDI-22-020", "id": "ZDI-22-020", "kind": "published", "published_date": "2022-01-10", "status": "published", "title": "WordPress Core WP_Query SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-020/", "vendor": "WordPress", "vendor_url": null, "zdi_can": "ZDI-CAN-15541", "zdi_id": "ZDI-22-020" }, { "cve": "CVE-2021-43238", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-22-019/advisory.json", "detail_path": "advisories/ZDI-22-019", "id": "ZDI-22-019", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14955", "zdi_id": "ZDI-22-019" }, { "cve": "CVE-2021-43237", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additional u...", "detail_json": "/data/advisories/ZDI-22-018/advisory.json", "detail_path": "advisories/ZDI-22-018", "id": "ZDI-22-018", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Microsoft Windows Update Assistant Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14770", "zdi_id": "ZDI-22-018" }, { "cve": "CVE-2021-45441", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-017/advisory.json", "detail_path": "advisories/ZDI-22-017", "id": "ZDI-22-017", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14607", "zdi_id": "ZDI-22-017" }, { "cve": "CVE-2021-45440", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-22-016/advisory.json", "detail_path": "advisories/ZDI-22-016", "id": "ZDI-22-016", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14218", "zdi_id": "ZDI-22-016" }, { "cve": "CVE-2021-45442", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...", "detail_json": "/data/advisories/ZDI-22-015/advisory.json", "detail_path": "advisories/ZDI-22-015", "id": "ZDI-22-015", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Trend Micro Worry-Free Business Security Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14967", "zdi_id": "ZDI-22-015" }, { "cve": "CVE-2021-44024", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...", "detail_json": "/data/advisories/ZDI-22-014/advisory.json", "detail_path": "advisories/ZDI-22-014", "id": "ZDI-22-014", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Trend Micro Apex One Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13364", "zdi_id": "ZDI-22-014" }, { "cve": "CVE-2021-45231", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-22-013/advisory.json", "detail_path": "advisories/ZDI-22-013", "id": "ZDI-22-013", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Trend Micro Apex One Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13365", "zdi_id": "ZDI-22-013" }, { "cve": "CVE-2021-35000", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-22-012/advisory.json", "detail_path": "advisories/ZDI-22-012", "id": "ZDI-22-012", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-012/", "vendor": "OpenBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-16112", "zdi_id": "ZDI-22-012" }, { "cve": "CVE-2021-44017", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-011/advisory.json", "detail_path": "advisories/ZDI-22-011", "id": "ZDI-22-011", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-011/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15111", "zdi_id": "ZDI-22-011" }, { "cve": "CVE-2021-44015", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-010/advisory.json", "detail_path": "advisories/ZDI-22-010", "id": "ZDI-22-010", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go CGM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-010/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15109", "zdi_id": "ZDI-22-010" }, { "cve": "CVE-2021-44013", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-009/advisory.json", "detail_path": "advisories/ZDI-22-009", "id": "ZDI-22-009", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-009/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15103", "zdi_id": "ZDI-22-009" }, { "cve": "CVE-2021-44012", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-008/advisory.json", "detail_path": "advisories/ZDI-22-008", "id": "ZDI-22-008", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-008/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15102", "zdi_id": "ZDI-22-008" }, { "cve": "CVE-2021-44011", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-22-007/advisory.json", "detail_path": "advisories/ZDI-22-007", "id": "ZDI-22-007", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-007/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15101", "zdi_id": "ZDI-22-007" }, { "cve": "CVE-2021-44002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-006/advisory.json", "detail_path": "advisories/ZDI-22-006", "id": "ZDI-22-006", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-006/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15058", "zdi_id": "ZDI-22-006" }, { "cve": "CVE-2021-44014", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-005/advisory.json", "detail_path": "advisories/ZDI-22-005", "id": "ZDI-22-005", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-005/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-15057", "zdi_id": "ZDI-22-005" }, { "cve": "CVE-2021-44001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-22-004/advisory.json", "detail_path": "advisories/ZDI-22-004", "id": "ZDI-22-004", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2022-01-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-004/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14974", "zdi_id": "ZDI-22-004" }, { "cve": "CVE-2021-22045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-22-003/advisory.json", "detail_path": "advisories/ZDI-22-003", "id": "ZDI-22-003", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2022-01-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-003/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-14237", "zdi_id": "ZDI-22-003" }, { "cve": "CVE-2021-35002", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results f...", "detail_json": "/data/advisories/ZDI-22-002/advisory.json", "detail_path": "advisories/ZDI-22-002", "id": "ZDI-22-002", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-002/", "vendor": "BMC", "vendor_url": null, "zdi_can": "ZDI-CAN-14122", "zdi_id": "ZDI-22-002" }, { "cve": "CVE-2021-35001", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the...", "detail_json": "/data/advisories/ZDI-22-001/advisory.json", "detail_path": "advisories/ZDI-22-001", "id": "ZDI-22-001", "kind": "published", "published_date": "2022-01-06", "status": "published", "title": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/", "vendor": "BMC", "vendor_url": null, "zdi_can": "ZDI-CAN-14527", "zdi_id": "ZDI-22-001" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SendSyslog class. This class a...", "detail_json": "/data/advisories/ZDI-21-1604/advisory.json", "detail_path": "advisories/ZDI-21-1604", "id": "ZDI-21-1604", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor SendSyslog Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1604/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-14859", "zdi_id": "ZDI-21-1604" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions....", "detail_json": "/data/advisories/ZDI-21-1603/advisory.json", "detail_path": "advisories/ZDI-21-1603", "id": "ZDI-21-1603", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor SnmpTrap Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1603/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15319", "zdi_id": "ZDI-21-1603" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions....", "detail_json": "/data/advisories/ZDI-21-1602/advisory.json", "detail_path": "advisories/ZDI-21-1602", "id": "ZDI-21-1602", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor SendHttpRequest Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1602/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15318", "zdi_id": "ZDI-21-1602" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the Email class. A crafted request...", "detail_json": "/data/advisories/ZDI-21-1601/advisory.json", "detail_path": "advisories/ZDI-21-1601", "id": "ZDI-21-1601", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor Email Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1601/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15317", "zdi_id": "ZDI-21-1601" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions....", "detail_json": "/data/advisories/ZDI-21-1600/advisory.json", "detail_path": "advisories/ZDI-21-1600", "id": "ZDI-21-1600", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor WriteToEventLog Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1600/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15316", "zdi_id": "ZDI-21-1600" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions....", "detail_json": "/data/advisories/ZDI-21-1599/advisory.json", "detail_path": "advisories/ZDI-21-1599", "id": "ZDI-21-1599", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor CustomProperty Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1599/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15315", "zdi_id": "ZDI-21-1599" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions....", "detail_json": "/data/advisories/ZDI-21-1598/advisory.json", "detail_path": "advisories/ZDI-21-1598", "id": "ZDI-21-1598", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor CustomStatus Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1598/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15314", "zdi_id": "ZDI-21-1598" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the PlaySound class. A crafted req...", "detail_json": "/data/advisories/ZDI-21-1597/advisory.json", "detail_path": "advisories/ZDI-21-1597", "id": "ZDI-21-1597", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor PlaySound Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1597/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15313", "zdi_id": "ZDI-21-1597" }, { "cve": "CVE-2021-35234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the TextToSpeech class. A crafted...", "detail_json": "/data/advisories/ZDI-21-1596/advisory.json", "detail_path": "advisories/ZDI-21-1596", "id": "ZDI-21-1596", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "SolarWinds Network Performance Monitor TextToSpeech Exposed Dangerous Function Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1596/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-15311", "zdi_id": "ZDI-21-1596" }, { "cve": "CVE-2021-41365", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. Authentication is required to exploit this vulnerability. The specific flaw exists within the maintenanceWindow endpoint. The issu...", "detail_json": "/data/advisories/ZDI-21-1595/advisory.json", "detail_path": "advisories/ZDI-21-1595", "id": "ZDI-21-1595", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Microsoft Azure Defender for IoT maintenanceWindow Endpoint SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1595/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14189", "zdi_id": "ZDI-21-1595" }, { "cve": "CVE-2021-44681", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVStgOfflineOpns.exe. The issue results f...", "detail_json": "/data/advisories/ZDI-21-1594/advisory.json", "detail_path": "advisories/ZDI-21-1594", "id": "ZDI-21-1594", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault EVStgOfflineOpns Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1594/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14080", "zdi_id": "ZDI-21-1594" }, { "cve": "CVE-2021-44682", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVStorageQueueBroker.exe. The issue resul...", "detail_json": "/data/advisories/ZDI-21-1593/advisory.json", "detail_path": "advisories/ZDI-21-1593", "id": "ZDI-21-1593", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault EVStorageQueueBroker Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1593/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14079", "zdi_id": "ZDI-21-1593" }, { "cve": "CVE-2021-44677", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVExchangeWebServicesProxy.exe. The issue...", "detail_json": "/data/advisories/ZDI-21-1592/advisory.json", "detail_path": "advisories/ZDI-21-1592", "id": "ZDI-21-1592", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault EVExchangeWebServicesProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1592/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14078", "zdi_id": "ZDI-21-1592" }, { "cve": "CVE-2021-44678", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within MonitoringAgent.exe. The issue results fr...", "detail_json": "/data/advisories/ZDI-21-1591/advisory.json", "detail_path": "advisories/ZDI-21-1591", "id": "ZDI-21-1591", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault MonitoringAgent Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1591/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14076", "zdi_id": "ZDI-21-1591" }, { "cve": "CVE-2021-44680", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVMonitoring.exe. The issue results from...", "detail_json": "/data/advisories/ZDI-21-1590/advisory.json", "detail_path": "advisories/ZDI-21-1590", "id": "ZDI-21-1590", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault EVMonitoring Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1590/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14075", "zdi_id": "ZDI-21-1590" }, { "cve": "CVE-2021-44679", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVTaskGuardian.exe. The issue results fro...", "detail_json": "/data/advisories/ZDI-21-1589/advisory.json", "detail_path": "advisories/ZDI-21-1589", "id": "ZDI-21-1589", "kind": "published", "published_date": "2021-12-23", "status": "published", "title": "Veritas Enterprise Vault EVTaskGuardian Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1589/", "vendor": "Veritas", "vendor_url": null, "zdi_can": "ZDI-CAN-14074", "zdi_id": "ZDI-21-1589" }, { "cve": "CVE-2021-44696", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-1588/advisory.json", "detail_path": "advisories/ZDI-21-1588", "id": "ZDI-21-1588", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Prelude JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1588/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15270", "zdi_id": "ZDI-21-1588" }, { "cve": "CVE-2021-43030", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1587/advisory.json", "detail_path": "advisories/ZDI-21-1587", "id": "ZDI-21-1587", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1587/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15278", "zdi_id": "ZDI-21-1587" }, { "cve": "CVE-2021-40795", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-1586/advisory.json", "detail_path": "advisories/ZDI-21-1586", "id": "ZDI-21-1586", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Pro 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1586/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15268", "zdi_id": "ZDI-21-1586" }, { "cve": "CVE-2021-40790", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-21-1585/advisory.json", "detail_path": "advisories/ZDI-21-1585", "id": "ZDI-21-1585", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Pro MOV File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1585/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15267", "zdi_id": "ZDI-21-1585" }, { "cve": "CVE-2021-43751", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-21-1584/advisory.json", "detail_path": "advisories/ZDI-21-1584", "id": "ZDI-21-1584", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1584/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15265", "zdi_id": "ZDI-21-1584" }, { "cve": "CVE-2021-42265", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-21-1583/advisory.json", "detail_path": "advisories/ZDI-21-1583", "id": "ZDI-21-1583", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1583/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15264", "zdi_id": "ZDI-21-1583" }, { "cve": "CVE-2021-40791", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-21-1582/advisory.json", "detail_path": "advisories/ZDI-21-1582", "id": "ZDI-21-1582", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Pro JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1582/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15243", "zdi_id": "ZDI-21-1582" }, { "cve": "CVE-2021-43753", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe Photoshop Lightroom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1581/advisory.json", "detail_path": "advisories/ZDI-21-1581", "id": "ZDI-21-1581", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Photoshop Lightroom TIF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1581/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15242", "zdi_id": "ZDI-21-1581" }, { "cve": "CVE-2021-43759", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1580/advisory.json", "detail_path": "advisories/ZDI-21-1580", "id": "ZDI-21-1580", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1580/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15269", "zdi_id": "ZDI-21-1580" }, { "cve": "CVE-2021-44699", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1579/advisory.json", "detail_path": "advisories/ZDI-21-1579", "id": "ZDI-21-1579", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1579/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15263", "zdi_id": "ZDI-21-1579" }, { "cve": "CVE-2021-44697", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1578/advisory.json", "detail_path": "advisories/ZDI-21-1578", "id": "ZDI-21-1578", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Audition MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1578/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15262", "zdi_id": "ZDI-21-1578" }, { "cve": "CVE-2021-44698", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1577/advisory.json", "detail_path": "advisories/ZDI-21-1577", "id": "ZDI-21-1577", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1577/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15261", "zdi_id": "ZDI-21-1577" }, { "cve": "CVE-2021-43757", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1576/advisory.json", "detail_path": "advisories/ZDI-21-1576", "id": "ZDI-21-1576", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Media Encoder 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1576/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15260", "zdi_id": "ZDI-21-1576" }, { "cve": "CVE-2021-43758", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1575/advisory.json", "detail_path": "advisories/ZDI-21-1575", "id": "ZDI-21-1575", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1575/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15259", "zdi_id": "ZDI-21-1575" }, { "cve": "CVE-2021-43760", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1574/advisory.json", "detail_path": "advisories/ZDI-21-1574", "id": "ZDI-21-1574", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Media Encoder MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1574/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15258", "zdi_id": "ZDI-21-1574" }, { "cve": "CVE-2021-44182", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1573/advisory.json", "detail_path": "advisories/ZDI-21-1573", "id": "ZDI-21-1573", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1573/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15276", "zdi_id": "ZDI-21-1573" }, { "cve": "CVE-2021-44183", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1572/advisory.json", "detail_path": "advisories/ZDI-21-1572", "id": "ZDI-21-1572", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1572/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15252", "zdi_id": "ZDI-21-1572" }, { "cve": "CVE-2021-44180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1571/advisory.json", "detail_path": "advisories/ZDI-21-1571", "id": "ZDI-21-1571", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1571/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15250", "zdi_id": "ZDI-21-1571" }, { "cve": "CVE-2021-44181", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1570/advisory.json", "detail_path": "advisories/ZDI-21-1570", "id": "ZDI-21-1570", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1570/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15249", "zdi_id": "ZDI-21-1570" }, { "cve": "CVE-2021-44179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1569/advisory.json", "detail_path": "advisories/ZDI-21-1569", "id": "ZDI-21-1569", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15248", "zdi_id": "ZDI-21-1569" }, { "cve": "CVE-2021-44192", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1568/advisory.json", "detail_path": "advisories/ZDI-21-1568", "id": "ZDI-21-1568", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15281", "zdi_id": "ZDI-21-1568" }, { "cve": "CVE-2021-44194", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1567/advisory.json", "detail_path": "advisories/ZDI-21-1567", "id": "ZDI-21-1567", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects 3GP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1567/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15280", "zdi_id": "ZDI-21-1567" }, { "cve": "CVE-2021-44193", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1566/advisory.json", "detail_path": "advisories/ZDI-21-1566", "id": "ZDI-21-1566", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1566/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15279", "zdi_id": "ZDI-21-1566" }, { "cve": "CVE-2021-44188", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1565/advisory.json", "detail_path": "advisories/ZDI-21-1565", "id": "ZDI-21-1565", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1565/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15257", "zdi_id": "ZDI-21-1565" }, { "cve": "CVE-2021-44191", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1564/advisory.json", "detail_path": "advisories/ZDI-21-1564", "id": "ZDI-21-1564", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15256", "zdi_id": "ZDI-21-1564" }, { "cve": "CVE-2021-44190", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1563/advisory.json", "detail_path": "advisories/ZDI-21-1563", "id": "ZDI-21-1563", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1563/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15255", "zdi_id": "ZDI-21-1563" }, { "cve": "CVE-2021-44195", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1562/advisory.json", "detail_path": "advisories/ZDI-21-1562", "id": "ZDI-21-1562", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1562/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15247", "zdi_id": "ZDI-21-1562" }, { "cve": "CVE-2021-43763", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1561/advisory.json", "detail_path": "advisories/ZDI-21-1561", "id": "ZDI-21-1561", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Dimension TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1561/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15229", "zdi_id": "ZDI-21-1561" }, { "cve": "CVE-2021-43018", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1560/advisory.json", "detail_path": "advisories/ZDI-21-1560", "id": "ZDI-21-1560", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Photoshop JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1560/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15147", "zdi_id": "ZDI-21-1560" }, { "cve": "CVE-2021-44189", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1559/advisory.json", "detail_path": "advisories/ZDI-21-1559", "id": "ZDI-21-1559", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1559/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15149", "zdi_id": "ZDI-21-1559" }, { "cve": "CVE-2021-43027", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1558/advisory.json", "detail_path": "advisories/ZDI-21-1558", "id": "ZDI-21-1558", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe After Effects TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1558/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15042", "zdi_id": "ZDI-21-1558" }, { "cve": "CVE-2021-43746", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1557/advisory.json", "detail_path": "advisories/ZDI-21-1557", "id": "ZDI-21-1557", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1557/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13736", "zdi_id": "ZDI-21-1557" }, { "cve": "CVE-2021-42311", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update-handshake endpoint. The...", "detail_json": "/data/advisories/ZDI-21-1556/advisory.json", "detail_path": "advisories/ZDI-21-1556", "id": "ZDI-21-1556", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Microsoft Azure Defender for IoT update-handshake Endpoint SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1556/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14160", "zdi_id": "ZDI-21-1556" }, { "cve": "CVE-2021-42313", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sync endpoint. The issue resul...", "detail_json": "/data/advisories/ZDI-21-1555/advisory.json", "detail_path": "advisories/ZDI-21-1555", "id": "ZDI-21-1555", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Microsoft Azure Defender for IoT sync Endpoint SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1555/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14159", "zdi_id": "ZDI-21-1555" }, { "cve": "CVE-2021-43247", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1554/advisory.json", "detail_path": "advisories/ZDI-21-1554", "id": "ZDI-21-1554", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Microsoft Windows tcpip.sys Heap-based Buffer Overflow Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1554/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14456", "zdi_id": "ZDI-21-1554" }, { "cve": "CVE-2021-43882", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT console and sensor appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-21-1553/advisory.json", "detail_path": "advisories/ZDI-21-1553", "id": "ZDI-21-1553", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Microsoft Azure Defender for IoT Improper Certificate Validation Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1553/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14728", "zdi_id": "ZDI-21-1553" }, { "cve": "CVE-2021-41333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escape the low integrity sandbox on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-1552/advisory.json", "detail_path": "advisories/ZDI-21-1552", "id": "ZDI-21-1552", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Microsoft Windows Print Spooler Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1552/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14459", "zdi_id": "ZDI-21-1552" }, { "cve": "CVE-2021-42069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1551/advisory.json", "detail_path": "advisories/ZDI-21-1551", "id": "ZDI-21-1551", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1551/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-16001", "zdi_id": "ZDI-21-1551" }, { "cve": "CVE-2021-4011", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1550/advisory.json", "detail_path": "advisories/ZDI-21-1550", "id": "ZDI-21-1550", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "X.Org Server SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1550/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-14952", "zdi_id": "ZDI-21-1550" }, { "cve": "CVE-2021-4010", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1549/advisory.json", "detail_path": "advisories/ZDI-21-1549", "id": "ZDI-21-1549", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1549/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-14951", "zdi_id": "ZDI-21-1549" }, { "cve": "CVE-2021-4009", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1548/advisory.json", "detail_path": "advisories/ZDI-21-1548", "id": "ZDI-21-1548", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "X.Org Server SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1548/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-14950", "zdi_id": "ZDI-21-1548" }, { "cve": "CVE-2021-4008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1547/advisory.json", "detail_path": "advisories/ZDI-21-1547", "id": "ZDI-21-1547", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1547/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-14192", "zdi_id": "ZDI-21-1547" }, { "cve": "CVE-2021-44423", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1546/advisory.json", "detail_path": "advisories/ZDI-21-1546", "id": "ZDI-21-1546", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1546/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14627", "zdi_id": "ZDI-21-1546" }, { "cve": "CVE-2021-44860", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1545/advisory.json", "detail_path": "advisories/ZDI-21-1545", "id": "ZDI-21-1545", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1545/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14726", "zdi_id": "ZDI-21-1545" }, { "cve": "CVE-2021-44859", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1544/advisory.json", "detail_path": "advisories/ZDI-21-1544", "id": "ZDI-21-1544", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1544/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14699", "zdi_id": "ZDI-21-1544" }, { "cve": "CVE-2021-44422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1543/advisory.json", "detail_path": "advisories/ZDI-21-1543", "id": "ZDI-21-1543", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1543/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14673", "zdi_id": "ZDI-21-1543" }, { "cve": "CVE-2021-44422", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1542/advisory.json", "detail_path": "advisories/ZDI-21-1542", "id": "ZDI-21-1542", "kind": "published", "published_date": "2021-12-21", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1542/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14669", "zdi_id": "ZDI-21-1542" }, { "cve": "CVE-2021-45105", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StrSubstitutor class. The issue res...", "detail_json": "/data/advisories/ZDI-21-1541/advisory.json", "detail_path": "advisories/ZDI-21-1541", "id": "ZDI-21-1541", "kind": "published", "published_date": "2021-12-19", "status": "published", "title": "Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-16160", "zdi_id": "ZDI-21-1541" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1540/advisory.json", "detail_path": "advisories/ZDI-21-1540", "id": "ZDI-21-1540", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1540/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13816", "zdi_id": "ZDI-21-1540" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1539/advisory.json", "detail_path": "advisories/ZDI-21-1539", "id": "ZDI-21-1539", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1539/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13815", "zdi_id": "ZDI-21-1539" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1538/advisory.json", "detail_path": "advisories/ZDI-21-1538", "id": "ZDI-21-1538", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1538/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13814", "zdi_id": "ZDI-21-1538" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1537/advisory.json", "detail_path": "advisories/ZDI-21-1537", "id": "ZDI-21-1537", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "Tencent WeChat WXAM Decoder Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1537/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13813", "zdi_id": "ZDI-21-1537" }, { "cve": "CVE-2021-44023", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-21-1536/advisory.json", "detail_path": "advisories/ZDI-21-1536", "id": "ZDI-21-1536", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14587", "zdi_id": "ZDI-21-1536" }, { "cve": "CVE-2021-31850", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of McAfee Database Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-21-1535/advisory.json", "detail_path": "advisories/ZDI-21-1535", "id": "ZDI-21-1535", "kind": "published", "published_date": "2021-12-14", "status": "published", "title": "McAfee Database Security Improper Access Control Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1535/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-14792", "zdi_id": "ZDI-21-1535" }, { "cve": "CVE-2021-34946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1534/advisory.json", "detail_path": "advisories/ZDI-21-1534", "id": "ZDI-21-1534", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1534/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15055", "zdi_id": "ZDI-21-1534" }, { "cve": "CVE-2021-34945", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1533/advisory.json", "detail_path": "advisories/ZDI-21-1533", "id": "ZDI-21-1533", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1533/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15054", "zdi_id": "ZDI-21-1533" }, { "cve": "CVE-2021-34944", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1532/advisory.json", "detail_path": "advisories/ZDI-21-1532", "id": "ZDI-21-1532", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1532/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15052", "zdi_id": "ZDI-21-1532" }, { "cve": "CVE-2021-34943", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1531/advisory.json", "detail_path": "advisories/ZDI-21-1531", "id": "ZDI-21-1531", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1531/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15051", "zdi_id": "ZDI-21-1531" }, { "cve": "CVE-2021-34942", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1530/advisory.json", "detail_path": "advisories/ZDI-21-1530", "id": "ZDI-21-1530", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1530/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15041", "zdi_id": "ZDI-21-1530" }, { "cve": "CVE-2021-34941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1529/advisory.json", "detail_path": "advisories/ZDI-21-1529", "id": "ZDI-21-1529", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1529/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15040", "zdi_id": "ZDI-21-1529" }, { "cve": "CVE-2021-34940", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1528/advisory.json", "detail_path": "advisories/ZDI-21-1528", "id": "ZDI-21-1528", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1528/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-15039", "zdi_id": "ZDI-21-1528" }, { "cve": "CVE-2021-34939", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1527/advisory.json", "detail_path": "advisories/ZDI-21-1527", "id": "ZDI-21-1527", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1527/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14996", "zdi_id": "ZDI-21-1527" }, { "cve": "CVE-2021-34938", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1526/advisory.json", "detail_path": "advisories/ZDI-21-1526", "id": "ZDI-21-1526", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1526/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14995", "zdi_id": "ZDI-21-1526" }, { "cve": "CVE-2021-34937", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1525/advisory.json", "detail_path": "advisories/ZDI-21-1525", "id": "ZDI-21-1525", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1525/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14915", "zdi_id": "ZDI-21-1525" }, { "cve": "CVE-2021-34936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1524/advisory.json", "detail_path": "advisories/ZDI-21-1524", "id": "ZDI-21-1524", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1524/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14914", "zdi_id": "ZDI-21-1524" }, { "cve": "CVE-2021-34935", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1523/advisory.json", "detail_path": "advisories/ZDI-21-1523", "id": "ZDI-21-1523", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1523/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14913", "zdi_id": "ZDI-21-1523" }, { "cve": "CVE-2021-34934", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1522/advisory.json", "detail_path": "advisories/ZDI-21-1522", "id": "ZDI-21-1522", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1522/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14912", "zdi_id": "ZDI-21-1522" }, { "cve": "CVE-2021-34933", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1521/advisory.json", "detail_path": "advisories/ZDI-21-1521", "id": "ZDI-21-1521", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1521/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14911", "zdi_id": "ZDI-21-1521" }, { "cve": "CVE-2021-34932", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1520/advisory.json", "detail_path": "advisories/ZDI-21-1520", "id": "ZDI-21-1520", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1520/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14910", "zdi_id": "ZDI-21-1520" }, { "cve": "CVE-2021-34931", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1519/advisory.json", "detail_path": "advisories/ZDI-21-1519", "id": "ZDI-21-1519", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1519/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14909", "zdi_id": "ZDI-21-1519" }, { "cve": "CVE-2021-34930", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1518/advisory.json", "detail_path": "advisories/ZDI-21-1518", "id": "ZDI-21-1518", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1518/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14908", "zdi_id": "ZDI-21-1518" }, { "cve": "CVE-2021-34929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1517/advisory.json", "detail_path": "advisories/ZDI-21-1517", "id": "ZDI-21-1517", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1517/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14907", "zdi_id": "ZDI-21-1517" }, { "cve": "CVE-2021-34928", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1516/advisory.json", "detail_path": "advisories/ZDI-21-1516", "id": "ZDI-21-1516", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1516/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14906", "zdi_id": "ZDI-21-1516" }, { "cve": "CVE-2021-34927", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1515/advisory.json", "detail_path": "advisories/ZDI-21-1515", "id": "ZDI-21-1515", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1515/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14905", "zdi_id": "ZDI-21-1515" }, { "cve": "CVE-2021-34926", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1514/advisory.json", "detail_path": "advisories/ZDI-21-1514", "id": "ZDI-21-1514", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1514/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14904", "zdi_id": "ZDI-21-1514" }, { "cve": "CVE-2021-34925", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1513/advisory.json", "detail_path": "advisories/ZDI-21-1513", "id": "ZDI-21-1513", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1513/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14903", "zdi_id": "ZDI-21-1513" }, { "cve": "CVE-2021-34924", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1512/advisory.json", "detail_path": "advisories/ZDI-21-1512", "id": "ZDI-21-1512", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1512/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14902", "zdi_id": "ZDI-21-1512" }, { "cve": "CVE-2021-34923", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1511/advisory.json", "detail_path": "advisories/ZDI-21-1511", "id": "ZDI-21-1511", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1511/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14901", "zdi_id": "ZDI-21-1511" }, { "cve": "CVE-2021-34922", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1510/advisory.json", "detail_path": "advisories/ZDI-21-1510", "id": "ZDI-21-1510", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1510/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14900", "zdi_id": "ZDI-21-1510" }, { "cve": "CVE-2021-34921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1509/advisory.json", "detail_path": "advisories/ZDI-21-1509", "id": "ZDI-21-1509", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1509/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14899", "zdi_id": "ZDI-21-1509" }, { "cve": "CVE-2021-34920", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1508/advisory.json", "detail_path": "advisories/ZDI-21-1508", "id": "ZDI-21-1508", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1508/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14898", "zdi_id": "ZDI-21-1508" }, { "cve": "CVE-2021-34919", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1507/advisory.json", "detail_path": "advisories/ZDI-21-1507", "id": "ZDI-21-1507", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1507/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14897", "zdi_id": "ZDI-21-1507" }, { "cve": "CVE-2021-34918", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1506/advisory.json", "detail_path": "advisories/ZDI-21-1506", "id": "ZDI-21-1506", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1506/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14896", "zdi_id": "ZDI-21-1506" }, { "cve": "CVE-2021-34917", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1505/advisory.json", "detail_path": "advisories/ZDI-21-1505", "id": "ZDI-21-1505", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1505/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14895", "zdi_id": "ZDI-21-1505" }, { "cve": "CVE-2021-34916", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1504/advisory.json", "detail_path": "advisories/ZDI-21-1504", "id": "ZDI-21-1504", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1504/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14894", "zdi_id": "ZDI-21-1504" }, { "cve": "CVE-2021-34915", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1503/advisory.json", "detail_path": "advisories/ZDI-21-1503", "id": "ZDI-21-1503", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1503/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14893", "zdi_id": "ZDI-21-1503" }, { "cve": "CVE-2021-34914", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1502/advisory.json", "detail_path": "advisories/ZDI-21-1502", "id": "ZDI-21-1502", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1502/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14892", "zdi_id": "ZDI-21-1502" }, { "cve": "CVE-2021-34912", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1501/advisory.json", "detail_path": "advisories/ZDI-21-1501", "id": "ZDI-21-1501", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1501/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14885", "zdi_id": "ZDI-21-1501" }, { "cve": "CVE-2021-34911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1500/advisory.json", "detail_path": "advisories/ZDI-21-1500", "id": "ZDI-21-1500", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1500/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14884", "zdi_id": "ZDI-21-1500" }, { "cve": "CVE-2021-34910", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1499/advisory.json", "detail_path": "advisories/ZDI-21-1499", "id": "ZDI-21-1499", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1499/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14883", "zdi_id": "ZDI-21-1499" }, { "cve": "CVE-2021-34909", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1498/advisory.json", "detail_path": "advisories/ZDI-21-1498", "id": "ZDI-21-1498", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1498/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14882", "zdi_id": "ZDI-21-1498" }, { "cve": "CVE-2021-34908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1497/advisory.json", "detail_path": "advisories/ZDI-21-1497", "id": "ZDI-21-1497", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1497/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14881", "zdi_id": "ZDI-21-1497" }, { "cve": "CVE-2021-34907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1496/advisory.json", "detail_path": "advisories/ZDI-21-1496", "id": "ZDI-21-1496", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1496/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14880", "zdi_id": "ZDI-21-1496" }, { "cve": "CVE-2021-34906", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1495/advisory.json", "detail_path": "advisories/ZDI-21-1495", "id": "ZDI-21-1495", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1495/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14879", "zdi_id": "ZDI-21-1495" }, { "cve": "CVE-2021-34905", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1494/advisory.json", "detail_path": "advisories/ZDI-21-1494", "id": "ZDI-21-1494", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1494/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14878", "zdi_id": "ZDI-21-1494" }, { "cve": "CVE-2021-34904", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1493/advisory.json", "detail_path": "advisories/ZDI-21-1493", "id": "ZDI-21-1493", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1493/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14877", "zdi_id": "ZDI-21-1493" }, { "cve": "CVE-2021-34903", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1492/advisory.json", "detail_path": "advisories/ZDI-21-1492", "id": "ZDI-21-1492", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1492/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14876", "zdi_id": "ZDI-21-1492" }, { "cve": "CVE-2021-34902", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1491/advisory.json", "detail_path": "advisories/ZDI-21-1491", "id": "ZDI-21-1491", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1491/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14875", "zdi_id": "ZDI-21-1491" }, { "cve": "CVE-2021-34901", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1490/advisory.json", "detail_path": "advisories/ZDI-21-1490", "id": "ZDI-21-1490", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1490/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14874", "zdi_id": "ZDI-21-1490" }, { "cve": "CVE-2021-34900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1489/advisory.json", "detail_path": "advisories/ZDI-21-1489", "id": "ZDI-21-1489", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1489/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14867", "zdi_id": "ZDI-21-1489" }, { "cve": "CVE-2021-34899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1488/advisory.json", "detail_path": "advisories/ZDI-21-1488", "id": "ZDI-21-1488", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1488/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14866", "zdi_id": "ZDI-21-1488" }, { "cve": "CVE-2021-34898", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1487/advisory.json", "detail_path": "advisories/ZDI-21-1487", "id": "ZDI-21-1487", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1487/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14865", "zdi_id": "ZDI-21-1487" }, { "cve": "CVE-2021-34897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1486/advisory.json", "detail_path": "advisories/ZDI-21-1486", "id": "ZDI-21-1486", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1486/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14864", "zdi_id": "ZDI-21-1486" }, { "cve": "CVE-2021-34896", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1485/advisory.json", "detail_path": "advisories/ZDI-21-1485", "id": "ZDI-21-1485", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1485/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14863", "zdi_id": "ZDI-21-1485" }, { "cve": "CVE-2021-34895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1484/advisory.json", "detail_path": "advisories/ZDI-21-1484", "id": "ZDI-21-1484", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1484/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14862", "zdi_id": "ZDI-21-1484" }, { "cve": "CVE-2021-34894", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1483/advisory.json", "detail_path": "advisories/ZDI-21-1483", "id": "ZDI-21-1483", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1483/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14847", "zdi_id": "ZDI-21-1483" }, { "cve": "CVE-2021-34893", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1482/advisory.json", "detail_path": "advisories/ZDI-21-1482", "id": "ZDI-21-1482", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1482/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14846", "zdi_id": "ZDI-21-1482" }, { "cve": "CVE-2021-34892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1481/advisory.json", "detail_path": "advisories/ZDI-21-1481", "id": "ZDI-21-1481", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1481/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14845", "zdi_id": "ZDI-21-1481" }, { "cve": "CVE-2021-34891", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1480/advisory.json", "detail_path": "advisories/ZDI-21-1480", "id": "ZDI-21-1480", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1480/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14844", "zdi_id": "ZDI-21-1480" }, { "cve": "CVE-2021-34890", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1479/advisory.json", "detail_path": "advisories/ZDI-21-1479", "id": "ZDI-21-1479", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1479/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14843", "zdi_id": "ZDI-21-1479" }, { "cve": "CVE-2021-34889", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1478/advisory.json", "detail_path": "advisories/ZDI-21-1478", "id": "ZDI-21-1478", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1478/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14842", "zdi_id": "ZDI-21-1478" }, { "cve": "CVE-2021-34888", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1477/advisory.json", "detail_path": "advisories/ZDI-21-1477", "id": "ZDI-21-1477", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1477/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14841", "zdi_id": "ZDI-21-1477" }, { "cve": "CVE-2021-34887", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1476/advisory.json", "detail_path": "advisories/ZDI-21-1476", "id": "ZDI-21-1476", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1476/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14840", "zdi_id": "ZDI-21-1476" }, { "cve": "CVE-2021-34886", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1475/advisory.json", "detail_path": "advisories/ZDI-21-1475", "id": "ZDI-21-1475", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View FBX File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1475/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14839", "zdi_id": "ZDI-21-1475" }, { "cve": "CVE-2021-34885", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1474/advisory.json", "detail_path": "advisories/ZDI-21-1474", "id": "ZDI-21-1474", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1474/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14838", "zdi_id": "ZDI-21-1474" }, { "cve": "CVE-2021-34884", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1473/advisory.json", "detail_path": "advisories/ZDI-21-1473", "id": "ZDI-21-1473", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JP2 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1473/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14837", "zdi_id": "ZDI-21-1473" }, { "cve": "CVE-2021-34883", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1472/advisory.json", "detail_path": "advisories/ZDI-21-1472", "id": "ZDI-21-1472", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1472/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14836", "zdi_id": "ZDI-21-1472" }, { "cve": "CVE-2021-34882", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1471/advisory.json", "detail_path": "advisories/ZDI-21-1471", "id": "ZDI-21-1471", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1471/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14835", "zdi_id": "ZDI-21-1471" }, { "cve": "CVE-2021-34881", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1470/advisory.json", "detail_path": "advisories/ZDI-21-1470", "id": "ZDI-21-1470", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1470/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14834", "zdi_id": "ZDI-21-1470" }, { "cve": "CVE-2021-34880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1469/advisory.json", "detail_path": "advisories/ZDI-21-1469", "id": "ZDI-21-1469", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1469/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14833", "zdi_id": "ZDI-21-1469" }, { "cve": "CVE-2021-34879", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1468/advisory.json", "detail_path": "advisories/ZDI-21-1468", "id": "ZDI-21-1468", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View J2K File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1468/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14832", "zdi_id": "ZDI-21-1468" }, { "cve": "CVE-2021-34913", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1467/advisory.json", "detail_path": "advisories/ZDI-21-1467", "id": "ZDI-21-1467", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1467/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14831", "zdi_id": "ZDI-21-1467" }, { "cve": "CVE-2021-34878", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1466/advisory.json", "detail_path": "advisories/ZDI-21-1466", "id": "ZDI-21-1466", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1466/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14830", "zdi_id": "ZDI-21-1466" }, { "cve": "CVE-2021-34877", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1465/advisory.json", "detail_path": "advisories/ZDI-21-1465", "id": "ZDI-21-1465", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1465/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14829", "zdi_id": "ZDI-21-1465" }, { "cve": "CVE-2021-34876", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1464/advisory.json", "detail_path": "advisories/ZDI-21-1464", "id": "ZDI-21-1464", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1464/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14828", "zdi_id": "ZDI-21-1464" }, { "cve": "CVE-2021-34875", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1463/advisory.json", "detail_path": "advisories/ZDI-21-1463", "id": "ZDI-21-1463", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1463/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14827", "zdi_id": "ZDI-21-1463" }, { "cve": "CVE-2021-34872", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1462/advisory.json", "detail_path": "advisories/ZDI-21-1462", "id": "ZDI-21-1462", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1462/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14737", "zdi_id": "ZDI-21-1462" }, { "cve": "CVE-2021-34874", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1461/advisory.json", "detail_path": "advisories/ZDI-21-1461", "id": "ZDI-21-1461", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View 3DS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1461/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14736", "zdi_id": "ZDI-21-1461" }, { "cve": "CVE-2021-34873", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1460/advisory.json", "detail_path": "advisories/ZDI-21-1460", "id": "ZDI-21-1460", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1460/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14696", "zdi_id": "ZDI-21-1460" }, { "cve": "CVE-2021-34871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1459/advisory.json", "detail_path": "advisories/ZDI-21-1459", "id": "ZDI-21-1459", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1459/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14695", "zdi_id": "ZDI-21-1459" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1458/advisory.json", "detail_path": "advisories/ZDI-21-1458", "id": "ZDI-21-1458", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-12-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1458/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13513", "zdi_id": "ZDI-21-1458" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1457/advisory.json", "detail_path": "advisories/ZDI-21-1457", "id": "ZDI-21-1457", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-12-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1457/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13369", "zdi_id": "ZDI-21-1457" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1456/advisory.json", "detail_path": "advisories/ZDI-21-1456", "id": "ZDI-21-1456", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-12-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1456/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13368", "zdi_id": "ZDI-21-1456" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1455/advisory.json", "detail_path": "advisories/ZDI-21-1455", "id": "ZDI-21-1455", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-12-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1455/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13367", "zdi_id": "ZDI-21-1455" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1454/advisory.json", "detail_path": "advisories/ZDI-21-1454", "id": "ZDI-21-1454", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-12-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1454/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13366", "zdi_id": "ZDI-21-1454" }, { "cve": "CVE-2021-44185", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1453/advisory.json", "detail_path": "advisories/ZDI-21-1453", "id": "ZDI-21-1453", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Adobe Bridge RGB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1453/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15253", "zdi_id": "ZDI-21-1453" }, { "cve": "CVE-2021-44186", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1452/advisory.json", "detail_path": "advisories/ZDI-21-1452", "id": "ZDI-21-1452", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1452/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15322", "zdi_id": "ZDI-21-1452" }, { "cve": "CVE-2021-44187", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1451/advisory.json", "detail_path": "advisories/ZDI-21-1451", "id": "ZDI-21-1451", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1451/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15321", "zdi_id": "ZDI-21-1451" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1450/advisory.json", "detail_path": "advisories/ZDI-21-1450", "id": "ZDI-21-1450", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1450/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13626", "zdi_id": "ZDI-21-1450" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1449/advisory.json", "detail_path": "advisories/ZDI-21-1449", "id": "ZDI-21-1449", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1449/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13624", "zdi_id": "ZDI-21-1449" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1448/advisory.json", "detail_path": "advisories/ZDI-21-1448", "id": "ZDI-21-1448", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1448/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13623", "zdi_id": "ZDI-21-1448" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1447/advisory.json", "detail_path": "advisories/ZDI-21-1447", "id": "ZDI-21-1447", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1447/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13622", "zdi_id": "ZDI-21-1447" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1446/advisory.json", "detail_path": "advisories/ZDI-21-1446", "id": "ZDI-21-1446", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WAXM Decoder Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1446/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13336", "zdi_id": "ZDI-21-1446" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1445/advisory.json", "detail_path": "advisories/ZDI-21-1445", "id": "ZDI-21-1445", "kind": "published", "published_date": "2021-12-07", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1445/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-13498", "zdi_id": "ZDI-21-1445" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1444/advisory.json", "detail_path": "advisories/ZDI-21-1444", "id": "ZDI-21-1444", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1444/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14979", "zdi_id": "ZDI-21-1444" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1443/advisory.json", "detail_path": "advisories/ZDI-21-1443", "id": "ZDI-21-1443", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1443/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14186", "zdi_id": "ZDI-21-1443" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1442/advisory.json", "detail_path": "advisories/ZDI-21-1442", "id": "ZDI-21-1442", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1442/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14185", "zdi_id": "ZDI-21-1442" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1441/advisory.json", "detail_path": "advisories/ZDI-21-1441", "id": "ZDI-21-1441", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1441/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14184", "zdi_id": "ZDI-21-1441" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1440/advisory.json", "detail_path": "advisories/ZDI-21-1440", "id": "ZDI-21-1440", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1440/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14183", "zdi_id": "ZDI-21-1440" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1439/advisory.json", "detail_path": "advisories/ZDI-21-1439", "id": "ZDI-21-1439", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop pdf2dl Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1439/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14182", "zdi_id": "ZDI-21-1439" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1438/advisory.json", "detail_path": "advisories/ZDI-21-1438", "id": "ZDI-21-1438", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1438/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14181", "zdi_id": "ZDI-21-1438" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1437/advisory.json", "detail_path": "advisories/ZDI-21-1437", "id": "ZDI-21-1437", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1437/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14180", "zdi_id": "ZDI-21-1437" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1436/advisory.json", "detail_path": "advisories/ZDI-21-1436", "id": "ZDI-21-1436", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1436/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14179", "zdi_id": "ZDI-21-1436" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1435/advisory.json", "detail_path": "advisories/ZDI-21-1435", "id": "ZDI-21-1435", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1435/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14178", "zdi_id": "ZDI-21-1435" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1434/advisory.json", "detail_path": "advisories/ZDI-21-1434", "id": "ZDI-21-1434", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1434/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14177", "zdi_id": "ZDI-21-1434" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1433/advisory.json", "detail_path": "advisories/ZDI-21-1433", "id": "ZDI-21-1433", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1433/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14176", "zdi_id": "ZDI-21-1433" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1432/advisory.json", "detail_path": "advisories/ZDI-21-1432", "id": "ZDI-21-1432", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1432/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14175", "zdi_id": "ZDI-21-1432" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1431/advisory.json", "detail_path": "advisories/ZDI-21-1431", "id": "ZDI-21-1431", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1431/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14174", "zdi_id": "ZDI-21-1431" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1430/advisory.json", "detail_path": "advisories/ZDI-21-1430", "id": "ZDI-21-1430", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1430/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14173", "zdi_id": "ZDI-21-1430" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1429/advisory.json", "detail_path": "advisories/ZDI-21-1429", "id": "ZDI-21-1429", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1429/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14172", "zdi_id": "ZDI-21-1429" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1428/advisory.json", "detail_path": "advisories/ZDI-21-1428", "id": "ZDI-21-1428", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1428/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14171", "zdi_id": "ZDI-21-1428" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1427/advisory.json", "detail_path": "advisories/ZDI-21-1427", "id": "ZDI-21-1427", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1427/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14170", "zdi_id": "ZDI-21-1427" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1426/advisory.json", "detail_path": "advisories/ZDI-21-1426", "id": "ZDI-21-1426", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1426/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14169", "zdi_id": "ZDI-21-1426" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1425/advisory.json", "detail_path": "advisories/ZDI-21-1425", "id": "ZDI-21-1425", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1425/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14168", "zdi_id": "ZDI-21-1425" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1424/advisory.json", "detail_path": "advisories/ZDI-21-1424", "id": "ZDI-21-1424", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1424/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14167", "zdi_id": "ZDI-21-1424" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1423/advisory.json", "detail_path": "advisories/ZDI-21-1423", "id": "ZDI-21-1423", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1423/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14166", "zdi_id": "ZDI-21-1423" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1422/advisory.json", "detail_path": "advisories/ZDI-21-1422", "id": "ZDI-21-1422", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1422/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14165", "zdi_id": "ZDI-21-1422" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1421/advisory.json", "detail_path": "advisories/ZDI-21-1421", "id": "ZDI-21-1421", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1421/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14164", "zdi_id": "ZDI-21-1421" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1420/advisory.json", "detail_path": "advisories/ZDI-21-1420", "id": "ZDI-21-1420", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1420/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14163", "zdi_id": "ZDI-21-1420" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1419/advisory.json", "detail_path": "advisories/ZDI-21-1419", "id": "ZDI-21-1419", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1419/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14161", "zdi_id": "ZDI-21-1419" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1418/advisory.json", "detail_path": "advisories/ZDI-21-1418", "id": "ZDI-21-1418", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop HTML File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1418/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14152", "zdi_id": "ZDI-21-1418" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1417/advisory.json", "detail_path": "advisories/ZDI-21-1417", "id": "ZDI-21-1417", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1417/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14151", "zdi_id": "ZDI-21-1417" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1416/advisory.json", "detail_path": "advisories/ZDI-21-1416", "id": "ZDI-21-1416", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1416/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14150", "zdi_id": "ZDI-21-1416" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1415/advisory.json", "detail_path": "advisories/ZDI-21-1415", "id": "ZDI-21-1415", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1415/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14149", "zdi_id": "ZDI-21-1415" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1414/advisory.json", "detail_path": "advisories/ZDI-21-1414", "id": "ZDI-21-1414", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1414/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14148", "zdi_id": "ZDI-21-1414" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1413/advisory.json", "detail_path": "advisories/ZDI-21-1413", "id": "ZDI-21-1413", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1413/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14147", "zdi_id": "ZDI-21-1413" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1412/advisory.json", "detail_path": "advisories/ZDI-21-1412", "id": "ZDI-21-1412", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1412/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14146", "zdi_id": "ZDI-21-1412" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1411/advisory.json", "detail_path": "advisories/ZDI-21-1411", "id": "ZDI-21-1411", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop XGL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1411/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14145", "zdi_id": "ZDI-21-1411" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1410/advisory.json", "detail_path": "advisories/ZDI-21-1410", "id": "ZDI-21-1410", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop XGL File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1410/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14144", "zdi_id": "ZDI-21-1410" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1409/advisory.json", "detail_path": "advisories/ZDI-21-1409", "id": "ZDI-21-1409", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop XGL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1409/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14143", "zdi_id": "ZDI-21-1409" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1408/advisory.json", "detail_path": "advisories/ZDI-21-1408", "id": "ZDI-21-1408", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1408/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14142", "zdi_id": "ZDI-21-1408" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1407/advisory.json", "detail_path": "advisories/ZDI-21-1407", "id": "ZDI-21-1407", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1407/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14141", "zdi_id": "ZDI-21-1407" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1406/advisory.json", "detail_path": "advisories/ZDI-21-1406", "id": "ZDI-21-1406", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1406/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14140", "zdi_id": "ZDI-21-1406" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1405/advisory.json", "detail_path": "advisories/ZDI-21-1405", "id": "ZDI-21-1405", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1405/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14139", "zdi_id": "ZDI-21-1405" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1404/advisory.json", "detail_path": "advisories/ZDI-21-1404", "id": "ZDI-21-1404", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1404/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14138", "zdi_id": "ZDI-21-1404" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1403/advisory.json", "detail_path": "advisories/ZDI-21-1403", "id": "ZDI-21-1403", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1403/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14104", "zdi_id": "ZDI-21-1403" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1402/advisory.json", "detail_path": "advisories/ZDI-21-1402", "id": "ZDI-21-1402", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1402/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14103", "zdi_id": "ZDI-21-1402" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1401/advisory.json", "detail_path": "advisories/ZDI-21-1401", "id": "ZDI-21-1401", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1401/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14102", "zdi_id": "ZDI-21-1401" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1400/advisory.json", "detail_path": "advisories/ZDI-21-1400", "id": "ZDI-21-1400", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1400/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14101", "zdi_id": "ZDI-21-1400" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1399/advisory.json", "detail_path": "advisories/ZDI-21-1399", "id": "ZDI-21-1399", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1399/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14100", "zdi_id": "ZDI-21-1399" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1398/advisory.json", "detail_path": "advisories/ZDI-21-1398", "id": "ZDI-21-1398", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1398/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14099", "zdi_id": "ZDI-21-1398" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1397/advisory.json", "detail_path": "advisories/ZDI-21-1397", "id": "ZDI-21-1397", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1397/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14098", "zdi_id": "ZDI-21-1397" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1396/advisory.json", "detail_path": "advisories/ZDI-21-1396", "id": "ZDI-21-1396", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1396/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14097", "zdi_id": "ZDI-21-1396" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1395/advisory.json", "detail_path": "advisories/ZDI-21-1395", "id": "ZDI-21-1395", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1395/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14096", "zdi_id": "ZDI-21-1395" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1394/advisory.json", "detail_path": "advisories/ZDI-21-1394", "id": "ZDI-21-1394", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop U3D File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1394/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14095", "zdi_id": "ZDI-21-1394" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1393/advisory.json", "detail_path": "advisories/ZDI-21-1393", "id": "ZDI-21-1393", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1393/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14094", "zdi_id": "ZDI-21-1393" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1392/advisory.json", "detail_path": "advisories/ZDI-21-1392", "id": "ZDI-21-1392", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1392/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14093", "zdi_id": "ZDI-21-1392" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1391/advisory.json", "detail_path": "advisories/ZDI-21-1391", "id": "ZDI-21-1391", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1391/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14092", "zdi_id": "ZDI-21-1391" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1390/advisory.json", "detail_path": "advisories/ZDI-21-1390", "id": "ZDI-21-1390", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1390/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14091", "zdi_id": "ZDI-21-1390" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1389/advisory.json", "detail_path": "advisories/ZDI-21-1389", "id": "ZDI-21-1389", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1389/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14090", "zdi_id": "ZDI-21-1389" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1388/advisory.json", "detail_path": "advisories/ZDI-21-1388", "id": "ZDI-21-1388", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JPG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1388/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14089", "zdi_id": "ZDI-21-1388" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1387/advisory.json", "detail_path": "advisories/ZDI-21-1387", "id": "ZDI-21-1387", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop JXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1387/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14088", "zdi_id": "ZDI-21-1387" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1386/advisory.json", "detail_path": "advisories/ZDI-21-1386", "id": "ZDI-21-1386", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1386/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14087", "zdi_id": "ZDI-21-1386" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1385/advisory.json", "detail_path": "advisories/ZDI-21-1385", "id": "ZDI-21-1385", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1385/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14086", "zdi_id": "ZDI-21-1385" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1384/advisory.json", "detail_path": "advisories/ZDI-21-1384", "id": "ZDI-21-1384", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1384/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14085", "zdi_id": "ZDI-21-1384" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1383/advisory.json", "detail_path": "advisories/ZDI-21-1383", "id": "ZDI-21-1383", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1383/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14084", "zdi_id": "ZDI-21-1383" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1382/advisory.json", "detail_path": "advisories/ZDI-21-1382", "id": "ZDI-21-1382", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1382/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14083", "zdi_id": "ZDI-21-1382" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1381/advisory.json", "detail_path": "advisories/ZDI-21-1381", "id": "ZDI-21-1381", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1381/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14082", "zdi_id": "ZDI-21-1381" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1380/advisory.json", "detail_path": "advisories/ZDI-21-1380", "id": "ZDI-21-1380", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1380/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-14081", "zdi_id": "ZDI-21-1380" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1379/advisory.json", "detail_path": "advisories/ZDI-21-1379", "id": "ZDI-21-1379", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Avira Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1379/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-14635", "zdi_id": "ZDI-21-1379" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1378/advisory.json", "detail_path": "advisories/ZDI-21-1378", "id": "ZDI-21-1378", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Avira Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1378/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-14124", "zdi_id": "ZDI-21-1378" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1377/advisory.json", "detail_path": "advisories/ZDI-21-1377", "id": "ZDI-21-1377", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Avira Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1377/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-14119", "zdi_id": "ZDI-21-1377" }, { "cve": "CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-1376/advisory.json", "detail_path": "advisories/ZDI-21-1376", "id": "ZDI-21-1376", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1376/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-14377", "zdi_id": "ZDI-21-1376" }, { "cve": "CVE-2021-32969", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-1375/advisory.json", "detail_path": "advisories/ZDI-21-1375", "id": "ZDI-21-1375", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1375/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13028", "zdi_id": "ZDI-21-1375" }, { "cve": "CVE-2021-32965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-1374/advisory.json", "detail_path": "advisories/ZDI-21-1374", "id": "ZDI-21-1374", "kind": "published", "published_date": "2021-12-03", "status": "published", "title": "Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1374/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12978", "zdi_id": "ZDI-21-1374" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Report Info. Authentication is required to exploit this vulnerability. The specific flaw exists within the PMD class. Due to the improper restric...", "detail_json": "/data/advisories/ZDI-21-1373/advisory.json", "detail_path": "advisories/ZDI-21-1373", "id": "ZDI-21-1373", "kind": "published", "published_date": "2021-12-02", "status": "published", "title": "Jenkins Report Info XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1373/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-13946", "zdi_id": "ZDI-21-1373" }, { "cve": "CVE-2021-43982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-1372/advisory.json", "detail_path": "advisories/ZDI-21-1372", "id": "ZDI-21-1372", "kind": "published", "published_date": "2021-12-02", "status": "published", "title": "Delta Industrial Automation CNCSoft DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1372/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13792", "zdi_id": "ZDI-21-1372" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1371/advisory.json", "detail_path": "advisories/ZDI-21-1371", "id": "ZDI-21-1371", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1371/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-14437", "zdi_id": "ZDI-21-1371" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1370/advisory.json", "detail_path": "advisories/ZDI-21-1370", "id": "ZDI-21-1370", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1370/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-14473", "zdi_id": "ZDI-21-1370" }, { "cve": "CVE-2021-30910", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-1369/advisory.json", "detail_path": "advisories/ZDI-21-1369", "id": "ZDI-21-1369", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Apple macOS ModelIO ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1369/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14977", "zdi_id": "ZDI-21-1369" }, { "cve": "CVE-2021-30905", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1368/advisory.json", "detail_path": "advisories/ZDI-21-1368", "id": "ZDI-21-1368", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Apple macOS AudioCodecs LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1368/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14605", "zdi_id": "ZDI-21-1368" }, { "cve": "CVE-2021-34984", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1367/advisory.json", "detail_path": "advisories/ZDI-21-1367", "id": "ZDI-21-1367", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Bentley ContextCapture OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1367/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14784", "zdi_id": "ZDI-21-1367" }, { "cve": "CVE-2021-44021", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-1366/advisory.json", "detail_path": "advisories/ZDI-21-1366", "id": "ZDI-21-1366", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14221", "zdi_id": "ZDI-21-1366" }, { "cve": "CVE-2021-44020", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-1365/advisory.json", "detail_path": "advisories/ZDI-21-1365", "id": "ZDI-21-1365", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14220", "zdi_id": "ZDI-21-1365" }, { "cve": "CVE-2021-44019", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-1364/advisory.json", "detail_path": "advisories/ZDI-21-1364", "id": "ZDI-21-1364", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-14219", "zdi_id": "ZDI-21-1364" }, { "cve": "CVE-2021-43272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1363/advisory.json", "detail_path": "advisories/ZDI-21-1363", "id": "ZDI-21-1363", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1363/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14285", "zdi_id": "ZDI-21-1363" }, { "cve": "CVE-2021-43390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1362/advisory.json", "detail_path": "advisories/ZDI-21-1362", "id": "ZDI-21-1362", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1362/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14240", "zdi_id": "ZDI-21-1362" }, { "cve": "CVE-2021-43391", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1361/advisory.json", "detail_path": "advisories/ZDI-21-1361", "id": "ZDI-21-1361", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14282", "zdi_id": "ZDI-21-1361" }, { "cve": "CVE-2021-43272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1360/advisory.json", "detail_path": "advisories/ZDI-21-1360", "id": "ZDI-21-1360", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1360/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14301", "zdi_id": "ZDI-21-1360" }, { "cve": "CVE-2021-34985", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1359/advisory.json", "detail_path": "advisories/ZDI-21-1359", "id": "ZDI-21-1359", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Bentley ContextCapture OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1359/", "vendor": "Bentley", "vendor_url": null, "zdi_can": "ZDI-CAN-14785", "zdi_id": "ZDI-21-1359" }, { "cve": "CVE-2021-43272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1358/advisory.json", "detail_path": "advisories/ZDI-21-1358", "id": "ZDI-21-1358", "kind": "published", "published_date": "2021-11-30", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1358/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14299", "zdi_id": "ZDI-21-1358" }, { "cve": "CVE-2021-43273", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1357/advisory.json", "detail_path": "advisories/ZDI-21-1357", "id": "ZDI-21-1357", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1357/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14768", "zdi_id": "ZDI-21-1357" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1356/advisory.json", "detail_path": "advisories/ZDI-21-1356", "id": "ZDI-21-1356", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1356/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14767", "zdi_id": "ZDI-21-1356" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1355/advisory.json", "detail_path": "advisories/ZDI-21-1355", "id": "ZDI-21-1355", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1355/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14765", "zdi_id": "ZDI-21-1355" }, { "cve": "CVE-2021-44047", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1354/advisory.json", "detail_path": "advisories/ZDI-21-1354", "id": "ZDI-21-1354", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1354/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14764", "zdi_id": "ZDI-21-1354" }, { "cve": "CVE-2021-43582", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1353/advisory.json", "detail_path": "advisories/ZDI-21-1353", "id": "ZDI-21-1353", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1353/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14763", "zdi_id": "ZDI-21-1353" }, { "cve": "CVE-2021-43391", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1352/advisory.json", "detail_path": "advisories/ZDI-21-1352", "id": "ZDI-21-1352", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14762", "zdi_id": "ZDI-21-1352" }, { "cve": "CVE-2021-43273", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-21-1351/advisory.json", "detail_path": "advisories/ZDI-21-1351", "id": "ZDI-21-1351", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1351/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14761", "zdi_id": "ZDI-21-1351" }, { "cve": "CVE-2021-44045", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1350/advisory.json", "detail_path": "advisories/ZDI-21-1350", "id": "ZDI-21-1350", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1350/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14760", "zdi_id": "ZDI-21-1350" }, { "cve": "CVE-2021-44047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1349/advisory.json", "detail_path": "advisories/ZDI-21-1349", "id": "ZDI-21-1349", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1349/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14750", "zdi_id": "ZDI-21-1349" }, { "cve": "CVE-2021-43390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1348/advisory.json", "detail_path": "advisories/ZDI-21-1348", "id": "ZDI-21-1348", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1348/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14749", "zdi_id": "ZDI-21-1348" }, { "cve": "CVE-2021-43390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1347/advisory.json", "detail_path": "advisories/ZDI-21-1347", "id": "ZDI-21-1347", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1347/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14748", "zdi_id": "ZDI-21-1347" }, { "cve": "CVE-2021-44047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1346/advisory.json", "detail_path": "advisories/ZDI-21-1346", "id": "ZDI-21-1346", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1346/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14725", "zdi_id": "ZDI-21-1346" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1345/advisory.json", "detail_path": "advisories/ZDI-21-1345", "id": "ZDI-21-1345", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1345/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14672", "zdi_id": "ZDI-21-1345" }, { "cve": "CVE-2021-44044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1344/advisory.json", "detail_path": "advisories/ZDI-21-1344", "id": "ZDI-21-1344", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1344/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14671", "zdi_id": "ZDI-21-1344" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1343/advisory.json", "detail_path": "advisories/ZDI-21-1343", "id": "ZDI-21-1343", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1343/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14670", "zdi_id": "ZDI-21-1343" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1342/advisory.json", "detail_path": "advisories/ZDI-21-1342", "id": "ZDI-21-1342", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1342/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14668", "zdi_id": "ZDI-21-1342" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1341/advisory.json", "detail_path": "advisories/ZDI-21-1341", "id": "ZDI-21-1341", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1341/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14665", "zdi_id": "ZDI-21-1341" }, { "cve": "CVE-2021-43280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1340/advisory.json", "detail_path": "advisories/ZDI-21-1340", "id": "ZDI-21-1340", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Out-Of-Based Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1340/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14664", "zdi_id": "ZDI-21-1340" }, { "cve": "CVE-2021-44048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1339/advisory.json", "detail_path": "advisories/ZDI-21-1339", "id": "ZDI-21-1339", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) Drawings Explorer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1339/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14663", "zdi_id": "ZDI-21-1339" }, { "cve": "CVE-2021-44046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1338/advisory.json", "detail_path": "advisories/ZDI-21-1338", "id": "ZDI-21-1338", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1338/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14628", "zdi_id": "ZDI-21-1338" }, { "cve": "CVE-2021-43279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1337/advisory.json", "detail_path": "advisories/ZDI-21-1337", "id": "ZDI-21-1337", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1337/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14588", "zdi_id": "ZDI-21-1337" }, { "cve": "CVE-2021-34998", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-1336/advisory.json", "detail_path": "advisories/ZDI-21-1336", "id": "ZDI-21-1336", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1336/", "vendor": "Panda Security", "vendor_url": null, "zdi_can": "ZDI-CAN-14208", "zdi_id": "ZDI-21-1336" }, { "cve": "CVE-2021-35052", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-1335/advisory.json", "detail_path": "advisories/ZDI-21-1335", "id": "ZDI-21-1335", "kind": "published", "published_date": "2021-11-29", "status": "published", "title": "Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-14235", "zdi_id": "ZDI-21-1335" }, { "cve": "CVE-2021-42297", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. By creating a symbolic link,...", "detail_json": "/data/advisories/ZDI-21-1334/advisory.json", "detail_path": "advisories/ZDI-21-1334", "id": "ZDI-21-1334", "kind": "published", "published_date": "2021-11-24", "status": "published", "title": "Microsoft Windows Update Assistant Link Following Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1334/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14954", "zdi_id": "ZDI-21-1334" }, { "cve": "CVE-2021-43019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1333/advisory.json", "detail_path": "advisories/ZDI-21-1333", "id": "ZDI-21-1333", "kind": "published", "published_date": "2021-11-24", "status": "published", "title": "Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1333/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14772", "zdi_id": "ZDI-21-1333" }, { "cve": "CVE-2021-34997", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...", "detail_json": "/data/advisories/ZDI-21-1332/advisory.json", "detail_path": "advisories/ZDI-21-1332", "id": "ZDI-21-1332", "kind": "published", "published_date": "2021-11-22", "status": "published", "title": "Commvault CommCell AppStudioUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1332/", "vendor": "Commvault", "vendor_url": null, "zdi_can": "ZDI-CAN-13894", "zdi_id": "ZDI-21-1332" }, { "cve": "CVE-2021-34996", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...", "detail_json": "/data/advisories/ZDI-21-1331/advisory.json", "detail_path": "advisories/ZDI-21-1331", "id": "ZDI-21-1331", "kind": "published", "published_date": "2021-11-22", "status": "published", "title": "Commvault CommCell Demo_ExecuteProcessOnGroup Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1331/", "vendor": "Commvault", "vendor_url": null, "zdi_can": "ZDI-CAN-13889", "zdi_id": "ZDI-21-1331" }, { "cve": "CVE-2021-34995", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...", "detail_json": "/data/advisories/ZDI-21-1330/advisory.json", "detail_path": "advisories/ZDI-21-1330", "id": "ZDI-21-1330", "kind": "published", "published_date": "2021-11-22", "status": "published", "title": "Commvault CommCell DownloadCenterUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1330/", "vendor": "Commvault", "vendor_url": null, "zdi_can": "ZDI-CAN-13756", "zdi_id": "ZDI-21-1330" }, { "cve": "CVE-2021-34994", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...", "detail_json": "/data/advisories/ZDI-21-1329/advisory.json", "detail_path": "advisories/ZDI-21-1329", "id": "ZDI-21-1329", "kind": "published", "published_date": "2021-11-22", "status": "published", "title": "Commvault CommCell DataProvider JavaScript Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1329/", "vendor": "Commvault", "vendor_url": null, "zdi_can": "ZDI-CAN-13755", "zdi_id": "ZDI-21-1329" }, { "cve": "CVE-2021-34993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results f...", "detail_json": "/data/advisories/ZDI-21-1328/advisory.json", "detail_path": "advisories/ZDI-21-1328", "id": "ZDI-21-1328", "kind": "published", "published_date": "2021-11-22", "status": "published", "title": "Commvault CommCell CVSearchService Authentication Bypass Vulnerability", "updated_date": "2025-08-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1328/", "vendor": "Commvault", "vendor_url": null, "zdi_can": "ZDI-CAN-13706", "zdi_id": "ZDI-21-1328" }, { "cve": "CVE-2021-42132", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-21-1327/advisory.json", "detail_path": "advisories/ZDI-21-1327", "id": "ZDI-21-1327", "kind": "published", "published_date": "2021-11-19", "status": "published", "title": "Ivanti Avalanche PrinterDeviceServer Service Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1327/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15217", "zdi_id": "ZDI-21-1327" }, { "cve": "CVE-2021-42130", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-21-1326/advisory.json", "detail_path": "advisories/ZDI-21-1326", "id": "ZDI-21-1326", "kind": "published", "published_date": "2021-11-19", "status": "published", "title": "Ivanti Avalanche DataRepository Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1326/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15169", "zdi_id": "ZDI-21-1326" }, { "cve": "CVE-2021-42129", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-21-1325/advisory.json", "detail_path": "advisories/ZDI-21-1325", "id": "ZDI-21-1325", "kind": "published", "published_date": "2021-11-19", "status": "published", "title": "Ivanti Avalanche MapShare Service Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1325/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15168", "zdi_id": "ZDI-21-1325" }, { "cve": "CVE-2021-42128", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetUser class. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-21-1324/advisory.json", "detail_path": "advisories/ZDI-21-1324", "id": "ZDI-21-1324", "kind": "published", "published_date": "2021-11-19", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service Exposed Dangerous Function Authentication Bypass Vulnerability", "updated_date": "2024-02-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1324/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15137", "zdi_id": "ZDI-21-1324" }, { "cve": "CVE-2021-42127", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-21-1323/advisory.json", "detail_path": "advisories/ZDI-21-1323", "id": "ZDI-21-1323", "kind": "published", "published_date": "2021-11-19", "status": "published", "title": "Ivanti Avalanche StatServer Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1323/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15130", "zdi_id": "ZDI-21-1323" }, { "cve": "CVE-2021-42707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1322/advisory.json", "detail_path": "advisories/ZDI-21-1322", "id": "ZDI-21-1322", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "WECON PLC Editor WCP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1322/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-13917", "zdi_id": "ZDI-21-1322" }, { "cve": "CVE-2021-42705", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1321/advisory.json", "detail_path": "advisories/ZDI-21-1321", "id": "ZDI-21-1321", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "WECON PLC Editor WCP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1321/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-13915", "zdi_id": "ZDI-21-1321" }, { "cve": "CVE-2021-43771", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-1320/advisory.json", "detail_path": "advisories/ZDI-21-1320", "id": "ZDI-21-1320", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1320/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13882", "zdi_id": "ZDI-21-1320" }, { "cve": "CVE-2021-27037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1319/advisory.json", "detail_path": "advisories/ZDI-21-1319", "id": "ZDI-21-1319", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "(0Day) Autodesk Design Review PNG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1319/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14256", "zdi_id": "ZDI-21-1319" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1318/advisory.json", "detail_path": "advisories/ZDI-21-1318", "id": "ZDI-21-1318", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "(0Day) Autodesk Design Review DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1318/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14246", "zdi_id": "ZDI-21-1318" }, { "cve": "CVE-2021-27038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1317/advisory.json", "detail_path": "advisories/ZDI-21-1317", "id": "ZDI-21-1317", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "(0Day) Autodesk Design Review PDF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1317/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14243", "zdi_id": "ZDI-21-1317" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1316/advisory.json", "detail_path": "advisories/ZDI-21-1316", "id": "ZDI-21-1316", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "(0Day) Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1316/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14242", "zdi_id": "ZDI-21-1316" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1315/advisory.json", "detail_path": "advisories/ZDI-21-1315", "id": "ZDI-21-1315", "kind": "published", "published_date": "2021-11-17", "status": "published", "title": "(0Day) Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1315/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14239", "zdi_id": "ZDI-21-1315" }, { "cve": "CVE-2021-43576", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins pom2config. Authentication is required to exploit this vulnerability. The specific flaw exists within the Pom2Config class. Due to the improper r...", "detail_json": "/data/advisories/ZDI-21-1314/advisory.json", "detail_path": "advisories/ZDI-21-1314", "id": "ZDI-21-1314", "kind": "published", "published_date": "2021-11-16", "status": "published", "title": "Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-13947", "zdi_id": "ZDI-21-1314" }, { "cve": "CVE-2021-21701", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Performance. Authentication is required to exploit this vulnerability. The specific flaw exists within the TaurusParser class. Due to the imprope...", "detail_json": "/data/advisories/ZDI-21-1313/advisory.json", "detail_path": "advisories/ZDI-21-1313", "id": "ZDI-21-1313", "kind": "published", "published_date": "2021-11-16", "status": "published", "title": "Jenkins Performance XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-13384", "zdi_id": "ZDI-21-1313" }, { "cve": "CVE-2021-43582", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1312/advisory.json", "detail_path": "advisories/ZDI-21-1312", "id": "ZDI-21-1312", "kind": "published", "published_date": "2021-11-16", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1312/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14294", "zdi_id": "ZDI-21-1312" }, { "cve": "CVE-2021-43581", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1311/advisory.json", "detail_path": "advisories/ZDI-21-1311", "id": "ZDI-21-1311", "kind": "published", "published_date": "2021-11-16", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1311/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14353", "zdi_id": "ZDI-21-1311" }, { "cve": "CVE-2021-43581", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1310/advisory.json", "detail_path": "advisories/ZDI-21-1310", "id": "ZDI-21-1310", "kind": "published", "published_date": "2021-11-16", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1310/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14345", "zdi_id": "ZDI-21-1310" }, { "cve": "CVE-2021-41368", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1309/advisory.json", "detail_path": "advisories/ZDI-21-1309", "id": "ZDI-21-1309", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Microsoft Access ACCDB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1309/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14453", "zdi_id": "ZDI-21-1309" }, { "cve": "CVE-2021-41379", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1308/advisory.json", "detail_path": "advisories/ZDI-21-1308", "id": "ZDI-21-1308", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Microsoft Windows Installer Service Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1308/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14616", "zdi_id": "ZDI-21-1308" }, { "cve": "CVE-2021-42280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1307/advisory.json", "detail_path": "advisories/ZDI-21-1307", "id": "ZDI-21-1307", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1307/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14512", "zdi_id": "ZDI-21-1307" }, { "cve": "CVE-2021-42277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1306/advisory.json", "detail_path": "advisories/ZDI-21-1306", "id": "ZDI-21-1306", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Microsoft Windows Diagnostics Hub Link Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14641", "zdi_id": "ZDI-21-1306" }, { "cve": "CVE-2021-42727", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the RoboHelp server. When parsing the fileName p...", "detail_json": "/data/advisories/ZDI-21-1305/advisory.json", "detail_path": "advisories/ZDI-21-1305", "id": "ZDI-21-1305", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Adobe RoboHelp Server Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1305/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14223", "zdi_id": "ZDI-21-1305" }, { "cve": "CVE-2021-34992", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of pro...", "detail_json": "/data/advisories/ZDI-21-1304/advisory.json", "detail_path": "advisories/ZDI-21-1304", "id": "ZDI-21-1304", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "Orckestra C1 CMS Composite Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/", "vendor": "Orckestra", "vendor_url": null, "zdi_can": "ZDI-CAN-14740", "zdi_id": "ZDI-21-1304" }, { "cve": "CVE-2021-34991", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens...", "detail_json": "/data/advisories/ZDI-21-1303/advisory.json", "detail_path": "advisories/ZDI-21-1303", "id": "ZDI-21-1303", "kind": "published", "published_date": "2021-11-11", "status": "published", "title": "NETGEAR R6400v2 UPnP uuid Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-12-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-14110", "zdi_id": "ZDI-21-1303" }, { "cve": "CVE-2021-42131", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-21-1302/advisory.json", "detail_path": "advisories/ZDI-21-1302", "id": "ZDI-21-1302", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1302/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15200", "zdi_id": "ZDI-21-1302" }, { "cve": "CVE-2021-42133", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-21-1301/advisory.json", "detail_path": "advisories/ZDI-21-1301", "id": "ZDI-21-1301", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1301/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-15251", "zdi_id": "ZDI-21-1301" }, { "cve": "CVE-2021-42126", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the userManagement.jsf page. The issue results from impr...", "detail_json": "/data/advisories/ZDI-21-1300/advisory.json", "detail_path": "advisories/ZDI-21-1300", "id": "ZDI-21-1300", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1300/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-14188", "zdi_id": "ZDI-21-1300" }, { "cve": "CVE-2021-42125", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the l...", "detail_json": "/data/advisories/ZDI-21-1299/advisory.json", "detail_path": "advisories/ZDI-21-1299", "id": "ZDI-21-1299", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1299/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-14187", "zdi_id": "ZDI-21-1299" }, { "cve": "CVE-2021-42124", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JNLP files. The issue results from...", "detail_json": "/data/advisories/ZDI-21-1298/advisory.json", "detail_path": "advisories/ZDI-21-1298", "id": "ZDI-21-1298", "kind": "published", "published_date": "2021-11-18", "status": "published", "title": "Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1298/", "vendor": "Ivanti", "vendor_url": null, "zdi_can": "ZDI-CAN-14123", "zdi_id": "ZDI-21-1298" }, { "cve": "CVE-2021-43277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1297/advisory.json", "detail_path": "advisories/ZDI-21-1297", "id": "ZDI-21-1297", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1297/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14313", "zdi_id": "ZDI-21-1297" }, { "cve": "CVE-2021-43279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1296/advisory.json", "detail_path": "advisories/ZDI-21-1296", "id": "ZDI-21-1296", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1296/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14306", "zdi_id": "ZDI-21-1296" }, { "cve": "CVE-2021-43274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1295/advisory.json", "detail_path": "advisories/ZDI-21-1295", "id": "ZDI-21-1295", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1295/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14304", "zdi_id": "ZDI-21-1295" }, { "cve": "CVE-2021-43279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1294/advisory.json", "detail_path": "advisories/ZDI-21-1294", "id": "ZDI-21-1294", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1294/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14300", "zdi_id": "ZDI-21-1294" }, { "cve": "CVE-2021-43274", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1293/advisory.json", "detail_path": "advisories/ZDI-21-1293", "id": "ZDI-21-1293", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1293/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14297", "zdi_id": "ZDI-21-1293" }, { "cve": "CVE-2021-43279", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1292/advisory.json", "detail_path": "advisories/ZDI-21-1292", "id": "ZDI-21-1292", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1292/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14308", "zdi_id": "ZDI-21-1292" }, { "cve": "CVE-2021-43273", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1291/advisory.json", "detail_path": "advisories/ZDI-21-1291", "id": "ZDI-21-1291", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1291/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14329", "zdi_id": "ZDI-21-1291" }, { "cve": "CVE-2021-43277", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1290/advisory.json", "detail_path": "advisories/ZDI-21-1290", "id": "ZDI-21-1290", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1290/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14350", "zdi_id": "ZDI-21-1290" }, { "cve": "CVE-2021-43277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1289/advisory.json", "detail_path": "advisories/ZDI-21-1289", "id": "ZDI-21-1289", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1289/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14337", "zdi_id": "ZDI-21-1289" }, { "cve": "CVE-2021-43278", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1288/advisory.json", "detail_path": "advisories/ZDI-21-1288", "id": "ZDI-21-1288", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer OBJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1288/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14331", "zdi_id": "ZDI-21-1288" }, { "cve": "CVE-2021-43274", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1287/advisory.json", "detail_path": "advisories/ZDI-21-1287", "id": "ZDI-21-1287", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1287/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14349", "zdi_id": "ZDI-21-1287" }, { "cve": "CVE-2021-43274", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1286/advisory.json", "detail_path": "advisories/ZDI-21-1286", "id": "ZDI-21-1286", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1286/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14352", "zdi_id": "ZDI-21-1286" }, { "cve": "CVE-2021-43277", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1285/advisory.json", "detail_path": "advisories/ZDI-21-1285", "id": "ZDI-21-1285", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1285/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14351", "zdi_id": "ZDI-21-1285" }, { "cve": "CVE-2021-43275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1284/advisory.json", "detail_path": "advisories/ZDI-21-1284", "id": "ZDI-21-1284", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1284/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14314", "zdi_id": "ZDI-21-1284" }, { "cve": "CVE-2021-43277", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1283/advisory.json", "detail_path": "advisories/ZDI-21-1283", "id": "ZDI-21-1283", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1283/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14333", "zdi_id": "ZDI-21-1283" }, { "cve": "CVE-2021-43276", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1282/advisory.json", "detail_path": "advisories/ZDI-21-1282", "id": "ZDI-21-1282", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1282/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14325", "zdi_id": "ZDI-21-1282" }, { "cve": "CVE-2021-43273", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1281/advisory.json", "detail_path": "advisories/ZDI-21-1281", "id": "ZDI-21-1281", "kind": "published", "published_date": "2021-11-10", "status": "published", "title": "Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1281/", "vendor": "Open Design Alliance (ODA)", "vendor_url": null, "zdi_can": "ZDI-CAN-14335", "zdi_id": "ZDI-21-1281" }, { "cve": "CVE-2021-35053", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Kaspersky Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-21-1280/advisory.json", "detail_path": "advisories/ZDI-21-1280", "id": "ZDI-21-1280", "kind": "published", "published_date": "2021-11-09", "status": "published", "title": "Kaspersky Total Security Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-14234", "zdi_id": "ZDI-21-1280" }, { "cve": "CVE-2021-22748", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-21-1279/advisory.json", "detail_path": "advisories/ZDI-21-1279", "id": "ZDI-21-1279", "kind": "published", "published_date": "2021-11-08", "status": "published", "title": "Schneider Electric C-Bus Toolkit CONFIG SAVE Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1279/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12585", "zdi_id": "ZDI-21-1279" }, { "cve": "CVE-2021-29212", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise iLO Amplifier Pack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the backup endpoint....", "detail_json": "/data/advisories/ZDI-21-1278/advisory.json", "detail_path": "advisories/ZDI-21-1278", "id": "ZDI-21-1278", "kind": "published", "published_date": "2021-11-05", "status": "published", "title": "Hewlett Packard Enterprise iLO Amplifier Pack backup Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1278/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-14056", "zdi_id": "ZDI-21-1278" }, { "cve": "CVE-2021-3579, CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-1277/advisory.json", "detail_path": "advisories/ZDI-21-1277", "id": "ZDI-21-1277", "kind": "published", "published_date": "2021-11-03", "status": "published", "title": "(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1277/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13968", "zdi_id": "ZDI-21-1277" }, { "cve": "CVE-2021-3579, CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-1276/advisory.json", "detail_path": "advisories/ZDI-21-1276", "id": "ZDI-21-1276", "kind": "published", "published_date": "2021-11-03", "status": "published", "title": "(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1276/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13967", "zdi_id": "ZDI-21-1276" }, { "cve": "CVE-2021-34983", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, whic...", "detail_json": "/data/advisories/ZDI-21-1275/advisory.json", "detail_path": "advisories/ZDI-21-1275", "id": "ZDI-21-1275", "kind": "published", "published_date": "2021-10-29", "status": "published", "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13708", "zdi_id": "ZDI-21-1275" }, { "cve": "CVE-2021-34982", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listen...", "detail_json": "/data/advisories/ZDI-21-1274/advisory.json", "detail_path": "advisories/ZDI-21-1274", "id": "ZDI-21-1274", "kind": "published", "published_date": "2021-10-29", "status": "published", "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13709", "zdi_id": "ZDI-21-1274" }, { "cve": "CVE-2021-3579, CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-1273/advisory.json", "detail_path": "advisories/ZDI-21-1273", "id": "ZDI-21-1273", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1273/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13950", "zdi_id": "ZDI-21-1273" }, { "cve": "CVE-2021-3579, CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-1272/advisory.json", "detail_path": "advisories/ZDI-21-1272", "id": "ZDI-21-1272", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1272/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13949", "zdi_id": "ZDI-21-1272" }, { "cve": "CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-1271/advisory.json", "detail_path": "advisories/ZDI-21-1271", "id": "ZDI-21-1271", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "(0Day) Bitdefender Endpoint Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1271/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13888", "zdi_id": "ZDI-21-1271" }, { "cve": "CVE-2021-3576", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-1270/advisory.json", "detail_path": "advisories/ZDI-21-1270", "id": "ZDI-21-1270", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "(0Day) Bitdefender Endpoint Security Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1270/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-13887", "zdi_id": "ZDI-21-1270" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1269/advisory.json", "detail_path": "advisories/ZDI-21-1269", "id": "ZDI-21-1269", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V8 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1269/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13817", "zdi_id": "ZDI-21-1269" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1268/advisory.json", "detail_path": "advisories/ZDI-21-1268", "id": "ZDI-21-1268", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1268/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13685", "zdi_id": "ZDI-21-1268" }, { "cve": "CVE-2021-38419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1267/advisory.json", "detail_path": "advisories/ZDI-21-1267", "id": "ZDI-21-1267", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1267/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13686", "zdi_id": "ZDI-21-1267" }, { "cve": "CVE-2021-38419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1266/advisory.json", "detail_path": "advisories/ZDI-21-1266", "id": "ZDI-21-1266", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1266/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13684", "zdi_id": "ZDI-21-1266" }, { "cve": "CVE-2021-38415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1265/advisory.json", "detail_path": "advisories/ZDI-21-1265", "id": "ZDI-21-1265", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V8 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1265/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13793", "zdi_id": "ZDI-21-1265" }, { "cve": "CVE-2021-38421", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1264/advisory.json", "detail_path": "advisories/ZDI-21-1264", "id": "ZDI-21-1264", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1264/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13782", "zdi_id": "ZDI-21-1264" }, { "cve": "CVE-2021-38419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1263/advisory.json", "detail_path": "advisories/ZDI-21-1263", "id": "ZDI-21-1263", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1263/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13781", "zdi_id": "ZDI-21-1263" }, { "cve": "CVE-2021-38419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1262/advisory.json", "detail_path": "advisories/ZDI-21-1262", "id": "ZDI-21-1262", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1262/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13779", "zdi_id": "ZDI-21-1262" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1261/advisory.json", "detail_path": "advisories/ZDI-21-1261", "id": "ZDI-21-1261", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1261/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13724", "zdi_id": "ZDI-21-1261" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1260/advisory.json", "detail_path": "advisories/ZDI-21-1260", "id": "ZDI-21-1260", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1260/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13723", "zdi_id": "ZDI-21-1260" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1259/advisory.json", "detail_path": "advisories/ZDI-21-1259", "id": "ZDI-21-1259", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1259/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13722", "zdi_id": "ZDI-21-1259" }, { "cve": "CVE-2021-38413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1258/advisory.json", "detail_path": "advisories/ZDI-21-1258", "id": "ZDI-21-1258", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Fuji Electric Tellus Lite V-Simulator X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1258/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13721", "zdi_id": "ZDI-21-1258" }, { "cve": "CVE-2021-42533", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-1257/advisory.json", "detail_path": "advisories/ZDI-21-1257", "id": "ZDI-21-1257", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Bridge DCM File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1257/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14595", "zdi_id": "ZDI-21-1257" }, { "cve": "CVE-2021-40769", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-1256/advisory.json", "detail_path": "advisories/ZDI-21-1256", "id": "ZDI-21-1256", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1256/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15275", "zdi_id": "ZDI-21-1256" }, { "cve": "CVE-2021-42270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-1255/advisory.json", "detail_path": "advisories/ZDI-21-1255", "id": "ZDI-21-1255", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1255/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14688", "zdi_id": "ZDI-21-1255" }, { "cve": "CVE-2021-42525", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-1254/advisory.json", "detail_path": "advisories/ZDI-21-1254", "id": "ZDI-21-1254", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Animate SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1254/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15274", "zdi_id": "ZDI-21-1254" }, { "cve": "CVE-2021-42271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-1253/advisory.json", "detail_path": "advisories/ZDI-21-1253", "id": "ZDI-21-1253", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1253/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15126", "zdi_id": "ZDI-21-1253" }, { "cve": "CVE-2021-42272", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-1252/advisory.json", "detail_path": "advisories/ZDI-21-1252", "id": "ZDI-21-1252", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Animate GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1252/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15124", "zdi_id": "ZDI-21-1252" }, { "cve": "CVE-2021-42524", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-1251/advisory.json", "detail_path": "advisories/ZDI-21-1251", "id": "ZDI-21-1251", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1251/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15123", "zdi_id": "ZDI-21-1251" }, { "cve": "CVE-2021-40725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1250/advisory.json", "detail_path": "advisories/ZDI-21-1250", "id": "ZDI-21-1250", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1250/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14590", "zdi_id": "ZDI-21-1250" }, { "cve": "CVE-2021-40726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1249/advisory.json", "detail_path": "advisories/ZDI-21-1249", "id": "ZDI-21-1249", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1249/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14484", "zdi_id": "ZDI-21-1249" }, { "cve": "CVE-2021-35218", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-21-1248/advisory.json", "detail_path": "advisories/ZDI-21-1248", "id": "ZDI-21-1248", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Patch Manager Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1248/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-14190", "zdi_id": "ZDI-21-1248" }, { "cve": "CVE-2021-35217", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSAsyncExecuteTasks endpoint. The issue r...", "detail_json": "/data/advisories/ZDI-21-1247/advisory.json", "detail_path": "advisories/ZDI-21-1247", "id": "ZDI-21-1247", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Patch Manager WSAsyncExecuteTasks Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-14156", "zdi_id": "ZDI-21-1247" }, { "cve": "CVE-2021-35216", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the EditResourceControls endpoint. The issue...", "detail_json": "/data/advisories/ZDI-21-1246/advisory.json", "detail_path": "advisories/ZDI-21-1246", "id": "ZDI-21-1246", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Patch Manager EditResourceControls Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-14155", "zdi_id": "ZDI-21-1246" }, { "cve": "CVE-2021-35215", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the ActionPluginBaseView class. The issue re...", "detail_json": "/data/advisories/ZDI-21-1245/advisory.json", "detail_path": "advisories/ZDI-21-1245", "id": "ZDI-21-1245", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Orion Platform ActionPluginBaseView Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-13845", "zdi_id": "ZDI-21-1245" }, { "cve": "CVE-2021-35213", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results...", "detail_json": "/data/advisories/ZDI-21-1244/advisory.json", "detail_path": "advisories/ZDI-21-1244", "id": "ZDI-21-1244", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1244/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-13453", "zdi_id": "ZDI-21-1244" }, { "cve": "CVE-2021-35212", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Orion Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the DisableNOCView method. T...", "detail_json": "/data/advisories/ZDI-21-1243/advisory.json", "detail_path": "advisories/ZDI-21-1243", "id": "ZDI-21-1243", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "SolarWinds Orion Network Performance Monitor DisableNOCView SQL Injection Privilege Escalation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-13460", "zdi_id": "ZDI-21-1243" }, { "cve": "CVE-2021-34980", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When par...", "detail_json": "/data/advisories/ZDI-21-1242/advisory.json", "detail_path": "advisories/ZDI-21-1242", "id": "ZDI-21-1242", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "NETGEAR R6260 setupwizard.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-10-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1242/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-14107", "zdi_id": "ZDI-21-1242" }, { "cve": "CVE-2021-34979", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. Whe...", "detail_json": "/data/advisories/ZDI-21-1241/advisory.json", "detail_path": "advisories/ZDI-21-1241", "id": "ZDI-21-1241", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "NETGEAR R6260 mini_httpd Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1241/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13512", "zdi_id": "ZDI-21-1241" }, { "cve": "CVE-2021-34978", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafte...", "detail_json": "/data/advisories/ZDI-21-1240/advisory.json", "detail_path": "advisories/ZDI-21-1240", "id": "ZDI-21-1240", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "NETGEAR R6260 setupwizard.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1240/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13511", "zdi_id": "ZDI-21-1240" }, { "cve": "CVE-2021-34977", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. Th...", "detail_json": "/data/advisories/ZDI-21-1239/advisory.json", "detail_path": "advisories/ZDI-21-1239", "id": "ZDI-21-1239", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "NETGEAR R7000 SOAP ParentalControl Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1239/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13483", "zdi_id": "ZDI-21-1239" }, { "cve": "CVE-2021-27040", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1238/advisory.json", "detail_path": "advisories/ZDI-21-1238", "id": "ZDI-21-1238", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-14065", "zdi_id": "ZDI-21-1238" }, { "cve": "CVE-2021-27041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-1237/advisory.json", "detail_path": "advisories/ZDI-21-1237", "id": "ZDI-21-1237", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1237/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-14064", "zdi_id": "ZDI-21-1237" }, { "cve": "CVE-2021-27040", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1236/advisory.json", "detail_path": "advisories/ZDI-21-1236", "id": "ZDI-21-1236", "kind": "published", "published_date": "2021-10-28", "status": "published", "title": "ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-14060", "zdi_id": "ZDI-21-1236" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of API access keys. The is...", "detail_json": "/data/advisories/ZDI-21-1235/advisory.json", "detail_path": "advisories/ZDI-21-1235", "id": "ZDI-21-1235", "kind": "published", "published_date": "2021-10-27", "status": "published", "title": "(0Day) Vinchin Backup and Recovery Use of Hard-coded Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1235/", "vendor": "Vinchin", "vendor_url": null, "zdi_can": "ZDI-CAN-14046", "zdi_id": "ZDI-21-1235" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of API access tokens. The...", "detail_json": "/data/advisories/ZDI-21-1234/advisory.json", "detail_path": "advisories/ZDI-21-1234", "id": "ZDI-21-1234", "kind": "published", "published_date": "2021-10-27", "status": "published", "title": "(0Day) Vinchin Backup and Recovery Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1234/", "vendor": "Vinchin", "vendor_url": null, "zdi_can": "ZDI-CAN-14045", "zdi_id": "ZDI-21-1234" }, { "cve": "CVE-2021-43211", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1233/advisory.json", "detail_path": "advisories/ZDI-21-1233", "id": "ZDI-21-1233", "kind": "published", "published_date": "2021-10-27", "status": "published", "title": "(0Day) Microsoft Windows Update Assistant Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1233/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13658", "zdi_id": "ZDI-21-1233" }, { "cve": "CVE-2021-35621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-21-1232/advisory.json", "detail_path": "advisories/ZDI-21-1232", "id": "ZDI-21-1232", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1232/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14771", "zdi_id": "ZDI-21-1232" }, { "cve": "CVE-2021-35611", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Oracle E-Business Suite. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Le...", "detail_json": "/data/advisories/ZDI-21-1231/advisory.json", "detail_path": "advisories/ZDI-21-1231", "id": "ZDI-21-1231", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle E-Business Suite Content-Length Memory Exhaustion Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1231/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14228", "zdi_id": "ZDI-21-1231" }, { "cve": "CVE-2021-35598", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-21-1230/advisory.json", "detail_path": "advisories/ZDI-21-1230", "id": "ZDI-21-1230", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1230/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-14066", "zdi_id": "ZDI-21-1230" }, { "cve": "CVE-2021-35593", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-21-1229/advisory.json", "detail_path": "advisories/ZDI-21-1229", "id": "ZDI-21-1229", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1229/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13965", "zdi_id": "ZDI-21-1229" }, { "cve": "CVE-2021-35592", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-21-1228/advisory.json", "detail_path": "advisories/ZDI-21-1228", "id": "ZDI-21-1228", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1228/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13926", "zdi_id": "ZDI-21-1228" }, { "cve": "CVE-2021-35594", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue r...", "detail_json": "/data/advisories/ZDI-21-1227/advisory.json", "detail_path": "advisories/ZDI-21-1227", "id": "ZDI-21-1227", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1227/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13923", "zdi_id": "ZDI-21-1227" }, { "cve": "CVE-2021-35590", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from th...", "detail_json": "/data/advisories/ZDI-21-1226/advisory.json", "detail_path": "advisories/ZDI-21-1226", "id": "ZDI-21-1226", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1226/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13864", "zdi_id": "ZDI-21-1226" }, { "cve": "CVE-2021-40487", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVaria...", "detail_json": "/data/advisories/ZDI-21-1225/advisory.json", "detail_path": "advisories/ZDI-21-1225", "id": "ZDI-21-1225", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Microsoft SharePoint SetVariableActivity Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14787", "zdi_id": "ZDI-21-1225" }, { "cve": "CVE-2021-41344", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of custom workflows. The issue resul...", "detail_json": "/data/advisories/ZDI-21-1224/advisory.json", "detail_path": "advisories/ZDI-21-1224", "id": "ZDI-21-1224", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14769", "zdi_id": "ZDI-21-1224" }, { "cve": "CVE-2021-34981", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-21-1223/advisory.json", "detail_path": "advisories/ZDI-21-1223", "id": "ZDI-21-1223", "kind": "published", "published_date": "2021-10-21", "status": "published", "title": "Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1223/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-11977", "zdi_id": "ZDI-21-1223" }, { "cve": "CVE-2021-42102", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-1222/advisory.json", "detail_path": "advisories/ZDI-21-1222", "id": "ZDI-21-1222", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1222/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13830", "zdi_id": "ZDI-21-1222" }, { "cve": "CVE-2021-42012", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-1221/advisory.json", "detail_path": "advisories/ZDI-21-1221", "id": "ZDI-21-1221", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Worry-Free Business Security Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13857", "zdi_id": "ZDI-21-1221" }, { "cve": "CVE-2021-42011", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1220/advisory.json", "detail_path": "advisories/ZDI-21-1220", "id": "ZDI-21-1220", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1220/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13846", "zdi_id": "ZDI-21-1220" }, { "cve": "CVE-2021-42101", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1219/advisory.json", "detail_path": "advisories/ZDI-21-1219", "id": "ZDI-21-1219", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1219/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13534", "zdi_id": "ZDI-21-1219" }, { "cve": "CVE-2021-42106", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1218/advisory.json", "detail_path": "advisories/ZDI-21-1218", "id": "ZDI-21-1218", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13898", "zdi_id": "ZDI-21-1218" }, { "cve": "CVE-2021-42108", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1217/advisory.json", "detail_path": "advisories/ZDI-21-1217", "id": "ZDI-21-1217", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13873", "zdi_id": "ZDI-21-1217" }, { "cve": "CVE-2021-42104", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1216/advisory.json", "detail_path": "advisories/ZDI-21-1216", "id": "ZDI-21-1216", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13874", "zdi_id": "ZDI-21-1216" }, { "cve": "CVE-2021-42105", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1215/advisory.json", "detail_path": "advisories/ZDI-21-1215", "id": "ZDI-21-1215", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13861", "zdi_id": "ZDI-21-1215" }, { "cve": "CVE-2021-42107", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1214/advisory.json", "detail_path": "advisories/ZDI-21-1214", "id": "ZDI-21-1214", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13936", "zdi_id": "ZDI-21-1214" }, { "cve": "CVE-2021-42103", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-1213/advisory.json", "detail_path": "advisories/ZDI-21-1213", "id": "ZDI-21-1213", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Trend Micro Apex One Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1213/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13522", "zdi_id": "ZDI-21-1213" }, { "cve": "CVE-2021-22801", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric ConneXium Network Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-1212/advisory.json", "detail_path": "advisories/ZDI-21-1212", "id": "ZDI-21-1212", "kind": "published", "published_date": "2021-10-19", "status": "published", "title": "Schneider Electric ConneXium Network Manager Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1212/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13656", "zdi_id": "ZDI-21-1212" }, { "cve": "CVE-2022-21202", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1211/advisory.json", "detail_path": "advisories/ZDI-21-1211", "id": "ZDI-21-1211", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "(0Day) Fuji Electric Alpha5 A5V File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1211/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13999", "zdi_id": "ZDI-21-1211" }, { "cve": "CVE-2022-24383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1210/advisory.json", "detail_path": "advisories/ZDI-21-1210", "id": "ZDI-21-1210", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1210/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13942", "zdi_id": "ZDI-21-1210" }, { "cve": "CVE-2022-21228", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1209/advisory.json", "detail_path": "advisories/ZDI-21-1209", "id": "ZDI-21-1209", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1209/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13941", "zdi_id": "ZDI-21-1209" }, { "cve": "CVE-2022-21214", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1208/advisory.json", "detail_path": "advisories/ZDI-21-1208", "id": "ZDI-21-1208", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1208/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13939", "zdi_id": "ZDI-21-1208" }, { "cve": "CVE-2021-34976", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1207/advisory.json", "detail_path": "advisories/ZDI-21-1207", "id": "ZDI-21-1207", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1207/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14659", "zdi_id": "ZDI-21-1207" }, { "cve": "CVE-2021-34975", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1206/advisory.json", "detail_path": "advisories/ZDI-21-1206", "id": "ZDI-21-1206", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1206/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15218", "zdi_id": "ZDI-21-1206" }, { "cve": "CVE-2021-34974", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1205/advisory.json", "detail_path": "advisories/ZDI-21-1205", "id": "ZDI-21-1205", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1205/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-15167", "zdi_id": "ZDI-21-1205" }, { "cve": "CVE-2021-34973", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1204/advisory.json", "detail_path": "advisories/ZDI-21-1204", "id": "ZDI-21-1204", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1204/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14968", "zdi_id": "ZDI-21-1204" }, { "cve": "CVE-2021-34972", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1203/advisory.json", "detail_path": "advisories/ZDI-21-1203", "id": "ZDI-21-1203", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1203/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14975", "zdi_id": "ZDI-21-1203" }, { "cve": "CVE-2021-34971", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1202/advisory.json", "detail_path": "advisories/ZDI-21-1202", "id": "ZDI-21-1202", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1202/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14812", "zdi_id": "ZDI-21-1202" }, { "cve": "CVE-2021-34970", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1201/advisory.json", "detail_path": "advisories/ZDI-21-1201", "id": "ZDI-21-1201", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1201/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14849", "zdi_id": "ZDI-21-1201" }, { "cve": "CVE-2021-34969", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1200/advisory.json", "detail_path": "advisories/ZDI-21-1200", "id": "ZDI-21-1200", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1200/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14622", "zdi_id": "ZDI-21-1200" }, { "cve": "CVE-2021-34968", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1199/advisory.json", "detail_path": "advisories/ZDI-21-1199", "id": "ZDI-21-1199", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1199/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14370", "zdi_id": "ZDI-21-1199" }, { "cve": "CVE-2021-34967", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1198/advisory.json", "detail_path": "advisories/ZDI-21-1198", "id": "ZDI-21-1198", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1198/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14368", "zdi_id": "ZDI-21-1198" }, { "cve": "CVE-2021-34966", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1197/advisory.json", "detail_path": "advisories/ZDI-21-1197", "id": "ZDI-21-1197", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1197/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14367", "zdi_id": "ZDI-21-1197" }, { "cve": "CVE-2021-34965", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1196/advisory.json", "detail_path": "advisories/ZDI-21-1196", "id": "ZDI-21-1196", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1196/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14361", "zdi_id": "ZDI-21-1196" }, { "cve": "CVE-2021-34964", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1195/advisory.json", "detail_path": "advisories/ZDI-21-1195", "id": "ZDI-21-1195", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1195/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14366", "zdi_id": "ZDI-21-1195" }, { "cve": "CVE-2021-34963", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1194/advisory.json", "detail_path": "advisories/ZDI-21-1194", "id": "ZDI-21-1194", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1194/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14365", "zdi_id": "ZDI-21-1194" }, { "cve": "CVE-2021-34962", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1193/advisory.json", "detail_path": "advisories/ZDI-21-1193", "id": "ZDI-21-1193", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1193/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14364", "zdi_id": "ZDI-21-1193" }, { "cve": "CVE-2021-34961", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1192/advisory.json", "detail_path": "advisories/ZDI-21-1192", "id": "ZDI-21-1192", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1192/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14363", "zdi_id": "ZDI-21-1192" }, { "cve": "CVE-2021-34960", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1191/advisory.json", "detail_path": "advisories/ZDI-21-1191", "id": "ZDI-21-1191", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1191/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14362", "zdi_id": "ZDI-21-1191" }, { "cve": "CVE-2021-34959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1190/advisory.json", "detail_path": "advisories/ZDI-21-1190", "id": "ZDI-21-1190", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1190/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14360", "zdi_id": "ZDI-21-1190" }, { "cve": "CVE-2021-34958", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1189/advisory.json", "detail_path": "advisories/ZDI-21-1189", "id": "ZDI-21-1189", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1189/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14359", "zdi_id": "ZDI-21-1189" }, { "cve": "CVE-2021-34957", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1188/advisory.json", "detail_path": "advisories/ZDI-21-1188", "id": "ZDI-21-1188", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1188/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14358", "zdi_id": "ZDI-21-1188" }, { "cve": "CVE-2021-34956", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1187/advisory.json", "detail_path": "advisories/ZDI-21-1187", "id": "ZDI-21-1187", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1187/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14357", "zdi_id": "ZDI-21-1187" }, { "cve": "CVE-2021-34955", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1186/advisory.json", "detail_path": "advisories/ZDI-21-1186", "id": "ZDI-21-1186", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1186/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14356", "zdi_id": "ZDI-21-1186" }, { "cve": "CVE-2021-34954", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1185/advisory.json", "detail_path": "advisories/ZDI-21-1185", "id": "ZDI-21-1185", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1185/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14355", "zdi_id": "ZDI-21-1185" }, { "cve": "CVE-2021-34953", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1184/advisory.json", "detail_path": "advisories/ZDI-21-1184", "id": "ZDI-21-1184", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1184/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14658", "zdi_id": "ZDI-21-1184" }, { "cve": "CVE-2021-34952", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1183/advisory.json", "detail_path": "advisories/ZDI-21-1183", "id": "ZDI-21-1183", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1183/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14729", "zdi_id": "ZDI-21-1183" }, { "cve": "CVE-2021-34951", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1182/advisory.json", "detail_path": "advisories/ZDI-21-1182", "id": "ZDI-21-1182", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1182/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14395", "zdi_id": "ZDI-21-1182" }, { "cve": "CVE-2021-34950", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1181/advisory.json", "detail_path": "advisories/ZDI-21-1181", "id": "ZDI-21-1181", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1181/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14396", "zdi_id": "ZDI-21-1181" }, { "cve": "CVE-2021-34949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1180/advisory.json", "detail_path": "advisories/ZDI-21-1180", "id": "ZDI-21-1180", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1180/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14273", "zdi_id": "ZDI-21-1180" }, { "cve": "CVE-2021-34948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1179/advisory.json", "detail_path": "advisories/ZDI-21-1179", "id": "ZDI-21-1179", "kind": "published", "published_date": "2021-10-15", "status": "published", "title": "Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1179/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14272", "zdi_id": "ZDI-21-1179" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1178/advisory.json", "detail_path": "advisories/ZDI-21-1178", "id": "ZDI-21-1178", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1178/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13884", "zdi_id": "ZDI-21-1178" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1177/advisory.json", "detail_path": "advisories/ZDI-21-1177", "id": "ZDI-21-1177", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1177/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13906", "zdi_id": "ZDI-21-1177" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1176/advisory.json", "detail_path": "advisories/ZDI-21-1176", "id": "ZDI-21-1176", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1176/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13905", "zdi_id": "ZDI-21-1176" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1175/advisory.json", "detail_path": "advisories/ZDI-21-1175", "id": "ZDI-21-1175", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1175/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13904", "zdi_id": "ZDI-21-1175" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1174/advisory.json", "detail_path": "advisories/ZDI-21-1174", "id": "ZDI-21-1174", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1174/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13903", "zdi_id": "ZDI-21-1174" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1173/advisory.json", "detail_path": "advisories/ZDI-21-1173", "id": "ZDI-21-1173", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1173/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13852", "zdi_id": "ZDI-21-1173" }, { "cve": "CVE-2021-38442", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must access a compromised device or a device on a co...", "detail_json": "/data/advisories/ZDI-21-1172/advisory.json", "detail_path": "advisories/ZDI-21-1172", "id": "ZDI-21-1172", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PLC Configuration Data Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1172/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13790", "zdi_id": "ZDI-21-1172" }, { "cve": "CVE-2021-38440", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-1171/advisory.json", "detail_path": "advisories/ZDI-21-1171", "id": "ZDI-21-1171", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1171/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13744", "zdi_id": "ZDI-21-1171" }, { "cve": "CVE-2021-38438", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1170/advisory.json", "detail_path": "advisories/ZDI-21-1170", "id": "ZDI-21-1170", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1170/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13743", "zdi_id": "ZDI-21-1170" }, { "cve": "CVE-2021-38426", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1169/advisory.json", "detail_path": "advisories/ZDI-21-1169", "id": "ZDI-21-1169", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1169/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14039", "zdi_id": "ZDI-21-1169" }, { "cve": "CVE-2021-38434", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1168/advisory.json", "detail_path": "advisories/ZDI-21-1168", "id": "ZDI-21-1168", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Unexpected Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1168/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14112", "zdi_id": "ZDI-21-1168" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1167/advisory.json", "detail_path": "advisories/ZDI-21-1167", "id": "ZDI-21-1167", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1167/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-14072", "zdi_id": "ZDI-21-1167" }, { "cve": "CVE-2021-38442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1166/advisory.json", "detail_path": "advisories/ZDI-21-1166", "id": "ZDI-21-1166", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1166/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13934", "zdi_id": "ZDI-21-1166" }, { "cve": "CVE-2021-38430", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-1165/advisory.json", "detail_path": "advisories/ZDI-21-1165", "id": "ZDI-21-1165", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1165/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13933", "zdi_id": "ZDI-21-1165" }, { "cve": "CVE-2021-38432", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of data sent...", "detail_json": "/data/advisories/ZDI-21-1164/advisory.json", "detail_path": "advisories/ZDI-21-1164", "id": "ZDI-21-1164", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Fatek Automation Communication Server Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1164/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13791", "zdi_id": "ZDI-21-1164" }, { "cve": "CVE-2021-40731", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1163/advisory.json", "detail_path": "advisories/ZDI-21-1163", "id": "ZDI-21-1163", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1163/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15060", "zdi_id": "ZDI-21-1163" }, { "cve": "CVE-2021-40730", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-1162/advisory.json", "detail_path": "advisories/ZDI-21-1162", "id": "ZDI-21-1162", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1162/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-15059", "zdi_id": "ZDI-21-1162" }, { "cve": "CVE-2021-41347", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1161/advisory.json", "detail_path": "advisories/ZDI-21-1161", "id": "ZDI-21-1161", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows AppX Deployment Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1161/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14687", "zdi_id": "ZDI-21-1161" }, { "cve": "CVE-2021-40481", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1160/advisory.json", "detail_path": "advisories/ZDI-21-1160", "id": "ZDI-21-1160", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Office Visio WMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1160/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14224", "zdi_id": "ZDI-21-1160" }, { "cve": "CVE-2021-40480", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1159/advisory.json", "detail_path": "advisories/ZDI-21-1159", "id": "ZDI-21-1159", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Office Visio EMF File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1159/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14216", "zdi_id": "ZDI-21-1159" }, { "cve": "CVE-2021-40486", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1158/advisory.json", "detail_path": "advisories/ZDI-21-1158", "id": "ZDI-21-1158", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Office Word Converter Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1158/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14203", "zdi_id": "ZDI-21-1158" }, { "cve": "CVE-2021-26441", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1157/advisory.json", "detail_path": "advisories/ZDI-21-1157", "id": "ZDI-21-1157", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1157/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14006", "zdi_id": "ZDI-21-1157" }, { "cve": "CVE-2021-40489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1156/advisory.json", "detail_path": "advisories/ZDI-21-1156", "id": "ZDI-21-1156", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1156/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14005", "zdi_id": "ZDI-21-1156" }, { "cve": "CVE-2021-40478", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1155/advisory.json", "detail_path": "advisories/ZDI-21-1155", "id": "ZDI-21-1155", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1155/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14004", "zdi_id": "ZDI-21-1155" }, { "cve": "CVE-2021-41345", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1154/advisory.json", "detail_path": "advisories/ZDI-21-1154", "id": "ZDI-21-1154", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1154/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14003", "zdi_id": "ZDI-21-1154" }, { "cve": "CVE-2021-40488", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1153/advisory.json", "detail_path": "advisories/ZDI-21-1153", "id": "ZDI-21-1153", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1153/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14002", "zdi_id": "ZDI-21-1153" }, { "cve": "CVE-2021-22802", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.ex...", "detail_json": "/data/advisories/ZDI-21-1152/advisory.json", "detail_path": "advisories/ZDI-21-1152", "id": "ZDI-21-1152", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Schneider Electric IGSS Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1152/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13891", "zdi_id": "ZDI-21-1152" }, { "cve": "CVE-2021-22803", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.ex...", "detail_json": "/data/advisories/ZDI-21-1151/advisory.json", "detail_path": "advisories/ZDI-21-1151", "id": "ZDI-21-1151", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Schneider Electric IGSS Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1151/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13892", "zdi_id": "ZDI-21-1151" }, { "cve": "CVE-2021-22804", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by t...", "detail_json": "/data/advisories/ZDI-21-1150/advisory.json", "detail_path": "advisories/ZDI-21-1150", "id": "ZDI-21-1150", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Schneider Electric IGSS dc.exe Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1150/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-14460", "zdi_id": "ZDI-21-1150" }, { "cve": "CVE-2021-22805", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of commands sent to the ser...", "detail_json": "/data/advisories/ZDI-21-1149/advisory.json", "detail_path": "advisories/ZDI-21-1149", "id": "ZDI-21-1149", "kind": "published", "published_date": "2021-10-14", "status": "published", "title": "Schneider Electric IGSS Missing Authentication Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1149/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13893", "zdi_id": "ZDI-21-1149" }, { "cve": "CVE-2021-34866", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1148/advisory.json", "detail_path": "advisories/ZDI-21-1148", "id": "ZDI-21-1148", "kind": "published", "published_date": "2021-10-13", "status": "published", "title": "Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-14689", "zdi_id": "ZDI-21-1148" }, { "cve": "CVE-2021-36009", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-1147/advisory.json", "detail_path": "advisories/ZDI-21-1147", "id": "ZDI-21-1147", "kind": "published", "published_date": "2021-10-13", "status": "published", "title": "Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1147/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13860", "zdi_id": "ZDI-21-1147" }, { "cve": "CVE-2021-36008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1146/advisory.json", "detail_path": "advisories/ZDI-21-1146", "id": "ZDI-21-1146", "kind": "published", "published_date": "2021-10-13", "status": "published", "title": "Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1146/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13901", "zdi_id": "ZDI-21-1146" }, { "cve": "CVE-2021-35986", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1145/advisory.json", "detail_path": "advisories/ZDI-21-1145", "id": "ZDI-21-1145", "kind": "published", "published_date": "2021-10-13", "status": "published", "title": "Adobe Acrobat Pro DC getAnnots Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1145/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13556", "zdi_id": "ZDI-21-1145" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Project. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1144/advisory.json", "detail_path": "advisories/ZDI-21-1144", "id": "ZDI-21-1144", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Microsoft Project MPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1144/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14518", "zdi_id": "ZDI-21-1144" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1143/advisory.json", "detail_path": "advisories/ZDI-21-1143", "id": "ZDI-21-1143", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1143/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14630", "zdi_id": "ZDI-21-1143" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1142/advisory.json", "detail_path": "advisories/ZDI-21-1142", "id": "ZDI-21-1142", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1142/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13955", "zdi_id": "ZDI-21-1142" }, { "cve": "CVE-2021-27036", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1141/advisory.json", "detail_path": "advisories/ZDI-21-1141", "id": "ZDI-21-1141", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1141/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14257", "zdi_id": "ZDI-21-1141" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1140/advisory.json", "detail_path": "advisories/ZDI-21-1140", "id": "ZDI-21-1140", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1140/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14255", "zdi_id": "ZDI-21-1140" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1139/advisory.json", "detail_path": "advisories/ZDI-21-1139", "id": "ZDI-21-1139", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1139/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14254", "zdi_id": "ZDI-21-1139" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1138/advisory.json", "detail_path": "advisories/ZDI-21-1138", "id": "ZDI-21-1138", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1138/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13954", "zdi_id": "ZDI-21-1138" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1137/advisory.json", "detail_path": "advisories/ZDI-21-1137", "id": "ZDI-21-1137", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1137/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14253", "zdi_id": "ZDI-21-1137" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1136/advisory.json", "detail_path": "advisories/ZDI-21-1136", "id": "ZDI-21-1136", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1136/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14252", "zdi_id": "ZDI-21-1136" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1135/advisory.json", "detail_path": "advisories/ZDI-21-1135", "id": "ZDI-21-1135", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1135/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14251", "zdi_id": "ZDI-21-1135" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1134/advisory.json", "detail_path": "advisories/ZDI-21-1134", "id": "ZDI-21-1134", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1134/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14250", "zdi_id": "ZDI-21-1134" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1133/advisory.json", "detail_path": "advisories/ZDI-21-1133", "id": "ZDI-21-1133", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1133/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14249", "zdi_id": "ZDI-21-1133" }, { "cve": "CVE-2021-27034", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1132/advisory.json", "detail_path": "advisories/ZDI-21-1132", "id": "ZDI-21-1132", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14248", "zdi_id": "ZDI-21-1132" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1131/advisory.json", "detail_path": "advisories/ZDI-21-1131", "id": "ZDI-21-1131", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14247", "zdi_id": "ZDI-21-1131" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1130/advisory.json", "detail_path": "advisories/ZDI-21-1130", "id": "ZDI-21-1130", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14245", "zdi_id": "ZDI-21-1130" }, { "cve": "CVE-2021-27034", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-1129/advisory.json", "detail_path": "advisories/ZDI-21-1129", "id": "ZDI-21-1129", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14244", "zdi_id": "ZDI-21-1129" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1128/advisory.json", "detail_path": "advisories/ZDI-21-1128", "id": "ZDI-21-1128", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14241", "zdi_id": "ZDI-21-1128" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1127/advisory.json", "detail_path": "advisories/ZDI-21-1127", "id": "ZDI-21-1127", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14238", "zdi_id": "ZDI-21-1127" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1126/advisory.json", "detail_path": "advisories/ZDI-21-1126", "id": "ZDI-21-1126", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13948", "zdi_id": "ZDI-21-1126" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1125/advisory.json", "detail_path": "advisories/ZDI-21-1125", "id": "ZDI-21-1125", "kind": "published", "published_date": "2021-10-06", "status": "published", "title": "Autodesk Design Review RLC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13913", "zdi_id": "ZDI-21-1125" }, { "cve": "CVE-2021-41540", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1124/advisory.json", "detail_path": "advisories/ZDI-21-1124", "id": "ZDI-21-1124", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1124/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13776", "zdi_id": "ZDI-21-1124" }, { "cve": "CVE-2021-41539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1123/advisory.json", "detail_path": "advisories/ZDI-21-1123", "id": "ZDI-21-1123", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1123/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13773", "zdi_id": "ZDI-21-1123" }, { "cve": "CVE-2021-41538", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-1122/advisory.json", "detail_path": "advisories/ZDI-21-1122", "id": "ZDI-21-1122", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1122/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13770", "zdi_id": "ZDI-21-1122" }, { "cve": "CVE-2021-41537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1121/advisory.json", "detail_path": "advisories/ZDI-21-1121", "id": "ZDI-21-1121", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1121/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13789", "zdi_id": "ZDI-21-1121" }, { "cve": "CVE-2021-41536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1120/advisory.json", "detail_path": "advisories/ZDI-21-1120", "id": "ZDI-21-1120", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1120/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13778", "zdi_id": "ZDI-21-1120" }, { "cve": "CVE-2021-41535", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1119/advisory.json", "detail_path": "advisories/ZDI-21-1119", "id": "ZDI-21-1119", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1119/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13771", "zdi_id": "ZDI-21-1119" }, { "cve": "CVE-2021-41534", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-1118/advisory.json", "detail_path": "advisories/ZDI-21-1118", "id": "ZDI-21-1118", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1118/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13703", "zdi_id": "ZDI-21-1118" }, { "cve": "CVE-2021-41533", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-1117/advisory.json", "detail_path": "advisories/ZDI-21-1117", "id": "ZDI-21-1117", "kind": "published", "published_date": "2021-09-30", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1117/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13565", "zdi_id": "ZDI-21-1117" }, { "cve": "CVE-2021-34947", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_tabl...", "detail_json": "/data/advisories/ZDI-21-1116/advisory.json", "detail_path": "advisories/ZDI-21-1116", "id": "ZDI-21-1116", "kind": "published", "published_date": "2021-09-28", "status": "published", "title": "NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1116/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13055", "zdi_id": "ZDI-21-1116" }, { "cve": "CVE-2021-36745", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ServerProtect console. The issue resu...", "detail_json": "/data/advisories/ZDI-21-1115/advisory.json", "detail_path": "advisories/ZDI-21-1115", "id": "ZDI-21-1115", "kind": "published", "published_date": "2021-09-26", "status": "published", "title": "Trend Micro ServerProtect Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1115/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12771", "zdi_id": "ZDI-21-1115" }, { "cve": "CVE-2021-37179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1114/advisory.json", "detail_path": "advisories/ZDI-21-1114", "id": "ZDI-21-1114", "kind": "published", "published_date": "2021-09-24", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1114/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13777", "zdi_id": "ZDI-21-1114" }, { "cve": "CVE-2021-37180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1113/advisory.json", "detail_path": "advisories/ZDI-21-1113", "id": "ZDI-21-1113", "kind": "published", "published_date": "2021-09-24", "status": "published", "title": "Siemens Solid Edge Viewer OBJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1113/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13775", "zdi_id": "ZDI-21-1113" }, { "cve": "CVE-2021-32466", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-21-1112/advisory.json", "detail_path": "advisories/ZDI-21-1112", "id": "ZDI-21-1112", "kind": "published", "published_date": "2021-09-24", "status": "published", "title": "Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1112/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13794", "zdi_id": "ZDI-21-1112" }, { "cve": "CVE-2021-22009", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of js...", "detail_json": "/data/advisories/ZDI-21-1111/advisory.json", "detail_path": "advisories/ZDI-21-1111", "id": "ZDI-21-1111", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1111/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13641", "zdi_id": "ZDI-21-1111" }, { "cve": "CVE-2021-22009", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t...", "detail_json": "/data/advisories/ZDI-21-1110/advisory.json", "detail_path": "advisories/ZDI-21-1110", "id": "ZDI-21-1110", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1110/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13636", "zdi_id": "ZDI-21-1110" }, { "cve": "CVE-2021-22019", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of js...", "detail_json": "/data/advisories/ZDI-21-1109/advisory.json", "detail_path": "advisories/ZDI-21-1109", "id": "ZDI-21-1109", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1109/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13635", "zdi_id": "ZDI-21-1109" }, { "cve": "CVE-2021-22015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-21-1108/advisory.json", "detail_path": "advisories/ZDI-21-1108", "id": "ZDI-21-1108", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1108/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13634", "zdi_id": "ZDI-21-1108" }, { "cve": "CVE-2021-22008", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of jsonrpc me...", "detail_json": "/data/advisories/ZDI-21-1107/advisory.json", "detail_path": "advisories/ZDI-21-1107", "id": "ZDI-21-1107", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1107/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13633", "zdi_id": "ZDI-21-1107" }, { "cve": "CVE-2021-22015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-21-1106/advisory.json", "detail_path": "advisories/ZDI-21-1106", "id": "ZDI-21-1106", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1106/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13426", "zdi_id": "ZDI-21-1106" }, { "cve": "CVE-2021-22018", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Update Manager. The issue resu...", "detail_json": "/data/advisories/ZDI-21-1105/advisory.json", "detail_path": "advisories/ZDI-21-1105", "id": "ZDI-21-1105", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1105/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13425", "zdi_id": "ZDI-21-1105" }, { "cve": "CVE-2021-31847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-1104/advisory.json", "detail_path": "advisories/ZDI-21-1104", "id": "ZDI-21-1104", "kind": "published", "published_date": "2021-09-22", "status": "published", "title": "McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1104/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-13800", "zdi_id": "ZDI-21-1104" }, { "cve": "CVE-2021-36962", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-1103/advisory.json", "detail_path": "advisories/ZDI-21-1103", "id": "ZDI-21-1103", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Windows Installer Service Directory Junction Information Disclosure Vulnerability", "updated_date": "2021-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1103/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13768", "zdi_id": "ZDI-21-1103" }, { "cve": "CVE-2021-22797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Control Expert Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-21-1102/advisory.json", "detail_path": "advisories/ZDI-21-1102", "id": "ZDI-21-1102", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "Schneider Electric EcoStruxure Control Expert Classic STU and STA File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1102/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13461", "zdi_id": "ZDI-21-1102" }, { "cve": "CVE-2021-39839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1101/advisory.json", "detail_path": "advisories/ZDI-21-1101", "id": "ZDI-21-1101", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1101/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14597", "zdi_id": "ZDI-21-1101" }, { "cve": "CVE-2021-39836", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1100/advisory.json", "detail_path": "advisories/ZDI-21-1100", "id": "ZDI-21-1100", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1100/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14606", "zdi_id": "ZDI-21-1100" }, { "cve": "CVE-2021-39837", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1099/advisory.json", "detail_path": "advisories/ZDI-21-1099", "id": "ZDI-21-1099", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1099/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14596", "zdi_id": "ZDI-21-1099" }, { "cve": "CVE-2021-39838", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1098/advisory.json", "detail_path": "advisories/ZDI-21-1098", "id": "ZDI-21-1098", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1098/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14614", "zdi_id": "ZDI-21-1098" }, { "cve": "CVE-2021-39821", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1097/advisory.json", "detail_path": "advisories/ZDI-21-1097", "id": "ZDI-21-1097", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1097/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14379", "zdi_id": "ZDI-21-1097" }, { "cve": "CVE-2021-39840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1096/advisory.json", "detail_path": "advisories/ZDI-21-1096", "id": "ZDI-21-1096", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1096/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14126", "zdi_id": "ZDI-21-1096" }, { "cve": "CVE-2021-39822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1095/advisory.json", "detail_path": "advisories/ZDI-21-1095", "id": "ZDI-21-1095", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe InDesign BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1095/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14376", "zdi_id": "ZDI-21-1095" }, { "cve": "CVE-2021-40697", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1094/advisory.json", "detail_path": "advisories/ZDI-21-1094", "id": "ZDI-21-1094", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1094/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14372", "zdi_id": "ZDI-21-1094" }, { "cve": "CVE-2021-39858", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1093/advisory.json", "detail_path": "advisories/ZDI-21-1093", "id": "ZDI-21-1093", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1093/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14055", "zdi_id": "ZDI-21-1093" }, { "cve": "CVE-2021-39841", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1092/advisory.json", "detail_path": "advisories/ZDI-21-1092", "id": "ZDI-21-1092", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13877", "zdi_id": "ZDI-21-1092" }, { "cve": "CVE-2021-39832", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1091/advisory.json", "detail_path": "advisories/ZDI-21-1091", "id": "ZDI-21-1091", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1091/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13858", "zdi_id": "ZDI-21-1091" }, { "cve": "CVE-2021-39830", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1090/advisory.json", "detail_path": "advisories/ZDI-21-1090", "id": "ZDI-21-1090", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1090/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13728", "zdi_id": "ZDI-21-1090" }, { "cve": "CVE-2021-39829", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1089/advisory.json", "detail_path": "advisories/ZDI-21-1089", "id": "ZDI-21-1089", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1089/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13727", "zdi_id": "ZDI-21-1089" }, { "cve": "CVE-2021-39835", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1088/advisory.json", "detail_path": "advisories/ZDI-21-1088", "id": "ZDI-21-1088", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1088/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13902", "zdi_id": "ZDI-21-1088" }, { "cve": "CVE-2021-39831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1087/advisory.json", "detail_path": "advisories/ZDI-21-1087", "id": "ZDI-21-1087", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1087/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13729", "zdi_id": "ZDI-21-1087" }, { "cve": "CVE-2021-39833", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1086/advisory.json", "detail_path": "advisories/ZDI-21-1086", "id": "ZDI-21-1086", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1086/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13849", "zdi_id": "ZDI-21-1086" }, { "cve": "CVE-2021-39834", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1085/advisory.json", "detail_path": "advisories/ZDI-21-1085", "id": "ZDI-21-1085", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1085/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13848", "zdi_id": "ZDI-21-1085" }, { "cve": "CVE-2021-38659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-1084/advisory.json", "detail_path": "advisories/ZDI-21-1084", "id": "ZDI-21-1084", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft PowerPoint PPT File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1084/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14451", "zdi_id": "ZDI-21-1084" }, { "cve": "CVE-2021-38658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-1083/advisory.json", "detail_path": "advisories/ZDI-21-1083", "id": "ZDI-21-1083", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Office Word Converter Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14198", "zdi_id": "ZDI-21-1083" }, { "cve": "CVE-2021-38656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1082/advisory.json", "detail_path": "advisories/ZDI-21-1082", "id": "ZDI-21-1082", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1082/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13918", "zdi_id": "ZDI-21-1082" }, { "cve": "CVE-2021-38654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1081/advisory.json", "detail_path": "advisories/ZDI-21-1081", "id": "ZDI-21-1081", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Office Visio EMF File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1081/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14194", "zdi_id": "ZDI-21-1081" }, { "cve": "CVE-2021-38655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1080/advisory.json", "detail_path": "advisories/ZDI-21-1080", "id": "ZDI-21-1080", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1080/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14118", "zdi_id": "ZDI-21-1080" }, { "cve": "CVE-2021-38653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-1079/advisory.json", "detail_path": "advisories/ZDI-21-1079", "id": "ZDI-21-1079", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Office Visio EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1079/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13828", "zdi_id": "ZDI-21-1079" }, { "cve": "CVE-2021-36961", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-1078/advisory.json", "detail_path": "advisories/ZDI-21-1078", "id": "ZDI-21-1078", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Windows Installer Service Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1078/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13762", "zdi_id": "ZDI-21-1078" }, { "cve": "CVE-2021-26434", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-1077/advisory.json", "detail_path": "advisories/ZDI-21-1077", "id": "ZDI-21-1077", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Visual Studio Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14603", "zdi_id": "ZDI-21-1077" }, { "cve": "CVE-2021-36952", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-1076/advisory.json", "detail_path": "advisories/ZDI-21-1076", "id": "ZDI-21-1076", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-14041", "zdi_id": "ZDI-21-1076" }, { "cve": "CVE-2021-38634", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1075/advisory.json", "detail_path": "advisories/ZDI-21-1075", "id": "ZDI-21-1075", "kind": "published", "published_date": "2021-09-16", "status": "published", "title": "Microsoft Windows Update Agent Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13765", "zdi_id": "ZDI-21-1075" }, { "cve": "CVE-2021-25665", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter STAR-CCM+. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1074/advisory.json", "detail_path": "advisories/ZDI-21-1074", "id": "ZDI-21-1074", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Siemens Simcenter STAR-CCM+ SCE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1074/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13700", "zdi_id": "ZDI-21-1074" }, { "cve": "CVE-2021-37176", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-1073/advisory.json", "detail_path": "advisories/ZDI-21-1073", "id": "ZDI-21-1073", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Siemens Simcenter Femap MODFEM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1073/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-14260", "zdi_id": "ZDI-21-1073" }, { "cve": "CVE-2021-22795", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Struxureware Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the testRepository...", "detail_json": "/data/advisories/ZDI-21-1072/advisory.json", "detail_path": "advisories/ZDI-21-1072", "id": "ZDI-21-1072", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Schneider Electric Struxureware Data Center Expert Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1072/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13553", "zdi_id": "ZDI-21-1072" }, { "cve": "CVE-2021-22794", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Struxureware Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of fir...", "detail_json": "/data/advisories/ZDI-21-1071/advisory.json", "detail_path": "advisories/ZDI-21-1071", "id": "ZDI-21-1071", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Schneider Electric Struxureware Data Center Expert Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1071/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13077", "zdi_id": "ZDI-21-1071" }, { "cve": "CVE-2021-27030", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1070/advisory.json", "detail_path": "advisories/ZDI-21-1070", "id": "ZDI-21-1070", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1070/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14380", "zdi_id": "ZDI-21-1070" }, { "cve": "CVE-2021-27031", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1069/advisory.json", "detail_path": "advisories/ZDI-21-1069", "id": "ZDI-21-1069", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Autodesk FBX Review DAE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1069/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14280", "zdi_id": "ZDI-21-1069" }, { "cve": "CVE-2021-40157", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1068/advisory.json", "detail_path": "advisories/ZDI-21-1068", "id": "ZDI-21-1068", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Autodesk FBX Review DAE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1068/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14279", "zdi_id": "ZDI-21-1068" }, { "cve": "CVE-2021-27044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1067/advisory.json", "detail_path": "advisories/ZDI-21-1067", "id": "ZDI-21-1067", "kind": "published", "published_date": "2021-09-15", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1067/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-14036", "zdi_id": "ZDI-21-1067" }, { "cve": null, "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-1066/advisory.json", "detail_path": "advisories/ZDI-21-1066", "id": "ZDI-21-1066", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Parallels Desktop virtio-net Memory Corruption Privilege Escalation Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1066/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13246", "zdi_id": "ZDI-21-1066" }, { "cve": "CVE-2021-40156", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1065/advisory.json", "detail_path": "advisories/ZDI-21-1065", "id": "ZDI-21-1065", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1065/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13719", "zdi_id": "ZDI-21-1065" }, { "cve": "CVE-2021-27045", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1064/advisory.json", "detail_path": "advisories/ZDI-21-1064", "id": "ZDI-21-1064", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1064/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13718", "zdi_id": "ZDI-21-1064" }, { "cve": "CVE-2021-27046", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1063/advisory.json", "detail_path": "advisories/ZDI-21-1063", "id": "ZDI-21-1063", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1063/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13717", "zdi_id": "ZDI-21-1063" }, { "cve": "CVE-2021-40155", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-1062/advisory.json", "detail_path": "advisories/ZDI-21-1062", "id": "ZDI-21-1062", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1062/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13716", "zdi_id": "ZDI-21-1062" }, { "cve": "CVE-2021-27045", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1061/advisory.json", "detail_path": "advisories/ZDI-21-1061", "id": "ZDI-21-1061", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1061/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13715", "zdi_id": "ZDI-21-1061" }, { "cve": "CVE-2021-40155", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1060/advisory.json", "detail_path": "advisories/ZDI-21-1060", "id": "ZDI-21-1060", "kind": "published", "published_date": "2021-09-14", "status": "published", "title": "(0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1060/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13714", "zdi_id": "ZDI-21-1060" }, { "cve": "CVE-2021-33019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-1059/advisory.json", "detail_path": "advisories/ZDI-21-1059", "id": "ZDI-21-1059", "kind": "published", "published_date": "2021-09-08", "status": "published", "title": "Delta Industrial Automation DOPSoft TBK File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1059/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12877", "zdi_id": "ZDI-21-1059" }, { "cve": "CVE-2021-34870", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP me...", "detail_json": "/data/advisories/ZDI-21-1058/advisory.json", "detail_path": "advisories/ZDI-21-1058", "id": "ZDI-21-1058", "kind": "published", "published_date": "2021-09-08", "status": "published", "title": "NETGEAR XR1000 UPnP SOAPAction Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1058/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13325", "zdi_id": "ZDI-21-1058" }, { "cve": "CVE-2021-34869", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-1057/advisory.json", "detail_path": "advisories/ZDI-21-1057", "id": "ZDI-21-1057", "kind": "published", "published_date": "2021-09-08", "status": "published", "title": "Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1057/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13797", "zdi_id": "ZDI-21-1057" }, { "cve": "CVE-2021-34868", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-1056/advisory.json", "detail_path": "advisories/ZDI-21-1056", "id": "ZDI-21-1056", "kind": "published", "published_date": "2021-09-08", "status": "published", "title": "Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1056/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13712", "zdi_id": "ZDI-21-1056" }, { "cve": "CVE-2021-34867", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-1055/advisory.json", "detail_path": "advisories/ZDI-21-1055", "id": "ZDI-21-1055", "kind": "published", "published_date": "2021-09-08", "status": "published", "title": "Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1055/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13672", "zdi_id": "ZDI-21-1055" }, { "cve": "CVE-2021-38408", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be use...", "detail_json": "/data/advisories/ZDI-21-1054/advisory.json", "detail_path": "advisories/ZDI-21-1054", "id": "ZDI-21-1054", "kind": "published", "published_date": "2021-09-03", "status": "published", "title": "Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1054/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12967", "zdi_id": "ZDI-21-1054" }, { "cve": "CVE-2021-26431", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physically present attackers to bypass authentication on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lock screen. The issue results fr...", "detail_json": "/data/advisories/ZDI-21-1053/advisory.json", "detail_path": "advisories/ZDI-21-1053", "id": "ZDI-21-1053", "kind": "published", "published_date": "2021-09-02", "status": "published", "title": "Microsoft Windows Lock Screen Improper Access Control Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1053/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13692", "zdi_id": "ZDI-21-1053" }, { "cve": "CVE-2021-36744", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-21-1052/advisory.json", "detail_path": "advisories/ZDI-21-1052", "id": "ZDI-21-1052", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1052/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13371", "zdi_id": "ZDI-21-1052" }, { "cve": "CVE-2021-34865", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which li...", "detail_json": "/data/advisories/ZDI-21-1051/advisory.json", "detail_path": "advisories/ZDI-21-1051", "id": "ZDI-21-1051", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-13313", "zdi_id": "ZDI-21-1051" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1050/advisory.json", "detail_path": "advisories/ZDI-21-1050", "id": "ZDI-21-1050", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1050/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13494", "zdi_id": "ZDI-21-1050" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1049/advisory.json", "detail_path": "advisories/ZDI-21-1049", "id": "ZDI-21-1049", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1049/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13469", "zdi_id": "ZDI-21-1049" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1048/advisory.json", "detail_path": "advisories/ZDI-21-1048", "id": "ZDI-21-1048", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1048/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13495", "zdi_id": "ZDI-21-1048" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1047/advisory.json", "detail_path": "advisories/ZDI-21-1047", "id": "ZDI-21-1047", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1047/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13470", "zdi_id": "ZDI-21-1047" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1046/advisory.json", "detail_path": "advisories/ZDI-21-1046", "id": "ZDI-21-1046", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1046/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13493", "zdi_id": "ZDI-21-1046" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1045/advisory.json", "detail_path": "advisories/ZDI-21-1045", "id": "ZDI-21-1045", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1045/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13267", "zdi_id": "ZDI-21-1045" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1044/advisory.json", "detail_path": "advisories/ZDI-21-1044", "id": "ZDI-21-1044", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1044/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13263", "zdi_id": "ZDI-21-1044" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1043/advisory.json", "detail_path": "advisories/ZDI-21-1043", "id": "ZDI-21-1043", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1043/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13260", "zdi_id": "ZDI-21-1043" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1042/advisory.json", "detail_path": "advisories/ZDI-21-1042", "id": "ZDI-21-1042", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1042/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13257", "zdi_id": "ZDI-21-1042" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1041/advisory.json", "detail_path": "advisories/ZDI-21-1041", "id": "ZDI-21-1041", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1041/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13256", "zdi_id": "ZDI-21-1041" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1040/advisory.json", "detail_path": "advisories/ZDI-21-1040", "id": "ZDI-21-1040", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1040/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13255", "zdi_id": "ZDI-21-1040" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1039/advisory.json", "detail_path": "advisories/ZDI-21-1039", "id": "ZDI-21-1039", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1039/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13254", "zdi_id": "ZDI-21-1039" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1038/advisory.json", "detail_path": "advisories/ZDI-21-1038", "id": "ZDI-21-1038", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1038/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13253", "zdi_id": "ZDI-21-1038" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1037/advisory.json", "detail_path": "advisories/ZDI-21-1037", "id": "ZDI-21-1037", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1037/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13252", "zdi_id": "ZDI-21-1037" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1036/advisory.json", "detail_path": "advisories/ZDI-21-1036", "id": "ZDI-21-1036", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1036/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13276", "zdi_id": "ZDI-21-1036" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1035/advisory.json", "detail_path": "advisories/ZDI-21-1035", "id": "ZDI-21-1035", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1035/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13179", "zdi_id": "ZDI-21-1035" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1034/advisory.json", "detail_path": "advisories/ZDI-21-1034", "id": "ZDI-21-1034", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1034/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13295", "zdi_id": "ZDI-21-1034" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1033/advisory.json", "detail_path": "advisories/ZDI-21-1033", "id": "ZDI-21-1033", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1033/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13294", "zdi_id": "ZDI-21-1033" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1032/advisory.json", "detail_path": "advisories/ZDI-21-1032", "id": "ZDI-21-1032", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1032/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13293", "zdi_id": "ZDI-21-1032" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-1031/advisory.json", "detail_path": "advisories/ZDI-21-1031", "id": "ZDI-21-1031", "kind": "published", "published_date": "2021-08-30", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1031/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13292", "zdi_id": "ZDI-21-1031" }, { "cve": "CVE-2021-32931", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1030/advisory.json", "detail_path": "advisories/ZDI-21-1030", "id": "ZDI-21-1030", "kind": "published", "published_date": "2021-08-27", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1030/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13400", "zdi_id": "ZDI-21-1030" }, { "cve": "CVE-2021-32947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1029/advisory.json", "detail_path": "advisories/ZDI-21-1029", "id": "ZDI-21-1029", "kind": "published", "published_date": "2021-08-27", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1029/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13398", "zdi_id": "ZDI-21-1029" }, { "cve": "CVE-2021-32939", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1028/advisory.json", "detail_path": "advisories/ZDI-21-1028", "id": "ZDI-21-1028", "kind": "published", "published_date": "2021-08-27", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1028/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13392", "zdi_id": "ZDI-21-1028" }, { "cve": "CVE-2021-32931", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-1027/advisory.json", "detail_path": "advisories/ZDI-21-1027", "id": "ZDI-21-1027", "kind": "published", "published_date": "2021-08-27", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1027/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13388", "zdi_id": "ZDI-21-1027" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login reques...", "detail_json": "/data/advisories/ZDI-21-1026/advisory.json", "detail_path": "advisories/ZDI-21-1026", "id": "ZDI-21-1026", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "(0Day) D-Link DIR-2055 HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1026/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12686", "zdi_id": "ZDI-21-1026" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login reques...", "detail_json": "/data/advisories/ZDI-21-1025/advisory.json", "detail_path": "advisories/ZDI-21-1025", "id": "ZDI-21-1025", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "(0Day) D-Link DIR-2055 HNAP Incorrect Comparison Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1025/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12683", "zdi_id": "ZDI-21-1025" }, { "cve": "CVE-2021-34478", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-1024/advisory.json", "detail_path": "advisories/ZDI-21-1024", "id": "ZDI-21-1024", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Word glTF-SDK Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13401", "zdi_id": "ZDI-21-1024" }, { "cve": "CVE-2021-33007", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-1023/advisory.json", "detail_path": "advisories/ZDI-21-1023", "id": "ZDI-21-1023", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1023/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13073", "zdi_id": "ZDI-21-1023" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1022/advisory.json", "detail_path": "advisories/ZDI-21-1022", "id": "ZDI-21-1022", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver ColorFillBitmap NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13207", "zdi_id": "ZDI-21-1022" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1021/advisory.json", "detail_path": "advisories/ZDI-21-1021", "id": "ZDI-21-1021", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvFillPath NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1021/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13206", "zdi_id": "ZDI-21-1021" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1020/advisory.json", "detail_path": "advisories/ZDI-21-1020", "id": "ZDI-21-1020", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvTextOut NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13205", "zdi_id": "ZDI-21-1020" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1019/advisory.json", "detail_path": "advisories/ZDI-21-1019", "id": "ZDI-21-1019", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvGradientFill NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13204", "zdi_id": "ZDI-21-1019" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1018/advisory.json", "detail_path": "advisories/ZDI-21-1018", "id": "ZDI-21-1018", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStrokePath NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13203", "zdi_id": "ZDI-21-1018" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1017/advisory.json", "detail_path": "advisories/ZDI-21-1017", "id": "ZDI-21-1017", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStrokeAndFillPath NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1017/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13202", "zdi_id": "ZDI-21-1017" }, { "cve": "CVE-2021-34516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1016/advisory.json", "detail_path": "advisories/ZDI-21-1016", "id": "ZDI-21-1016", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvLineTo NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13201", "zdi_id": "ZDI-21-1016" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1015/advisory.json", "detail_path": "advisories/ZDI-21-1015", "id": "ZDI-21-1015", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvBitBltInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1015/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13054", "zdi_id": "ZDI-21-1015" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1014/advisory.json", "detail_path": "advisories/ZDI-21-1014", "id": "ZDI-21-1014", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvAlphaBlendInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12871", "zdi_id": "ZDI-21-1014" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1013/advisory.json", "detail_path": "advisories/ZDI-21-1013", "id": "ZDI-21-1013", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvBitBltInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12870", "zdi_id": "ZDI-21-1013" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1012/advisory.json", "detail_path": "advisories/ZDI-21-1012", "id": "ZDI-21-1012", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStretchBltROPInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12869", "zdi_id": "ZDI-21-1012" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1011/advisory.json", "detail_path": "advisories/ZDI-21-1011", "id": "ZDI-21-1011", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStretchBltInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1011/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12867", "zdi_id": "ZDI-21-1011" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1010/advisory.json", "detail_path": "advisories/ZDI-21-1010", "id": "ZDI-21-1010", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvPlgBltInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1010/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12866", "zdi_id": "ZDI-21-1010" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1009/advisory.json", "detail_path": "advisories/ZDI-21-1009", "id": "ZDI-21-1009", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvFillPath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1009/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12789", "zdi_id": "ZDI-21-1009" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1008/advisory.json", "detail_path": "advisories/ZDI-21-1008", "id": "ZDI-21-1008", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvTextOut Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1008/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12788", "zdi_id": "ZDI-21-1008" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1007/advisory.json", "detail_path": "advisories/ZDI-21-1007", "id": "ZDI-21-1007", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStrokeAndFillPath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12787", "zdi_id": "ZDI-21-1007" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1006/advisory.json", "detail_path": "advisories/ZDI-21-1006", "id": "ZDI-21-1006", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1006/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12786", "zdi_id": "ZDI-21-1006" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1005/advisory.json", "detail_path": "advisories/ZDI-21-1005", "id": "ZDI-21-1005", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvGradientFill Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1005/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12785", "zdi_id": "ZDI-21-1005" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-1004/advisory.json", "detail_path": "advisories/ZDI-21-1004", "id": "ZDI-21-1004", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvLineTo Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12784", "zdi_id": "ZDI-21-1004" }, { "cve": "CVE-2021-34859", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1003/advisory.json", "detail_path": "advisories/ZDI-21-1003", "id": "ZDI-21-1003", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "TeamViewer TVS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1003/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-13697", "zdi_id": "ZDI-21-1003" }, { "cve": "CVE-2021-34858", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1002/advisory.json", "detail_path": "advisories/ZDI-21-1002", "id": "ZDI-21-1002", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "TeamViewer TVS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1002/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-13607", "zdi_id": "ZDI-21-1002" }, { "cve": "CVE-2021-34858", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-1001/advisory.json", "detail_path": "advisories/ZDI-21-1001", "id": "ZDI-21-1001", "kind": "published", "published_date": "2021-08-26", "status": "published", "title": "Teamviewer TVS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1001/", "vendor": "TeamViewer", "vendor_url": null, "zdi_can": "ZDI-CAN-13606", "zdi_id": "ZDI-21-1001" }, { "cve": "CVE-2021-34864", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-1000/advisory.json", "detail_path": "advisories/ZDI-21-1000", "id": "ZDI-21-1000", "kind": "published", "published_date": "2021-08-25", "status": "published", "title": "(Pwn2Own) Parallels Desktop WinAppHelper Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2021-08-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1000/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13543", "zdi_id": "ZDI-21-1000" }, { "cve": "CVE-2021-31343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-999/advisory.json", "detail_path": "advisories/ZDI-21-999", "id": "ZDI-21-999", "kind": "published", "published_date": "2021-08-24", "status": "published", "title": "Siemens Solid Edge Viewer DFT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-999/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12994", "zdi_id": "ZDI-21-999" }, { "cve": "CVE-2021-31342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-998/advisory.json", "detail_path": "advisories/ZDI-21-998", "id": "ZDI-21-998", "kind": "published", "published_date": "2021-08-24", "status": "published", "title": "Siemens Solid Edge Viewer DFT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-998/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12993", "zdi_id": "ZDI-21-998" }, { "cve": "CVE-2021-36071", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-997/advisory.json", "detail_path": "advisories/ZDI-21-997", "id": "ZDI-21-997", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-997/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14135", "zdi_id": "ZDI-21-997" }, { "cve": "CVE-2021-36079", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-996/advisory.json", "detail_path": "advisories/ZDI-21-996", "id": "ZDI-21-996", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-996/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13935", "zdi_id": "ZDI-21-996" }, { "cve": "CVE-2021-36074", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-995/advisory.json", "detail_path": "advisories/ZDI-21-995", "id": "ZDI-21-995", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-995/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13900", "zdi_id": "ZDI-21-995" }, { "cve": "CVE-2021-36073", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-994/advisory.json", "detail_path": "advisories/ZDI-21-994", "id": "ZDI-21-994", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-994/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13854", "zdi_id": "ZDI-21-994" }, { "cve": "CVE-2021-36072", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-993/advisory.json", "detail_path": "advisories/ZDI-21-993", "id": "ZDI-21-993", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-993/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13853", "zdi_id": "ZDI-21-993" }, { "cve": "CVE-2021-36066", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-992/advisory.json", "detail_path": "advisories/ZDI-21-992", "id": "ZDI-21-992", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-992/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13851", "zdi_id": "ZDI-21-992" }, { "cve": "CVE-2021-36078", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-991/advisory.json", "detail_path": "advisories/ZDI-21-991", "id": "ZDI-21-991", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Adobe Bridge PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-991/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13843", "zdi_id": "ZDI-21-991" }, { "cve": "CVE-2021-32944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-990/advisory.json", "detail_path": "advisories/ZDI-21-990", "id": "ZDI-21-990", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13468", "zdi_id": "ZDI-21-990" }, { "cve": "CVE-2021-32952", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-989/advisory.json", "detail_path": "advisories/ZDI-21-989", "id": "ZDI-21-989", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13417", "zdi_id": "ZDI-21-989" }, { "cve": "CVE-2021-32950", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-988/advisory.json", "detail_path": "advisories/ZDI-21-988", "id": "ZDI-21-988", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-988/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13415", "zdi_id": "ZDI-21-988" }, { "cve": "CVE-2021-32944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-987/advisory.json", "detail_path": "advisories/ZDI-21-987", "id": "ZDI-21-987", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13413", "zdi_id": "ZDI-21-987" }, { "cve": "CVE-2021-32940", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-986/advisory.json", "detail_path": "advisories/ZDI-21-986", "id": "ZDI-21-986", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-986/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13412", "zdi_id": "ZDI-21-986" }, { "cve": "CVE-2021-32946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-985/advisory.json", "detail_path": "advisories/ZDI-21-985", "id": "ZDI-21-985", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13411", "zdi_id": "ZDI-21-985" }, { "cve": "CVE-2021-32948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-984/advisory.json", "detail_path": "advisories/ZDI-21-984", "id": "ZDI-21-984", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-984/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13410", "zdi_id": "ZDI-21-984" }, { "cve": "CVE-2021-32946", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-983/advisory.json", "detail_path": "advisories/ZDI-21-983", "id": "ZDI-21-983", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13409", "zdi_id": "ZDI-21-983" }, { "cve": "CVE-2021-32936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-982/advisory.json", "detail_path": "advisories/ZDI-21-982", "id": "ZDI-21-982", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-982/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13408", "zdi_id": "ZDI-21-982" }, { "cve": "CVE-2021-33738", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-981/advisory.json", "detail_path": "advisories/ZDI-21-981", "id": "ZDI-21-981", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-981/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13405", "zdi_id": "ZDI-21-981" }, { "cve": "CVE-2021-32938", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-980/advisory.json", "detail_path": "advisories/ZDI-21-980", "id": "ZDI-21-980", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-980/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13378", "zdi_id": "ZDI-21-980" }, { "cve": "CVE-2021-34863", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page par...", "detail_json": "/data/advisories/ZDI-21-979/advisory.json", "detail_path": "advisories/ZDI-21-979", "id": "ZDI-21-979", "kind": "published", "published_date": "2021-12-22", "status": "published", "title": "D-Link DAP-2020 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-12-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-979/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13271", "zdi_id": "ZDI-21-979" }, { "cve": "CVE-2021-34862", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu par...", "detail_json": "/data/advisories/ZDI-21-978/advisory.json", "detail_path": "advisories/ZDI-21-978", "id": "ZDI-21-978", "kind": "published", "published_date": "2021-12-22", "status": "published", "title": "D-Link DAP-2020 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-12-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-978/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-13270", "zdi_id": "ZDI-21-978" }, { "cve": "CVE-2021-34861", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which list...", "detail_json": "/data/advisories/ZDI-21-977/advisory.json", "detail_path": "advisories/ZDI-21-977", "id": "ZDI-21-977", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "D-Link DAP-2020 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-977/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12104", "zdi_id": "ZDI-21-977" }, { "cve": "CVE-2021-34860", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getp...", "detail_json": "/data/advisories/ZDI-21-976/advisory.json", "detail_path": "advisories/ZDI-21-976", "id": "ZDI-21-976", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "D-Link DAP-2020 webproc getpage Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-976/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12103", "zdi_id": "ZDI-21-976" }, { "cve": "CVE-2021-34510", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-975/advisory.json", "detail_path": "advisories/ZDI-21-975", "id": "ZDI-21-975", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "(Pwn2Own) Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-975/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13444", "zdi_id": "ZDI-21-975" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the amf endpoint, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-974/advisory.json", "detail_path": "advisories/ZDI-21-974", "id": "ZDI-21-974", "kind": "published", "published_date": "2021-08-18", "status": "published", "title": "Cisco UCS Director AMF XML External Entity Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-974/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-13143", "zdi_id": "ZDI-21-974" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIPHY messages. The issue results f...", "detail_json": "/data/advisories/ZDI-21-973/advisory.json", "detail_path": "advisories/ZDI-21-973", "id": "ZDI-21-973", "kind": "published", "published_date": "2021-08-17", "status": "published", "title": "(Pwn2Own) Zoom Client GIPHY URL Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-973/", "vendor": "Zoom", "vendor_url": null, "zdi_can": "ZDI-CAN-13617", "zdi_id": "ZDI-21-973" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Zoom Marketplace URLs. The...", "detail_json": "/data/advisories/ZDI-21-972/advisory.json", "detail_path": "advisories/ZDI-21-972", "id": "ZDI-21-972", "kind": "published", "published_date": "2021-08-17", "status": "published", "title": "(Pwn2Own) Zoom Client Marketplace Use of Incorrectly-Resolved Name or Reference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-972/", "vendor": "Zoom", "vendor_url": null, "zdi_can": "ZDI-CAN-13616", "zdi_id": "ZDI-21-972" }, { "cve": "CVE-2021-34407", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of encrypted messages. The issue resul...", "detail_json": "/data/advisories/ZDI-21-971/advisory.json", "detail_path": "advisories/ZDI-21-971", "id": "ZDI-21-971", "kind": "published", "published_date": "2021-08-17", "status": "published", "title": "(Pwn2Own) Zoom Heap based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-971/", "vendor": "Zoom", "vendor_url": null, "zdi_can": "ZDI-CAN-13587", "zdi_id": "ZDI-21-971" }, { "cve": "CVE-2021-30789", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-970/advisory.json", "detail_path": "advisories/ZDI-21-970", "id": "ZDI-21-970", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Apple macOS CoreText TTF File Parsing Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-970/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13875", "zdi_id": "ZDI-21-970" }, { "cve": "CVE-2021-34501", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-969/advisory.json", "detail_path": "advisories/ZDI-21-969", "id": "ZDI-21-969", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Excel XLS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-969/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13508", "zdi_id": "ZDI-21-969" }, { "cve": "CVE-2021-36945", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-968/advisory.json", "detail_path": "advisories/ZDI-21-968", "id": "ZDI-21-968", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows Update Assistant Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-968/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13429", "zdi_id": "ZDI-21-968" }, { "cve": "CVE-2021-34536", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-967/advisory.json", "detail_path": "advisories/ZDI-21-967", "id": "ZDI-21-967", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-967/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13691", "zdi_id": "ZDI-21-967" }, { "cve": "CVE-2021-34484", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-966/advisory.json", "detail_path": "advisories/ZDI-21-966", "id": "ZDI-21-966", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-966/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13488", "zdi_id": "ZDI-21-966" }, { "cve": "CVE-2021-26426", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-965/advisory.json", "detail_path": "advisories/ZDI-21-965", "id": "ZDI-21-965", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-965/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13486", "zdi_id": "ZDI-21-965" }, { "cve": "CVE-2021-26425", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-964/advisory.json", "detail_path": "advisories/ZDI-21-964", "id": "ZDI-21-964", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows Event Tracing Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-964/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13503", "zdi_id": "ZDI-21-964" }, { "cve": "CVE-2021-26431", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-963/advisory.json", "detail_path": "advisories/ZDI-21-963", "id": "ZDI-21-963", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-963/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13457", "zdi_id": "ZDI-21-963" }, { "cve": "CVE-2021-34471", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-962/advisory.json", "detail_path": "advisories/ZDI-21-962", "id": "ZDI-21-962", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Microsoft Windows Defender Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-962/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13504", "zdi_id": "ZDI-21-962" }, { "cve": "CVE-2021-30789", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-961/advisory.json", "detail_path": "advisories/ZDI-21-961", "id": "ZDI-21-961", "kind": "published", "published_date": "2021-08-11", "status": "published", "title": "Apple macOS CoreText TTF Parsing Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-961/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14466", "zdi_id": "ZDI-21-961" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-960/advisory.json", "detail_path": "advisories/ZDI-21-960", "id": "ZDI-21-960", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-960/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13127", "zdi_id": "ZDI-21-960" }, { "cve": "CVE-2021-38402", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-959/advisory.json", "detail_path": "advisories/ZDI-21-959", "id": "ZDI-21-959", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-959/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13128", "zdi_id": "ZDI-21-959" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-958/advisory.json", "detail_path": "advisories/ZDI-21-958", "id": "ZDI-21-958", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-958/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13126", "zdi_id": "ZDI-21-958" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-957/advisory.json", "detail_path": "advisories/ZDI-21-957", "id": "ZDI-21-957", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-957/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13125", "zdi_id": "ZDI-21-957" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-956/advisory.json", "detail_path": "advisories/ZDI-21-956", "id": "ZDI-21-956", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-956/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13124", "zdi_id": "ZDI-21-956" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-955/advisory.json", "detail_path": "advisories/ZDI-21-955", "id": "ZDI-21-955", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-955/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13123", "zdi_id": "ZDI-21-955" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-954/advisory.json", "detail_path": "advisories/ZDI-21-954", "id": "ZDI-21-954", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-954/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13122", "zdi_id": "ZDI-21-954" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-953/advisory.json", "detail_path": "advisories/ZDI-21-953", "id": "ZDI-21-953", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-953/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13121", "zdi_id": "ZDI-21-953" }, { "cve": "CVE-2021-38406", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-952/advisory.json", "detail_path": "advisories/ZDI-21-952", "id": "ZDI-21-952", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-952/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13120", "zdi_id": "ZDI-21-952" }, { "cve": "CVE-2021-38404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-951/advisory.json", "detail_path": "advisories/ZDI-21-951", "id": "ZDI-21-951", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-951/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-13071", "zdi_id": "ZDI-21-951" }, { "cve": "CVE-2021-30790", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AppKit library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-21-950/advisory.json", "detail_path": "advisories/ZDI-21-950", "id": "ZDI-21-950", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "Apple macOS AppKit PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-950/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13578", "zdi_id": "ZDI-21-950" }, { "cve": "CVE-2021-30790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-21-949/advisory.json", "detail_path": "advisories/ZDI-21-949", "id": "ZDI-21-949", "kind": "published", "published_date": "2021-08-09", "status": "published", "title": "Apple macOS CoreGraphics JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-949/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13577", "zdi_id": "ZDI-21-949" }, { "cve": "CVE-2021-30796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-948/advisory.json", "detail_path": "advisories/ZDI-21-948", "id": "ZDI-21-948", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS ModelIO USD File Parsing Out-Of-Bounds Write Remote Code Execute Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-948/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-14011", "zdi_id": "ZDI-21-948" }, { "cve": "CVE-2021-30792", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-947/advisory.json", "detail_path": "advisories/ZDI-21-947", "id": "ZDI-21-947", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS ModelIO ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-947/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13761", "zdi_id": "ZDI-21-947" }, { "cve": "CVE-2021-30791", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-946/advisory.json", "detail_path": "advisories/ZDI-21-946", "id": "ZDI-21-946", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS ModelIO ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-946/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13759", "zdi_id": "ZDI-21-946" }, { "cve": "CVE-2021-30788", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-945/advisory.json", "detail_path": "advisories/ZDI-21-945", "id": "ZDI-21-945", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-945/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13505", "zdi_id": "ZDI-21-945" }, { "cve": "CVE-2021-30787", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-944/advisory.json", "detail_path": "advisories/ZDI-21-944", "id": "ZDI-21-944", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-944/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13479", "zdi_id": "ZDI-21-944" }, { "cve": "CVE-2021-30706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-943/advisory.json", "detail_path": "advisories/ZDI-21-943", "id": "ZDI-21-943", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-943/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13362", "zdi_id": "ZDI-21-943" }, { "cve": "CVE-2021-30706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-942/advisory.json", "detail_path": "advisories/ZDI-21-942", "id": "ZDI-21-942", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-942/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13360", "zdi_id": "ZDI-21-942" }, { "cve": "CVE-2021-30759", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libType1Scaler library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. T...", "detail_json": "/data/advisories/ZDI-21-941/advisory.json", "detail_path": "advisories/ZDI-21-941", "id": "ZDI-21-941", "kind": "published", "published_date": "2021-08-05", "status": "published", "title": "Apple macOS libType1Scaler PFB Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-941/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13268", "zdi_id": "ZDI-21-941" }, { "cve": "CVE-2021-34857", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-940/advisory.json", "detail_path": "advisories/ZDI-21-940", "id": "ZDI-21-940", "kind": "published", "published_date": "2021-08-03", "status": "published", "title": "(Pwn2Own) Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-940/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13601", "zdi_id": "ZDI-21-940" }, { "cve": "CVE-2021-34855", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-939/advisory.json", "detail_path": "advisories/ZDI-21-939", "id": "ZDI-21-939", "kind": "published", "published_date": "2021-08-03", "status": "published", "title": "(Pwn2Own) Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-939/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13592", "zdi_id": "ZDI-21-939" }, { "cve": "CVE-2021-34856", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-938/advisory.json", "detail_path": "advisories/ZDI-21-938", "id": "ZDI-21-938", "kind": "published", "published_date": "2021-08-03", "status": "published", "title": "(Pwn2Own) Parallels Desktop virtio-gpu Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-938/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13581", "zdi_id": "ZDI-21-938" }, { "cve": "CVE-2021-34854", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-937/advisory.json", "detail_path": "advisories/ZDI-21-937", "id": "ZDI-21-937", "kind": "published", "published_date": "2021-08-03", "status": "published", "title": "(Pwn2Own) Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-937/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13544", "zdi_id": "ZDI-21-937" }, { "cve": "CVE-2021-36928", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-21-936/advisory.json", "detail_path": "advisories/ZDI-21-936", "id": "ZDI-21-936", "kind": "published", "published_date": "2021-08-03", "status": "published", "title": "Microsoft Edge Installer Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-936/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13799", "zdi_id": "ZDI-21-936" }, { "cve": "CVE-2021-34853", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-935/advisory.json", "detail_path": "advisories/ZDI-21-935", "id": "ZDI-21-935", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-935/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14013", "zdi_id": "ZDI-21-935" }, { "cve": "CVE-2021-34852", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-934/advisory.json", "detail_path": "advisories/ZDI-21-934", "id": "ZDI-21-934", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-934/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13929", "zdi_id": "ZDI-21-934" }, { "cve": "CVE-2021-34851", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-933/advisory.json", "detail_path": "advisories/ZDI-21-933", "id": "ZDI-21-933", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-933/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14016", "zdi_id": "ZDI-21-933" }, { "cve": "CVE-2021-34850", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-932/advisory.json", "detail_path": "advisories/ZDI-21-932", "id": "ZDI-21-932", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-932/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14529", "zdi_id": "ZDI-21-932" }, { "cve": "CVE-2021-34849", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-931/advisory.json", "detail_path": "advisories/ZDI-21-931", "id": "ZDI-21-931", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-931/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14531", "zdi_id": "ZDI-21-931" }, { "cve": "CVE-2021-34848", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-930/advisory.json", "detail_path": "advisories/ZDI-21-930", "id": "ZDI-21-930", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-930/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14532", "zdi_id": "ZDI-21-930" }, { "cve": "CVE-2021-34847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-929/advisory.json", "detail_path": "advisories/ZDI-21-929", "id": "ZDI-21-929", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-929/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14270", "zdi_id": "ZDI-21-929" }, { "cve": "CVE-2021-34846", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-928/advisory.json", "detail_path": "advisories/ZDI-21-928", "id": "ZDI-21-928", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-928/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14120", "zdi_id": "ZDI-21-928" }, { "cve": "CVE-2021-34845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-927/advisory.json", "detail_path": "advisories/ZDI-21-927", "id": "ZDI-21-927", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-927/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14034", "zdi_id": "ZDI-21-927" }, { "cve": "CVE-2021-34844", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-926/advisory.json", "detail_path": "advisories/ZDI-21-926", "id": "ZDI-21-926", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-926/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14033", "zdi_id": "ZDI-21-926" }, { "cve": "CVE-2021-34843", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-925/advisory.json", "detail_path": "advisories/ZDI-21-925", "id": "ZDI-21-925", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-925/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14025", "zdi_id": "ZDI-21-925" }, { "cve": "CVE-2021-34842", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-924/advisory.json", "detail_path": "advisories/ZDI-21-924", "id": "ZDI-21-924", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-924/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14024", "zdi_id": "ZDI-21-924" }, { "cve": "CVE-2021-34841", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-923/advisory.json", "detail_path": "advisories/ZDI-21-923", "id": "ZDI-21-923", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-923/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14022", "zdi_id": "ZDI-21-923" }, { "cve": "CVE-2021-34840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-922/advisory.json", "detail_path": "advisories/ZDI-21-922", "id": "ZDI-21-922", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-922/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14021", "zdi_id": "ZDI-21-922" }, { "cve": "CVE-2021-34839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-921/advisory.json", "detail_path": "advisories/ZDI-21-921", "id": "ZDI-21-921", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-921/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14020", "zdi_id": "ZDI-21-921" }, { "cve": "CVE-2021-34838", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-920/advisory.json", "detail_path": "advisories/ZDI-21-920", "id": "ZDI-21-920", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-920/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14019", "zdi_id": "ZDI-21-920" }, { "cve": "CVE-2021-34837", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-919/advisory.json", "detail_path": "advisories/ZDI-21-919", "id": "ZDI-21-919", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-919/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14018", "zdi_id": "ZDI-21-919" }, { "cve": "CVE-2021-34836", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-918/advisory.json", "detail_path": "advisories/ZDI-21-918", "id": "ZDI-21-918", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-918/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14017", "zdi_id": "ZDI-21-918" }, { "cve": "CVE-2021-34835", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-917/advisory.json", "detail_path": "advisories/ZDI-21-917", "id": "ZDI-21-917", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-917/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14015", "zdi_id": "ZDI-21-917" }, { "cve": "CVE-2021-34834", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-916/advisory.json", "detail_path": "advisories/ZDI-21-916", "id": "ZDI-21-916", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-916/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14014", "zdi_id": "ZDI-21-916" }, { "cve": "CVE-2021-34833", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-915/advisory.json", "detail_path": "advisories/ZDI-21-915", "id": "ZDI-21-915", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-915/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-14023", "zdi_id": "ZDI-21-915" }, { "cve": "CVE-2021-34832", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-914/advisory.json", "detail_path": "advisories/ZDI-21-914", "id": "ZDI-21-914", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit PDF Reader delay Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-914/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13928", "zdi_id": "ZDI-21-914" }, { "cve": "CVE-2021-34831", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-913/advisory.json", "detail_path": "advisories/ZDI-21-913", "id": "ZDI-21-913", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Foxit Reader embedDocAsDataObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-08-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-913/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13741", "zdi_id": "ZDI-21-913" }, { "cve": "CVE-2021-36015", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-912/advisory.json", "detail_path": "advisories/ZDI-21-912", "id": "ZDI-21-912", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Adobe Media Encoder PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-912/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14136", "zdi_id": "ZDI-21-912" }, { "cve": "CVE-2021-32465", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Apex One. Authentication as a low-privileged Windows domain user is required to exploit this vulnerability. The specific flaw exists within the produc...", "detail_json": "/data/advisories/ZDI-21-911/advisory.json", "detail_path": "advisories/ZDI-21-911", "id": "ZDI-21-911", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Trend Micro Apex One Incorrect Permission Preservation Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13769", "zdi_id": "ZDI-21-911" }, { "cve": "CVE-2021-32464", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-910/advisory.json", "detail_path": "advisories/ZDI-21-910", "id": "ZDI-21-910", "kind": "published", "published_date": "2021-07-30", "status": "published", "title": "Trend Micro Worry-Free Business Security Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12851", "zdi_id": "ZDI-21-910" }, { "cve": "CVE-2021-43209", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-909/advisory.json", "detail_path": "advisories/ZDI-21-909", "id": "ZDI-21-909", "kind": "published", "published_date": "2021-07-29", "status": "published", "title": "(0Day) Microsoft 3D Viewer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-909/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13085", "zdi_id": "ZDI-21-909" }, { "cve": "CVE-2021-36007", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-908/advisory.json", "detail_path": "advisories/ZDI-21-908", "id": "ZDI-21-908", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-908/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13735", "zdi_id": "ZDI-21-908" }, { "cve": "CVE-2021-36016", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-907/advisory.json", "detail_path": "advisories/ZDI-21-907", "id": "ZDI-21-907", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Media Encoder FLV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-907/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13812", "zdi_id": "ZDI-21-907" }, { "cve": "CVE-2021-36014", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-906/advisory.json", "detail_path": "advisories/ZDI-21-906", "id": "ZDI-21-906", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-906/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13733", "zdi_id": "ZDI-21-906" }, { "cve": "CVE-2021-36001", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-905/advisory.json", "detail_path": "advisories/ZDI-21-905", "id": "ZDI-21-905", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Character Animator PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-905/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13974", "zdi_id": "ZDI-21-905" }, { "cve": "CVE-2021-40766", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-904/advisory.json", "detail_path": "advisories/ZDI-21-904", "id": "ZDI-21-904", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-904/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13973", "zdi_id": "ZDI-21-904" }, { "cve": "CVE-2021-36006", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-903/advisory.json", "detail_path": "advisories/ZDI-21-903", "id": "ZDI-21-903", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-903/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13734", "zdi_id": "ZDI-21-903" }, { "cve": "CVE-2021-36003", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-902/advisory.json", "detail_path": "advisories/ZDI-21-902", "id": "ZDI-21-902", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-902/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13753", "zdi_id": "ZDI-21-902" }, { "cve": "CVE-2021-36019", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-901/advisory.json", "detail_path": "advisories/ZDI-21-901", "id": "ZDI-21-901", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-901/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-14154", "zdi_id": "ZDI-21-901" }, { "cve": "CVE-2021-36017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-900/advisory.json", "detail_path": "advisories/ZDI-21-900", "id": "ZDI-21-900", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-900/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13859", "zdi_id": "ZDI-21-900" }, { "cve": "CVE-2021-36018", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-899/advisory.json", "detail_path": "advisories/ZDI-21-899", "id": "ZDI-21-899", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-899/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13899", "zdi_id": "ZDI-21-899" }, { "cve": "CVE-2021-35995", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-898/advisory.json", "detail_path": "advisories/ZDI-21-898", "id": "ZDI-21-898", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-898/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13731", "zdi_id": "ZDI-21-898" }, { "cve": "CVE-2021-35993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-897/advisory.json", "detail_path": "advisories/ZDI-21-897", "id": "ZDI-21-897", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-897/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13527", "zdi_id": "ZDI-21-897" }, { "cve": "CVE-2021-35994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-896/advisory.json", "detail_path": "advisories/ZDI-21-896", "id": "ZDI-21-896", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-896/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13525", "zdi_id": "ZDI-21-896" }, { "cve": "CVE-2021-34516", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-895/advisory.json", "detail_path": "advisories/ZDI-21-895", "id": "ZDI-21-895", "kind": "published", "published_date": "2021-07-28", "status": "published", "title": "Microsoft Windows Canonical Display Driver DrvTransparentBltInternal Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-895/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12868", "zdi_id": "ZDI-21-895" }, { "cve": "CVE-2021-31198", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-21-894/advisory.json", "detail_path": "advisories/ZDI-21-894", "id": "ZDI-21-894", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server OAB Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-894/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13610", "zdi_id": "ZDI-21-894" }, { "cve": "CVE-2021-30764", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-893/advisory.json", "detail_path": "advisories/ZDI-21-893", "id": "ZDI-21-893", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "(0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-893/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12843", "zdi_id": "ZDI-21-893" }, { "cve": "CVE-2021-30706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-892/advisory.json", "detail_path": "advisories/ZDI-21-892", "id": "ZDI-21-892", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "(0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-892/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12842", "zdi_id": "ZDI-21-892" }, { "cve": "CVE-2021-30662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-21-891/advisory.json", "detail_path": "advisories/ZDI-21-891", "id": "ZDI-21-891", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "(0Day) Apple macOS ImageIO TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-891/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12811", "zdi_id": "ZDI-21-891" }, { "cve": "CVE-2021-30742", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-890/advisory.json", "detail_path": "advisories/ZDI-21-890", "id": "ZDI-21-890", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "(0Day) Apple macOS AudioToolboxCore LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-890/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12997", "zdi_id": "ZDI-21-890" }, { "cve": "CVE-2021-2429", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of InnoDB commands. The issue results from th...", "detail_json": "/data/advisories/ZDI-21-889/advisory.json", "detail_path": "advisories/ZDI-21-889", "id": "ZDI-21-889", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "MySQL InnoDB Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-08-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-889/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13551", "zdi_id": "ZDI-21-889" }, { "cve": "CVE-2021-2409", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-888/advisory.json", "detail_path": "advisories/ZDI-21-888", "id": "ZDI-21-888", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle VirtualBox NAT Numeric Truncation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-888/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13478", "zdi_id": "ZDI-21-888" }, { "cve": "CVE-2021-2401", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DOMParser endpoint, which...", "detail_json": "/data/advisories/ZDI-21-887/advisory.json", "detail_path": "advisories/ZDI-21-887", "id": "ZDI-21-887", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence DOMParser XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-887/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13067", "zdi_id": "ZDI-21-887" }, { "cve": "CVE-2021-2400", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SAXParser endpoint, which...", "detail_json": "/data/advisories/ZDI-21-886/advisory.json", "detail_path": "advisories/ZDI-21-886", "id": "ZDI-21-886", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence SAXParser XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-886/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13065", "zdi_id": "ZDI-21-886" }, { "cve": "CVE-2021-2456", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within BIRemotingServlet. The issue results...", "detail_json": "/data/advisories/ZDI-21-885/advisory.json", "detail_path": "advisories/ZDI-21-885", "id": "ZDI-21-885", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence BIRemotingServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-885/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13036", "zdi_id": "ZDI-21-885" }, { "cve": "CVE-2021-2396", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateConnectionServlet class. The is...", "detail_json": "/data/advisories/ZDI-21-884/advisory.json", "detail_path": "advisories/ZDI-21-884", "id": "ZDI-21-884", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence UpdateConnectionServlet JNDI Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-884/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13104", "zdi_id": "ZDI-21-884" }, { "cve": "CVE-2021-2392", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UploadFndDBCPage cl...", "detail_json": "/data/advisories/ZDI-21-883/advisory.json", "detail_path": "advisories/ZDI-21-883", "id": "ZDI-21-883", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence UploadFndDBCPage Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-883/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13377", "zdi_id": "ZDI-21-883" }, { "cve": "CVE-2021-2391", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the SchedulerConfigPage...", "detail_json": "/data/advisories/ZDI-21-882/advisory.json", "detail_path": "advisories/ZDI-21-882", "id": "ZDI-21-882", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "Oracle Business Intelligence SchedulerConfigPage11g JNDI Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-882/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13105", "zdi_id": "ZDI-21-882" }, { "cve": "CVE-2021-2390", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Authentication commands in the memcached p...", "detail_json": "/data/advisories/ZDI-21-881/advisory.json", "detail_path": "advisories/ZDI-21-881", "id": "ZDI-21-881", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "MySQL memcached Plugin Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-881/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13266", "zdi_id": "ZDI-21-881" }, { "cve": "CVE-2021-2389", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Append and Prepend commands in the memcach...", "detail_json": "/data/advisories/ZDI-21-880/advisory.json", "detail_path": "advisories/ZDI-21-880", "id": "ZDI-21-880", "kind": "published", "published_date": "2021-07-22", "status": "published", "title": "MySQL memcached Plugin Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-880/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13265", "zdi_id": "ZDI-21-880" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JMX RMI service, which listens on TCP port 11...", "detail_json": "/data/advisories/ZDI-21-879/advisory.json", "detail_path": "advisories/ZDI-21-879", "id": "ZDI-21-879", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-879/", "vendor": "WSO2", "vendor_url": null, "zdi_can": "ZDI-CAN-13449", "zdi_id": "ZDI-21-879" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Meshmixer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-878/advisory.json", "detail_path": "advisories/ZDI-21-878", "id": "ZDI-21-878", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(0Day) Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-878/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13170", "zdi_id": "ZDI-21-878" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Meshmixer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-877/advisory.json", "detail_path": "advisories/ZDI-21-877", "id": "ZDI-21-877", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(0Day) Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-877/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13169", "zdi_id": "ZDI-21-877" }, { "cve": "CVE-2021-32951", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the DashBoardAct...", "detail_json": "/data/advisories/ZDI-21-876/advisory.json", "detail_path": "advisories/ZDI-21-876", "id": "ZDI-21-876", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(0Day) Advantech WebAccess/NMS DashBoardAction Missing Authentication Information Disclosure Vulnerability", "updated_date": "2021-08-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-876/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11883", "zdi_id": "ZDI-21-876" }, { "cve": "CVE-2021-34513", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-875/advisory.json", "detail_path": "advisories/ZDI-21-875", "id": "ZDI-21-875", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-875/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13618", "zdi_id": "ZDI-21-875" }, { "cve": "CVE-2021-34304", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-874/advisory.json", "detail_path": "advisories/ZDI-21-874", "id": "ZDI-21-874", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13199", "zdi_id": "ZDI-21-874" }, { "cve": "CVE-2021-34301", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-873/advisory.json", "detail_path": "advisories/ZDI-21-873", "id": "ZDI-21-873", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13196", "zdi_id": "ZDI-21-873" }, { "cve": "CVE-2021-34298", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-872/advisory.json", "detail_path": "advisories/ZDI-21-872", "id": "ZDI-21-872", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13060", "zdi_id": "ZDI-21-872" }, { "cve": "CVE-2021-34292", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-871/advisory.json", "detail_path": "advisories/ZDI-21-871", "id": "ZDI-21-871", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIFF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-871/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12959", "zdi_id": "ZDI-21-871" }, { "cve": "CVE-2021-34291", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-870/advisory.json", "detail_path": "advisories/ZDI-21-870", "id": "ZDI-21-870", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-870/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12956", "zdi_id": "ZDI-21-870" }, { "cve": "CVE-2021-34331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-869/advisory.json", "detail_path": "advisories/ZDI-21-869", "id": "ZDI-21-869", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-869/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13442", "zdi_id": "ZDI-21-869" }, { "cve": "CVE-2021-34330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-868/advisory.json", "detail_path": "advisories/ZDI-21-868", "id": "ZDI-21-868", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-868/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13430", "zdi_id": "ZDI-21-868" }, { "cve": "CVE-2021-34329", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-867/advisory.json", "detail_path": "advisories/ZDI-21-867", "id": "ZDI-21-867", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-867/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13427", "zdi_id": "ZDI-21-867" }, { "cve": "CVE-2021-34328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-866/advisory.json", "detail_path": "advisories/ZDI-21-866", "id": "ZDI-21-866", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-866/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13424", "zdi_id": "ZDI-21-866" }, { "cve": "CVE-2021-34327", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-865/advisory.json", "detail_path": "advisories/ZDI-21-865", "id": "ZDI-21-865", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go ASM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-865/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13423", "zdi_id": "ZDI-21-865" }, { "cve": "CVE-2021-34326", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-864/advisory.json", "detail_path": "advisories/ZDI-21-864", "id": "ZDI-21-864", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-864/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13422", "zdi_id": "ZDI-21-864" }, { "cve": "CVE-2021-34325", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-863/advisory.json", "detail_path": "advisories/ZDI-21-863", "id": "ZDI-21-863", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-863/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13421", "zdi_id": "ZDI-21-863" }, { "cve": "CVE-2021-34324", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-862/advisory.json", "detail_path": "advisories/ZDI-21-862", "id": "ZDI-21-862", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13420", "zdi_id": "ZDI-21-862" }, { "cve": "CVE-2021-34323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-861/advisory.json", "detail_path": "advisories/ZDI-21-861", "id": "ZDI-21-861", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-861/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13419", "zdi_id": "ZDI-21-861" }, { "cve": "CVE-2020-26999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-860/advisory.json", "detail_path": "advisories/ZDI-21-860", "id": "ZDI-21-860", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-860/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13418", "zdi_id": "ZDI-21-860" }, { "cve": "CVE-2021-34322", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-859/advisory.json", "detail_path": "advisories/ZDI-21-859", "id": "ZDI-21-859", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-859/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13416", "zdi_id": "ZDI-21-859" }, { "cve": "CVE-2021-34321", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-858/advisory.json", "detail_path": "advisories/ZDI-21-858", "id": "ZDI-21-858", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-858/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13414", "zdi_id": "ZDI-21-858" }, { "cve": "CVE-2020-26998", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-857/advisory.json", "detail_path": "advisories/ZDI-21-857", "id": "ZDI-21-857", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go ASM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-857/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13407", "zdi_id": "ZDI-21-857" }, { "cve": "CVE-2021-34320", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-856/advisory.json", "detail_path": "advisories/ZDI-21-856", "id": "ZDI-21-856", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13406", "zdi_id": "ZDI-21-856" }, { "cve": "CVE-2021-34319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-855/advisory.json", "detail_path": "advisories/ZDI-21-855", "id": "ZDI-21-855", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-855/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13404", "zdi_id": "ZDI-21-855" }, { "cve": "CVE-2021-34318", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-854/advisory.json", "detail_path": "advisories/ZDI-21-854", "id": "ZDI-21-854", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PCT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-854/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13403", "zdi_id": "ZDI-21-854" }, { "cve": "CVE-2021-34317", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-853/advisory.json", "detail_path": "advisories/ZDI-21-853", "id": "ZDI-21-853", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-853/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13402", "zdi_id": "ZDI-21-853" }, { "cve": "CVE-2021-34295", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-852/advisory.json", "detail_path": "advisories/ZDI-21-852", "id": "ZDI-21-852", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-852/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13024", "zdi_id": "ZDI-21-852" }, { "cve": "CVE-2021-34294", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-851/advisory.json", "detail_path": "advisories/ZDI-21-851", "id": "ZDI-21-851", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-851/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13023", "zdi_id": "ZDI-21-851" }, { "cve": "CVE-2021-34293", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-850/advisory.json", "detail_path": "advisories/ZDI-21-850", "id": "ZDI-21-850", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-850/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13020", "zdi_id": "ZDI-21-850" }, { "cve": "CVE-2021-34316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-849/advisory.json", "detail_path": "advisories/ZDI-21-849", "id": "ZDI-21-849", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-849/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13380", "zdi_id": "ZDI-21-849" }, { "cve": "CVE-2021-34303", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-848/advisory.json", "detail_path": "advisories/ZDI-21-848", "id": "ZDI-21-848", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13198", "zdi_id": "ZDI-21-848" }, { "cve": "CVE-2021-34302", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-847/advisory.json", "detail_path": "advisories/ZDI-21-847", "id": "ZDI-21-847", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-847/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13197", "zdi_id": "ZDI-21-847" }, { "cve": "CVE-2021-34300", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-846/advisory.json", "detail_path": "advisories/ZDI-21-846", "id": "ZDI-21-846", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-846/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13194", "zdi_id": "ZDI-21-846" }, { "cve": "CVE-2021-34299", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-845/advisory.json", "detail_path": "advisories/ZDI-21-845", "id": "ZDI-21-845", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-845/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13192", "zdi_id": "ZDI-21-845" }, { "cve": "CVE-2021-34315", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-844/advisory.json", "detail_path": "advisories/ZDI-21-844", "id": "ZDI-21-844", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-844/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13356", "zdi_id": "ZDI-21-844" }, { "cve": "CVE-2021-34314", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-843/advisory.json", "detail_path": "advisories/ZDI-21-843", "id": "ZDI-21-843", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-843/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13355", "zdi_id": "ZDI-21-843" }, { "cve": "CVE-2021-34313", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-842/advisory.json", "detail_path": "advisories/ZDI-21-842", "id": "ZDI-21-842", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-842/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13354", "zdi_id": "ZDI-21-842" }, { "cve": "CVE-2021-34312", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-841/advisory.json", "detail_path": "advisories/ZDI-21-841", "id": "ZDI-21-841", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-841/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13353", "zdi_id": "ZDI-21-841" }, { "cve": "CVE-2021-34311", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-840/advisory.json", "detail_path": "advisories/ZDI-21-840", "id": "ZDI-21-840", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-840/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13352", "zdi_id": "ZDI-21-840" }, { "cve": "CVE-2021-34310", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-839/advisory.json", "detail_path": "advisories/ZDI-21-839", "id": "ZDI-21-839", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-839/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13351", "zdi_id": "ZDI-21-839" }, { "cve": "CVE-2021-34309", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-838/advisory.json", "detail_path": "advisories/ZDI-21-838", "id": "ZDI-21-838", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-838/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13350", "zdi_id": "ZDI-21-838" }, { "cve": "CVE-2021-34308", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-837/advisory.json", "detail_path": "advisories/ZDI-21-837", "id": "ZDI-21-837", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13344", "zdi_id": "ZDI-21-837" }, { "cve": "CVE-2021-34307", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-836/advisory.json", "detail_path": "advisories/ZDI-21-836", "id": "ZDI-21-836", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-836/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13343", "zdi_id": "ZDI-21-836" }, { "cve": "CVE-2021-34306", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-835/advisory.json", "detail_path": "advisories/ZDI-21-835", "id": "ZDI-21-835", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-835/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13342", "zdi_id": "ZDI-21-835" }, { "cve": "CVE-2021-34305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-834/advisory.json", "detail_path": "advisories/ZDI-21-834", "id": "ZDI-21-834", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-834/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13341", "zdi_id": "ZDI-21-834" }, { "cve": "CVE-2021-34305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-833/advisory.json", "detail_path": "advisories/ZDI-21-833", "id": "ZDI-21-833", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-833/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13340", "zdi_id": "ZDI-21-833" }, { "cve": "CVE-2021-34297", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-832/advisory.json", "detail_path": "advisories/ZDI-21-832", "id": "ZDI-21-832", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-832/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13059", "zdi_id": "ZDI-21-832" }, { "cve": "CVE-2021-34296", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-831/advisory.json", "detail_path": "advisories/ZDI-21-831", "id": "ZDI-21-831", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Siemens JT2Go BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-831/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13057", "zdi_id": "ZDI-21-831" }, { "cve": "CVE-2021-34519", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of SharePoint Help upda...", "detail_json": "/data/advisories/ZDI-21-830/advisory.json", "detail_path": "advisories/ZDI-21-830", "id": "ZDI-21-830", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft SharePoint Missing Check of Message Integrity Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-830/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13682", "zdi_id": "ZDI-21-830" }, { "cve": "CVE-2021-34468", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the parsing of CAB files. When handli...", "detail_json": "/data/advisories/ZDI-21-829/advisory.json", "detail_path": "advisories/ZDI-21-829", "id": "ZDI-21-829", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft SharePoint CabUtility ExtractCab Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-829/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13584", "zdi_id": "ZDI-21-829" }, { "cve": "CVE-2021-34520", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVaria...", "detail_json": "/data/advisories/ZDI-21-828/advisory.json", "detail_path": "advisories/ZDI-21-828", "id": "ZDI-21-828", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft SharePoint SetVariableActivity Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-828/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13358", "zdi_id": "ZDI-21-828" }, { "cve": "CVE-2021-34529", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-827/advisory.json", "detail_path": "advisories/ZDI-21-827", "id": "ZDI-21-827", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft Visual Studio Code maven.executable.options Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-827/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13463", "zdi_id": "ZDI-21-827" }, { "cve": "CVE-2021-31206", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the parsing of CAB files. When h...", "detail_json": "/data/advisories/ZDI-21-826/advisory.json", "detail_path": "advisories/ZDI-21-826", "id": "ZDI-21-826", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server CabUtility ExtractCab Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-826/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13595", "zdi_id": "ZDI-21-826" }, { "cve": "CVE-2021-34498", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-825/advisory.json", "detail_path": "advisories/ZDI-21-825", "id": "ZDI-21-825", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kfull Bitmap Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-825/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13580", "zdi_id": "ZDI-21-825" }, { "cve": "CVE-2021-33751", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-824/advisory.json", "detail_path": "advisories/ZDI-21-824", "id": "ZDI-21-824", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Windows spaceport Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-824/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13561", "zdi_id": "ZDI-21-824" }, { "cve": "CVE-2021-34462", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-823/advisory.json", "detail_path": "advisories/ZDI-21-823", "id": "ZDI-21-823", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Windows AppX Deployment Service Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-823/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13600", "zdi_id": "ZDI-21-823" }, { "cve": "CVE-2021-34523", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-21-822/advisory.json", "detail_path": "advisories/ZDI-21-822", "id": "ZDI-21-822", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server PowerShell Improper Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-822/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13614", "zdi_id": "ZDI-21-822" }, { "cve": "CVE-2021-34473", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue resu...", "detail_json": "/data/advisories/ZDI-21-821/advisory.json", "detail_path": "advisories/ZDI-21-821", "id": "ZDI-21-821", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server Autodiscover Server Side Request Forgery Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-821/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13611", "zdi_id": "ZDI-21-821" }, { "cve": "CVE-2021-34512", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-820/advisory.json", "detail_path": "advisories/ZDI-21-820", "id": "ZDI-21-820", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-820/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13589", "zdi_id": "ZDI-21-820" }, { "cve": "CVE-2021-31207", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-21-819/advisory.json", "detail_path": "advisories/ZDI-21-819", "id": "ZDI-21-819", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-819/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13588", "zdi_id": "ZDI-21-819" }, { "cve": "CVE-2021-31961", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-818/advisory.json", "detail_path": "advisories/ZDI-21-818", "id": "ZDI-21-818", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Microsoft Windows InstallService Time-Of-Check Time-Of-Use Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-818/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12925", "zdi_id": "ZDI-21-818" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-817/advisory.json", "detail_path": "advisories/ZDI-21-817", "id": "ZDI-21-817", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-817/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-13458", "zdi_id": "ZDI-21-817" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-816/advisory.json", "detail_path": "advisories/ZDI-21-816", "id": "ZDI-21-816", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-816/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-13456", "zdi_id": "ZDI-21-816" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-815/advisory.json", "detail_path": "advisories/ZDI-21-815", "id": "ZDI-21-815", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-815/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-13455", "zdi_id": "ZDI-21-815" }, { "cve": "CVE-2021-22784", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric C-Bus Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-814/advisory.json", "detail_path": "advisories/ZDI-21-814", "id": "ZDI-21-814", "kind": "published", "published_date": "2021-07-19", "status": "published", "title": "Schneider Electric C-Bus Toolkit Missing Authentication Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-814/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12592", "zdi_id": "ZDI-21-814" }, { "cve": "CVE-2021-28639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-813/advisory.json", "detail_path": "advisories/ZDI-21-813", "id": "ZDI-21-813", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Reader DC setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-813/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13855", "zdi_id": "ZDI-21-813" }, { "cve": "CVE-2021-28638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-812/advisory.json", "detail_path": "advisories/ZDI-21-812", "id": "ZDI-21-812", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-812/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13766", "zdi_id": "ZDI-21-812" }, { "cve": "CVE-2021-35986", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-811/advisory.json", "detail_path": "advisories/ZDI-21-811", "id": "ZDI-21-811", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Pro DC getAnnot Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-811/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13558", "zdi_id": "ZDI-21-811" }, { "cve": "CVE-2021-28643", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-810/advisory.json", "detail_path": "advisories/ZDI-21-810", "id": "ZDI-21-810", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Pro DC embedDocAsDataObject Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-810/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13557", "zdi_id": "ZDI-21-810" }, { "cve": "CVE-2021-35991", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-809/advisory.json", "detail_path": "advisories/ZDI-21-809", "id": "ZDI-21-809", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-809/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13732", "zdi_id": "ZDI-21-809" }, { "cve": "CVE-2021-28624", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-808/advisory.json", "detail_path": "advisories/ZDI-21-808", "id": "ZDI-21-808", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-808/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13695", "zdi_id": "ZDI-21-808" }, { "cve": "CVE-2021-35981", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-807/advisory.json", "detail_path": "advisories/ZDI-21-807", "id": "ZDI-21-807", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Reader DC launchURL Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-807/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13550", "zdi_id": "ZDI-21-807" }, { "cve": "CVE-2021-35983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-806/advisory.json", "detail_path": "advisories/ZDI-21-806", "id": "ZDI-21-806", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-806/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13549", "zdi_id": "ZDI-21-806" }, { "cve": "CVE-2021-28596", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-805/advisory.json", "detail_path": "advisories/ZDI-21-805", "id": "ZDI-21-805", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-805/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13448", "zdi_id": "ZDI-21-805" }, { "cve": "CVE-2021-28592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-804/advisory.json", "detail_path": "advisories/ZDI-21-804", "id": "ZDI-21-804", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Illustrator JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-804/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13539", "zdi_id": "ZDI-21-804" }, { "cve": "CVE-2021-28593", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-803/advisory.json", "detail_path": "advisories/ZDI-21-803", "id": "ZDI-21-803", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Illustrator PostScript File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-803/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13538", "zdi_id": "ZDI-21-803" }, { "cve": "CVE-2021-28591", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-802/advisory.json", "detail_path": "advisories/ZDI-21-802", "id": "ZDI-21-802", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-802/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13537", "zdi_id": "ZDI-21-802" }, { "cve": "CVE-2021-35992", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-801/advisory.json", "detail_path": "advisories/ZDI-21-801", "id": "ZDI-21-801", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Bridge PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-801/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13530", "zdi_id": "ZDI-21-801" }, { "cve": "CVE-2021-35989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-800/advisory.json", "detail_path": "advisories/ZDI-21-800", "id": "ZDI-21-800", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Bridge PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-800/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13529", "zdi_id": "ZDI-21-800" }, { "cve": "CVE-2021-35990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-799/advisory.json", "detail_path": "advisories/ZDI-21-799", "id": "ZDI-21-799", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-799/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13528", "zdi_id": "ZDI-21-799" }, { "cve": "CVE-2021-33766", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication of requests t...", "detail_json": "/data/advisories/ZDI-21-798/advisory.json", "detail_path": "advisories/ZDI-21-798", "id": "ZDI-21-798", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Microsoft Exchange Server ECP Authentication Bypass Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-798/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13477", "zdi_id": "ZDI-21-798" }, { "cve": "CVE-2021-31969", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-797/advisory.json", "detail_path": "advisories/ZDI-21-797", "id": "ZDI-21-797", "kind": "published", "published_date": "2021-07-15", "status": "published", "title": "Microsoft Windows CLDFLT Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-797/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13282", "zdi_id": "ZDI-21-797" }, { "cve": "CVE-2021-30723", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-796/advisory.json", "detail_path": "advisories/ZDI-21-796", "id": "ZDI-21-796", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-796/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13395", "zdi_id": "ZDI-21-796" }, { "cve": "CVE-2021-30725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-795/advisory.json", "detail_path": "advisories/ZDI-21-795", "id": "ZDI-21-795", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS ModelIO USD Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-795/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13394", "zdi_id": "ZDI-21-795" }, { "cve": "CVE-2021-30724", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-794/advisory.json", "detail_path": "advisories/ZDI-21-794", "id": "ZDI-21-794", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS CVMServer Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-794/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13345", "zdi_id": "ZDI-21-794" }, { "cve": "CVE-2021-30701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the vImage library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The speci...", "detail_json": "/data/advisories/ZDI-21-793/advisory.json", "detail_path": "advisories/ZDI-21-793", "id": "ZDI-21-793", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS vImage PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-793/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13627", "zdi_id": "ZDI-21-793" }, { "cve": "CVE-2021-30701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the vImage library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The speci...", "detail_json": "/data/advisories/ZDI-21-792/advisory.json", "detail_path": "advisories/ZDI-21-792", "id": "ZDI-21-792", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS vImage PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-792/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13807", "zdi_id": "ZDI-21-792" }, { "cve": "CVE-2021-30746", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-791/advisory.json", "detail_path": "advisories/ZDI-21-791", "id": "ZDI-21-791", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-791/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13386", "zdi_id": "ZDI-21-791" }, { "cve": "CVE-2021-30735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-790/advisory.json", "detail_path": "advisories/ZDI-21-790", "id": "ZDI-21-790", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "(Pwn2Own) Apple macOS process_token_VPHAL Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-790/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13596", "zdi_id": "ZDI-21-790" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GoPro Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-789/advisory.json", "detail_path": "advisories/ZDI-21-789", "id": "ZDI-21-789", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "(0Day) GoPro Player MOV File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-789/", "vendor": "GoPro", "vendor_url": null, "zdi_can": "ZDI-CAN-13041", "zdi_id": "ZDI-21-789" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GoPro Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-788/advisory.json", "detail_path": "advisories/ZDI-21-788", "id": "ZDI-21-788", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "(0Day) GoPro Player MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-788/", "vendor": "GoPro", "vendor_url": null, "zdi_can": "ZDI-CAN-12814", "zdi_id": "ZDI-21-788" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GoPro Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-787/advisory.json", "detail_path": "advisories/ZDI-21-787", "id": "ZDI-21-787", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "(0Day) GoPro Player MOV File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-787/", "vendor": "GoPro", "vendor_url": null, "zdi_can": "ZDI-CAN-12562", "zdi_id": "ZDI-21-787" }, { "cve": "CVE-2021-32463", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-21-786/advisory.json", "detail_path": "advisories/ZDI-21-786", "id": "ZDI-21-786", "kind": "published", "published_date": "2021-07-13", "status": "published", "title": "Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12151", "zdi_id": "ZDI-21-786" }, { "cve": "CVE-2021-30701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-785/advisory.json", "detail_path": "advisories/ZDI-21-785", "id": "ZDI-21-785", "kind": "published", "published_date": "2021-07-12", "status": "published", "title": "Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-785/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13232", "zdi_id": "ZDI-21-785" }, { "cve": "CVE-2021-30743", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-21-784/advisory.json", "detail_path": "advisories/ZDI-21-784", "id": "ZDI-21-784", "kind": "published", "published_date": "2021-07-12", "status": "published", "title": "Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-784/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13231", "zdi_id": "ZDI-21-784" }, { "cve": "CVE-2021-28809", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP NAS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RTSS server, which listens on TCP port 8899 by defaul...", "detail_json": "/data/advisories/ZDI-21-783/advisory.json", "detail_path": "advisories/ZDI-21-783", "id": "ZDI-21-783", "kind": "published", "published_date": "2021-07-08", "status": "published", "title": "QNAP NAS Hybrid Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-13810", "zdi_id": "ZDI-21-783" }, { "cve": "CVE-2021-33542", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-782/advisory.json", "detail_path": "advisories/ZDI-21-782", "id": "ZDI-21-782", "kind": "published", "published_date": "2021-07-07", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-782/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-13134", "zdi_id": "ZDI-21-782" }, { "cve": "CVE-2021-27399", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-781/advisory.json", "detail_path": "advisories/ZDI-21-781", "id": "ZDI-21-781", "kind": "published", "published_date": "2021-07-07", "status": "published", "title": "Siemens Simcenter Femap modfem File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-781/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12820", "zdi_id": "ZDI-21-781" }, { "cve": "CVE-2021-27387", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-780/advisory.json", "detail_path": "advisories/ZDI-21-780", "id": "ZDI-21-780", "kind": "published", "published_date": "2021-07-07", "status": "published", "title": "Siemens Simcenter Femap modfem File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-780/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12819", "zdi_id": "ZDI-21-780" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwFreRPT.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-21-779/advisory.json", "detail_path": "advisories/ZDI-21-779", "id": "ZDI-21-779", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "(0Day) Advantech WebAccess Node BwFreRPT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-779/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-13039", "zdi_id": "ZDI-21-779" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwImgExe.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-21-778/advisory.json", "detail_path": "advisories/ZDI-21-778", "id": "ZDI-21-778", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "(0Day) Advantech WebAccess Node BwImgExe Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-07-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-778/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-13038", "zdi_id": "ZDI-21-778" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-777/advisory.json", "detail_path": "advisories/ZDI-21-777", "id": "ZDI-21-777", "kind": "published", "published_date": "2021-07-07", "status": "published", "title": "(0Day) Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-777/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12984", "zdi_id": "ZDI-21-777" }, { "cve": "CVE-2021-40167", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-776/advisory.json", "detail_path": "advisories/ZDI-21-776", "id": "ZDI-21-776", "kind": "published", "published_date": "2021-07-07", "status": "published", "title": "(0Day) Autodesk Design Review DWF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-776/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12954", "zdi_id": "ZDI-21-776" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-775/advisory.json", "detail_path": "advisories/ZDI-21-775", "id": "ZDI-21-775", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "(0Day) Autodesk Design Review DWFX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2022-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-775/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12953", "zdi_id": "ZDI-21-775" }, { "cve": "CVE-2021-32462", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central...", "detail_json": "/data/advisories/ZDI-21-774/advisory.json", "detail_path": "advisories/ZDI-21-774", "id": "ZDI-21-774", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-774/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13363", "zdi_id": "ZDI-21-774" }, { "cve": "CVE-2021-32461", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-773/advisory.json", "detail_path": "advisories/ZDI-21-773", "id": "ZDI-21-773", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-773/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-13319", "zdi_id": "ZDI-21-773" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams Desktop. An attacker must first obtain the ability to execute arbitrary JavaScript within an iframe within the application window in order to exp...", "detail_json": "/data/advisories/ZDI-21-772/advisory.json", "detail_path": "advisories/ZDI-21-772", "id": "ZDI-21-772", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "(Pwn2Own) Microsoft Teams ElectronJS Frame Redirect Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-772/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13612", "zdi_id": "ZDI-21-772" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-771/advisory.json", "detail_path": "advisories/ZDI-21-771", "id": "ZDI-21-771", "kind": "published", "published_date": "2021-07-05", "status": "published", "title": "(Pwn2Own) Microsoft Teams amsVideo Cross Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-771/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13482", "zdi_id": "ZDI-21-771" }, { "cve": "CVE-2021-30719", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-21-770/advisory.json", "detail_path": "advisories/ZDI-21-770", "id": "ZDI-21-770", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x20006 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-770/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13160", "zdi_id": "ZDI-21-770" }, { "cve": "CVE-2021-30734", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-769/advisory.json", "detail_path": "advisories/ZDI-21-769", "id": "ZDI-21-769", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "(Pwn2Own) Apple Safari Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2022-01-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-769/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13591", "zdi_id": "ZDI-21-769" }, { "cve": "CVE-2021-30743", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-768/advisory.json", "detail_path": "advisories/ZDI-21-768", "id": "ZDI-21-768", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ImageIO PCT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-768/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12999", "zdi_id": "ZDI-21-768" }, { "cve": "CVE-2021-30708", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-767/advisory.json", "detail_path": "advisories/ZDI-21-767", "id": "ZDI-21-767", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-767/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13243", "zdi_id": "ZDI-21-767" }, { "cve": "CVE-2021-30709", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-766/advisory.json", "detail_path": "advisories/ZDI-21-766", "id": "ZDI-21-766", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-766/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13242", "zdi_id": "ZDI-21-766" }, { "cve": "CVE-2021-30707", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-765/advisory.json", "detail_path": "advisories/ZDI-21-765", "id": "ZDI-21-765", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS AudioToolboxCore RF64 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-765/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12838", "zdi_id": "ZDI-21-765" }, { "cve": "CVE-2021-30695", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-764/advisory.json", "detail_path": "advisories/ZDI-21-764", "id": "ZDI-21-764", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-764/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13235", "zdi_id": "ZDI-21-764" }, { "cve": "CVE-2021-30693", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-763/advisory.json", "detail_path": "advisories/ZDI-21-763", "id": "ZDI-21-763", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-763/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13234", "zdi_id": "ZDI-21-763" }, { "cve": "CVE-2021-30694", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-762/advisory.json", "detail_path": "advisories/ZDI-21-762", "id": "ZDI-21-762", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-762/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13233", "zdi_id": "ZDI-21-762" }, { "cve": "CVE-2021-30749", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-761/advisory.json", "detail_path": "advisories/ZDI-21-761", "id": "ZDI-21-761", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple WebKit KeyframeEffect Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-761/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12579", "zdi_id": "ZDI-21-761" }, { "cve": "CVE-2021-30692", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-760/advisory.json", "detail_path": "advisories/ZDI-21-760", "id": "ZDI-21-760", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-760/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13200", "zdi_id": "ZDI-21-760" }, { "cve": "CVE-2021-30691", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-759/advisory.json", "detail_path": "advisories/ZDI-21-759", "id": "ZDI-21-759", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-759/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13175", "zdi_id": "ZDI-21-759" }, { "cve": "CVE-2021-1772", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-21-758/advisory.json", "detail_path": "advisories/ZDI-21-758", "id": "ZDI-21-758", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS CoreText TTF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-06-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-758/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13172", "zdi_id": "ZDI-21-758" }, { "cve": "CVE-2021-30685", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the impleme...", "detail_json": "/data/advisories/ZDI-21-757/advisory.json", "detail_path": "advisories/ZDI-21-757", "id": "ZDI-21-757", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS AudioToolboxCore AAC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-757/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13118", "zdi_id": "ZDI-21-757" }, { "cve": "CVE-2021-30686", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-21-756/advisory.json", "detail_path": "advisories/ZDI-21-756", "id": "ZDI-21-756", "kind": "published", "published_date": "2021-06-25", "status": "published", "title": "Apple macOS AudioCodecs LOAS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-756/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-13013", "zdi_id": "ZDI-21-756" }, { "cve": "CVE-2021-26420", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the System.Workflow.ComponentModel.Compiler.Workf...", "detail_json": "/data/advisories/ZDI-21-755/advisory.json", "detail_path": "advisories/ZDI-21-755", "id": "ZDI-21-755", "kind": "published", "published_date": "2021-06-23", "status": "published", "title": "Microsoft SharePoint WorkflowCompilerInternal Exposed Dangerous Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-755/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13349", "zdi_id": "ZDI-21-755" }, { "cve": "CVE-2021-21999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-21-754/advisory.json", "detail_path": "advisories/ZDI-21-754", "id": "ZDI-21-754", "kind": "published", "published_date": "2021-06-23", "status": "published", "title": "VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-754/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13068", "zdi_id": "ZDI-21-754" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-753/advisory.json", "detail_path": "advisories/ZDI-21-753", "id": "ZDI-21-753", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-753/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13382", "zdi_id": "ZDI-21-753" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-752/advisory.json", "detail_path": "advisories/ZDI-21-752", "id": "ZDI-21-752", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-752/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13376", "zdi_id": "ZDI-21-752" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-751/advisory.json", "detail_path": "advisories/ZDI-21-751", "id": "ZDI-21-751", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TGA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-751/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13373", "zdi_id": "ZDI-21-751" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-750/advisory.json", "detail_path": "advisories/ZDI-21-750", "id": "ZDI-21-750", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-750/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13322", "zdi_id": "ZDI-21-750" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-749/advisory.json", "detail_path": "advisories/ZDI-21-749", "id": "ZDI-21-749", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-749/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13004", "zdi_id": "ZDI-21-749" }, { "cve": "CVE-2021-27033", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-748/advisory.json", "detail_path": "advisories/ZDI-21-748", "id": "ZDI-21-748", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-748/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13010", "zdi_id": "ZDI-21-748" }, { "cve": "CVE-2021-27033", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-747/advisory.json", "detail_path": "advisories/ZDI-21-747", "id": "ZDI-21-747", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-747/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12913", "zdi_id": "ZDI-21-747" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-746/advisory.json", "detail_path": "advisories/ZDI-21-746", "id": "ZDI-21-746", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-746/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13005", "zdi_id": "ZDI-21-746" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-745/advisory.json", "detail_path": "advisories/ZDI-21-745", "id": "ZDI-21-745", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-745/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12987", "zdi_id": "ZDI-21-745" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-744/advisory.json", "detail_path": "advisories/ZDI-21-744", "id": "ZDI-21-744", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-744/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12986", "zdi_id": "ZDI-21-744" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-743/advisory.json", "detail_path": "advisories/ZDI-21-743", "id": "ZDI-21-743", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-743/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12919", "zdi_id": "ZDI-21-743" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-742/advisory.json", "detail_path": "advisories/ZDI-21-742", "id": "ZDI-21-742", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-742/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-13037", "zdi_id": "ZDI-21-742" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-741/advisory.json", "detail_path": "advisories/ZDI-21-741", "id": "ZDI-21-741", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-741/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12952", "zdi_id": "ZDI-21-741" }, { "cve": "CVE-2021-27037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-740/advisory.json", "detail_path": "advisories/ZDI-21-740", "id": "ZDI-21-740", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review DWF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-740/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12951", "zdi_id": "ZDI-21-740" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-739/advisory.json", "detail_path": "advisories/ZDI-21-739", "id": "ZDI-21-739", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-739/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12932", "zdi_id": "ZDI-21-739" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-738/advisory.json", "detail_path": "advisories/ZDI-21-738", "id": "ZDI-21-738", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-738/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12931", "zdi_id": "ZDI-21-738" }, { "cve": "CVE-2021-27035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-737/advisory.json", "detail_path": "advisories/ZDI-21-737", "id": "ZDI-21-737", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-737/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12930", "zdi_id": "ZDI-21-737" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-736/advisory.json", "detail_path": "advisories/ZDI-21-736", "id": "ZDI-21-736", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-736/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12929", "zdi_id": "ZDI-21-736" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-735/advisory.json", "detail_path": "advisories/ZDI-21-735", "id": "ZDI-21-735", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-735/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12928", "zdi_id": "ZDI-21-735" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-734/advisory.json", "detail_path": "advisories/ZDI-21-734", "id": "ZDI-21-734", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-734/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12927", "zdi_id": "ZDI-21-734" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-733/advisory.json", "detail_path": "advisories/ZDI-21-733", "id": "ZDI-21-733", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-733/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12926", "zdi_id": "ZDI-21-733" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-732/advisory.json", "detail_path": "advisories/ZDI-21-732", "id": "ZDI-21-732", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-732/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12889", "zdi_id": "ZDI-21-732" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-731/advisory.json", "detail_path": "advisories/ZDI-21-731", "id": "ZDI-21-731", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-731/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12888", "zdi_id": "ZDI-21-731" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-730/advisory.json", "detail_path": "advisories/ZDI-21-730", "id": "ZDI-21-730", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-730/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12887", "zdi_id": "ZDI-21-730" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-729/advisory.json", "detail_path": "advisories/ZDI-21-729", "id": "ZDI-21-729", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-729/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12886", "zdi_id": "ZDI-21-729" }, { "cve": "CVE-2021-27039", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-728/advisory.json", "detail_path": "advisories/ZDI-21-728", "id": "ZDI-21-728", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-728/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12885", "zdi_id": "ZDI-21-728" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-727/advisory.json", "detail_path": "advisories/ZDI-21-727", "id": "ZDI-21-727", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-727/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12884", "zdi_id": "ZDI-21-727" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-726/advisory.json", "detail_path": "advisories/ZDI-21-726", "id": "ZDI-21-726", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-726/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12883", "zdi_id": "ZDI-21-726" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-725/advisory.json", "detail_path": "advisories/ZDI-21-725", "id": "ZDI-21-725", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-725/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12882", "zdi_id": "ZDI-21-725" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-724/advisory.json", "detail_path": "advisories/ZDI-21-724", "id": "ZDI-21-724", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-724/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12881", "zdi_id": "ZDI-21-724" }, { "cve": "CVE-2021-27035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-723/advisory.json", "detail_path": "advisories/ZDI-21-723", "id": "ZDI-21-723", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-723/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12880", "zdi_id": "ZDI-21-723" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-722/advisory.json", "detail_path": "advisories/ZDI-21-722", "id": "ZDI-21-722", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-722/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12879", "zdi_id": "ZDI-21-722" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-721/advisory.json", "detail_path": "advisories/ZDI-21-721", "id": "ZDI-21-721", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-721/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12878", "zdi_id": "ZDI-21-721" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-720/advisory.json", "detail_path": "advisories/ZDI-21-720", "id": "ZDI-21-720", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-720/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12875", "zdi_id": "ZDI-21-720" }, { "cve": "CVE-2021-27037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-719/advisory.json", "detail_path": "advisories/ZDI-21-719", "id": "ZDI-21-719", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-719/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12864", "zdi_id": "ZDI-21-719" }, { "cve": "CVE-2021-27038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-718/advisory.json", "detail_path": "advisories/ZDI-21-718", "id": "ZDI-21-718", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-718/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12795", "zdi_id": "ZDI-21-718" }, { "cve": "CVE-2021-27037", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-717/advisory.json", "detail_path": "advisories/ZDI-21-717", "id": "ZDI-21-717", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PNG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-717/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12740", "zdi_id": "ZDI-21-717" }, { "cve": "CVE-2021-27034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-716/advisory.json", "detail_path": "advisories/ZDI-21-716", "id": "ZDI-21-716", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review TIFF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-716/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12630", "zdi_id": "ZDI-21-716" }, { "cve": "CVE-2021-27036", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-715/advisory.json", "detail_path": "advisories/ZDI-21-715", "id": "ZDI-21-715", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk Design Review PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-715/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12632", "zdi_id": "ZDI-21-715" }, { "cve": "CVE-2021-27041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-714/advisory.json", "detail_path": "advisories/ZDI-21-714", "id": "ZDI-21-714", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-714/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12281", "zdi_id": "ZDI-21-714" }, { "cve": "CVE-2021-27041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-713/advisory.json", "detail_path": "advisories/ZDI-21-713", "id": "ZDI-21-713", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-713/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12181", "zdi_id": "ZDI-21-713" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-712/advisory.json", "detail_path": "advisories/ZDI-21-712", "id": "ZDI-21-712", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-712/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12150", "zdi_id": "ZDI-21-712" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-711/advisory.json", "detail_path": "advisories/ZDI-21-711", "id": "ZDI-21-711", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-711/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12119", "zdi_id": "ZDI-21-711" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-710/advisory.json", "detail_path": "advisories/ZDI-21-710", "id": "ZDI-21-710", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-710/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12118", "zdi_id": "ZDI-21-710" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-709/advisory.json", "detail_path": "advisories/ZDI-21-709", "id": "ZDI-21-709", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-709/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12117", "zdi_id": "ZDI-21-709" }, { "cve": "CVE-2021-27040", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-708/advisory.json", "detail_path": "advisories/ZDI-21-708", "id": "ZDI-21-708", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-708/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12094", "zdi_id": "ZDI-21-708" }, { "cve": "CVE-2021-27040", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-707/advisory.json", "detail_path": "advisories/ZDI-21-707", "id": "ZDI-21-707", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-707/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12077", "zdi_id": "ZDI-21-707" }, { "cve": "CVE-2021-27040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-706/advisory.json", "detail_path": "advisories/ZDI-21-706", "id": "ZDI-21-706", "kind": "published", "published_date": "2021-06-22", "status": "published", "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-706/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12076", "zdi_id": "ZDI-21-706" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-705/advisory.json", "detail_path": "advisories/ZDI-21-705", "id": "ZDI-21-705", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-705/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13146", "zdi_id": "ZDI-21-705" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-704/advisory.json", "detail_path": "advisories/ZDI-21-704", "id": "ZDI-21-704", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder GLTF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-704/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13053", "zdi_id": "ZDI-21-704" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-703/advisory.json", "detail_path": "advisories/ZDI-21-703", "id": "ZDI-21-703", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-703/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13087", "zdi_id": "ZDI-21-703" }, { "cve": "CVE-2021-43208", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-702/advisory.json", "detail_path": "advisories/ZDI-21-702", "id": "ZDI-21-702", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Viewer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-702/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13086", "zdi_id": "ZDI-21-702" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-701/advisory.json", "detail_path": "advisories/ZDI-21-701", "id": "ZDI-21-701", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-701/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13081", "zdi_id": "ZDI-21-701" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-700/advisory.json", "detail_path": "advisories/ZDI-21-700", "id": "ZDI-21-700", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft Print 3D OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-700/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13079", "zdi_id": "ZDI-21-700" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-699/advisory.json", "detail_path": "advisories/ZDI-21-699", "id": "ZDI-21-699", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-699/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13078", "zdi_id": "ZDI-21-699" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-698/advisory.json", "detail_path": "advisories/ZDI-21-698", "id": "ZDI-21-698", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-698/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13052", "zdi_id": "ZDI-21-698" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-697/advisory.json", "detail_path": "advisories/ZDI-21-697", "id": "ZDI-21-697", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-697/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13051", "zdi_id": "ZDI-21-697" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-696/advisory.json", "detail_path": "advisories/ZDI-21-696", "id": "ZDI-21-696", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-696/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13050", "zdi_id": "ZDI-21-696" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-695/advisory.json", "detail_path": "advisories/ZDI-21-695", "id": "ZDI-21-695", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "(0Day) Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-695/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13049", "zdi_id": "ZDI-21-695" }, { "cve": "CVE-2021-27390", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-694/advisory.json", "detail_path": "advisories/ZDI-21-694", "id": "ZDI-21-694", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "Siemens JT2Go TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-694/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13131", "zdi_id": "ZDI-21-694" }, { "cve": "CVE-2021-26089", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-693/advisory.json", "detail_path": "advisories/ZDI-21-693", "id": "ZDI-21-693", "kind": "published", "published_date": "2021-06-17", "status": "published", "title": "Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-693/", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-12128", "zdi_id": "ZDI-21-693" }, { "cve": "CVE-2021-31514", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-692/advisory.json", "detail_path": "advisories/ZDI-21-692", "id": "ZDI-21-692", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-692/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13679", "zdi_id": "ZDI-21-692" }, { "cve": "CVE-2021-31513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-691/advisory.json", "detail_path": "advisories/ZDI-21-691", "id": "ZDI-21-691", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-691/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13678", "zdi_id": "ZDI-21-691" }, { "cve": "CVE-2021-31512", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-690/advisory.json", "detail_path": "advisories/ZDI-21-690", "id": "ZDI-21-690", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-690/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13677", "zdi_id": "ZDI-21-690" }, { "cve": "CVE-2021-31511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-689/advisory.json", "detail_path": "advisories/ZDI-21-689", "id": "ZDI-21-689", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-689/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13676", "zdi_id": "ZDI-21-689" }, { "cve": "CVE-2021-31510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-688/advisory.json", "detail_path": "advisories/ZDI-21-688", "id": "ZDI-21-688", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-688/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13675", "zdi_id": "ZDI-21-688" }, { "cve": "CVE-2021-31509", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-687/advisory.json", "detail_path": "advisories/ZDI-21-687", "id": "ZDI-21-687", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-687/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13309", "zdi_id": "ZDI-21-687" }, { "cve": "CVE-2021-31508", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-686/advisory.json", "detail_path": "advisories/ZDI-21-686", "id": "ZDI-21-686", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-686/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13306", "zdi_id": "ZDI-21-686" }, { "cve": "CVE-2021-31507", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-685/advisory.json", "detail_path": "advisories/ZDI-21-685", "id": "ZDI-21-685", "kind": "published", "published_date": "2021-06-15", "status": "published", "title": "OpenText Brava! Desktop CGM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-685/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12653", "zdi_id": "ZDI-21-685" }, { "cve": "CVE-2021-31946", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Paint 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-684/advisory.json", "detail_path": "advisories/ZDI-21-684", "id": "ZDI-21-684", "kind": "published", "published_date": "2021-06-14", "status": "published", "title": "Microsoft Paint 3D STL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-684/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13080", "zdi_id": "ZDI-21-684" }, { "cve": "CVE-2021-31505", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted i...", "detail_json": "/data/advisories/ZDI-21-683/advisory.json", "detail_path": "advisories/ZDI-21-683", "id": "ZDI-21-683", "kind": "published", "published_date": "2021-06-14", "status": "published", "title": "Arlo Q Plus SSH Use of Hard-coded Credentials Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-683/", "vendor": "Arlo", "vendor_url": null, "zdi_can": "ZDI-CAN-12890", "zdi_id": "ZDI-21-683" }, { "cve": "CVE-2021-34830", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP...", "detail_json": "/data/advisories/ZDI-21-682/advisory.json", "detail_path": "advisories/ZDI-21-682", "id": "ZDI-21-682", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "(0Day) D-Link DAP-1330 HNAP Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12028", "zdi_id": "ZDI-21-682" }, { "cve": "CVE-2021-34829", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HT...", "detail_json": "/data/advisories/ZDI-21-681/advisory.json", "detail_path": "advisories/ZDI-21-681", "id": "ZDI-21-681", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "(0Day) D-Link DAP-1330 lighttpd http_parse_request Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12065", "zdi_id": "ZDI-21-681" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction H...", "detail_json": "/data/advisories/ZDI-21-680/advisory.json", "detail_path": "advisories/ZDI-21-680", "id": "ZDI-21-680", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "(0Day) D-Link DAP-1330 lighttpd get_soap_action Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12066", "zdi_id": "ZDI-21-680" }, { "cve": "CVE-2021-34827", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction H...", "detail_json": "/data/advisories/ZDI-21-679/advisory.json", "detail_path": "advisories/ZDI-21-679", "id": "ZDI-21-679", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "(0Day) D-Link DAP-1330 HNAP checkValidRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12029", "zdi_id": "ZDI-21-679" }, { "cve": "CVE-2021-31515", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-678/advisory.json", "detail_path": "advisories/ZDI-21-678", "id": "ZDI-21-678", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Vector 35 Binary Ninja BNDB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-678/", "vendor": "Vector 35", "vendor_url": null, "zdi_can": "ZDI-CAN-13668", "zdi_id": "ZDI-21-678" }, { "cve": "CVE-2021-31516", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-677/advisory.json", "detail_path": "advisories/ZDI-21-677", "id": "ZDI-21-677", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Vector 35 Binary Ninja BNDB File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/", "vendor": "Vector 35", "vendor_url": null, "zdi_can": "ZDI-CAN-13670", "zdi_id": "ZDI-21-677" }, { "cve": "CVE-2021-22761", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-676/advisory.json", "detail_path": "advisories/ZDI-21-676", "id": "ZDI-21-676", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-676/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13663", "zdi_id": "ZDI-21-676" }, { "cve": "CVE-2021-22762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-675/advisory.json", "detail_path": "advisories/ZDI-21-675", "id": "ZDI-21-675", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Schneider Electric IGSS WSP and CGF File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-675/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13657", "zdi_id": "ZDI-21-675" }, { "cve": "CVE-2021-22753", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-674/advisory.json", "detail_path": "advisories/ZDI-21-674", "id": "ZDI-21-674", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Schneider Electric IGSS WSP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-674/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-13554", "zdi_id": "ZDI-21-674" }, { "cve": "CVE-2021-22752", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-673/advisory.json", "detail_path": "advisories/ZDI-21-673", "id": "ZDI-21-673", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Schneider Electric IGSS WSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-673/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12773", "zdi_id": "ZDI-21-673" }, { "cve": "CVE-2021-22750", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-672/advisory.json", "detail_path": "advisories/ZDI-21-672", "id": "ZDI-21-672", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-672/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12772", "zdi_id": "ZDI-21-672" }, { "cve": "CVE-2021-31946", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Paint 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-671/advisory.json", "detail_path": "advisories/ZDI-21-671", "id": "ZDI-21-671", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Paint 3D GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-671/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12872", "zdi_id": "ZDI-21-671" }, { "cve": "CVE-2021-31939", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-670/advisory.json", "detail_path": "advisories/ZDI-21-670", "id": "ZDI-21-670", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-670/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13681", "zdi_id": "ZDI-21-670" }, { "cve": "CVE-2021-31941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-669/advisory.json", "detail_path": "advisories/ZDI-21-669", "id": "ZDI-21-669", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-669/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13281", "zdi_id": "ZDI-21-669" }, { "cve": "CVE-2021-31954", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-668/advisory.json", "detail_path": "advisories/ZDI-21-668", "id": "ZDI-21-668", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Windows CLFS Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-668/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13097", "zdi_id": "ZDI-21-668" }, { "cve": "CVE-2021-31945", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Paint 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-667/advisory.json", "detail_path": "advisories/ZDI-21-667", "id": "ZDI-21-667", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Paint 3D GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-667/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12873", "zdi_id": "ZDI-21-667" }, { "cve": "CVE-2021-28630", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-666/advisory.json", "detail_path": "advisories/ZDI-21-666", "id": "ZDI-21-666", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-666/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13738", "zdi_id": "ZDI-21-666" }, { "cve": "CVE-2021-28622", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-665/advisory.json", "detail_path": "advisories/ZDI-21-665", "id": "ZDI-21-665", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-665/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13705", "zdi_id": "ZDI-21-665" }, { "cve": "CVE-2021-28621", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-664/advisory.json", "detail_path": "advisories/ZDI-21-664", "id": "ZDI-21-664", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Animate FLA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-664/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13737", "zdi_id": "ZDI-21-664" }, { "cve": "CVE-2021-28632", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-663/advisory.json", "detail_path": "advisories/ZDI-21-663", "id": "ZDI-21-663", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-663/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13471", "zdi_id": "ZDI-21-663" }, { "cve": "CVE-2021-28631", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-662/advisory.json", "detail_path": "advisories/ZDI-21-662", "id": "ZDI-21-662", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-662/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13481", "zdi_id": "ZDI-21-662" }, { "cve": "CVE-2021-28552", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-661/advisory.json", "detail_path": "advisories/ZDI-21-661", "id": "ZDI-21-661", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-661/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13454", "zdi_id": "ZDI-21-661" }, { "cve": "CVE-2021-28588", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe RoboHelp Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...", "detail_json": "/data/advisories/ZDI-21-660/advisory.json", "detail_path": "advisories/ZDI-21-660", "id": "ZDI-21-660", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13088", "zdi_id": "ZDI-21-660" }, { "cve": "CVE-2021-28554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-659/advisory.json", "detail_path": "advisories/ZDI-21-659", "id": "ZDI-21-659", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-659/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13168", "zdi_id": "ZDI-21-659" }, { "cve": "CVE-2021-31983", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-658/advisory.json", "detail_path": "advisories/ZDI-21-658", "id": "ZDI-21-658", "kind": "published", "published_date": "2021-06-10", "status": "published", "title": "Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-658/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13048", "zdi_id": "ZDI-21-658" }, { "cve": "CVE-2021-25216", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the...", "detail_json": "/data/advisories/ZDI-21-657/advisory.json", "detail_path": "advisories/ZDI-21-657", "id": "ZDI-21-657", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "ISC BIND TKEY Query Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-657/", "vendor": "ISC", "vendor_url": null, "zdi_can": "ZDI-CAN-13347", "zdi_id": "ZDI-21-657" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. The issue result...", "detail_json": "/data/advisories/ZDI-21-656/advisory.json", "detail_path": "advisories/ZDI-21-656", "id": "ZDI-21-656", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView NetworkServlet getPSInventoryInfo SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-656/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-13141", "zdi_id": "ZDI-21-656" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. The issue result...", "detail_json": "/data/advisories/ZDI-21-655/advisory.json", "detail_path": "advisories/ZDI-21-655", "id": "ZDI-21-655", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView NetworkServlet findUpdateDeviceListDetails SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-655/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-13137", "zdi_id": "ZDI-21-655" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteZtpConfig action of NetworkServl...", "detail_json": "/data/advisories/ZDI-21-654/advisory.json", "detail_path": "advisories/ZDI-21-654", "id": "ZDI-21-654", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView deleteZtpConfig SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-654/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11846", "zdi_id": "ZDI-21-654" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getAllActiveTraps action of NetworkSer...", "detail_json": "/data/advisories/ZDI-21-653/advisory.json", "detail_path": "advisories/ZDI-21-653", "id": "ZDI-21-653", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView getAllActiveTraps SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-653/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11838", "zdi_id": "ZDI-21-653" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setDeviceAuthentication action of Netw...", "detail_json": "/data/advisories/ZDI-21-652/advisory.json", "detail_path": "advisories/ZDI-21-652", "id": "ZDI-21-652", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView setDeviceAuthentication SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-652/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11837", "zdi_id": "ZDI-21-652" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveZtpConfig action of NetworkServlet...", "detail_json": "/data/advisories/ZDI-21-651/advisory.json", "detail_path": "advisories/ZDI-21-651", "id": "ZDI-21-651", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView saveZtpConfig SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-651/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11836", "zdi_id": "ZDI-21-651" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getInventoryReportData action of Netwo...", "detail_json": "/data/advisories/ZDI-21-650/advisory.json", "detail_path": "advisories/ZDI-21-650", "id": "ZDI-21-650", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView getInventoryReportData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-650/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11834", "zdi_id": "ZDI-21-650" }, { "cve": "CVE-2021-32932", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNextTrapPage action of NetworkServl...", "detail_json": "/data/advisories/ZDI-21-649/advisory.json", "detail_path": "advisories/ZDI-21-649", "id": "ZDI-21-649", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView getNextTrapPage SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-649/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11833", "zdi_id": "ZDI-21-649" }, { "cve": "CVE-2021-32930", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runProViewUpgrade action of NetworkServlet, wh...", "detail_json": "/data/advisories/ZDI-21-648/advisory.json", "detail_path": "advisories/ZDI-21-648", "id": "ZDI-21-648", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "Advantech iView runProViewUpgrade Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-648/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11832", "zdi_id": "ZDI-21-648" }, { "cve": "CVE-2021-31506", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-647/advisory.json", "detail_path": "advisories/ZDI-21-647", "id": "ZDI-21-647", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-647/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13674", "zdi_id": "ZDI-21-647" }, { "cve": "CVE-2021-31504", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-646/advisory.json", "detail_path": "advisories/ZDI-21-646", "id": "ZDI-21-646", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-646/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12691", "zdi_id": "ZDI-21-646" }, { "cve": "CVE-2021-31503", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-645/advisory.json", "detail_path": "advisories/ZDI-21-645", "id": "ZDI-21-645", "kind": "published", "published_date": "2021-06-07", "status": "published", "title": "OpenText Brava! Desktop IGS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-645/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12690", "zdi_id": "ZDI-21-645" }, { "cve": "CVE-2021-23845", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Bosch B426. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lgs.cgi module. This issue results from the use of h...", "detail_json": "/data/advisories/ZDI-21-644/advisory.json", "detail_path": "advisories/ZDI-21-644", "id": "ZDI-21-644", "kind": "published", "published_date": "2021-06-03", "status": "published", "title": "Bosch B426 Web Configuration Use of Hard-coded Password Authentication Bypass Vulnerability", "updated_date": "2021-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-644/", "vendor": "Bosch", "vendor_url": null, "zdi_can": "ZDI-CAN-13074", "zdi_id": "ZDI-21-644" }, { "cve": "CVE-2021-23846", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Bosch B426. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of login credentials provi...", "detail_json": "/data/advisories/ZDI-21-643/advisory.json", "detail_path": "advisories/ZDI-21-643", "id": "ZDI-21-643", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "Bosch B426 Web Configuration Credential Information Disclosure Vulnerability", "updated_date": "2021-06-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-643/", "vendor": "Bosch", "vendor_url": null, "zdi_can": "ZDI-CAN-13075", "zdi_id": "ZDI-21-643" }, { "cve": "CVE-2021-31502", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-642/advisory.json", "detail_path": "advisories/ZDI-21-642", "id": "ZDI-21-642", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13673", "zdi_id": "ZDI-21-642" }, { "cve": "CVE-2021-31501", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-641/advisory.json", "detail_path": "advisories/ZDI-21-641", "id": "ZDI-21-641", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13310", "zdi_id": "ZDI-21-641" }, { "cve": "CVE-2021-31500", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-640/advisory.json", "detail_path": "advisories/ZDI-21-640", "id": "ZDI-21-640", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12746", "zdi_id": "ZDI-21-640" }, { "cve": "CVE-2021-31499", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-639/advisory.json", "detail_path": "advisories/ZDI-21-639", "id": "ZDI-21-639", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12745", "zdi_id": "ZDI-21-639" }, { "cve": "CVE-2021-31498", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-638/advisory.json", "detail_path": "advisories/ZDI-21-638", "id": "ZDI-21-638", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12744", "zdi_id": "ZDI-21-638" }, { "cve": "CVE-2021-31497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-637/advisory.json", "detail_path": "advisories/ZDI-21-637", "id": "ZDI-21-637", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13311", "zdi_id": "ZDI-21-637" }, { "cve": "CVE-2021-31496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-636/advisory.json", "detail_path": "advisories/ZDI-21-636", "id": "ZDI-21-636", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13308", "zdi_id": "ZDI-21-636" }, { "cve": "CVE-2021-31495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-635/advisory.json", "detail_path": "advisories/ZDI-21-635", "id": "ZDI-21-635", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13307", "zdi_id": "ZDI-21-635" }, { "cve": "CVE-2021-31494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-634/advisory.json", "detail_path": "advisories/ZDI-21-634", "id": "ZDI-21-634", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13305", "zdi_id": "ZDI-21-634" }, { "cve": "CVE-2021-31493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-633/advisory.json", "detail_path": "advisories/ZDI-21-633", "id": "ZDI-21-633", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-13304", "zdi_id": "ZDI-21-633" }, { "cve": "CVE-2021-31492", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-632/advisory.json", "detail_path": "advisories/ZDI-21-632", "id": "ZDI-21-632", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12720", "zdi_id": "ZDI-21-632" }, { "cve": "CVE-2021-31491", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-631/advisory.json", "detail_path": "advisories/ZDI-21-631", "id": "ZDI-21-631", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12719", "zdi_id": "ZDI-21-631" }, { "cve": "CVE-2021-31490", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-630/advisory.json", "detail_path": "advisories/ZDI-21-630", "id": "ZDI-21-630", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12718", "zdi_id": "ZDI-21-630" }, { "cve": "CVE-2021-31489", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-629/advisory.json", "detail_path": "advisories/ZDI-21-629", "id": "ZDI-21-629", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12717", "zdi_id": "ZDI-21-629" }, { "cve": "CVE-2021-31488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-628/advisory.json", "detail_path": "advisories/ZDI-21-628", "id": "ZDI-21-628", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12716", "zdi_id": "ZDI-21-628" }, { "cve": "CVE-2021-31487", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-627/advisory.json", "detail_path": "advisories/ZDI-21-627", "id": "ZDI-21-627", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12715", "zdi_id": "ZDI-21-627" }, { "cve": "CVE-2021-31486", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-626/advisory.json", "detail_path": "advisories/ZDI-21-626", "id": "ZDI-21-626", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12712", "zdi_id": "ZDI-21-626" }, { "cve": "CVE-2021-31485", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-625/advisory.json", "detail_path": "advisories/ZDI-21-625", "id": "ZDI-21-625", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12711", "zdi_id": "ZDI-21-625" }, { "cve": "CVE-2021-31484", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-624/advisory.json", "detail_path": "advisories/ZDI-21-624", "id": "ZDI-21-624", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-624/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12710", "zdi_id": "ZDI-21-624" }, { "cve": "CVE-2021-31483", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-623/advisory.json", "detail_path": "advisories/ZDI-21-623", "id": "ZDI-21-623", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-623/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12709", "zdi_id": "ZDI-21-623" }, { "cve": "CVE-2021-31482", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-622/advisory.json", "detail_path": "advisories/ZDI-21-622", "id": "ZDI-21-622", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-622/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12708", "zdi_id": "ZDI-21-622" }, { "cve": "CVE-2021-31481", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-621/advisory.json", "detail_path": "advisories/ZDI-21-621", "id": "ZDI-21-621", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop SLDPRT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-621/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12659", "zdi_id": "ZDI-21-621" }, { "cve": "CVE-2021-31480", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-620/advisory.json", "detail_path": "advisories/ZDI-21-620", "id": "ZDI-21-620", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop dwg2dl Type Confusion Remote Code Execution Vulnerability", "updated_date": "2021-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-620/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12654", "zdi_id": "ZDI-21-620" }, { "cve": "CVE-2021-31479", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-619/advisory.json", "detail_path": "advisories/ZDI-21-619", "id": "ZDI-21-619", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop pdf2dl Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-619/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12634", "zdi_id": "ZDI-21-619" }, { "cve": "CVE-2021-31478", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-618/advisory.json", "detail_path": "advisories/ZDI-21-618", "id": "ZDI-21-618", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "OpenText Brava! Desktop pdf2dl Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-618/", "vendor": "OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-12633", "zdi_id": "ZDI-21-618" }, { "cve": "CVE-2021-1838", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-617/advisory.json", "detail_path": "advisories/ZDI-21-617", "id": "ZDI-21-617", "kind": "published", "published_date": "2021-06-02", "status": "published", "title": "Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-617/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12626", "zdi_id": "ZDI-21-617" }, { "cve": "CVE-2021-31477", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The fi...", "detail_json": "/data/advisories/ZDI-21-616/advisory.json", "detail_path": "advisories/ZDI-21-616", "id": "ZDI-21-616", "kind": "published", "published_date": "2021-05-27", "status": "published", "title": "GE Reason RPV311 Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-11852", "zdi_id": "ZDI-21-616" }, { "cve": "CVE-2021-31209", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft Exchange Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of Exchange Server...", "detail_json": "/data/advisories/ZDI-21-615/advisory.json", "detail_path": "advisories/ZDI-21-615", "id": "ZDI-21-615", "kind": "published", "published_date": "2021-05-26", "status": "published", "title": "(Pwn2Own) Microsoft Exchange Server Missing Check of Message Integrity Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-615/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13594", "zdi_id": "ZDI-21-615" }, { "cve": "CVE-2021-31476", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-614/advisory.json", "detail_path": "advisories/ZDI-21-614", "id": "ZDI-21-614", "kind": "published", "published_date": "2021-05-26", "status": "published", "title": "Foxit PhantomPDF XFA Template Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-614/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13531", "zdi_id": "ZDI-21-614" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-613/advisory.json", "detail_path": "advisories/ZDI-21-613", "id": "ZDI-21-613", "kind": "published", "published_date": "2021-05-26", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-613/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-13480", "zdi_id": "ZDI-21-613" }, { "cve": "CVE-2021-27382", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-612/advisory.json", "detail_path": "advisories/ZDI-21-612", "id": "ZDI-21-612", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "Siemens Solid Edge Viewer DFT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13040", "zdi_id": "ZDI-21-612" }, { "cve": "CVE-2021-25678", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-611/advisory.json", "detail_path": "advisories/ZDI-21-611", "id": "ZDI-21-611", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-05-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12529", "zdi_id": "ZDI-21-611" }, { "cve": "CVE-2021-21989", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-610/advisory.json", "detail_path": "advisories/ZDI-21-610", "id": "ZDI-21-610", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-610/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-13026", "zdi_id": "ZDI-21-610" }, { "cve": "CVE-2021-21988", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-609/advisory.json", "detail_path": "advisories/ZDI-21-609", "id": "ZDI-21-609", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-609/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-12832", "zdi_id": "ZDI-21-609" }, { "cve": "CVE-2021-21987", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-608/advisory.json", "detail_path": "advisories/ZDI-21-608", "id": "ZDI-21-608", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "VMware Workstation ThinPrint TTCHeader Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-608/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-12733", "zdi_id": "ZDI-21-608" }, { "cve": "CVE-2021-29084", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webapi component. The issue results...", "detail_json": "/data/advisories/ZDI-21-607/advisory.json", "detail_path": "advisories/ZDI-21-607", "id": "ZDI-21-607", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "Synology DiskStation Manager webapi CRLF Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-607/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-12460", "zdi_id": "ZDI-21-607" }, { "cve": "CVE-2021-3490", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-606/advisory.json", "detail_path": "advisories/ZDI-21-606", "id": "ZDI-21-606", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-13590", "zdi_id": "ZDI-21-606" }, { "cve": "CVE-2021-31475", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The i...", "detail_json": "/data/advisories/ZDI-21-605/advisory.json", "detail_path": "advisories/ZDI-21-605", "id": "ZDI-21-605", "kind": "published", "published_date": "2021-05-21", "status": "published", "title": "SolarWinds Orion Job Scheduler JobRouterService Improper Authorization Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-605/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-12007", "zdi_id": "ZDI-21-605" }, { "cve": "CVE-2021-28111", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dr\ufffd\ufffdger X-dock. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the display. The fir...", "detail_json": "/data/advisories/ZDI-21-604/advisory.json", "detail_path": "advisories/ZDI-21-604", "id": "ZDI-21-604", "kind": "published", "published_date": "2021-05-21", "status": "published", "title": "Dr\u00e4ger X-dock Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-604/", "vendor": "Dr\u00e4ger", "vendor_url": null, "zdi_can": "ZDI-CAN-11783", "zdi_id": "ZDI-21-604" }, { "cve": "CVE-2021-32460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-603/advisory.json", "detail_path": "advisories/ZDI-21-603", "id": "ZDI-21-603", "kind": "published", "published_date": "2021-05-21", "status": "published", "title": "Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12346", "zdi_id": "ZDI-21-603" }, { "cve": "CVE-2021-31474", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization li...", "detail_json": "/data/advisories/ZDI-21-602/advisory.json", "detail_path": "advisories/ZDI-21-602", "id": "ZDI-21-602", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Network Performance Monitor FromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-602/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-12213", "zdi_id": "ZDI-21-602" }, { "cve": "CVE-2021-22909", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-21-601/advisory.json", "detail_path": "advisories/ZDI-21-601", "id": "ZDI-21-601", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-601/", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-11700", "zdi_id": "ZDI-21-601" }, { "cve": "CVE-2021-1881", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-600/advisory.json", "detail_path": "advisories/ZDI-21-600", "id": "ZDI-21-600", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS libFontParser OTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-600/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12776", "zdi_id": "ZDI-21-600" }, { "cve": "CVE-2021-1858", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-599/advisory.json", "detail_path": "advisories/ZDI-21-599", "id": "ZDI-21-599", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS KTX Image DecodeRow Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-599/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12775", "zdi_id": "ZDI-21-599" }, { "cve": "CVE-2021-1814", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-598/advisory.json", "detail_path": "advisories/ZDI-21-598", "id": "ZDI-21-598", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-598/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12688", "zdi_id": "ZDI-21-598" }, { "cve": "CVE-2021-30745", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-597/advisory.json", "detail_path": "advisories/ZDI-21-597", "id": "ZDI-21-597", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS QuartzCore Type Confusion Privilege Escalation Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-597/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12157", "zdi_id": "ZDI-21-597" }, { "cve": "CVE-2021-1834", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-596/advisory.json", "detail_path": "advisories/ZDI-21-596", "id": "ZDI-21-596", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x30002 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-596/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12195", "zdi_id": "ZDI-21-596" }, { "cve": "CVE-2021-1834", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-595/advisory.json", "detail_path": "advisories/ZDI-21-595", "id": "ZDI-21-595", "kind": "published", "published_date": "2021-05-20", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x30005 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2021-05-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-595/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12196", "zdi_id": "ZDI-21-595" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-594/advisory.json", "detail_path": "advisories/ZDI-21-594", "id": "ZDI-21-594", "kind": "published", "published_date": "2021-05-18", "status": "published", "title": "(0Day) Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-594/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12334", "zdi_id": "ZDI-21-594" }, { "cve": "CVE-2021-22667", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech BB-ESWGP506-2SFP-T industrial switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet servic...", "detail_json": "/data/advisories/ZDI-21-593/advisory.json", "detail_path": "advisories/ZDI-21-593", "id": "ZDI-21-593", "kind": "published", "published_date": "2021-05-25", "status": "published", "title": "Advantech BB-ESWGP506-2SFP-T Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": "2021-05-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-593/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11786", "zdi_id": "ZDI-21-593" }, { "cve": "CVE-2020-36198", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of QNAP NAS. Authentication is required to exploit this vulnerability. The specific flaw exists within the Malware Remover application. A crafted TAR file in the file s...", "detail_json": "/data/advisories/ZDI-21-592/advisory.json", "detail_path": "advisories/ZDI-21-592", "id": "ZDI-21-592", "kind": "published", "published_date": "2021-05-14", "status": "published", "title": "QNAP NAS Malware Remover Command Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-592/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12891", "zdi_id": "ZDI-21-592" }, { "cve": "CVE-2020-36197", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of QNAP NAS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MusicStation application. When parsing the...", "detail_json": "/data/advisories/ZDI-21-591/advisory.json", "detail_path": "advisories/ZDI-21-591", "id": "ZDI-21-591", "kind": "published", "published_date": "2021-05-14", "status": "published", "title": "QNAP NAS MusicStation Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-591/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12048", "zdi_id": "ZDI-21-591" }, { "cve": "CVE-2021-3489", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-590/advisory.json", "detail_path": "advisories/ZDI-21-590", "id": "ZDI-21-590", "kind": "published", "published_date": "2021-05-14", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-13586", "zdi_id": "ZDI-21-590" }, { "cve": "CVE-2021-3491", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-589/advisory.json", "detail_path": "advisories/ZDI-21-589", "id": "ZDI-21-589", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu io_uring Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-13546", "zdi_id": "ZDI-21-589" }, { "cve": "CVE-2021-27413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-588/advisory.json", "detail_path": "advisories/ZDI-21-588", "id": "ZDI-21-588", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-588/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-11845", "zdi_id": "ZDI-21-588" }, { "cve": "CVE-2021-28587", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-587/advisory.json", "detail_path": "advisories/ZDI-21-587", "id": "ZDI-21-587", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe After Effects TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-587/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13526", "zdi_id": "ZDI-21-587" }, { "cve": "CVE-2021-28586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-586/advisory.json", "detail_path": "advisories/ZDI-21-586", "id": "ZDI-21-586", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-586/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-13524", "zdi_id": "ZDI-21-586" }, { "cve": "CVE-2021-21090", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-585/advisory.json", "detail_path": "advisories/ZDI-21-585", "id": "ZDI-21-585", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe InCopy DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-585/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12752", "zdi_id": "ZDI-21-585" }, { "cve": "CVE-2021-21102", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-584/advisory.json", "detail_path": "advisories/ZDI-21-584", "id": "ZDI-21-584", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe Illustrator DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-584/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12542", "zdi_id": "ZDI-21-584" }, { "cve": "CVE-2021-21099", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-583/advisory.json", "detail_path": "advisories/ZDI-21-583", "id": "ZDI-21-583", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe InDesign PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-583/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12405", "zdi_id": "ZDI-21-583" }, { "cve": "CVE-2021-21098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-582/advisory.json", "detail_path": "advisories/ZDI-21-582", "id": "ZDI-21-582", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe InDesign PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-582/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12510", "zdi_id": "ZDI-21-582" }, { "cve": "CVE-2021-21101", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-581/advisory.json", "detail_path": "advisories/ZDI-21-581", "id": "ZDI-21-581", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Adobe Illustrator TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-581/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12458", "zdi_id": "ZDI-21-581" }, { "cve": "CVE-2021-31175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-580/advisory.json", "detail_path": "advisories/ZDI-21-580", "id": "ZDI-21-580", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Office Graph Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13497", "zdi_id": "ZDI-21-580" }, { "cve": "CVE-2021-28465", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-579/advisory.json", "detail_path": "advisories/ZDI-21-579", "id": "ZDI-21-579", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Windows Groove Music FLAC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-579/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13237", "zdi_id": "ZDI-21-579" }, { "cve": "CVE-2021-31170", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-578/advisory.json", "detail_path": "advisories/ZDI-21-578", "id": "ZDI-21-578", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Windows win32kfull Palette Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-578/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13321", "zdi_id": "ZDI-21-578" }, { "cve": "CVE-2021-31188", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-577/advisory.json", "detail_path": "advisories/ZDI-21-577", "id": "ZDI-21-577", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Windows win32kfull Font Entry Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-577/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13320", "zdi_id": "ZDI-21-577" }, { "cve": "CVE-2021-31177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-576/advisory.json", "detail_path": "advisories/ZDI-21-576", "id": "ZDI-21-576", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12935", "zdi_id": "ZDI-21-576" }, { "cve": "CVE-2021-31176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-575/advisory.json", "detail_path": "advisories/ZDI-21-575", "id": "ZDI-21-575", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-575/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12934", "zdi_id": "ZDI-21-575" }, { "cve": "CVE-2021-28474", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of server-side controls. By specifyi...", "detail_json": "/data/advisories/ZDI-21-574/advisory.json", "detail_path": "advisories/ZDI-21-574", "id": "ZDI-21-574", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft SharePoint Server-Side Control Interpretation Conflict Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-574/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12949", "zdi_id": "ZDI-21-574" }, { "cve": "CVE-2021-31181", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of server-side controls in WebParts....", "detail_json": "/data/advisories/ZDI-21-573/advisory.json", "detail_path": "advisories/ZDI-21-573", "id": "ZDI-21-573", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-573/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12948", "zdi_id": "ZDI-21-573" }, { "cve": "CVE-2021-28465", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-572/advisory.json", "detail_path": "advisories/ZDI-21-572", "id": "ZDI-21-572", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Windows Groove Music FLAC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-572/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12806", "zdi_id": "ZDI-21-572" }, { "cve": "CVE-2021-31187", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-571/advisory.json", "detail_path": "advisories/ZDI-21-571", "id": "ZDI-21-571", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Microsoft Windows WalletService Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-571/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12792", "zdi_id": "ZDI-21-571" }, { "cve": "CVE-2021-27398", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-570/advisory.json", "detail_path": "advisories/ZDI-21-570", "id": "ZDI-21-570", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-570/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13290", "zdi_id": "ZDI-21-570" }, { "cve": "CVE-2021-27397", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-569/advisory.json", "detail_path": "advisories/ZDI-21-569", "id": "ZDI-21-569", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-569/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13287", "zdi_id": "ZDI-21-569" }, { "cve": "CVE-2021-27396", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-568/advisory.json", "detail_path": "advisories/ZDI-21-568", "id": "ZDI-21-568", "kind": "published", "published_date": "2021-05-13", "status": "published", "title": "Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-568/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-13279", "zdi_id": "ZDI-21-568" }, { "cve": "CVE-2021-27492", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-567/advisory.json", "detail_path": "advisories/ZDI-21-567", "id": "ZDI-21-567", "kind": "published", "published_date": "2021-05-12", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer 3DXML File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-567/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11952", "zdi_id": "ZDI-21-567" }, { "cve": "CVE-2021-27490", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-566/advisory.json", "detail_path": "advisories/ZDI-21-566", "id": "ZDI-21-566", "kind": "published", "published_date": "2021-05-12", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-566/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12084", "zdi_id": "ZDI-21-566" }, { "cve": "CVE-2021-27496", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-565/advisory.json", "detail_path": "advisories/ZDI-21-565", "id": "ZDI-21-565", "kind": "published", "published_date": "2021-05-12", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer PRT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-565/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11962", "zdi_id": "ZDI-21-565" }, { "cve": "CVE-2021-27494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-564/advisory.json", "detail_path": "advisories/ZDI-21-564", "id": "ZDI-21-564", "kind": "published", "published_date": "2021-05-12", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer STP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-564/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11953", "zdi_id": "ZDI-21-564" }, { "cve": "CVE-2021-27488", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-563/advisory.json", "detail_path": "advisories/ZDI-21-563", "id": "ZDI-21-563", "kind": "published", "published_date": "2021-05-12", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer CATPart File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-563/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11950", "zdi_id": "ZDI-21-563" }, { "cve": "CVE-2021-22716", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-562/advisory.json", "detail_path": "advisories/ZDI-21-562", "id": "ZDI-21-562", "kind": "published", "published_date": "2021-05-11", "status": "published", "title": "Schneider Electric C-Bus Toolkit Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-562/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12714", "zdi_id": "ZDI-21-562" }, { "cve": "CVE-2021-31473", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-561/advisory.json", "detail_path": "advisories/ZDI-21-561", "id": "ZDI-21-561", "kind": "published", "published_date": "2021-05-11", "status": "published", "title": "Foxit Reader browseForDoc Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-561/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13523", "zdi_id": "ZDI-21-561" }, { "cve": "CVE-2021-1415", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of JSON-RPC requests. Whe...", "detail_json": "/data/advisories/ZDI-21-560/advisory.json", "detail_path": "advisories/ZDI-21-560", "id": "ZDI-21-560", "kind": "published", "published_date": "2021-05-11", "status": "published", "title": "Cisco RV340 set_snmp usmUserEngineID Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-560/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11800", "zdi_id": "ZDI-21-560" }, { "cve": "CVE-2021-1414", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of JSON-RPC requests. Whe...", "detail_json": "/data/advisories/ZDI-21-559/advisory.json", "detail_path": "advisories/ZDI-21-559", "id": "ZDI-21-559", "kind": "published", "published_date": "2021-05-11", "status": "published", "title": "Cisco RV340 set_snmp usmUserPrivKey Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-559/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11798", "zdi_id": "ZDI-21-559" }, { "cve": "CVE-2021-1413", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of JSON-RPC requests. Whe...", "detail_json": "/data/advisories/ZDI-21-558/advisory.json", "detail_path": "advisories/ZDI-21-558", "id": "ZDI-21-558", "kind": "published", "published_date": "2021-05-11", "status": "published", "title": "Cisco RV340 set_snmp usmUserAuthKey Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-558/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11797", "zdi_id": "ZDI-21-558" }, { "cve": "CVE-2021-31468", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-557/advisory.json", "detail_path": "advisories/ZDI-21-557", "id": "ZDI-21-557", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-557/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13620", "zdi_id": "ZDI-21-557" }, { "cve": "CVE-2021-31467", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-556/advisory.json", "detail_path": "advisories/ZDI-21-556", "id": "ZDI-21-556", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-556/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13621", "zdi_id": "ZDI-21-556" }, { "cve": "CVE-2021-31466", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-555/advisory.json", "detail_path": "advisories/ZDI-21-555", "id": "ZDI-21-555", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-555/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13583", "zdi_id": "ZDI-21-555" }, { "cve": "CVE-2021-31465", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-554/advisory.json", "detail_path": "advisories/ZDI-21-554", "id": "ZDI-21-554", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-554/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13582", "zdi_id": "ZDI-21-554" }, { "cve": "CVE-2021-31464", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-553/advisory.json", "detail_path": "advisories/ZDI-21-553", "id": "ZDI-21-553", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-553/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13574", "zdi_id": "ZDI-21-553" }, { "cve": "CVE-2021-31463", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-552/advisory.json", "detail_path": "advisories/ZDI-21-552", "id": "ZDI-21-552", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-552/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13573", "zdi_id": "ZDI-21-552" }, { "cve": "CVE-2021-31462", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-551/advisory.json", "detail_path": "advisories/ZDI-21-551", "id": "ZDI-21-551", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-551/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13572", "zdi_id": "ZDI-21-551" }, { "cve": "CVE-2021-31461", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-550/advisory.json", "detail_path": "advisories/ZDI-21-550", "id": "ZDI-21-550", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader app.media Type Confusion Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-550/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13333", "zdi_id": "ZDI-21-550" }, { "cve": "CVE-2021-31460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-549/advisory.json", "detail_path": "advisories/ZDI-21-549", "id": "ZDI-21-549", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA Template Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-549/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13096", "zdi_id": "ZDI-21-549" }, { "cve": "CVE-2021-31459", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-548/advisory.json", "detail_path": "advisories/ZDI-21-548", "id": "ZDI-21-548", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-548/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13162", "zdi_id": "ZDI-21-548" }, { "cve": "CVE-2021-31458", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-547/advisory.json", "detail_path": "advisories/ZDI-21-547", "id": "ZDI-21-547", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-547/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13150", "zdi_id": "ZDI-21-547" }, { "cve": "CVE-2021-31457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-546/advisory.json", "detail_path": "advisories/ZDI-21-546", "id": "ZDI-21-546", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-546/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13147", "zdi_id": "ZDI-21-546" }, { "cve": "CVE-2021-31456", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-545/advisory.json", "detail_path": "advisories/ZDI-21-545", "id": "ZDI-21-545", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-545/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13102", "zdi_id": "ZDI-21-545" }, { "cve": "CVE-2021-31455", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-544/advisory.json", "detail_path": "advisories/ZDI-21-544", "id": "ZDI-21-544", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-544/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13100", "zdi_id": "ZDI-21-544" }, { "cve": "CVE-2021-31454", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-543/advisory.json", "detail_path": "advisories/ZDI-21-543", "id": "ZDI-21-543", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA leadDigits Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-543/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13095", "zdi_id": "ZDI-21-543" }, { "cve": "CVE-2021-31453", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-542/advisory.json", "detail_path": "advisories/ZDI-21-542", "id": "ZDI-21-542", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA relayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-542/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13092", "zdi_id": "ZDI-21-542" }, { "cve": "CVE-2021-31452", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-541/advisory.json", "detail_path": "advisories/ZDI-21-541", "id": "ZDI-21-541", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA Form Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-541/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13091", "zdi_id": "ZDI-21-541" }, { "cve": "CVE-2021-31451", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-540/advisory.json", "detail_path": "advisories/ZDI-21-540", "id": "ZDI-21-540", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-540/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13089", "zdi_id": "ZDI-21-540" }, { "cve": "CVE-2021-31450", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-539/advisory.json", "detail_path": "advisories/ZDI-21-539", "id": "ZDI-21-539", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-539/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13084", "zdi_id": "ZDI-21-539" }, { "cve": "CVE-2021-31449", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-538/advisory.json", "detail_path": "advisories/ZDI-21-538", "id": "ZDI-21-538", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-538/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13280", "zdi_id": "ZDI-21-538" }, { "cve": "CVE-2021-31448", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-537/advisory.json", "detail_path": "advisories/ZDI-21-537", "id": "ZDI-21-537", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-537/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13273", "zdi_id": "ZDI-21-537" }, { "cve": "CVE-2021-31447", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-536/advisory.json", "detail_path": "advisories/ZDI-21-536", "id": "ZDI-21-536", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-536/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13269", "zdi_id": "ZDI-21-536" }, { "cve": "CVE-2021-31446", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-535/advisory.json", "detail_path": "advisories/ZDI-21-535", "id": "ZDI-21-535", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-535/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13245", "zdi_id": "ZDI-21-535" }, { "cve": "CVE-2021-31445", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-534/advisory.json", "detail_path": "advisories/ZDI-21-534", "id": "ZDI-21-534", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-534/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13244", "zdi_id": "ZDI-21-534" }, { "cve": "CVE-2021-31444", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-533/advisory.json", "detail_path": "advisories/ZDI-21-533", "id": "ZDI-21-533", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-533/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13241", "zdi_id": "ZDI-21-533" }, { "cve": "CVE-2021-31443", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-532/advisory.json", "detail_path": "advisories/ZDI-21-532", "id": "ZDI-21-532", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-532/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13240", "zdi_id": "ZDI-21-532" }, { "cve": "CVE-2021-31442", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-531/advisory.json", "detail_path": "advisories/ZDI-21-531", "id": "ZDI-21-531", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-531/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13239", "zdi_id": "ZDI-21-531" }, { "cve": "CVE-2021-31441", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-530/advisory.json", "detail_path": "advisories/ZDI-21-530", "id": "ZDI-21-530", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-530/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13101", "zdi_id": "ZDI-21-530" }, { "cve": "CVE-2021-31472", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-529/advisory.json", "detail_path": "advisories/ZDI-21-529", "id": "ZDI-21-529", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-529/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-13011", "zdi_id": "ZDI-21-529" }, { "cve": "CVE-2021-31471", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-528/advisory.json", "detail_path": "advisories/ZDI-21-528", "id": "ZDI-21-528", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-528/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12955", "zdi_id": "ZDI-21-528" }, { "cve": "CVE-2021-31470", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-527/advisory.json", "detail_path": "advisories/ZDI-21-527", "id": "ZDI-21-527", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12947", "zdi_id": "ZDI-21-527" }, { "cve": "CVE-2021-31469", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-526/advisory.json", "detail_path": "advisories/ZDI-21-526", "id": "ZDI-21-526", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Foxit Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-526/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12936", "zdi_id": "ZDI-21-526" }, { "cve": "CVE-2021-31520", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro IM Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-21-525/advisory.json", "detail_path": "advisories/ZDI-21-525", "id": "ZDI-21-525", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Trend Micro IM Security Weak Session Token Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-525/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12023", "zdi_id": "ZDI-21-525" }, { "cve": "CVE-2021-22672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-21-524/advisory.json", "detail_path": "advisories/ZDI-21-524", "id": "ZDI-21-524", "kind": "published", "published_date": "2021-05-07", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-524/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12977", "zdi_id": "ZDI-21-524" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-523/advisory.json", "detail_path": "advisories/ZDI-21-523", "id": "ZDI-21-523", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-523/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12595", "zdi_id": "ZDI-21-523" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-522/advisory.json", "detail_path": "advisories/ZDI-21-522", "id": "ZDI-21-522", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-522/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12580", "zdi_id": "ZDI-21-522" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-521/advisory.json", "detail_path": "advisories/ZDI-21-521", "id": "ZDI-21-521", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-521/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12524", "zdi_id": "ZDI-21-521" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-520/advisory.json", "detail_path": "advisories/ZDI-21-520", "id": "ZDI-21-520", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-520/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12502", "zdi_id": "ZDI-21-520" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-519/advisory.json", "detail_path": "advisories/ZDI-21-519", "id": "ZDI-21-519", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-519/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12646", "zdi_id": "ZDI-21-519" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-518/advisory.json", "detail_path": "advisories/ZDI-21-518", "id": "ZDI-21-518", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-518/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12342", "zdi_id": "ZDI-21-518" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-517/advisory.json", "detail_path": "advisories/ZDI-21-517", "id": "ZDI-21-517", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-517/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12647", "zdi_id": "ZDI-21-517" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-516/advisory.json", "detail_path": "advisories/ZDI-21-516", "id": "ZDI-21-516", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-516/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12335", "zdi_id": "ZDI-21-516" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-515/advisory.json", "detail_path": "advisories/ZDI-21-515", "id": "ZDI-21-515", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-515/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12341", "zdi_id": "ZDI-21-515" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-514/advisory.json", "detail_path": "advisories/ZDI-21-514", "id": "ZDI-21-514", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-514/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12340", "zdi_id": "ZDI-21-514" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-513/advisory.json", "detail_path": "advisories/ZDI-21-513", "id": "ZDI-21-513", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-513/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12339", "zdi_id": "ZDI-21-513" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-512/advisory.json", "detail_path": "advisories/ZDI-21-512", "id": "ZDI-21-512", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-512/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12338", "zdi_id": "ZDI-21-512" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-511/advisory.json", "detail_path": "advisories/ZDI-21-511", "id": "ZDI-21-511", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-511/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12337", "zdi_id": "ZDI-21-511" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-21-510/advisory.json", "detail_path": "advisories/ZDI-21-510", "id": "ZDI-21-510", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-510/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12336", "zdi_id": "ZDI-21-510" }, { "cve": "CVE-2021-22660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-21-509/advisory.json", "detail_path": "advisories/ZDI-21-509", "id": "ZDI-21-509", "kind": "published", "published_date": "2021-05-06", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-509/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12412", "zdi_id": "ZDI-21-509" }, { "cve": null, "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-508/advisory.json", "detail_path": "advisories/ZDI-21-508", "id": "ZDI-21-508", "kind": "published", "published_date": "2021-05-05", "status": "published", "title": "Microsoft Windows Raw Image Extension 3FR File Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-508/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12152", "zdi_id": "ZDI-21-508" }, { "cve": "CVE-2021-27054", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-507/advisory.json", "detail_path": "advisories/ZDI-21-507", "id": "ZDI-21-507", "kind": "published", "published_date": "2021-05-05", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-507/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12594", "zdi_id": "ZDI-21-507" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-506/advisory.json", "detail_path": "advisories/ZDI-21-506", "id": "ZDI-21-506", "kind": "published", "published_date": "2021-05-04", "status": "published", "title": "Microsoft Windows Raw Image Extension X3F File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-506/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12635", "zdi_id": "ZDI-21-506" }, { "cve": "CVE-2021-29100", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcGIS Earth. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-505/advisory.json", "detail_path": "advisories/ZDI-21-505", "id": "ZDI-21-505", "kind": "published", "published_date": "2021-05-03", "status": "published", "title": "Esri ArcGIS Earth KMZ File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-505/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12462", "zdi_id": "ZDI-21-505" }, { "cve": "CVE-2021-1648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-504/advisory.json", "detail_path": "advisories/ZDI-21-504", "id": "ZDI-21-504", "kind": "published", "published_date": "2021-05-03", "status": "published", "title": "Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-504/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12781", "zdi_id": "ZDI-21-504" }, { "cve": "CVE-2021-31440", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-503/advisory.json", "detail_path": "advisories/ZDI-21-503", "id": "ZDI-21-503", "kind": "published", "published_date": "2021-05-03", "status": "published", "title": "Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-503/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-13661", "zdi_id": "ZDI-21-503" }, { "cve": null, "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results f...", "detail_json": "/data/advisories/ZDI-21-502/advisory.json", "detail_path": "advisories/ZDI-21-502", "id": "ZDI-21-502", "kind": "published", "published_date": "2021-04-30", "status": "published", "title": "ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-502/", "vendor": "ISC", "vendor_url": null, "zdi_can": "ZDI-CAN-13506", "zdi_id": "ZDI-21-502" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-501/advisory.json", "detail_path": "advisories/ZDI-21-501", "id": "ZDI-21-501", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulDrawStream Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-501/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12577", "zdi_id": "ZDI-21-501" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-500/advisory.json", "detail_path": "advisories/ZDI-21-500", "id": "ZDI-21-500", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulTransparentBlt Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-500/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12575", "zdi_id": "ZDI-21-500" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-499/advisory.json", "detail_path": "advisories/ZDI-21-499", "id": "ZDI-21-499", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulStretchBlt Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-499/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12574", "zdi_id": "ZDI-21-499" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-498/advisory.json", "detail_path": "advisories/ZDI-21-498", "id": "ZDI-21-498", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulFillPath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-498/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12573", "zdi_id": "ZDI-21-498" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-497/advisory.json", "detail_path": "advisories/ZDI-21-497", "id": "ZDI-21-497", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulAlphaBlend Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-497/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12572", "zdi_id": "ZDI-21-497" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-496/advisory.json", "detail_path": "advisories/ZDI-21-496", "id": "ZDI-21-496", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulLineTo Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-496/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12571", "zdi_id": "ZDI-21-496" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-495/advisory.json", "detail_path": "advisories/ZDI-21-495", "id": "ZDI-21-495", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulTextOut Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-495/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12570", "zdi_id": "ZDI-21-495" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-494/advisory.json", "detail_path": "advisories/ZDI-21-494", "id": "ZDI-21-494", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows win32kfull MulStrokeAndFillPath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-494/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12569", "zdi_id": "ZDI-21-494" }, { "cve": "CVE-2021-1640", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-493/advisory.json", "detail_path": "advisories/ZDI-21-493", "id": "ZDI-21-493", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Microsoft Windows Print Spooler Time-Of-Check Time-Of-Use Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12511", "zdi_id": "ZDI-21-493" }, { "cve": "CVE-2021-31439", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS418play. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI stru...", "detail_json": "/data/advisories/ZDI-21-492/advisory.json", "detail_path": "advisories/ZDI-21-492", "id": "ZDI-21-492", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Synology DiskStation Manager Netatalk dsi_doff Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-492/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-12326", "zdi_id": "ZDI-21-492" }, { "cve": "CVE-2021-30638", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Tapestry. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ContextAssetRequestHandler class. The...", "detail_json": "/data/advisories/ZDI-21-491/advisory.json", "detail_path": "advisories/ZDI-21-491", "id": "ZDI-21-491", "kind": "published", "published_date": "2021-04-29", "status": "published", "title": "Apache Tapestry ContextAssetRequestHandler Incorrect Authorization Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-12101", "zdi_id": "ZDI-21-491" }, { "cve": "CVE-2021-33000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-490/advisory.json", "detail_path": "advisories/ZDI-21-490", "id": "ZDI-21-490", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-490/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12276", "zdi_id": "ZDI-21-490" }, { "cve": "CVE-2021-33004", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-489/advisory.json", "detail_path": "advisories/ZDI-21-489", "id": "ZDI-21-489", "kind": "published", "published_date": "2021-06-24", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer PM3 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-489/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12274", "zdi_id": "ZDI-21-489" }, { "cve": "CVE-2021-33002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-488/advisory.json", "detail_path": "advisories/ZDI-21-488", "id": "ZDI-21-488", "kind": "published", "published_date": "2021-06-24", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-488/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12272", "zdi_id": "ZDI-21-488" }, { "cve": "CVE-2021-33000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-487/advisory.json", "detail_path": "advisories/ZDI-21-487", "id": "ZDI-21-487", "kind": "published", "published_date": "2021-06-24", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-487/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12099", "zdi_id": "ZDI-21-487" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-486/advisory.json", "detail_path": "advisories/ZDI-21-486", "id": "ZDI-21-486", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10003 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-486/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11959", "zdi_id": "ZDI-21-486" }, { "cve": "CVE-2021-31784", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-485/advisory.json", "detail_path": "advisories/ZDI-21-485", "id": "ZDI-21-485", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "(0Day) Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-485/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11915", "zdi_id": "ZDI-21-485" }, { "cve": "CVE-2021-2250", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-484/advisory.json", "detail_path": "advisories/ZDI-21-484", "id": "ZDI-21-484", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox SLiRP Networking Heap-based Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-484/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13568", "zdi_id": "ZDI-21-484" }, { "cve": "CVE-2021-2321", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-483/advisory.json", "detail_path": "advisories/ZDI-21-483", "id": "ZDI-21-483", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-483/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13545", "zdi_id": "ZDI-21-483" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-482/advisory.json", "detail_path": "advisories/ZDI-21-482", "id": "ZDI-21-482", "kind": "published", "published_date": "2021-04-28", "status": "published", "title": "Microsoft Windows win32kfull MulStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12576", "zdi_id": "ZDI-21-482" }, { "cve": "CVE-2021-31438", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-481/advisory.json", "detail_path": "advisories/ZDI-21-481", "id": "ZDI-21-481", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo PSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-481/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12443", "zdi_id": "ZDI-21-481" }, { "cve": "CVE-2021-31437", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-480/advisory.json", "detail_path": "advisories/ZDI-21-480", "id": "ZDI-21-480", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-480/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12384", "zdi_id": "ZDI-21-480" }, { "cve": "CVE-2021-31436", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-479/advisory.json", "detail_path": "advisories/ZDI-21-479", "id": "ZDI-21-479", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-479/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12376", "zdi_id": "ZDI-21-479" }, { "cve": "CVE-2021-31435", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-478/advisory.json", "detail_path": "advisories/ZDI-21-478", "id": "ZDI-21-478", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo CMP File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-478/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12331", "zdi_id": "ZDI-21-478" }, { "cve": "CVE-2021-31434", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-477/advisory.json", "detail_path": "advisories/ZDI-21-477", "id": "ZDI-21-477", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-477/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12377", "zdi_id": "ZDI-21-477" }, { "cve": "CVE-2021-31433", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-476/advisory.json", "detail_path": "advisories/ZDI-21-476", "id": "ZDI-21-476", "kind": "published", "published_date": "2021-04-26", "status": "published", "title": "Foxit Studio Photo ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-476/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12333", "zdi_id": "ZDI-21-476" }, { "cve": "CVE-2021-31519", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-21-475/advisory.json", "detail_path": "advisories/ZDI-21-475", "id": "ZDI-21-475", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-475/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12553", "zdi_id": "ZDI-21-475" }, { "cve": "CVE-2021-28649", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...", "detail_json": "/data/advisories/ZDI-21-474/advisory.json", "detail_path": "advisories/ZDI-21-474", "id": "ZDI-21-474", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-474/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12552", "zdi_id": "ZDI-21-474" }, { "cve": "CVE-2021-27027", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-473/advisory.json", "detail_path": "advisories/ZDI-21-473", "id": "ZDI-21-473", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-473/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12615", "zdi_id": "ZDI-21-473" }, { "cve": "CVE-2021-27027", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-472/advisory.json", "detail_path": "advisories/ZDI-21-472", "id": "ZDI-21-472", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-472/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12613", "zdi_id": "ZDI-21-472" }, { "cve": "CVE-2021-27027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-471/advisory.json", "detail_path": "advisories/ZDI-21-471", "id": "ZDI-21-471", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-471/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12200", "zdi_id": "ZDI-21-471" }, { "cve": "CVE-2021-27027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-470/advisory.json", "detail_path": "advisories/ZDI-21-470", "id": "ZDI-21-470", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-470/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12199", "zdi_id": "ZDI-21-470" }, { "cve": "CVE-2021-27027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-469/advisory.json", "detail_path": "advisories/ZDI-21-469", "id": "ZDI-21-469", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-469/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12201", "zdi_id": "ZDI-21-469" }, { "cve": "CVE-2021-27031", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-468/advisory.json", "detail_path": "advisories/ZDI-21-468", "id": "ZDI-21-468", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-468/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12242", "zdi_id": "ZDI-21-468" }, { "cve": "CVE-2021-27028", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-467/advisory.json", "detail_path": "advisories/ZDI-21-467", "id": "ZDI-21-467", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-467/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12241", "zdi_id": "ZDI-21-467" }, { "cve": "CVE-2021-27030", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-466/advisory.json", "detail_path": "advisories/ZDI-21-466", "id": "ZDI-21-466", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-466/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12229", "zdi_id": "ZDI-21-466" }, { "cve": "CVE-2021-27028", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-465/advisory.json", "detail_path": "advisories/ZDI-21-465", "id": "ZDI-21-465", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-465/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12212", "zdi_id": "ZDI-21-465" }, { "cve": "CVE-2021-27029", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-464/advisory.json", "detail_path": "advisories/ZDI-21-464", "id": "ZDI-21-464", "kind": "published", "published_date": "2021-04-23", "status": "published", "title": "Autodesk FBX Review FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-464/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-12211", "zdi_id": "ZDI-21-464" }, { "cve": "CVE-2021-3472", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-463/advisory.json", "detail_path": "advisories/ZDI-21-463", "id": "ZDI-21-463", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "X.Org Server XChangeFeedbackControl Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-12549", "zdi_id": "ZDI-21-463" }, { "cve": "CVE-2021-2297", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-462/advisory.json", "detail_path": "advisories/ZDI-21-462", "id": "ZDI-21-462", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-462/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12855", "zdi_id": "ZDI-21-462" }, { "cve": "CVE-2021-2309", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-461/advisory.json", "detail_path": "advisories/ZDI-21-461", "id": "ZDI-21-461", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-461/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12761", "zdi_id": "ZDI-21-461" }, { "cve": "CVE-2021-2302", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Craf...", "detail_json": "/data/advisories/ZDI-21-460/advisory.json", "detail_path": "advisories/ZDI-21-460", "id": "ZDI-21-460", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-460/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12609", "zdi_id": "ZDI-21-460" }, { "cve": "CVE-2021-2296", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-459/advisory.json", "detail_path": "advisories/ZDI-21-459", "id": "ZDI-21-459", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Race Condition Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-459/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12854", "zdi_id": "ZDI-21-459" }, { "cve": "CVE-2021-2303", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle OSS Support Tools. Authentication is required to exploit this vulnerability. The specific flaw exists within the Diagnostic Assistant component. D...", "detail_json": "/data/advisories/ZDI-21-458/advisory.json", "detail_path": "advisories/ZDI-21-458", "id": "ZDI-21-458", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle OSS Support Tools Diagnostic Assistant XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-458/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12564", "zdi_id": "ZDI-21-458" }, { "cve": "CVE-2021-2291", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-457/advisory.json", "detail_path": "advisories/ZDI-21-457", "id": "ZDI-21-457", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox VGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-457/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12621", "zdi_id": "ZDI-21-457" }, { "cve": "CVE-2021-2310", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-456/advisory.json", "detail_path": "advisories/ZDI-21-456", "id": "ZDI-21-456", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox NAT Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-456/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13428", "zdi_id": "ZDI-21-456" }, { "cve": "CVE-2021-2145", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-455/advisory.json", "detail_path": "advisories/ZDI-21-455", "id": "ZDI-21-455", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox NAT Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-455/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13473", "zdi_id": "ZDI-21-455" }, { "cve": "CVE-2021-2211", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle WebLogic Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafte...", "detail_json": "/data/advisories/ZDI-21-454/advisory.json", "detail_path": "advisories/ZDI-21-454", "id": "ZDI-21-454", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-454/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12492", "zdi_id": "ZDI-21-454" }, { "cve": "CVE-2021-2279", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of drdynvc packets. The issue resul...", "detail_json": "/data/advisories/ZDI-21-453/advisory.json", "detail_path": "advisories/ZDI-21-453", "id": "ZDI-21-453", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox VRDP Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-453/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12407", "zdi_id": "ZDI-21-453" }, { "cve": "CVE-2021-2244", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within APSWebModule. The issue results from...", "detail_json": "/data/advisories/ZDI-21-452/advisory.json", "detail_path": "advisories/ZDI-21-452", "id": "ZDI-21-452", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle Business Intelligence APSWebModule Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-452/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11709", "zdi_id": "ZDI-21-452" }, { "cve": "CVE-2021-2266", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-451/advisory.json", "detail_path": "advisories/ZDI-21-451", "id": "ZDI-21-451", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Oracle VirtualBox VMSVGA Numeric Truncation Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-451/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-13464", "zdi_id": "ZDI-21-451" }, { "cve": "CVE-2021-22720", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-21-450/advisory.json", "detail_path": "advisories/ZDI-21-450", "id": "ZDI-21-450", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Schneider Electric C-Bus Toolkit PROJECT RESTORE Directory Traversal Information Disclosure Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-450/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12604", "zdi_id": "ZDI-21-450" }, { "cve": "CVE-2021-22719", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-21-449/advisory.json", "detail_path": "advisories/ZDI-21-449", "id": "ZDI-21-449", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-449/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12590", "zdi_id": "ZDI-21-449" }, { "cve": "CVE-2021-22718", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-448/advisory.json", "detail_path": "advisories/ZDI-21-448", "id": "ZDI-21-448", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Schneider Electric C-Bus Toolkit CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-448/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12589", "zdi_id": "ZDI-21-448" }, { "cve": "CVE-2021-22717", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The s...", "detail_json": "/data/advisories/ZDI-21-447/advisory.json", "detail_path": "advisories/ZDI-21-447", "id": "ZDI-21-447", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Schneider Electric C-Bus Toolkit ACCESS SAVE Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-447/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12586", "zdi_id": "ZDI-21-447" }, { "cve": "CVE-2021-22660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-21-446/advisory.json", "detail_path": "advisories/ZDI-21-446", "id": "ZDI-21-446", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-446/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12656", "zdi_id": "ZDI-21-446" }, { "cve": "CVE-2021-22660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-21-445/advisory.json", "detail_path": "advisories/ZDI-21-445", "id": "ZDI-21-445", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-445/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12413", "zdi_id": "ZDI-21-445" }, { "cve": "CVE-2021-22664", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-21-444/advisory.json", "detail_path": "advisories/ZDI-21-444", "id": "ZDI-21-444", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-444/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12418", "zdi_id": "ZDI-21-444" }, { "cve": "CVE-2021-22668", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-21-443/advisory.json", "detail_path": "advisories/ZDI-21-443", "id": "ZDI-21-443", "kind": "published", "published_date": "2021-04-22", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-443/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12419", "zdi_id": "ZDI-21-443" }, { "cve": "CVE-2021-33004", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-442/advisory.json", "detail_path": "advisories/ZDI-21-442", "id": "ZDI-21-442", "kind": "published", "published_date": "2021-06-24", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer SNF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-442/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12477", "zdi_id": "ZDI-21-442" }, { "cve": "CVE-2021-33004", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-21-441/advisory.json", "detail_path": "advisories/ZDI-21-441", "id": "ZDI-21-441", "kind": "published", "published_date": "2021-04-27", "status": "published", "title": "(0Day) Advantech WebAccess/HMI Designer PLF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2021-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-441/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12280", "zdi_id": "ZDI-21-441" }, { "cve": "CVE-2021-31432", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-440/advisory.json", "detail_path": "advisories/ZDI-21-440", "id": "ZDI-21-440", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop IDE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-440/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13190", "zdi_id": "ZDI-21-440" }, { "cve": "CVE-2021-31431", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-439/advisory.json", "detail_path": "advisories/ZDI-21-439", "id": "ZDI-21-439", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop IDE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-439/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13189", "zdi_id": "ZDI-21-439" }, { "cve": "CVE-2021-31430", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-438/advisory.json", "detail_path": "advisories/ZDI-21-438", "id": "ZDI-21-438", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop IDE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-438/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13188", "zdi_id": "ZDI-21-438" }, { "cve": "CVE-2021-31429", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-437/advisory.json", "detail_path": "advisories/ZDI-21-437", "id": "ZDI-21-437", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-437/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13187", "zdi_id": "ZDI-21-437" }, { "cve": "CVE-2021-31428", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-436/advisory.json", "detail_path": "advisories/ZDI-21-436", "id": "ZDI-21-436", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-436/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13186", "zdi_id": "ZDI-21-436" }, { "cve": "CVE-2021-31427", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-435/advisory.json", "detail_path": "advisories/ZDI-21-435", "id": "ZDI-21-435", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop OTG Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-435/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-13082", "zdi_id": "ZDI-21-435" }, { "cve": "CVE-2021-31424", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-434/advisory.json", "detail_path": "advisories/ZDI-21-434", "id": "ZDI-21-434", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop OTG Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-434/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12848", "zdi_id": "ZDI-21-434" }, { "cve": "CVE-2021-31426", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-433/advisory.json", "detail_path": "advisories/ZDI-21-433", "id": "ZDI-21-433", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Tools Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-433/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12791", "zdi_id": "ZDI-21-433" }, { "cve": "CVE-2021-31425", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-432/advisory.json", "detail_path": "advisories/ZDI-21-432", "id": "ZDI-21-432", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Tools Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-432/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12790", "zdi_id": "ZDI-21-432" }, { "cve": "CVE-2021-31423", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-431/advisory.json", "detail_path": "advisories/ZDI-21-431", "id": "ZDI-21-431", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-431/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12528", "zdi_id": "ZDI-21-431" }, { "cve": "CVE-2021-31422", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-430/advisory.json", "detail_path": "advisories/ZDI-21-430", "id": "ZDI-21-430", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop e1000e Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2024-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-430/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12527", "zdi_id": "ZDI-21-430" }, { "cve": "CVE-2021-31418", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-429/advisory.json", "detail_path": "advisories/ZDI-21-429", "id": "ZDI-21-429", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-429/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12221", "zdi_id": "ZDI-21-429" }, { "cve": "CVE-2021-31420", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-428/advisory.json", "detail_path": "advisories/ZDI-21-428", "id": "ZDI-21-428", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-428/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12220", "zdi_id": "ZDI-21-428" }, { "cve": "CVE-2021-31419", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-427/advisory.json", "detail_path": "advisories/ZDI-21-427", "id": "ZDI-21-427", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-427/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12136", "zdi_id": "ZDI-21-427" }, { "cve": "CVE-2021-31417", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-426/advisory.json", "detail_path": "advisories/ZDI-21-426", "id": "ZDI-21-426", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-426/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12131", "zdi_id": "ZDI-21-426" }, { "cve": "CVE-2021-31421", "cvss": 3.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-21-425/advisory.json", "detail_path": "advisories/ZDI-21-425", "id": "ZDI-21-425", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Parallels Desktop Toolgate Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-425/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12129", "zdi_id": "ZDI-21-425" }, { "cve": "CVE-2021-28326", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-424/advisory.json", "detail_path": "advisories/ZDI-21-424", "id": "ZDI-21-424", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Microsoft Windows AppX Deployment Service Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-424/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12445", "zdi_id": "ZDI-21-424" }, { "cve": "CVE-2021-28453", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-423/advisory.json", "detail_path": "advisories/ZDI-21-423", "id": "ZDI-21-423", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-423/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12701", "zdi_id": "ZDI-21-423" }, { "cve": "CVE-2021-3492", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-422/advisory.json", "detail_path": "advisories/ZDI-21-422", "id": "ZDI-21-422", "kind": "published", "published_date": "2021-04-21", "status": "published", "title": "(Pwn2Own) Canonical Ubuntu ShiftFS File System Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-13562", "zdi_id": "ZDI-21-422" }, { "cve": "CVE-2021-28468", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-21-421/advisory.json", "detail_path": "advisories/ZDI-21-421", "id": "ZDI-21-421", "kind": "published", "published_date": "2021-04-19", "status": "published", "title": "Microsoft Windows Raw Image Extension CR3 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-421/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12472", "zdi_id": "ZDI-21-421" }, { "cve": "CVE-2021-28648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-420/advisory.json", "detail_path": "advisories/ZDI-21-420", "id": "ZDI-21-420", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-420/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12217", "zdi_id": "ZDI-21-420" }, { "cve": "CVE-2021-25670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens RobotExpert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-419/advisory.json", "detail_path": "advisories/ZDI-21-419", "id": "ZDI-21-419", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Siemens RobotExpert CELL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-419/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12608", "zdi_id": "ZDI-21-419" }, { "cve": "CVE-2021-21095", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-418/advisory.json", "detail_path": "advisories/ZDI-21-418", "id": "ZDI-21-418", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-418/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12536", "zdi_id": "ZDI-21-418" }, { "cve": "CVE-2021-21096", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Adobe Bridge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-21-417/advisory.json", "detail_path": "advisories/ZDI-21-417", "id": "ZDI-21-417", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge Genuine Software Service Incorrect Permission Assignment Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12735", "zdi_id": "ZDI-21-417" }, { "cve": "CVE-2021-21094", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-416/advisory.json", "detail_path": "advisories/ZDI-21-416", "id": "ZDI-21-416", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12539", "zdi_id": "ZDI-21-416" }, { "cve": "CVE-2021-21092", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-415/advisory.json", "detail_path": "advisories/ZDI-21-415", "id": "ZDI-21-415", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge DCM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-415/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12475", "zdi_id": "ZDI-21-415" }, { "cve": "CVE-2021-21093", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-414/advisory.json", "detail_path": "advisories/ZDI-21-414", "id": "ZDI-21-414", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge SGI File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-414/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12474", "zdi_id": "ZDI-21-414" }, { "cve": "CVE-2021-21091", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-413/advisory.json", "detail_path": "advisories/ZDI-21-413", "id": "ZDI-21-413", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Adobe Bridge HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-413/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12391", "zdi_id": "ZDI-21-413" }, { "cve": "CVE-2021-27278", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-412/advisory.json", "detail_path": "advisories/ZDI-21-412", "id": "ZDI-21-412", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Parallels Desktop Toolgate Directory Traversal Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-412/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12130", "zdi_id": "ZDI-21-412" }, { "cve": "CVE-2021-21220", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-411/advisory.json", "detail_path": "advisories/ZDI-21-411", "id": "ZDI-21-411", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "(Pwn2Own) Google Chromium V8 XOR Typer Mismatch Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2024-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-411/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-13569", "zdi_id": "ZDI-21-411" }, { "cve": "CVE-2021-28454", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-410/advisory.json", "detail_path": "advisories/ZDI-21-410", "id": "ZDI-21-410", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-410/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12703", "zdi_id": "ZDI-21-410" }, { "cve": "CVE-2021-26415", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to write data to arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-21-409/advisory.json", "detail_path": "advisories/ZDI-21-409", "id": "ZDI-21-409", "kind": "published", "published_date": "2021-04-15", "status": "published", "title": "Microsoft Windows Installer Service Untrusted File Path Arbitrary File Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12403", "zdi_id": "ZDI-21-409" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-408/advisory.json", "detail_path": "advisories/ZDI-21-408", "id": "ZDI-21-408", "kind": "published", "published_date": "2021-04-13", "status": "published", "title": "(0Day) (Pwn2Own) Samsung Q60T TV Internet Browser Type-Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-408/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-12349", "zdi_id": "ZDI-21-408" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-407/advisory.json", "detail_path": "advisories/ZDI-21-407", "id": "ZDI-21-407", "kind": "published", "published_date": "2021-04-13", "status": "published", "title": "(0Day) (Pwn2Own) Samsung Q60T TV Internet Browser Intermediate Representation Opcode Type-Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-407/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-12057", "zdi_id": "ZDI-21-407" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-406/advisory.json", "detail_path": "advisories/ZDI-21-406", "id": "ZDI-21-406", "kind": "published", "published_date": "2021-04-13", "status": "published", "title": "(0Day) Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-406/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-13047", "zdi_id": "ZDI-21-406" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-21-405/advisory.json", "detail_path": "advisories/ZDI-21-405", "id": "ZDI-21-405", "kind": "published", "published_date": "2021-04-13", "status": "published", "title": "(0Day) Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-405/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12876", "zdi_id": "ZDI-21-405" }, { "cve": "CVE-2020-26997", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-404/advisory.json", "detail_path": "advisories/ZDI-21-404", "id": "ZDI-21-404", "kind": "published", "published_date": "2021-04-13", "status": "published", "title": "(0Day) Siemens Solid Edge Viewer PAR File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-404/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11919", "zdi_id": "ZDI-21-404" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-403/advisory.json", "detail_path": "advisories/ZDI-21-403", "id": "ZDI-21-403", "kind": "published", "published_date": "2021-04-12", "status": "published", "title": "Microsoft Windows win32kfull MulGradientFill Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-403/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12568", "zdi_id": "ZDI-21-403" }, { "cve": "CVE-2021-28645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-402/advisory.json", "detail_path": "advisories/ZDI-21-402", "id": "ZDI-21-402", "kind": "published", "published_date": "2021-04-12", "status": "published", "title": "Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12147", "zdi_id": "ZDI-21-402" }, { "cve": "CVE-2021-25253", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-401/advisory.json", "detail_path": "advisories/ZDI-21-401", "id": "ZDI-21-401", "kind": "published", "published_date": "2021-04-12", "status": "published", "title": "Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-12148", "zdi_id": "ZDI-21-401" }, { "cve": "CVE-2021-25250", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-400/advisory.json", "detail_path": "advisories/ZDI-21-400", "id": "ZDI-21-400", "kind": "published", "published_date": "2021-04-12", "status": "published", "title": "Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11951", "zdi_id": "ZDI-21-400" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens o...", "detail_json": "/data/advisories/ZDI-21-399/advisory.json", "detail_path": "advisories/ZDI-21-399", "id": "ZDI-21-399", "kind": "published", "published_date": "2021-03-31", "status": "published", "title": "(0Day) D-Link DIR-882 HNAP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-399/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11682", "zdi_id": "ZDI-21-399" }, { "cve": "CVE-2020-12497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-21-398/advisory.json", "detail_path": "advisories/ZDI-21-398", "id": "ZDI-21-398", "kind": "published", "published_date": "2021-03-31", "status": "published", "title": "Phoenix Contact Automationworx XML File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-04-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-12244", "zdi_id": "ZDI-21-398" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-397/advisory.json", "detail_path": "advisories/ZDI-21-397", "id": "ZDI-21-397", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10011 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-397/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11961", "zdi_id": "ZDI-21-397" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-396/advisory.json", "detail_path": "advisories/ZDI-21-396", "id": "ZDI-21-396", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x30000 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-396/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11960", "zdi_id": "ZDI-21-396" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-395/advisory.json", "detail_path": "advisories/ZDI-21-395", "id": "ZDI-21-395", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10015 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-395/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11623", "zdi_id": "ZDI-21-395" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-394/advisory.json", "detail_path": "advisories/ZDI-21-394", "id": "ZDI-21-394", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10012 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-394/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11621", "zdi_id": "ZDI-21-394" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-393/advisory.json", "detail_path": "advisories/ZDI-21-393", "id": "ZDI-21-393", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10013 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-393/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11619", "zdi_id": "ZDI-21-393" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-392/advisory.json", "detail_path": "advisories/ZDI-21-392", "id": "ZDI-21-392", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000F Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-392/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11618", "zdi_id": "ZDI-21-392" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-391/advisory.json", "detail_path": "advisories/ZDI-21-391", "id": "ZDI-21-391", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10010 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-391/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11617", "zdi_id": "ZDI-21-391" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-390/advisory.json", "detail_path": "advisories/ZDI-21-390", "id": "ZDI-21-390", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10014 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-390/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11616", "zdi_id": "ZDI-21-390" }, { "cve": "CVE-2020-29612", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-389/advisory.json", "detail_path": "advisories/ZDI-21-389", "id": "ZDI-21-389", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS patch_encoding_common Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-389/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11615", "zdi_id": "ZDI-21-389" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-388/advisory.json", "detail_path": "advisories/ZDI-21-388", "id": "ZDI-21-388", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10008 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-388/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11587", "zdi_id": "ZDI-21-388" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-387/advisory.json", "detail_path": "advisories/ZDI-21-387", "id": "ZDI-21-387", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000C Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-387/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11586", "zdi_id": "ZDI-21-387" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-386/advisory.json", "detail_path": "advisories/ZDI-21-386", "id": "ZDI-21-386", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000A Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-386/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11585", "zdi_id": "ZDI-21-386" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-385/advisory.json", "detail_path": "advisories/ZDI-21-385", "id": "ZDI-21-385", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000B Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-385/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11584", "zdi_id": "ZDI-21-385" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-384/advisory.json", "detail_path": "advisories/ZDI-21-384", "id": "ZDI-21-384", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x30004 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-384/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11496", "zdi_id": "ZDI-21-384" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-383/advisory.json", "detail_path": "advisories/ZDI-21-383", "id": "ZDI-21-383", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000E Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-383/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11494", "zdi_id": "ZDI-21-383" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-382/advisory.json", "detail_path": "advisories/ZDI-21-382", "id": "ZDI-21-382", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x30003 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-382/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11493", "zdi_id": "ZDI-21-382" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-381/advisory.json", "detail_path": "advisories/ZDI-21-381", "id": "ZDI-21-381", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10009 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-381/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11473", "zdi_id": "ZDI-21-381" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-380/advisory.json", "detail_path": "advisories/ZDI-21-380", "id": "ZDI-21-380", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x1000D Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-380/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11472", "zdi_id": "ZDI-21-380" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-379/advisory.json", "detail_path": "advisories/ZDI-21-379", "id": "ZDI-21-379", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x20001 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-379/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11470", "zdi_id": "ZDI-21-379" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-378/advisory.json", "detail_path": "advisories/ZDI-21-378", "id": "ZDI-21-378", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AppleIntelKBLGraphics IOCTL 0x10004 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-378/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11469", "zdi_id": "ZDI-21-378" }, { "cve": "CVE-2020-27947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-377/advisory.json", "detail_path": "advisories/ZDI-21-377", "id": "ZDI-21-377", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS process_token_AVCDecode Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-377/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11468", "zdi_id": "ZDI-21-377" }, { "cve": "CVE-2020-29610", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-376/advisory.json", "detail_path": "advisories/ZDI-21-376", "id": "ZDI-21-376", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AudioToolboxCore MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-376/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11449", "zdi_id": "ZDI-21-376" }, { "cve": "CVE-2020-27908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-21-375/advisory.json", "detail_path": "advisories/ZDI-21-375", "id": "ZDI-21-375", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AudioCodecs MP4 File Parsing Signed to Unsigned Conversion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-375/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11448", "zdi_id": "ZDI-21-375" }, { "cve": "CVE-2020-27909", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-21-374/advisory.json", "detail_path": "advisories/ZDI-21-374", "id": "ZDI-21-374", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Apple macOS AudioCodecs MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-374/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11447", "zdi_id": "ZDI-21-374" }, { "cve": "CVE-2021-27277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-21-373/advisory.json", "detail_path": "advisories/ZDI-21-373", "id": "ZDI-21-373", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "SolarWinds Orion Virtual Infrastructure Monitor OneTimeJobSchedulerEventsService Deserialization of Untrusted Data Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-373/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11955", "zdi_id": "ZDI-21-373" }, { "cve": "CVE-2021-29098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-372/advisory.json", "detail_path": "advisories/ZDI-21-372", "id": "ZDI-21-372", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-372/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12596", "zdi_id": "ZDI-21-372" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-371/advisory.json", "detail_path": "advisories/ZDI-21-371", "id": "ZDI-21-371", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-371/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12612", "zdi_id": "ZDI-21-371" }, { "cve": "CVE-2021-29096", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-370/advisory.json", "detail_path": "advisories/ZDI-21-370", "id": "ZDI-21-370", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-370/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12581", "zdi_id": "ZDI-21-370" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-369/advisory.json", "detail_path": "advisories/ZDI-21-369", "id": "ZDI-21-369", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-369/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12548", "zdi_id": "ZDI-21-369" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-368/advisory.json", "detail_path": "advisories/ZDI-21-368", "id": "ZDI-21-368", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-368/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12503", "zdi_id": "ZDI-21-368" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-367/advisory.json", "detail_path": "advisories/ZDI-21-367", "id": "ZDI-21-367", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-367/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12490", "zdi_id": "ZDI-21-367" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-366/advisory.json", "detail_path": "advisories/ZDI-21-366", "id": "ZDI-21-366", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-366/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12489", "zdi_id": "ZDI-21-366" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-365/advisory.json", "detail_path": "advisories/ZDI-21-365", "id": "ZDI-21-365", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-365/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12488", "zdi_id": "ZDI-21-365" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-364/advisory.json", "detail_path": "advisories/ZDI-21-364", "id": "ZDI-21-364", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-364/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12483", "zdi_id": "ZDI-21-364" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-363/advisory.json", "detail_path": "advisories/ZDI-21-363", "id": "ZDI-21-363", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-363/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12399", "zdi_id": "ZDI-21-363" }, { "cve": "CVE-2021-29098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-362/advisory.json", "detail_path": "advisories/ZDI-21-362", "id": "ZDI-21-362", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-362/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12398", "zdi_id": "ZDI-21-362" }, { "cve": "CVE-2021-29098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-361/advisory.json", "detail_path": "advisories/ZDI-21-361", "id": "ZDI-21-361", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-361/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12397", "zdi_id": "ZDI-21-361" }, { "cve": "CVE-2021-29097", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-360/advisory.json", "detail_path": "advisories/ZDI-21-360", "id": "ZDI-21-360", "kind": "published", "published_date": "2021-03-30", "status": "published", "title": "Esri ArcReader PMF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-360/", "vendor": "Esri", "vendor_url": null, "zdi_can": "ZDI-CAN-12348", "zdi_id": "ZDI-21-360" }, { "cve": "CVE-2021-27276", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-21-359/advisory.json", "detail_path": "advisories/ZDI-21-359", "id": "ZDI-21-359", "kind": "published", "published_date": "2021-03-26", "status": "published", "title": "NETGEAR ProSAFE Network Management System MibController realName Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-359/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12122", "zdi_id": "ZDI-21-359" }, { "cve": "CVE-2021-27275", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing aut...", "detail_json": "/data/advisories/ZDI-21-358/advisory.json", "detail_path": "advisories/ZDI-21-358", "id": "ZDI-21-358", "kind": "published", "published_date": "2021-03-26", "status": "published", "title": "NETGEAR ProSAFE Network Management System ConfigFileController realName Directory Traversal Information Disclosure and Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-358/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12125", "zdi_id": "ZDI-21-358" }, { "cve": "CVE-2021-27274", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadControlle...", "detail_json": "/data/advisories/ZDI-21-357/advisory.json", "detail_path": "advisories/ZDI-21-357", "id": "ZDI-21-357", "kind": "published", "published_date": "2021-03-26", "status": "published", "title": "NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-357/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12124", "zdi_id": "ZDI-21-357" }, { "cve": "CVE-2021-27273", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-21-356/advisory.json", "detail_path": "advisories/ZDI-21-356", "id": "ZDI-21-356", "kind": "published", "published_date": "2021-03-26", "status": "published", "title": "NETGEAR ProSAFE Network Management System SettingConfigController fileName Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-356/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12121", "zdi_id": "ZDI-21-356" }, { "cve": "CVE-2021-27272", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-21-355/advisory.json", "detail_path": "advisories/ZDI-21-355", "id": "ZDI-21-355", "kind": "published", "published_date": "2021-03-26", "status": "published", "title": "NETGEAR ProSAFE Network Management System ReportTemplateController Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-355/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12123", "zdi_id": "ZDI-21-355" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Lepide Active Directory Self Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of backu...", "detail_json": "/data/advisories/ZDI-21-354/advisory.json", "detail_path": "advisories/ZDI-21-354", "id": "ZDI-21-354", "kind": "published", "published_date": "2021-03-23", "status": "published", "title": "(0Day) Lepide Active Directory Self Service Backup Missing Authentication Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-354/", "vendor": "Lepide", "vendor_url": null, "zdi_can": "ZDI-CAN-12008", "zdi_id": "ZDI-21-354" }, { "cve": "CVE-2021-27271", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-353/advisory.json", "detail_path": "advisories/ZDI-21-353", "id": "ZDI-21-353", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3DBrowser Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2022-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-353/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12438", "zdi_id": "ZDI-21-353" }, { "cve": "CVE-2021-27270", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-352/advisory.json", "detail_path": "advisories/ZDI-21-352", "id": "ZDI-21-352", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF JPEG2000 Parsing Out-Of Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-352/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12230", "zdi_id": "ZDI-21-352" }, { "cve": "CVE-2021-27269", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-351/advisory.json", "detail_path": "advisories/ZDI-21-351", "id": "ZDI-21-351", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-351/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12390", "zdi_id": "ZDI-21-351" }, { "cve": "CVE-2021-27268", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-350/advisory.json", "detail_path": "advisories/ZDI-21-350", "id": "ZDI-21-350", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-350/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12295", "zdi_id": "ZDI-21-350" }, { "cve": "CVE-2021-27267", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-349/advisory.json", "detail_path": "advisories/ZDI-21-349", "id": "ZDI-21-349", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-349/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12294", "zdi_id": "ZDI-21-349" }, { "cve": "CVE-2021-27266", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-348/advisory.json", "detail_path": "advisories/ZDI-21-348", "id": "ZDI-21-348", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-348/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12293", "zdi_id": "ZDI-21-348" }, { "cve": "CVE-2021-27265", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-347/advisory.json", "detail_path": "advisories/ZDI-21-347", "id": "ZDI-21-347", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-347/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12292", "zdi_id": "ZDI-21-347" }, { "cve": "CVE-2021-27264", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-346/advisory.json", "detail_path": "advisories/ZDI-21-346", "id": "ZDI-21-346", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-346/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12291", "zdi_id": "ZDI-21-346" }, { "cve": "CVE-2021-27263", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-345/advisory.json", "detail_path": "advisories/ZDI-21-345", "id": "ZDI-21-345", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-345/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12290", "zdi_id": "ZDI-21-345" }, { "cve": "CVE-2021-27262", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-344/advisory.json", "detail_path": "advisories/ZDI-21-344", "id": "ZDI-21-344", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-344/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12270", "zdi_id": "ZDI-21-344" }, { "cve": "CVE-2021-27261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-343/advisory.json", "detail_path": "advisories/ZDI-21-343", "id": "ZDI-21-343", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-343/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-12269", "zdi_id": "ZDI-21-343" }, { "cve": "CVE-2021-25346", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S20. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-21-342/advisory.json", "detail_path": "advisories/ZDI-21-342", "id": "ZDI-21-342", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "Samsung Galaxy S20 libimagecodec Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-342/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-11806", "zdi_id": "ZDI-21-342" }, { "cve": null, "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800H Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-341/advisory.json", "detail_path": "advisories/ZDI-21-341", "id": "ZDI-21-341", "kind": "published", "published_date": "2021-03-18", "status": "published", "title": "(0Day) (Pwn2Own) Sony X800H Smart TV Vewd Type-Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-341/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-12060", "zdi_id": "ZDI-21-341" }, { "cve": "CVE-2021-27646", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iscsi_snapshot_comm_core service. The issue...", "detail_json": "/data/advisories/ZDI-21-340/advisory.json", "detail_path": "advisories/ZDI-21-340", "id": "ZDI-21-340", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-340/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-13476", "zdi_id": "ZDI-21-340" }, { "cve": "CVE-2021-27647", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the HandleS...", "detail_json": "/data/advisories/ZDI-21-339/advisory.json", "detail_path": "advisories/ZDI-21-339", "id": "ZDI-21-339", "kind": "published", "published_date": "2021-03-22", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager StartEngCommPipeServer HandleSendMsg Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-339/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-12361", "zdi_id": "ZDI-21-339" }, { "cve": "CVE-2021-26569", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iscsi_snapshot_comm_core service. The issue...", "detail_json": "/data/advisories/ZDI-21-338/advisory.json", "detail_path": "advisories/ZDI-21-338", "id": "ZDI-21-338", "kind": "published", "published_date": "2021-03-18", "status": "published", "title": "(Pwn2Own) Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-338/", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-12305", "zdi_id": "ZDI-21-338" }, { "cve": "CVE-2021-26578", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Network Orchestrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connec...", "detail_json": "/data/advisories/ZDI-21-337/advisory.json", "detail_path": "advisories/ZDI-21-337", "id": "ZDI-21-337", "kind": "published", "published_date": "2021-03-18", "status": "published", "title": "Hewlett Packard Enterprise Network Orchestrator uaf-token SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-337/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-12187", "zdi_id": "ZDI-21-337" }, { "cve": "CVE-2021-21089", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-336/advisory.json", "detail_path": "advisories/ZDI-21-336", "id": "ZDI-21-336", "kind": "published", "published_date": "2021-03-18", "status": "published", "title": "Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-336/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12856", "zdi_id": "ZDI-21-336" }, { "cve": "CVE-2021-21088", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-335/advisory.json", "detail_path": "advisories/ZDI-21-335", "id": "ZDI-21-335", "kind": "published", "published_date": "2021-03-18", "status": "published", "title": "Adobe Acrobat Pro DC colorConvertPage Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-335/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12441", "zdi_id": "ZDI-21-335" }, { "cve": "CVE-2021-27057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-334/advisory.json", "detail_path": "advisories/ZDI-21-334", "id": "ZDI-21-334", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Office Graph Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-334/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12753", "zdi_id": "ZDI-21-334" }, { "cve": "CVE-2021-27056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-21-333/advisory.json", "detail_path": "advisories/ZDI-21-333", "id": "ZDI-21-333", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-333/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12518", "zdi_id": "ZDI-21-333" }, { "cve": "CVE-2021-27053", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-332/advisory.json", "detail_path": "advisories/ZDI-21-332", "id": "ZDI-21-332", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-332/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12485", "zdi_id": "ZDI-21-332" }, { "cve": "CVE-2021-26900", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-331/advisory.json", "detail_path": "advisories/ZDI-21-331", "id": "ZDI-21-331", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Windows CInteractionTrackerMarshaler Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2021-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-331/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12484", "zdi_id": "ZDI-21-331" }, { "cve": "CVE-2021-26892", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-330/advisory.json", "detail_path": "advisories/ZDI-21-330", "id": "ZDI-21-330", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Windows EFI Partition Incorrect Authorization Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-330/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12299", "zdi_id": "ZDI-21-330" }, { "cve": "CVE-2021-27070", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-329/advisory.json", "detail_path": "advisories/ZDI-21-329", "id": "ZDI-21-329", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Windows Update Assistant Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-329/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12110", "zdi_id": "ZDI-21-329" }, { "cve": "CVE-2021-26889", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-328/advisory.json", "detail_path": "advisories/ZDI-21-328", "id": "ZDI-21-328", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Windows Setup Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-328/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12109", "zdi_id": "ZDI-21-328" }, { "cve": "CVE-2021-26886", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-327/advisory.json", "detail_path": "advisories/ZDI-21-327", "id": "ZDI-21-327", "kind": "published", "published_date": "2021-03-17", "status": "published", "title": "Microsoft Windows User Profile Service Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-327/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12108", "zdi_id": "ZDI-21-327" }, { "cve": "CVE-2021-22647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-326/advisory.json", "detail_path": "advisories/ZDI-21-326", "id": "ZDI-21-326", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer CATPart File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11948", "zdi_id": "ZDI-21-326" }, { "cve": "CVE-2021-22649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-325/advisory.json", "detail_path": "advisories/ZDI-21-325", "id": "ZDI-21-325", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer JT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12064", "zdi_id": "ZDI-21-325" }, { "cve": "CVE-2021-22651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-324/advisory.json", "detail_path": "advisories/ZDI-21-324", "id": "ZDI-21-324", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer ZIP Path Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11983", "zdi_id": "ZDI-21-324" }, { "cve": "CVE-2021-22645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-323/advisory.json", "detail_path": "advisories/ZDI-21-323", "id": "ZDI-21-323", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11940", "zdi_id": "ZDI-21-323" }, { "cve": "CVE-2021-22647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-322/advisory.json", "detail_path": "advisories/ZDI-21-322", "id": "ZDI-21-322", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11984", "zdi_id": "ZDI-21-322" }, { "cve": "CVE-2021-22647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-321/advisory.json", "detail_path": "advisories/ZDI-21-321", "id": "ZDI-21-321", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11944", "zdi_id": "ZDI-21-321" }, { "cve": "CVE-2021-22647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-320/advisory.json", "detail_path": "advisories/ZDI-21-320", "id": "ZDI-21-320", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer 3DS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11941", "zdi_id": "ZDI-21-320" }, { "cve": "CVE-2021-22643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-319/advisory.json", "detail_path": "advisories/ZDI-21-319", "id": "ZDI-21-319", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer 3DS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11938", "zdi_id": "ZDI-21-319" }, { "cve": "CVE-2021-22647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-318/advisory.json", "detail_path": "advisories/ZDI-21-318", "id": "ZDI-21-318", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11946", "zdi_id": "ZDI-21-318" }, { "cve": "CVE-2021-22649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-317/advisory.json", "detail_path": "advisories/ZDI-21-317", "id": "ZDI-21-317", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer 3DS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11942", "zdi_id": "ZDI-21-317" }, { "cve": "CVE-2021-22643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-316/advisory.json", "detail_path": "advisories/ZDI-21-316", "id": "ZDI-21-316", "kind": "published", "published_date": "2021-03-16", "status": "published", "title": "Siemens Solid Edge Viewer 3DS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11939", "zdi_id": "ZDI-21-316" }, { "cve": "CVE-2021-27586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-315/advisory.json", "detail_path": "advisories/ZDI-21-315", "id": "ZDI-21-315", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-315/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12423", "zdi_id": "ZDI-21-315" }, { "cve": "CVE-2021-27592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-314/advisory.json", "detail_path": "advisories/ZDI-21-314", "id": "ZDI-21-314", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-314/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12425", "zdi_id": "ZDI-21-314" }, { "cve": "CVE-2021-27592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-313/advisory.json", "detail_path": "advisories/ZDI-21-313", "id": "ZDI-21-313", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-313/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12426", "zdi_id": "ZDI-21-313" }, { "cve": "CVE-2021-27587", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-312/advisory.json", "detail_path": "advisories/ZDI-21-312", "id": "ZDI-21-312", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-312/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12433", "zdi_id": "ZDI-21-312" }, { "cve": "CVE-2021-27592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-311/advisory.json", "detail_path": "advisories/ZDI-21-311", "id": "ZDI-21-311", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-311/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12470", "zdi_id": "ZDI-21-311" }, { "cve": "CVE-2021-27587", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-310/advisory.json", "detail_path": "advisories/ZDI-21-310", "id": "ZDI-21-310", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Null Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-310/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12435", "zdi_id": "ZDI-21-310" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-309/advisory.json", "detail_path": "advisories/ZDI-21-309", "id": "ZDI-21-309", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-309/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12174", "zdi_id": "ZDI-21-309" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-308/advisory.json", "detail_path": "advisories/ZDI-21-308", "id": "ZDI-21-308", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-308/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12173", "zdi_id": "ZDI-21-308" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-307/advisory.json", "detail_path": "advisories/ZDI-21-307", "id": "ZDI-21-307", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-307/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12172", "zdi_id": "ZDI-21-307" }, { "cve": "CVE-2021-27589", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-306/advisory.json", "detail_path": "advisories/ZDI-21-306", "id": "ZDI-21-306", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SVG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-306/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12139", "zdi_id": "ZDI-21-306" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-305/advisory.json", "detail_path": "advisories/ZDI-21-305", "id": "ZDI-21-305", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-305/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12322", "zdi_id": "ZDI-21-305" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-304/advisory.json", "detail_path": "advisories/ZDI-21-304", "id": "ZDI-21-304", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-304/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12321", "zdi_id": "ZDI-21-304" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-303/advisory.json", "detail_path": "advisories/ZDI-21-303", "id": "ZDI-21-303", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-303/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12320", "zdi_id": "ZDI-21-303" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-302/advisory.json", "detail_path": "advisories/ZDI-21-302", "id": "ZDI-21-302", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-302/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12319", "zdi_id": "ZDI-21-302" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-301/advisory.json", "detail_path": "advisories/ZDI-21-301", "id": "ZDI-21-301", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-301/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12318", "zdi_id": "ZDI-21-301" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-300/advisory.json", "detail_path": "advisories/ZDI-21-300", "id": "ZDI-21-300", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-300/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12317", "zdi_id": "ZDI-21-300" }, { "cve": "CVE-2021-27585", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-299/advisory.json", "detail_path": "advisories/ZDI-21-299", "id": "ZDI-21-299", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-299/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12316", "zdi_id": "ZDI-21-299" }, { "cve": "CVE-2021-27591", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-298/advisory.json", "detail_path": "advisories/ZDI-21-298", "id": "ZDI-21-298", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-298/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12239", "zdi_id": "ZDI-21-298" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-297/advisory.json", "detail_path": "advisories/ZDI-21-297", "id": "ZDI-21-297", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-297/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12171", "zdi_id": "ZDI-21-297" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-296/advisory.json", "detail_path": "advisories/ZDI-21-296", "id": "ZDI-21-296", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-296/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12225", "zdi_id": "ZDI-21-296" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-295/advisory.json", "detail_path": "advisories/ZDI-21-295", "id": "ZDI-21-295", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-295/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12224", "zdi_id": "ZDI-21-295" }, { "cve": "CVE-2021-27590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-294/advisory.json", "detail_path": "advisories/ZDI-21-294", "id": "ZDI-21-294", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-294/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12205", "zdi_id": "ZDI-21-294" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-293/advisory.json", "detail_path": "advisories/ZDI-21-293", "id": "ZDI-21-293", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-293/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12175", "zdi_id": "ZDI-21-293" }, { "cve": "CVE-2021-27588", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-292/advisory.json", "detail_path": "advisories/ZDI-21-292", "id": "ZDI-21-292", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-292/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12116", "zdi_id": "ZDI-21-292" }, { "cve": "CVE-2021-21493", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-21-291/advisory.json", "detail_path": "advisories/ZDI-21-291", "id": "ZDI-21-291", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-291/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12098", "zdi_id": "ZDI-21-291" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-290/advisory.json", "detail_path": "advisories/ZDI-21-290", "id": "ZDI-21-290", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-290/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12097", "zdi_id": "ZDI-21-290" }, { "cve": "CVE-2021-21493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-289/advisory.json", "detail_path": "advisories/ZDI-21-289", "id": "ZDI-21-289", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-289/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12092", "zdi_id": "ZDI-21-289" }, { "cve": "CVE-2021-27585", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-288/advisory.json", "detail_path": "advisories/ZDI-21-288", "id": "ZDI-21-288", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-288/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12078", "zdi_id": "ZDI-21-288" }, { "cve": "CVE-2021-27077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-287/advisory.json", "detail_path": "advisories/ZDI-21-287", "id": "ZDI-21-287", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Microsoft Windows win32kfull bStretch NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-287/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12672", "zdi_id": "ZDI-21-287" }, { "cve": "CVE-2021-26866", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-286/advisory.json", "detail_path": "advisories/ZDI-21-286", "id": "ZDI-21-286", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Microsoft Windows Update Agent Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-286/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12442", "zdi_id": "ZDI-21-286" }, { "cve": "CVE-2021-26862", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-285/advisory.json", "detail_path": "advisories/ZDI-21-285", "id": "ZDI-21-285", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Microsoft Windows Installer Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-285/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12324", "zdi_id": "ZDI-21-285" }, { "cve": "CVE-2021-1729", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-284/advisory.json", "detail_path": "advisories/ZDI-21-284", "id": "ZDI-21-284", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Microsoft Windows Setup Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12093", "zdi_id": "ZDI-21-284" }, { "cve": "CVE-2021-26873", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-283/advisory.json", "detail_path": "advisories/ZDI-21-283", "id": "ZDI-21-283", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-283/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12194", "zdi_id": "ZDI-21-283" }, { "cve": "CVE-2021-21056", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-21-282/advisory.json", "detail_path": "advisories/ZDI-21-282", "id": "ZDI-21-282", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-282/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12514", "zdi_id": "ZDI-21-282" }, { "cve": "CVE-2021-21069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-281/advisory.json", "detail_path": "advisories/ZDI-21-281", "id": "ZDI-21-281", "kind": "published", "published_date": "2021-03-15", "status": "published", "title": "Adobe Creative Cloud Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-281/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12450", "zdi_id": "ZDI-21-281" }, { "cve": "CVE-2021-0458", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-280/advisory.json", "detail_path": "advisories/ZDI-21-280", "id": "ZDI-21-280", "kind": "published", "published_date": "2021-03-12", "status": "published", "title": "Google Android fts_driver_test_write Integer Overflow Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-280/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-11102", "zdi_id": "ZDI-21-280" }, { "cve": "CVE-2021-0457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-279/advisory.json", "detail_path": "advisories/ZDI-21-279", "id": "ZDI-21-279", "kind": "published", "published_date": "2021-03-12", "status": "published", "title": "Google Android fts_driver_test_write Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-279/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-11094", "zdi_id": "ZDI-21-279" }, { "cve": "CVE-2021-0459", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-278/advisory.json", "detail_path": "advisories/ZDI-21-278", "id": "ZDI-21-278", "kind": "published", "published_date": "2021-03-12", "status": "published", "title": "Google Android fts_driver_test_write Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-278/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-11093", "zdi_id": "ZDI-21-278" }, { "cve": "CVE-2021-3310", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMB and AFP services. B...", "detail_json": "/data/advisories/ZDI-21-277/advisory.json", "detail_path": "advisories/ZDI-21-277", "id": "ZDI-21-277", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-277/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-12455", "zdi_id": "ZDI-21-277" }, { "cve": "CVE-2021-27076", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of InfoPath attachments. Ta...", "detail_json": "/data/advisories/ZDI-21-276/advisory.json", "detail_path": "advisories/ZDI-21-276", "id": "ZDI-21-276", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Microsoft SharePoint InfoPath List Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-276/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12086", "zdi_id": "ZDI-21-276" }, { "cve": "CVE-2020-28385", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-275/advisory.json", "detail_path": "advisories/ZDI-21-275", "id": "ZDI-21-275", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Siemens Solid Edge Viewer DFT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-275/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12049", "zdi_id": "ZDI-21-275" }, { "cve": "CVE-2021-27380", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-274/advisory.json", "detail_path": "advisories/ZDI-21-274", "id": "ZDI-21-274", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-274/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12532", "zdi_id": "ZDI-21-274" }, { "cve": "CVE-2021-22711", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-273/advisory.json", "detail_path": "advisories/ZDI-21-273", "id": "ZDI-21-273", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-273/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12666", "zdi_id": "ZDI-21-273" }, { "cve": "CVE-2021-22709", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-272/advisory.json", "detail_path": "advisories/ZDI-21-272", "id": "ZDI-21-272", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-272/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12599", "zdi_id": "ZDI-21-272" }, { "cve": "CVE-2021-22710", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-271/advisory.json", "detail_path": "advisories/ZDI-21-271", "id": "ZDI-21-271", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-271/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12600", "zdi_id": "ZDI-21-271" }, { "cve": "CVE-2021-27381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-270/advisory.json", "detail_path": "advisories/ZDI-21-270", "id": "ZDI-21-270", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-03-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-270/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12534", "zdi_id": "ZDI-21-270" }, { "cve": "CVE-2021-22712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-269/advisory.json", "detail_path": "advisories/ZDI-21-269", "id": "ZDI-21-269", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-269/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-12669", "zdi_id": "ZDI-21-269" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows physical or remote attackers to bypass the Windows login screen on affected installations of Lepide Active Directory Self Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the \"Res...", "detail_json": "/data/advisories/ZDI-21-268/advisory.json", "detail_path": "advisories/ZDI-21-268", "id": "ZDI-21-268", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "(0Day) Lepide Active Directory Self Service Unsafe Interaction Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-268/", "vendor": "Lepide", "vendor_url": null, "zdi_can": "ZDI-CAN-11708", "zdi_id": "ZDI-21-268" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation PLC WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-267/advisory.json", "detail_path": "advisories/ZDI-21-267", "id": "ZDI-21-267", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "(0Day) Fatek Automation PLC WinProladder PWD File Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-267/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12001", "zdi_id": "ZDI-21-267" }, { "cve": "CVE-2020-28387", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-266/advisory.json", "detail_path": "advisories/ZDI-21-266", "id": "ZDI-21-266", "kind": "published", "published_date": "2021-03-11", "status": "published", "title": "Siemens Solid Edge Viewer SEECTCXML File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-266/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11923", "zdi_id": "ZDI-21-266" }, { "cve": "CVE-2021-0460", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-21-265/advisory.json", "detail_path": "advisories/ZDI-21-265", "id": "ZDI-21-265", "kind": "published", "published_date": "2021-03-09", "status": "published", "title": "Google Android fts_driver_test_write Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-265/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-11087", "zdi_id": "ZDI-21-265" }, { "cve": "CVE-2021-27257", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadin...", "detail_json": "/data/advisories/ZDI-21-264/advisory.json", "detail_path": "advisories/ZDI-21-264", "id": "ZDI-21-264", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "(Pwn2Own) NETGEAR R7800 ready-genie-cloud Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12362", "zdi_id": "ZDI-21-264" }, { "cve": "CVE-2021-27255", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results...", "detail_json": "/data/advisories/ZDI-21-263/advisory.json", "detail_path": "advisories/ZDI-21-263", "id": "ZDI-21-263", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "(Pwn2Own) NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12360", "zdi_id": "ZDI-21-263" }, { "cve": "CVE-2021-27256", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-21-262/advisory.json", "detail_path": "advisories/ZDI-21-262", "id": "ZDI-21-262", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "(Pwn2Own) NETGEAR R7800 apply_save.cgi rc_service Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12355", "zdi_id": "ZDI-21-262" }, { "cve": "CVE-2021-22670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-261/advisory.json", "detail_path": "advisories/ZDI-21-261", "id": "ZDI-21-261", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-261/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-12000", "zdi_id": "ZDI-21-261" }, { "cve": "CVE-2021-22666", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-260/advisory.json", "detail_path": "advisories/ZDI-21-260", "id": "ZDI-21-260", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-260/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11999", "zdi_id": "ZDI-21-260" }, { "cve": "CVE-2021-22670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-259/advisory.json", "detail_path": "advisories/ZDI-21-259", "id": "ZDI-21-259", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-259/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11998", "zdi_id": "ZDI-21-259" }, { "cve": "CVE-2021-22662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-258/advisory.json", "detail_path": "advisories/ZDI-21-258", "id": "ZDI-21-258", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-258/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11997", "zdi_id": "ZDI-21-258" }, { "cve": "CVE-2021-22662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-257/advisory.json", "detail_path": "advisories/ZDI-21-257", "id": "ZDI-21-257", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-257/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11996", "zdi_id": "ZDI-21-257" }, { "cve": "CVE-2021-22662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-256/advisory.json", "detail_path": "advisories/ZDI-21-256", "id": "ZDI-21-256", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-256/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11995", "zdi_id": "ZDI-21-256" }, { "cve": "CVE-2021-22638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-255/advisory.json", "detail_path": "advisories/ZDI-21-255", "id": "ZDI-21-255", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-255/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11802", "zdi_id": "ZDI-21-255" }, { "cve": "CVE-2021-22683", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-254/advisory.json", "detail_path": "advisories/ZDI-21-254", "id": "ZDI-21-254", "kind": "published", "published_date": "2021-02-26", "status": "published", "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-254/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11704", "zdi_id": "ZDI-21-254" }, { "cve": "CVE-2020-25237", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the FirmwareFileUtils class. The issue results from...", "detail_json": "/data/advisories/ZDI-21-253/advisory.json", "detail_path": "advisories/ZDI-21-253", "id": "ZDI-21-253", "kind": "published", "published_date": "2021-02-25", "status": "published", "title": "Siemens SINEC NMS FirmwareFileUtils extractToFolder Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-253/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12054", "zdi_id": "ZDI-21-253" }, { "cve": "CVE-2021-27254", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue res...", "detail_json": "/data/advisories/ZDI-21-252/advisory.json", "detail_path": "advisories/ZDI-21-252", "id": "ZDI-21-252", "kind": "published", "published_date": "2021-02-25", "status": "published", "title": "(Pwn2Own) NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12287", "zdi_id": "ZDI-21-252" }, { "cve": "CVE-2021-1791", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-251/advisory.json", "detail_path": "advisories/ZDI-21-251", "id": "ZDI-21-251", "kind": "published", "published_date": "2021-02-03", "status": "published", "title": "Apple iOS FairplayIOKit Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-251/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12053", "zdi_id": "ZDI-21-251" }, { "cve": "CVE-2021-21974", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. The issue re...", "detail_json": "/data/advisories/ZDI-21-250/advisory.json", "detail_path": "advisories/ZDI-21-250", "id": "ZDI-21-250", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-250/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-12232", "zdi_id": "ZDI-21-250" }, { "cve": "CVE-2021-27253", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-21-249/advisory.json", "detail_path": "advisories/ZDI-21-249", "id": "ZDI-21-249", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "(Pwn2Own) NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12303", "zdi_id": "ZDI-21-249" }, { "cve": "CVE-2021-27252", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP o...", "detail_json": "/data/advisories/ZDI-21-248/advisory.json", "detail_path": "advisories/ZDI-21-248", "id": "ZDI-21-248", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "(Pwn2Own) NETGEAR R7800 udchpd DHCP_REQUEST Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12216", "zdi_id": "ZDI-21-248" }, { "cve": "CVE-2021-27251", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The...", "detail_json": "/data/advisories/ZDI-21-247/advisory.json", "detail_path": "advisories/ZDI-21-247", "id": "ZDI-21-247", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "(Pwn2Own) NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability", "updated_date": "2021-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-12308", "zdi_id": "ZDI-21-247" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-246/advisory.json", "detail_path": "advisories/ZDI-21-246", "id": "ZDI-21-246", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-246/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11911", "zdi_id": "ZDI-21-246" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-245/advisory.json", "detail_path": "advisories/ZDI-21-245", "id": "ZDI-21-245", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-245/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11910", "zdi_id": "ZDI-21-245" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-244/advisory.json", "detail_path": "advisories/ZDI-21-244", "id": "ZDI-21-244", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-244/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11914", "zdi_id": "ZDI-21-244" }, { "cve": "CVE-2021-25178", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-243/advisory.json", "detail_path": "advisories/ZDI-21-243", "id": "ZDI-21-243", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-243/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12166", "zdi_id": "ZDI-21-243" }, { "cve": "CVE-2020-26995", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-242/advisory.json", "detail_path": "advisories/ZDI-21-242", "id": "ZDI-21-242", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go SGI File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-242/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12176", "zdi_id": "ZDI-21-242" }, { "cve": "CVE-2020-26995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-241/advisory.json", "detail_path": "advisories/ZDI-21-241", "id": "ZDI-21-241", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-241/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12168", "zdi_id": "ZDI-21-241" }, { "cve": "CVE-2021-25178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-240/advisory.json", "detail_path": "advisories/ZDI-21-240", "id": "ZDI-21-240", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-240/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12165", "zdi_id": "ZDI-21-240" }, { "cve": "CVE-2020-26999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-239/advisory.json", "detail_path": "advisories/ZDI-21-239", "id": "ZDI-21-239", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12042", "zdi_id": "ZDI-21-239" }, { "cve": "CVE-2020-26998", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-238/advisory.json", "detail_path": "advisories/ZDI-21-238", "id": "ZDI-21-238", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12040", "zdi_id": "ZDI-21-238" }, { "cve": "CVE-2020-27000", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-237/advisory.json", "detail_path": "advisories/ZDI-21-237", "id": "ZDI-21-237", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go BMP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-237/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12018", "zdi_id": "ZDI-21-237" }, { "cve": "CVE-2020-28394", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-236/advisory.json", "detail_path": "advisories/ZDI-21-236", "id": "ZDI-21-236", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go RAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-236/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12283", "zdi_id": "ZDI-21-236" }, { "cve": "CVE-2020-27008", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-235/advisory.json", "detail_path": "advisories/ZDI-21-235", "id": "ZDI-21-235", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PLT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-235/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12209", "zdi_id": "ZDI-21-235" }, { "cve": "CVE-2020-27007", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-234/advisory.json", "detail_path": "advisories/ZDI-21-234", "id": "ZDI-21-234", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go HPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-234/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12208", "zdi_id": "ZDI-21-234" }, { "cve": "CVE-2020-27007", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-233/advisory.json", "detail_path": "advisories/ZDI-21-233", "id": "ZDI-21-233", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go HPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-233/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12207", "zdi_id": "ZDI-21-233" }, { "cve": "CVE-2020-27006", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-232/advisory.json", "detail_path": "advisories/ZDI-21-232", "id": "ZDI-21-232", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PCT File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-232/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12182", "zdi_id": "ZDI-21-232" }, { "cve": "CVE-2020-27005", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-231/advisory.json", "detail_path": "advisories/ZDI-21-231", "id": "ZDI-21-231", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-231/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12178", "zdi_id": "ZDI-21-231" }, { "cve": "CVE-2020-27004", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-230/advisory.json", "detail_path": "advisories/ZDI-21-230", "id": "ZDI-21-230", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go CGM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-230/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12163", "zdi_id": "ZDI-21-230" }, { "cve": "CVE-2020-27003", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-229/advisory.json", "detail_path": "advisories/ZDI-21-229", "id": "ZDI-21-229", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go TIFF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-229/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12158", "zdi_id": "ZDI-21-229" }, { "cve": "CVE-2020-27002", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-228/advisory.json", "detail_path": "advisories/ZDI-21-228", "id": "ZDI-21-228", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12043", "zdi_id": "ZDI-21-228" }, { "cve": "CVE-2020-27001", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-227/advisory.json", "detail_path": "advisories/ZDI-21-227", "id": "ZDI-21-227", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12041", "zdi_id": "ZDI-21-227" }, { "cve": "CVE-2021-25174", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-226/advisory.json", "detail_path": "advisories/ZDI-21-226", "id": "ZDI-21-226", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DGN File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12026", "zdi_id": "ZDI-21-226" }, { "cve": "CVE-2021-25173", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-225/advisory.json", "detail_path": "advisories/ZDI-21-225", "id": "ZDI-21-225", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12019", "zdi_id": "ZDI-21-225" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-224/advisory.json", "detail_path": "advisories/ZDI-21-224", "id": "ZDI-21-224", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-224/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11988", "zdi_id": "ZDI-21-224" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-223/advisory.json", "detail_path": "advisories/ZDI-21-223", "id": "ZDI-21-223", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-223/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11993", "zdi_id": "ZDI-21-223" }, { "cve": "CVE-2021-25176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-222/advisory.json", "detail_path": "advisories/ZDI-21-222", "id": "ZDI-21-222", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-222/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11989", "zdi_id": "ZDI-21-222" }, { "cve": "CVE-2021-25176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-221/advisory.json", "detail_path": "advisories/ZDI-21-221", "id": "ZDI-21-221", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-221/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11913", "zdi_id": "ZDI-21-221" }, { "cve": "CVE-2021-25178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-220/advisory.json", "detail_path": "advisories/ZDI-21-220", "id": "ZDI-21-220", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF and DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-220/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11901", "zdi_id": "ZDI-21-220" }, { "cve": "CVE-2021-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-219/advisory.json", "detail_path": "advisories/ZDI-21-219", "id": "ZDI-21-219", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11927", "zdi_id": "ZDI-21-219" }, { "cve": "CVE-2021-25175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-218/advisory.json", "detail_path": "advisories/ZDI-21-218", "id": "ZDI-21-218", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11912", "zdi_id": "ZDI-21-218" }, { "cve": "CVE-2021-27247", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-21-217/advisory.json", "detail_path": "advisories/ZDI-21-217", "id": "ZDI-21-217", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-217/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-11907", "zdi_id": "ZDI-21-217" }, { "cve": "CVE-2020-16048", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-216/advisory.json", "detail_path": "advisories/ZDI-21-216", "id": "ZDI-21-216", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Mozilla Firefox WebGL2 compressedTexImage3D Handling Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-216/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-12197", "zdi_id": "ZDI-21-216" }, { "cve": "CVE-2021-27246", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC add...", "detail_json": "/data/advisories/ZDI-21-215/advisory.json", "detail_path": "advisories/ZDI-21-215", "id": "ZDI-21-215", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "TP-Link AC1750 sync-server Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-215/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12306", "zdi_id": "ZDI-21-215" }, { "cve": "CVE-2021-27245", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from t...", "detail_json": "/data/advisories/ZDI-21-214/advisory.json", "detail_path": "advisories/ZDI-21-214", "id": "ZDI-21-214", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability", "updated_date": "2021-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-214/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-12309", "zdi_id": "ZDI-21-214" }, { "cve": "CVE-2021-27260", "cvss": 3.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-21-213/advisory.json", "detail_path": "advisories/ZDI-21-213", "id": "ZDI-21-213", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Parallels Desktop Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-213/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12068", "zdi_id": "ZDI-21-213" }, { "cve": "CVE-2021-27259", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-212/advisory.json", "detail_path": "advisories/ZDI-21-212", "id": "ZDI-21-212", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Parallels Desktop Toolgate Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-212/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-12021", "zdi_id": "ZDI-21-212" }, { "cve": "CVE-2021-27244", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-211/advisory.json", "detail_path": "advisories/ZDI-21-211", "id": "ZDI-21-211", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Parallels Desktop Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-211/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11925", "zdi_id": "ZDI-21-211" }, { "cve": "CVE-2021-27243", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-210/advisory.json", "detail_path": "advisories/ZDI-21-210", "id": "ZDI-21-210", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Parallels Desktop Toolgate Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-210/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11924", "zdi_id": "ZDI-21-210" }, { "cve": "CVE-2021-27242", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-209/advisory.json", "detail_path": "advisories/ZDI-21-209", "id": "ZDI-21-209", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2022-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-209/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11926", "zdi_id": "ZDI-21-209" }, { "cve": "CVE-2021-27241", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-21-208/advisory.json", "detail_path": "advisories/ZDI-21-208", "id": "ZDI-21-208", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Avast Premium Security AvastSvc Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-208/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-12082", "zdi_id": "ZDI-21-208" }, { "cve": "CVE-2021-27240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-21-207/advisory.json", "detail_path": "advisories/ZDI-21-207", "id": "ZDI-21-207", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "SolarWinds Patch Manager DataGridService Deserialization of Untrusted Data Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-207/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-12009", "zdi_id": "ZDI-21-207" }, { "cve": "CVE-2021-27239", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which...", "detail_json": "/data/advisories/ZDI-21-206/advisory.json", "detail_path": "advisories/ZDI-21-206", "id": "ZDI-21-206", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "NETGEAR Multiple Routers SSDP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-206/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11851", "zdi_id": "ZDI-21-206" }, { "cve": "CVE-2021-27250", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processi...", "detail_json": "/data/advisories/ZDI-21-205/advisory.json", "detail_path": "advisories/ZDI-21-205", "id": "ZDI-21-205", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "D-Link DAP-2020 errorpage External Control of File Name Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-205/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11856", "zdi_id": "ZDI-21-205" }, { "cve": "CVE-2021-27249", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CG...", "detail_json": "/data/advisories/ZDI-21-204/advisory.json", "detail_path": "advisories/ZDI-21-204", "id": "ZDI-21-204", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "D-Link DAP-2020 WEB_CmdFileList Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-204/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11369", "zdi_id": "ZDI-21-204" }, { "cve": "CVE-2021-27248", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CG...", "detail_json": "/data/advisories/ZDI-21-203/advisory.json", "detail_path": "advisories/ZDI-21-203", "id": "ZDI-21-203", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "D-Link DAP-2020 webproc getpage Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10932", "zdi_id": "ZDI-21-203" }, { "cve": "CVE-2021-1805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-202/advisory.json", "detail_path": "advisories/ZDI-21-202", "id": "ZDI-21-202", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryBufferMultiple Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-202/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11495", "zdi_id": "ZDI-21-202" }, { "cve": "CVE-2021-1806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-201/advisory.json", "detail_path": "advisories/ZDI-21-201", "id": "ZDI-21-201", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BlitLibSetup2D Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-201/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11438", "zdi_id": "ZDI-21-201" }, { "cve": "CVE-2021-1806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-200/advisory.json", "detail_path": "advisories/ZDI-21-200", "id": "ZDI-21-200", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-200/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11422", "zdi_id": "ZDI-21-200" }, { "cve": "CVE-2021-1805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-199/advisory.json", "detail_path": "advisories/ZDI-21-199", "id": "ZDI-21-199", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-199/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11421", "zdi_id": "ZDI-21-199" }, { "cve": "CVE-2021-1806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-198/advisory.json", "detail_path": "advisories/ZDI-21-198", "id": "ZDI-21-198", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-198/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11420", "zdi_id": "ZDI-21-198" }, { "cve": "CVE-2021-1806", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-197/advisory.json", "detail_path": "advisories/ZDI-21-197", "id": "ZDI-21-197", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryBufferMultiple Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-197/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11419", "zdi_id": "ZDI-21-197" }, { "cve": "CVE-2021-1805", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-196/advisory.json", "detail_path": "advisories/ZDI-21-196", "id": "ZDI-21-196", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-196/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11418", "zdi_id": "ZDI-21-196" }, { "cve": "CVE-2020-8625", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the...", "detail_json": "/data/advisories/ZDI-21-195/advisory.json", "detail_path": "advisories/ZDI-21-195", "id": "ZDI-21-195", "kind": "published", "published_date": "2021-02-24", "status": "published", "title": "ISC BIND TKEY Query Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", "vendor": "ISC", "vendor_url": null, "zdi_can": "ZDI-CAN-12302", "zdi_id": "ZDI-21-195" }, { "cve": "CVE-2021-24066", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the SPWorkflowDataSo...", "detail_json": "/data/advisories/ZDI-21-194/advisory.json", "detail_path": "advisories/ZDI-21-194", "id": "ZDI-21-194", "kind": "published", "published_date": "2021-02-12", "status": "published", "title": "Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12135", "zdi_id": "ZDI-21-194" }, { "cve": "CVE-2021-1737", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-193/advisory.json", "detail_path": "advisories/ZDI-21-193", "id": "ZDI-21-193", "kind": "published", "published_date": "2021-02-12", "status": "published", "title": "Apple macOS ImageIO PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-193/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12628", "zdi_id": "ZDI-21-193" }, { "cve": "CVE-2021-27258", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The i...", "detail_json": "/data/advisories/ZDI-21-192/advisory.json", "detail_path": "advisories/ZDI-21-192", "id": "ZDI-21-192", "kind": "published", "published_date": "2021-12-08", "status": "published", "title": "SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-192/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11903", "zdi_id": "ZDI-21-192" }, { "cve": "CVE-2021-22658", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-21-191/advisory.json", "detail_path": "advisories/ZDI-21-191", "id": "ZDI-21-191", "kind": "published", "published_date": "2021-02-11", "status": "published", "title": "Advantech iView UserServlet SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12344", "zdi_id": "ZDI-21-191" }, { "cve": "CVE-2021-22654", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. When parsing the...", "detail_json": "/data/advisories/ZDI-21-190/advisory.json", "detail_path": "advisories/ZDI-21-190", "id": "ZDI-21-190", "kind": "published", "published_date": "2021-02-11", "status": "published", "title": "Advantech iView NetworkServlet ztp_config_name SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12343", "zdi_id": "ZDI-21-190" }, { "cve": "CVE-2021-22656", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommandServlet class. The issue result...", "detail_json": "/data/advisories/ZDI-21-189/advisory.json", "detail_path": "advisories/ZDI-21-189", "id": "ZDI-21-189", "kind": "published", "published_date": "2021-02-11", "status": "published", "title": "Advantech iView CommandServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12096", "zdi_id": "ZDI-21-189" }, { "cve": "CVE-2021-22654", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results f...", "detail_json": "/data/advisories/ZDI-21-188/advisory.json", "detail_path": "advisories/ZDI-21-188", "id": "ZDI-21-188", "kind": "published", "published_date": "2021-02-11", "status": "published", "title": "Advantech iView UserServlet SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-12095", "zdi_id": "ZDI-21-188" }, { "cve": "CVE-2021-22698", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-21-187/advisory.json", "detail_path": "advisories/ZDI-21-187", "id": "ZDI-21-187", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-187/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11850", "zdi_id": "ZDI-21-187" }, { "cve": "CVE-2021-22697", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-21-186/advisory.json", "detail_path": "advisories/ZDI-21-186", "id": "ZDI-21-186", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-186/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11849", "zdi_id": "ZDI-21-186" }, { "cve": "CVE-2020-27261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-185/advisory.json", "detail_path": "advisories/ZDI-21-185", "id": "ZDI-21-185", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Omron CX-One NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-185/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-11810", "zdi_id": "ZDI-21-185" }, { "cve": "CVE-2020-27257", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-184/advisory.json", "detail_path": "advisories/ZDI-21-184", "id": "ZDI-21-184", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Omron CX-One PSW File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-184/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-11809", "zdi_id": "ZDI-21-184" }, { "cve": "CVE-2020-27261", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-183/advisory.json", "detail_path": "advisories/ZDI-21-183", "id": "ZDI-21-183", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Omron CX-One NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-183/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-11808", "zdi_id": "ZDI-21-183" }, { "cve": "CVE-2020-27259", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-182/advisory.json", "detail_path": "advisories/ZDI-21-182", "id": "ZDI-21-182", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Omron CX-One NCI File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-182/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-11807", "zdi_id": "ZDI-21-182" }, { "cve": "CVE-2021-24070", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-181/advisory.json", "detail_path": "advisories/ZDI-21-181", "id": "ZDI-21-181", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12114", "zdi_id": "ZDI-21-181" }, { "cve": "CVE-2021-24067", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-180/advisory.json", "detail_path": "advisories/ZDI-21-180", "id": "ZDI-21-180", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Excel XLSX File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12223", "zdi_id": "ZDI-21-180" }, { "cve": "CVE-2021-24081", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-179/advisory.json", "detail_path": "advisories/ZDI-21-179", "id": "ZDI-21-179", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12218", "zdi_id": "ZDI-21-179" }, { "cve": "CVE-2021-24084", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-21-178/advisory.json", "detail_path": "advisories/ZDI-21-178", "id": "ZDI-21-178", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Windows Device Management Enrollment Service Directory Junction Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-178/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12154", "zdi_id": "ZDI-21-178" }, { "cve": "CVE-2021-24091", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-177/advisory.json", "detail_path": "advisories/ZDI-21-177", "id": "ZDI-21-177", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-177/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12169", "zdi_id": "ZDI-21-177" }, { "cve": "CVE-2021-24083", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-176/advisory.json", "detail_path": "advisories/ZDI-21-176", "id": "ZDI-21-176", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Microsoft Windows wab32 WAB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-176/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12162", "zdi_id": "ZDI-21-176" }, { "cve": "CVE-2021-23873", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-21-175/advisory.json", "detail_path": "advisories/ZDI-21-175", "id": "ZDI-21-175", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "McAfee Total Protection Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-175/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-12081", "zdi_id": "ZDI-21-175" }, { "cve": "CVE-2021-20353", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EDataGraphImpl class. The issue results...", "detail_json": "/data/advisories/ZDI-21-174/advisory.json", "detail_path": "advisories/ZDI-21-174", "id": "ZDI-21-174", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-174/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-12478", "zdi_id": "ZDI-21-174" }, { "cve": "CVE-2021-21021", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-173/advisory.json", "detail_path": "advisories/ZDI-21-173", "id": "ZDI-21-173", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC Annotation getAnnots Method Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-03-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-173/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12088", "zdi_id": "ZDI-21-173" }, { "cve": "CVE-2021-21044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-172/advisory.json", "detail_path": "advisories/ZDI-21-172", "id": "ZDI-21-172", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-172/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12546", "zdi_id": "ZDI-21-172" }, { "cve": "CVE-2021-21042", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-171/advisory.json", "detail_path": "advisories/ZDI-21-171", "id": "ZDI-21-171", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC Annots File ID Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-171/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12429", "zdi_id": "ZDI-21-171" }, { "cve": "CVE-2021-21061", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-170/advisory.json", "detail_path": "advisories/ZDI-21-170", "id": "ZDI-21-170", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Pro DC setAction Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-170/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12440", "zdi_id": "ZDI-21-170" }, { "cve": "CVE-2021-21028", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-169/advisory.json", "detail_path": "advisories/ZDI-21-169", "id": "ZDI-21-169", "kind": "published", "published_date": "2021-03-08", "status": "published", "title": "Adobe Acrobat Reader DC Annotation page Property Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-169/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12074", "zdi_id": "ZDI-21-169" }, { "cve": "CVE-2021-21033", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-168/advisory.json", "detail_path": "advisories/ZDI-21-168", "id": "ZDI-21-168", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC Annotation setProps Method Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-03-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-168/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12072", "zdi_id": "ZDI-21-168" }, { "cve": "CVE-2021-21035", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-167/advisory.json", "detail_path": "advisories/ZDI-21-167", "id": "ZDI-21-167", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC Annotation popupOpen Method Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-03-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-167/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12071", "zdi_id": "ZDI-21-167" }, { "cve": "CVE-2021-21034", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-166/advisory.json", "detail_path": "advisories/ZDI-21-166", "id": "ZDI-21-166", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-166/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12067", "zdi_id": "ZDI-21-166" }, { "cve": "CVE-2021-21054", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-165/advisory.json", "detail_path": "advisories/ZDI-21-165", "id": "ZDI-21-165", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Illustrator CDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-165/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12501", "zdi_id": "ZDI-21-165" }, { "cve": "CVE-2021-21053", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-164/advisory.json", "detail_path": "advisories/ZDI-21-164", "id": "ZDI-21-164", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Illustrator DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-164/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12500", "zdi_id": "ZDI-21-164" }, { "cve": "CVE-2021-21050", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-163/advisory.json", "detail_path": "advisories/ZDI-21-163", "id": "ZDI-21-163", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-163/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12543", "zdi_id": "ZDI-21-163" }, { "cve": "CVE-2021-21049", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-162/advisory.json", "detail_path": "advisories/ZDI-21-162", "id": "ZDI-21-162", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-162/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12544", "zdi_id": "ZDI-21-162" }, { "cve": "CVE-2021-21048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-161/advisory.json", "detail_path": "advisories/ZDI-21-161", "id": "ZDI-21-161", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Photoshop DCM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-161/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12476", "zdi_id": "ZDI-21-161" }, { "cve": "CVE-2021-21047", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-160/advisory.json", "detail_path": "advisories/ZDI-21-160", "id": "ZDI-21-160", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "Adobe Photoshop TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-160/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12448", "zdi_id": "ZDI-21-160" }, { "cve": "CVE-2021-20181", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-21-159/advisory.json", "detail_path": "advisories/ZDI-21-159", "id": "ZDI-21-159", "kind": "published", "published_date": "2021-02-10", "status": "published", "title": "QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-10904", "zdi_id": "ZDI-21-159" }, { "cve": "CVE-2021-22663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-158/advisory.json", "detail_path": "advisories/ZDI-21-158", "id": "ZDI-21-158", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-158/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11111", "zdi_id": "ZDI-21-158" }, { "cve": null, "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Squid Cache. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the WCCP protocol. The issue r...", "detail_json": "/data/advisories/ZDI-21-157/advisory.json", "detail_path": "advisories/ZDI-21-157", "id": "ZDI-21-157", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "(0Day) Squid Cache WCCP Protocol Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", "vendor": "Squid", "vendor_url": null, "zdi_can": "ZDI-CAN-11610", "zdi_id": "ZDI-21-157" }, { "cve": null, "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Squid Cache. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the WCCP protocol. The issue results f...", "detail_json": "/data/advisories/ZDI-21-156/advisory.json", "detail_path": "advisories/ZDI-21-156", "id": "ZDI-21-156", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "(0Day) Squid Cache WCCP Protocol Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-156/", "vendor": "Squid", "vendor_url": null, "zdi_can": "ZDI-CAN-11609", "zdi_id": "ZDI-21-156" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-3662 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of...", "detail_json": "/data/advisories/ZDI-21-155/advisory.json", "detail_path": "advisories/ZDI-21-155", "id": "ZDI-21-155", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "(0Day) D-Link DAP-3662 httpd Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-155/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11206", "zdi_id": "ZDI-21-155" }, { "cve": "CVE-2021-22502", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Token p...", "detail_json": "/data/advisories/ZDI-21-154/advisory.json", "detail_path": "advisories/ZDI-21-154", "id": "ZDI-21-154", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "Micro Focus Operations Bridge Reporter Token Command Injection Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-12025", "zdi_id": "ZDI-21-154" }, { "cve": "CVE-2021-22502", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the userNam...", "detail_json": "/data/advisories/ZDI-21-153/advisory.json", "detail_path": "advisories/ZDI-21-153", "id": "ZDI-21-153", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "Micro Focus Operations Bridge Reporter userName Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11074", "zdi_id": "ZDI-21-153" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of file downl...", "detail_json": "/data/advisories/ZDI-21-152/advisory.json", "detail_path": "advisories/ZDI-21-152", "id": "ZDI-21-152", "kind": "published", "published_date": "2021-02-09", "status": "published", "title": "Cisco Multiple Routers Authorization Header Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-152/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11694", "zdi_id": "ZDI-21-152" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the khupl...", "detail_json": "/data/advisories/ZDI-21-151/advisory.json", "detail_path": "advisories/ZDI-21-151", "id": "ZDI-21-151", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-151/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-11830", "zdi_id": "ZDI-21-151" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the khupl...", "detail_json": "/data/advisories/ZDI-21-150/advisory.json", "detail_path": "advisories/ZDI-21-150", "id": "ZDI-21-150", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-150/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-11707", "zdi_id": "ZDI-21-150" }, { "cve": "CVE-2021-1772", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-21-149/advisory.json", "detail_path": "advisories/ZDI-21-149", "id": "ZDI-21-149", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS CoreText TTF Parsing Out-of-Bounds Write Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-149/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12825", "zdi_id": "ZDI-21-149" }, { "cve": "CVE-2021-1792", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-148/advisory.json", "detail_path": "advisories/ZDI-21-148", "id": "ZDI-21-148", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS CoreText TTF Parsing Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-148/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12754", "zdi_id": "ZDI-21-148" }, { "cve": "CVE-2021-1743", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-147/advisory.json", "detail_path": "advisories/ZDI-21-147", "id": "ZDI-21-147", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ImageIO EXR Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-147/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12627", "zdi_id": "ZDI-21-147" }, { "cve": "CVE-2021-1746", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-146/advisory.json", "detail_path": "advisories/ZDI-21-146", "id": "ZDI-21-146", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-146/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12328", "zdi_id": "ZDI-21-146" }, { "cve": "CVE-2021-1768", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-145/advisory.json", "detail_path": "advisories/ZDI-21-145", "id": "ZDI-21-145", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-145/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12198", "zdi_id": "ZDI-21-145" }, { "cve": "CVE-2021-1767", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-144/advisory.json", "detail_path": "advisories/ZDI-21-144", "id": "ZDI-21-144", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-144/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12193", "zdi_id": "ZDI-21-144" }, { "cve": "CVE-2021-1763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-143/advisory.json", "detail_path": "advisories/ZDI-21-143", "id": "ZDI-21-143", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-143/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12233", "zdi_id": "ZDI-21-143" }, { "cve": "CVE-2021-1762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-21-142/advisory.json", "detail_path": "advisories/ZDI-21-142", "id": "ZDI-21-142", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-142/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12188", "zdi_id": "ZDI-21-142" }, { "cve": "CVE-2021-1745", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-141/advisory.json", "detail_path": "advisories/ZDI-21-141", "id": "ZDI-21-141", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-141/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12185", "zdi_id": "ZDI-21-141" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-21-140/advisory.json", "detail_path": "advisories/ZDI-21-140", "id": "ZDI-21-140", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS CoreText ApplyContextPosFormat2 TTF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-140/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12153", "zdi_id": "ZDI-21-140" }, { "cve": "CVE-2021-1753", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation....", "detail_json": "/data/advisories/ZDI-21-139/advisory.json", "detail_path": "advisories/ZDI-21-139", "id": "ZDI-21-139", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-139/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-12143", "zdi_id": "ZDI-21-139" }, { "cve": "CVE-2021-1775", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementa...", "detail_json": "/data/advisories/ZDI-21-138/advisory.json", "detail_path": "advisories/ZDI-21-138", "id": "ZDI-21-138", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Apple macOS libFontParser TTF Parsing Integer Underflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-138/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11876", "zdi_id": "ZDI-21-138" }, { "cve": "CVE-2021-1294", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-137/advisory.json", "detail_path": "advisories/ZDI-21-137", "id": "ZDI-21-137", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers RESTCONF file-upload Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-137/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11848", "zdi_id": "ZDI-21-137" }, { "cve": "CVE-2021-1293", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-136/advisory.json", "detail_path": "advisories/ZDI-21-136", "id": "ZDI-21-136", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-136/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11726", "zdi_id": "ZDI-21-136" }, { "cve": "CVE-2021-1297", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-135/advisory.json", "detail_path": "advisories/ZDI-21-135", "id": "ZDI-21-135", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers DNIAPI Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-135/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11716", "zdi_id": "ZDI-21-135" }, { "cve": "CVE-2021-1296", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-134/advisory.json", "detail_path": "advisories/ZDI-21-134", "id": "ZDI-21-134", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers RESTCONF file-upload Directory Traversal Arbitrary File Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-134/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11693", "zdi_id": "ZDI-21-134" }, { "cve": "CVE-2021-1292", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-133/advisory.json", "detail_path": "advisories/ZDI-21-133", "id": "ZDI-21-133", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers RESTCONF URL Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-133/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11690", "zdi_id": "ZDI-21-133" }, { "cve": "CVE-2021-1291", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-132/advisory.json", "detail_path": "advisories/ZDI-21-132", "id": "ZDI-21-132", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers RESTCONF Content-Type Header Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-132/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11688", "zdi_id": "ZDI-21-132" }, { "cve": "CVE-2021-1290", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-131/advisory.json", "detail_path": "advisories/ZDI-21-131", "id": "ZDI-21-131", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers Accept Header Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-131/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11689", "zdi_id": "ZDI-21-131" }, { "cve": "CVE-2021-1289", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which lis...", "detail_json": "/data/advisories/ZDI-21-130/advisory.json", "detail_path": "advisories/ZDI-21-130", "id": "ZDI-21-130", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Cisco Multiple Routers Authorization Header Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-130/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11686", "zdi_id": "ZDI-21-130" }, { "cve": "CVE-2020-15798", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Comfort Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP por...", "detail_json": "/data/advisories/ZDI-21-129/advisory.json", "detail_path": "advisories/ZDI-21-129", "id": "ZDI-21-129", "kind": "published", "published_date": "2021-02-04", "status": "published", "title": "Siemens Comfort Panel Telnet Service Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-129/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12046", "zdi_id": "ZDI-21-129" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Dubbo. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Dubbo protocol. Crafted data in a...", "detail_json": "/data/advisories/ZDI-21-128/advisory.json", "detail_path": "advisories/ZDI-21-128", "id": "ZDI-21-128", "kind": "published", "published_date": "2021-02-02", "status": "published", "title": "(0Day) Apache Dubbo decodeBody Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-128/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-11483", "zdi_id": "ZDI-21-128" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Dubbo. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Dubbo protocol. Crafted data in a...", "detail_json": "/data/advisories/ZDI-21-127/advisory.json", "detail_path": "advisories/ZDI-21-127", "id": "ZDI-21-127", "kind": "published", "published_date": "2021-02-02", "status": "published", "title": "(0Day) Apache Dubbo readUTF Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-127/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-11482", "zdi_id": "ZDI-21-127" }, { "cve": "CVE-2020-7551", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-126/advisory.json", "detail_path": "advisories/ZDI-21-126", "id": "ZDI-21-126", "kind": "published", "published_date": "2021-02-01", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-126/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11270", "zdi_id": "ZDI-21-126" }, { "cve": "CVE-2020-7552", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-125/advisory.json", "detail_path": "advisories/ZDI-21-125", "id": "ZDI-21-125", "kind": "published", "published_date": "2021-02-01", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-125/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11269", "zdi_id": "ZDI-21-125" }, { "cve": "CVE-2020-7553", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-124/advisory.json", "detail_path": "advisories/ZDI-21-124", "id": "ZDI-21-124", "kind": "published", "published_date": "2021-02-01", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-124/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11268", "zdi_id": "ZDI-21-124" }, { "cve": "CVE-2021-25244", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console,...", "detail_json": "/data/advisories/ZDI-21-123/advisory.json", "detail_path": "advisories/ZDI-21-123", "id": "ZDI-21-123", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Worry-Free Business Security Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11765", "zdi_id": "ZDI-21-123" }, { "cve": "CVE-2021-25245", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console,...", "detail_json": "/data/advisories/ZDI-21-122/advisory.json", "detail_path": "advisories/ZDI-21-122", "id": "ZDI-21-122", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Worry-Free Business Security Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11760", "zdi_id": "ZDI-21-122" }, { "cve": "CVE-2021-25238", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-21-121/advisory.json", "detail_path": "advisories/ZDI-21-121", "id": "ZDI-21-121", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11607", "zdi_id": "ZDI-21-121" }, { "cve": "CVE-2021-25236", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-21-120/advisory.json", "detail_path": "advisories/ZDI-21-120", "id": "ZDI-21-120", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro OfficeScan Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11594", "zdi_id": "ZDI-21-120" }, { "cve": "CVE-2021-25249", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-21-119/advisory.json", "detail_path": "advisories/ZDI-21-119", "id": "ZDI-21-119", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One TmCCSF Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11896", "zdi_id": "ZDI-21-119" }, { "cve": "CVE-2021-25248", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-21-118/advisory.json", "detail_path": "advisories/ZDI-21-118", "id": "ZDI-21-118", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11895", "zdi_id": "ZDI-21-118" }, { "cve": "CVE-2021-25246", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue results fr...", "detail_json": "/data/advisories/ZDI-21-117/advisory.json", "detail_path": "advisories/ZDI-21-117", "id": "ZDI-21-117", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11841", "zdi_id": "ZDI-21-117" }, { "cve": "CVE-2021-25243", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-116/advisory.json", "detail_path": "advisories/ZDI-21-116", "id": "ZDI-21-116", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11746", "zdi_id": "ZDI-21-116" }, { "cve": "CVE-2021-25242", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-115/advisory.json", "detail_path": "advisories/ZDI-21-115", "id": "ZDI-21-115", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11749", "zdi_id": "ZDI-21-115" }, { "cve": "CVE-2021-25241", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-114/advisory.json", "detail_path": "advisories/ZDI-21-114", "id": "ZDI-21-114", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Server-Side Request Forgery Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11595", "zdi_id": "ZDI-21-114" }, { "cve": "CVE-2021-25240", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-21-113/advisory.json", "detail_path": "advisories/ZDI-21-113", "id": "ZDI-21-113", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11737", "zdi_id": "ZDI-21-113" }, { "cve": "CVE-2021-25239", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-112/advisory.json", "detail_path": "advisories/ZDI-21-112", "id": "ZDI-21-112", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11745", "zdi_id": "ZDI-21-112" }, { "cve": "CVE-2021-25237", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-111/advisory.json", "detail_path": "advisories/ZDI-21-111", "id": "ZDI-21-111", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-111/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11606", "zdi_id": "ZDI-21-111" }, { "cve": "CVE-2021-25235", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-21-110/advisory.json", "detail_path": "advisories/ZDI-21-110", "id": "ZDI-21-110", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-110/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11635", "zdi_id": "ZDI-21-110" }, { "cve": "CVE-2021-25234", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-109/advisory.json", "detail_path": "advisories/ZDI-21-109", "id": "ZDI-21-109", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11685", "zdi_id": "ZDI-21-109" }, { "cve": "CVE-2021-25233", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-108/advisory.json", "detail_path": "advisories/ZDI-21-108", "id": "ZDI-21-108", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11691", "zdi_id": "ZDI-21-108" }, { "cve": "CVE-2021-25232", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-107/advisory.json", "detail_path": "advisories/ZDI-21-107", "id": "ZDI-21-107", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-107/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11642", "zdi_id": "ZDI-21-107" }, { "cve": "CVE-2021-25231", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-106/advisory.json", "detail_path": "advisories/ZDI-21-106", "id": "ZDI-21-106", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11640", "zdi_id": "ZDI-21-106" }, { "cve": "CVE-2021-25230", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-105/advisory.json", "detail_path": "advisories/ZDI-21-105", "id": "ZDI-21-105", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-105/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11639", "zdi_id": "ZDI-21-105" }, { "cve": "CVE-2021-25229", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-21-104/advisory.json", "detail_path": "advisories/ZDI-21-104", "id": "ZDI-21-104", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-104/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11638", "zdi_id": "ZDI-21-104" }, { "cve": "CVE-2021-25228", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-21-103/advisory.json", "detail_path": "advisories/ZDI-21-103", "id": "ZDI-21-103", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11633", "zdi_id": "ZDI-21-103" }, { "cve": "CVE-2021-25227", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-21-102/advisory.json", "detail_path": "advisories/ZDI-21-102", "id": "ZDI-21-102", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-102/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11605", "zdi_id": "ZDI-21-102" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-101/advisory.json", "detail_path": "advisories/ZDI-21-101", "id": "ZDI-21-101", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-101/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-12547", "zdi_id": "ZDI-21-101" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-21-100/advisory.json", "detail_path": "advisories/ZDI-21-100", "id": "ZDI-21-100", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Linux Kernel setsockopt System Call Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-100/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-11171", "zdi_id": "ZDI-21-100" }, { "cve": "CVE-2021-22641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-099/advisory.json", "detail_path": "advisories/ZDI-21-099", "id": "ZDI-21-099", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-099/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11669", "zdi_id": "ZDI-21-099" }, { "cve": "CVE-2021-22639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-098/advisory.json", "detail_path": "advisories/ZDI-21-098", "id": "ZDI-21-098", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-098/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11668", "zdi_id": "ZDI-21-098" }, { "cve": "CVE-2021-22637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-097/advisory.json", "detail_path": "advisories/ZDI-21-097", "id": "ZDI-21-097", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-097/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11170", "zdi_id": "ZDI-21-097" }, { "cve": "CVE-2020-7557", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-096/advisory.json", "detail_path": "advisories/ZDI-21-096", "id": "ZDI-21-096", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-096/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11297", "zdi_id": "ZDI-21-096" }, { "cve": "CVE-2020-7556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-095/advisory.json", "detail_path": "advisories/ZDI-21-095", "id": "ZDI-21-095", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-095/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11296", "zdi_id": "ZDI-21-095" }, { "cve": "CVE-2020-7555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-094/advisory.json", "detail_path": "advisories/ZDI-21-094", "id": "ZDI-21-094", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-094/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11295", "zdi_id": "ZDI-21-094" }, { "cve": "CVE-2020-7554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-093/advisory.json", "detail_path": "advisories/ZDI-21-093", "id": "ZDI-21-093", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-093/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11271", "zdi_id": "ZDI-21-093" }, { "cve": "CVE-2020-7550", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-092/advisory.json", "detail_path": "advisories/ZDI-21-092", "id": "ZDI-21-092", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-092/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11168", "zdi_id": "ZDI-21-092" }, { "cve": "CVE-2020-7558", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-21-091/advisory.json", "detail_path": "advisories/ZDI-21-091", "id": "ZDI-21-091", "kind": "published", "published_date": "2021-01-29", "status": "published", "title": "Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-01-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-091/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11298", "zdi_id": "ZDI-21-091" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-090/advisory.json", "detail_path": "advisories/ZDI-21-090", "id": "ZDI-21-090", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "(0Day) Microsoft Windows win32kfull bRotate NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-090/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12671", "zdi_id": "ZDI-21-090" }, { "cve": null, "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-21-089/advisory.json", "detail_path": "advisories/ZDI-21-089", "id": "ZDI-21-089", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "(0Day) Microsoft Windows PowerShell Shell Handler Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-089/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12565", "zdi_id": "ZDI-21-089" }, { "cve": "CVE-2021-1682", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-088/advisory.json", "detail_path": "advisories/ZDI-21-088", "id": "ZDI-21-088", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "Microsoft Windows Event Tracing Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-088/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12674", "zdi_id": "ZDI-21-088" }, { "cve": "CVE-2021-25226", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-21-087/advisory.json", "detail_path": "advisories/ZDI-21-087", "id": "ZDI-21-087", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-087/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11569", "zdi_id": "ZDI-21-087" }, { "cve": "CVE-2021-25225", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-21-086/advisory.json", "detail_path": "advisories/ZDI-21-086", "id": "ZDI-21-086", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-086/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11568", "zdi_id": "ZDI-21-086" }, { "cve": "CVE-2021-25224", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-21-085/advisory.json", "detail_path": "advisories/ZDI-21-085", "id": "ZDI-21-085", "kind": "published", "published_date": "2021-01-27", "status": "published", "title": "Trend Micro ServerProtect splx_manual_scan Memory Exhaustion Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-085/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11049", "zdi_id": "ZDI-21-085" }, { "cve": "CVE-2020-27874", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-084/advisory.json", "detail_path": "advisories/ZDI-21-084", "id": "ZDI-21-084", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Tencent WeChat WXAM Decoder Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-084/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-11580", "zdi_id": "ZDI-21-084" }, { "cve": "CVE-2021-2054", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle Database. Authentication is required to exploit this vulnerability. The specific flaw exists within the execution of stored procedures. When executing stored...", "detail_json": "/data/advisories/ZDI-21-083/advisory.json", "detail_path": "advisories/ZDI-21-083", "id": "ZDI-21-083", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Oracle Database Procedure Improper Privilege Management Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-083/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-12156", "zdi_id": "ZDI-21-083" }, { "cve": "CVE-2020-27284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-082/advisory.json", "detail_path": "advisories/ZDI-21-082", "id": "ZDI-21-082", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-082/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11758", "zdi_id": "ZDI-21-082" }, { "cve": "CVE-2020-27284", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-081/advisory.json", "detail_path": "advisories/ZDI-21-081", "id": "ZDI-21-081", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-081/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11757", "zdi_id": "ZDI-21-081" }, { "cve": "CVE-2020-27288", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-21-080/advisory.json", "detail_path": "advisories/ZDI-21-080", "id": "ZDI-21-080", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-080/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11714", "zdi_id": "ZDI-21-080" }, { "cve": "CVE-2020-27280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-079/advisory.json", "detail_path": "advisories/ZDI-21-079", "id": "ZDI-21-079", "kind": "published", "published_date": "2021-01-22", "status": "published", "title": "Delta Industrial Automation ISPSoft ISP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-079/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11489", "zdi_id": "ZDI-21-079" }, { "cve": "CVE-2021-1648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-078/advisory.json", "detail_path": "advisories/ZDI-21-078", "id": "ZDI-21-078", "kind": "published", "published_date": "2021-01-21", "status": "published", "title": "Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-078/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12782", "zdi_id": "ZDI-21-078" }, { "cve": "CVE-2020-28386", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-077/advisory.json", "detail_path": "advisories/ZDI-21-077", "id": "ZDI-21-077", "kind": "published", "published_date": "2021-01-20", "status": "published", "title": "Siemens Solid Edge Viewer DFT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-077/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12050", "zdi_id": "ZDI-21-077" }, { "cve": "CVE-2020-28384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-076/advisory.json", "detail_path": "advisories/ZDI-21-076", "id": "ZDI-21-076", "kind": "published", "published_date": "2021-01-20", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-076/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11922", "zdi_id": "ZDI-21-076" }, { "cve": "CVE-2020-28382", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-075/advisory.json", "detail_path": "advisories/ZDI-21-075", "id": "ZDI-21-075", "kind": "published", "published_date": "2021-01-20", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-075/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11920", "zdi_id": "ZDI-21-075" }, { "cve": "CVE-2020-28381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-074/advisory.json", "detail_path": "advisories/ZDI-21-074", "id": "ZDI-21-074", "kind": "published", "published_date": "2021-01-20", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11918", "zdi_id": "ZDI-21-074" }, { "cve": "CVE-2020-28383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-21-073/advisory.json", "detail_path": "advisories/ZDI-21-073", "id": "ZDI-21-073", "kind": "published", "published_date": "2021-01-19", "status": "published", "title": "Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11921", "zdi_id": "ZDI-21-073" }, { "cve": "CVE-2020-27873", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, whi...", "detail_json": "/data/advisories/ZDI-21-072/advisory.json", "detail_path": "advisories/ZDI-21-072", "id": "ZDI-21-072", "kind": "published", "published_date": "2021-01-18", "status": "published", "title": "NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11559", "zdi_id": "ZDI-21-072" }, { "cve": "CVE-2020-27872", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which liste...", "detail_json": "/data/advisories/ZDI-21-071/advisory.json", "detail_path": "advisories/ZDI-21-071", "id": "ZDI-21-071", "kind": "published", "published_date": "2021-01-18", "status": "published", "title": "NETGEAR R7450 Password Recovery External Control of Critical State Data Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11365", "zdi_id": "ZDI-21-071" }, { "cve": "CVE-2020-29616", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-21-070/advisory.json", "detail_path": "advisories/ZDI-21-070", "id": "ZDI-21-070", "kind": "published", "published_date": "2021-01-18", "status": "published", "title": "Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-070/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11792", "zdi_id": "ZDI-21-070" }, { "cve": "CVE-2020-10015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-069/advisory.json", "detail_path": "advisories/ZDI-21-069", "id": "ZDI-21-069", "kind": "published", "published_date": "2021-01-18", "status": "published", "title": "Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-069/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11439", "zdi_id": "ZDI-21-069" }, { "cve": "CVE-2020-16236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panasonic Control FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-21-068/advisory.json", "detail_path": "advisories/ZDI-21-068", "id": "ZDI-21-068", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Panasonic Control FPWIN Pro Project File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-068/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-11579", "zdi_id": "ZDI-21-068" }, { "cve": "CVE-2020-27871", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-21-067/advisory.json", "detail_path": "advisories/ZDI-21-067", "id": "ZDI-21-067", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Orion Platform NCM VulnerabilitySettings Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-067/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11902", "zdi_id": "ZDI-21-067" }, { "cve": "CVE-2020-27870", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results...", "detail_json": "/data/advisories/ZDI-21-066/advisory.json", "detail_path": "advisories/ZDI-21-066", "id": "ZDI-21-066", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Orion Platform ExportToPDF Directory Traversal Information Disclosure Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-066/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11917", "zdi_id": "ZDI-21-066" }, { "cve": "CVE-2020-14005", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteVBScript method. The...", "detail_json": "/data/advisories/ZDI-21-065/advisory.json", "detail_path": "advisories/ZDI-21-065", "id": "ZDI-21-065", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-065/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11859", "zdi_id": "ZDI-21-065" }, { "cve": "CVE-2020-27869", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue...", "detail_json": "/data/advisories/ZDI-21-064/advisory.json", "detail_path": "advisories/ZDI-21-064", "id": "ZDI-21-064", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-064/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11804", "zdi_id": "ZDI-21-064" }, { "cve": "CVE-2020-14005", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram meth...", "detail_json": "/data/advisories/ZDI-21-063/advisory.json", "detail_path": "advisories/ZDI-21-063", "id": "ZDI-21-063", "kind": "published", "published_date": "2021-09-20", "status": "published", "title": "SolarWinds Network Performance Monitor ExecuteExternalProgram Command Injection Remote Code Execution Vulnerability", "updated_date": "2022-05-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-063/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-11858", "zdi_id": "ZDI-21-063" }, { "cve": "CVE-2020-26996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-062/advisory.json", "detail_path": "advisories/ZDI-21-062", "id": "ZDI-21-062", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12027", "zdi_id": "ZDI-21-062" }, { "cve": "CVE-2020-26987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-061/advisory.json", "detail_path": "advisories/ZDI-21-061", "id": "ZDI-21-061", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-061/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12016", "zdi_id": "ZDI-21-061" }, { "cve": "CVE-2020-26995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-060/advisory.json", "detail_path": "advisories/ZDI-21-060", "id": "ZDI-21-060", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go SGI and RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-060/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11992", "zdi_id": "ZDI-21-060" }, { "cve": "CVE-2020-26987", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-059/advisory.json", "detail_path": "advisories/ZDI-21-059", "id": "ZDI-21-059", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-059/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12017", "zdi_id": "ZDI-21-059" }, { "cve": "CVE-2020-26985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-058/advisory.json", "detail_path": "advisories/ZDI-21-058", "id": "ZDI-21-058", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-058/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11986", "zdi_id": "ZDI-21-058" }, { "cve": "CVE-2020-26986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-057/advisory.json", "detail_path": "advisories/ZDI-21-057", "id": "ZDI-21-057", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-057/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-12014", "zdi_id": "ZDI-21-057" }, { "cve": "CVE-2020-26985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-056/advisory.json", "detail_path": "advisories/ZDI-21-056", "id": "ZDI-21-056", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-056/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11994", "zdi_id": "ZDI-21-056" }, { "cve": "CVE-2020-26990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-055/advisory.json", "detail_path": "advisories/ZDI-21-055", "id": "ZDI-21-055", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go ASM File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-055/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11897", "zdi_id": "ZDI-21-055" }, { "cve": "CVE-2020-26983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-054/advisory.json", "detail_path": "advisories/ZDI-21-054", "id": "ZDI-21-054", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11900", "zdi_id": "ZDI-21-054" }, { "cve": "CVE-2020-26991", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-053/advisory.json", "detail_path": "advisories/ZDI-21-053", "id": "ZDI-21-053", "kind": "published", "published_date": "2021-01-15", "status": "published", "title": "Siemens JT2Go ASM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2021-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11899", "zdi_id": "ZDI-21-053" }, { "cve": "CVE-2020-26982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-052/advisory.json", "detail_path": "advisories/ZDI-21-052", "id": "ZDI-21-052", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go CG4 and CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-052/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11898", "zdi_id": "ZDI-21-052" }, { "cve": "CVE-2020-26984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-051/advisory.json", "detail_path": "advisories/ZDI-21-051", "id": "ZDI-21-051", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-051/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11972", "zdi_id": "ZDI-21-051" }, { "cve": "CVE-2020-26989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-050/advisory.json", "detail_path": "advisories/ZDI-21-050", "id": "ZDI-21-050", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11892", "zdi_id": "ZDI-21-050" }, { "cve": "CVE-2020-26988", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-049/advisory.json", "detail_path": "advisories/ZDI-21-049", "id": "ZDI-21-049", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-049/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11891", "zdi_id": "ZDI-21-049" }, { "cve": "CVE-2020-26981", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-21-048/advisory.json", "detail_path": "advisories/ZDI-21-048", "id": "ZDI-21-048", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go PLMXML File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11890", "zdi_id": "ZDI-21-048" }, { "cve": "CVE-2020-28383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-047/advisory.json", "detail_path": "advisories/ZDI-21-047", "id": "ZDI-21-047", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-047/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11885", "zdi_id": "ZDI-21-047" }, { "cve": "CVE-2020-26980", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-21-046/advisory.json", "detail_path": "advisories/ZDI-21-046", "id": "ZDI-21-046", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Siemens JT2Go JT File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-046/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-11881", "zdi_id": "ZDI-21-046" }, { "cve": "CVE-2020-27293", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-045/advisory.json", "detail_path": "advisories/ZDI-21-045", "id": "ZDI-21-045", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-045/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11795", "zdi_id": "ZDI-21-045" }, { "cve": "CVE-2020-27287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-044/advisory.json", "detail_path": "advisories/ZDI-21-044", "id": "ZDI-21-044", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-044/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11825", "zdi_id": "ZDI-21-044" }, { "cve": "CVE-2020-27287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-043/advisory.json", "detail_path": "advisories/ZDI-21-043", "id": "ZDI-21-043", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-043/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11824", "zdi_id": "ZDI-21-043" }, { "cve": "CVE-2020-27291", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-042/advisory.json", "detail_path": "advisories/ZDI-21-042", "id": "ZDI-21-042", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-042/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11823", "zdi_id": "ZDI-21-042" }, { "cve": "CVE-2020-27287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-041/advisory.json", "detail_path": "advisories/ZDI-21-041", "id": "ZDI-21-041", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-041/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11822", "zdi_id": "ZDI-21-041" }, { "cve": "CVE-2020-27289", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-040/advisory.json", "detail_path": "advisories/ZDI-21-040", "id": "ZDI-21-040", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-040/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11794", "zdi_id": "ZDI-21-040" }, { "cve": "CVE-2020-27281", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-21-039/advisory.json", "detail_path": "advisories/ZDI-21-039", "id": "ZDI-21-039", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-039/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11713", "zdi_id": "ZDI-21-039" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-038/advisory.json", "detail_path": "advisories/ZDI-21-038", "id": "ZDI-21-038", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-038/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11662", "zdi_id": "ZDI-21-038" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-037/advisory.json", "detail_path": "advisories/ZDI-21-037", "id": "ZDI-21-037", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-037/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11660", "zdi_id": "ZDI-21-037" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-036/advisory.json", "detail_path": "advisories/ZDI-21-036", "id": "ZDI-21-036", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-036/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11666", "zdi_id": "ZDI-21-036" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-035/advisory.json", "detail_path": "advisories/ZDI-21-035", "id": "ZDI-21-035", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-035/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11658", "zdi_id": "ZDI-21-035" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-034/advisory.json", "detail_path": "advisories/ZDI-21-034", "id": "ZDI-21-034", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-034/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11664", "zdi_id": "ZDI-21-034" }, { "cve": "CVE-2020-27277", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-033/advisory.json", "detail_path": "advisories/ZDI-21-033", "id": "ZDI-21-033", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-033/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11663", "zdi_id": "ZDI-21-033" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-21-032/advisory.json", "detail_path": "advisories/ZDI-21-032", "id": "ZDI-21-032", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-032/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11661", "zdi_id": "ZDI-21-032" }, { "cve": "CVE-2020-27287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-031/advisory.json", "detail_path": "advisories/ZDI-21-031", "id": "ZDI-21-031", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-031/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11712", "zdi_id": "ZDI-21-031" }, { "cve": "CVE-2020-27287", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-21-030/advisory.json", "detail_path": "advisories/ZDI-21-030", "id": "ZDI-21-030", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-030/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11793", "zdi_id": "ZDI-21-030" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-029/advisory.json", "detail_path": "advisories/ZDI-21-029", "id": "ZDI-21-029", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-029/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11645", "zdi_id": "ZDI-21-029" }, { "cve": "CVE-2020-27275", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-21-028/advisory.json", "detail_path": "advisories/ZDI-21-028", "id": "ZDI-21-028", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-028/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11644", "zdi_id": "ZDI-21-028" }, { "cve": "CVE-2021-1642", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-027/advisory.json", "detail_path": "advisories/ZDI-21-027", "id": "ZDI-21-027", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows AppX Deployment Service Directory Junction Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12087", "zdi_id": "ZDI-21-027" }, { "cve": "CVE-2021-1715", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-026/advisory.json", "detail_path": "advisories/ZDI-21-026", "id": "ZDI-21-026", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Word DOC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12184", "zdi_id": "ZDI-21-026" }, { "cve": "CVE-2021-1685", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-025/advisory.json", "detail_path": "advisories/ZDI-21-025", "id": "ZDI-21-025", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows AppX Deployment Service Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12170", "zdi_id": "ZDI-21-025" }, { "cve": "CVE-2021-1648", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-024/advisory.json", "detail_path": "advisories/ZDI-21-024", "id": "ZDI-21-024", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12052", "zdi_id": "ZDI-21-024" }, { "cve": "CVE-2021-1713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-21-023/advisory.json", "detail_path": "advisories/ZDI-21-023", "id": "ZDI-21-023", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Excel XLS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12044", "zdi_id": "ZDI-21-023" }, { "cve": "CVE-2021-1648", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-022/advisory.json", "detail_path": "advisories/ZDI-21-022", "id": "ZDI-21-022", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12033", "zdi_id": "ZDI-21-022" }, { "cve": "CVE-2021-1697", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-21-021/advisory.json", "detail_path": "advisories/ZDI-21-021", "id": "ZDI-21-021", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows InstallService Directory Junction Denial-of-Service Vulnerability", "updated_date": "2021-01-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-021/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11982", "zdi_id": "ZDI-21-021" }, { "cve": "CVE-2021-1648", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-020/advisory.json", "detail_path": "advisories/ZDI-21-020", "id": "ZDI-21-020", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12034", "zdi_id": "ZDI-21-020" }, { "cve": "CVE-2021-1695", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-21-019/advisory.json", "detail_path": "advisories/ZDI-21-019", "id": "ZDI-21-019", "kind": "published", "published_date": "2021-01-14", "status": "published", "title": "Microsoft Windows Print Spooler Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11909", "zdi_id": "ZDI-21-019" }, { "cve": "CVE-2021-21065", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-018/advisory.json", "detail_path": "advisories/ZDI-21-018", "id": "ZDI-21-018", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "Adobe Bridge TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-018/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12452", "zdi_id": "ZDI-21-018" }, { "cve": "CVE-2021-21066", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-21-017/advisory.json", "detail_path": "advisories/ZDI-21-017", "id": "ZDI-21-017", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "Adobe Bridge TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-017/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12451", "zdi_id": "ZDI-21-017" }, { "cve": "CVE-2021-21463", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-016/advisory.json", "detail_path": "advisories/ZDI-21-016", "id": "ZDI-21-016", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-016/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12314", "zdi_id": "ZDI-21-016" }, { "cve": "CVE-2021-21462", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-015/advisory.json", "detail_path": "advisories/ZDI-21-015", "id": "ZDI-21-015", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-015/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12313", "zdi_id": "ZDI-21-015" }, { "cve": "CVE-2021-21461", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-014/advisory.json", "detail_path": "advisories/ZDI-21-014", "id": "ZDI-21-014", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-014/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-12037", "zdi_id": "ZDI-21-014" }, { "cve": "CVE-2021-21449", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-013/advisory.json", "detail_path": "advisories/ZDI-21-013", "id": "ZDI-21-013", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-013/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11968", "zdi_id": "ZDI-21-013" }, { "cve": "CVE-2021-21450", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-012/advisory.json", "detail_path": "advisories/ZDI-21-012", "id": "ZDI-21-012", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PSD File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-012/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11966", "zdi_id": "ZDI-21-012" }, { "cve": "CVE-2021-21451", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-011/advisory.json", "detail_path": "advisories/ZDI-21-011", "id": "ZDI-21-011", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SGI File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-011/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11956", "zdi_id": "ZDI-21-011" }, { "cve": "CVE-2021-21452", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-010/advisory.json", "detail_path": "advisories/ZDI-21-010", "id": "ZDI-21-010", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-010/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11954", "zdi_id": "ZDI-21-010" }, { "cve": "CVE-2021-21453", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-009/advisory.json", "detail_path": "advisories/ZDI-21-009", "id": "ZDI-21-009", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer RLE File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-009/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11937", "zdi_id": "ZDI-21-009" }, { "cve": "CVE-2021-21454", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-008/advisory.json", "detail_path": "advisories/ZDI-21-008", "id": "ZDI-21-008", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-008/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11936", "zdi_id": "ZDI-21-008" }, { "cve": "CVE-2021-21455", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-007/advisory.json", "detail_path": "advisories/ZDI-21-007", "id": "ZDI-21-007", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DIB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-007/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11934", "zdi_id": "ZDI-21-007" }, { "cve": "CVE-2021-21456", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-006/advisory.json", "detail_path": "advisories/ZDI-21-006", "id": "ZDI-21-006", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DIB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-006/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11932", "zdi_id": "ZDI-21-006" }, { "cve": "CVE-2021-21457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-005/advisory.json", "detail_path": "advisories/ZDI-21-005", "id": "ZDI-21-005", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerabililty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-005/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11931", "zdi_id": "ZDI-21-005" }, { "cve": "CVE-2021-21458", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-004/advisory.json", "detail_path": "advisories/ZDI-21-004", "id": "ZDI-21-004", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-004/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11930", "zdi_id": "ZDI-21-004" }, { "cve": "CVE-2021-21460", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-003/advisory.json", "detail_path": "advisories/ZDI-21-003", "id": "ZDI-21-003", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DIB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-003/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11929", "zdi_id": "ZDI-21-003" }, { "cve": "CVE-2021-21459", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-21-002/advisory.json", "detail_path": "advisories/ZDI-21-002", "id": "ZDI-21-002", "kind": "published", "published_date": "2021-01-12", "status": "published", "title": "SAP 3D Visual Enterprise Viewer IFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-002/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11928", "zdi_id": "ZDI-21-002" }, { "cve": "CVE-2021-20226", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-21-001/advisory.json", "detail_path": "advisories/ZDI-21-001", "id": "ZDI-21-001", "kind": "published", "published_date": "2021-01-04", "status": "published", "title": "Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-001/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-11480", "zdi_id": "ZDI-21-001" }, { "cve": "CVE-2020-27868", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to th...", "detail_json": "/data/advisories/ZDI-20-1453/advisory.json", "detail_path": "advisories/ZDI-20-1453", "id": "ZDI-20-1453", "kind": "published", "published_date": "2020-12-29", "status": "published", "title": "Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-03-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1453/", "vendor": "Qognify", "vendor_url": null, "zdi_can": "ZDI-CAN-11257", "zdi_id": "ZDI-20-1453" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-1452/advisory.json", "detail_path": "advisories/ZDI-20-1452", "id": "ZDI-20-1452", "kind": "published", "published_date": "2020-12-21", "status": "published", "title": "(0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-02-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1452/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11486", "zdi_id": "ZDI-20-1452" }, { "cve": "CVE-2020-27866", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authenticat...", "detail_json": "/data/advisories/ZDI-20-1451/advisory.json", "detail_path": "advisories/ZDI-20-1451", "id": "ZDI-20-1451", "kind": "published", "published_date": "2020-12-18", "status": "published", "title": "NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11355", "zdi_id": "ZDI-20-1451" }, { "cve": "CVE-2020-3999", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-20-1450/advisory.json", "detail_path": "advisories/ZDI-20-1450", "id": "ZDI-20-1450", "kind": "published", "published_date": "2020-12-18", "status": "published", "title": "VMware Workstation SetGuestInfo Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1450/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11695", "zdi_id": "ZDI-20-1450" }, { "cve": "CVE-2020-7200", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Systems Insight Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...", "detail_json": "/data/advisories/ZDI-20-1449/advisory.json", "detail_path": "advisories/ZDI-20-1449", "id": "ZDI-20-1449", "kind": "published", "published_date": "2020-12-18", "status": "published", "title": "Hewlett Packard Enterprise Systems Insight Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1449/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-11847", "zdi_id": "ZDI-20-1449" }, { "cve": "CVE-2020-28970", "cvss": 0.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, whic...", "detail_json": "/data/advisories/ZDI-20-1448/advisory.json", "detail_path": "advisories/ZDI-20-1448", "id": "ZDI-20-1448", "kind": "published", "published_date": "2020-12-16", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1448/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-12385", "zdi_id": "ZDI-20-1448" }, { "cve": "CVE-2020-28971", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-20-1447/advisory.json", "detail_path": "advisories/ZDI-20-1447", "id": "ZDI-20-1447", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1447/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-12327", "zdi_id": "ZDI-20-1447" }, { "cve": "CVE-2020-29563", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_rewrite module. The issue re...", "detail_json": "/data/advisories/ZDI-20-1446/advisory.json", "detail_path": "advisories/ZDI-20-1446", "id": "ZDI-20-1446", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1446/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-12465", "zdi_id": "ZDI-20-1446" }, { "cve": "CVE-2020-28940", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-20-1445/advisory.json", "detail_path": "advisories/ZDI-20-1445", "id": "ZDI-20-1445", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1445/", "vendor": "Western Digital", "vendor_url": null, "zdi_can": "ZDI-CAN-12214", "zdi_id": "ZDI-20-1445" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1444/advisory.json", "detail_path": "advisories/ZDI-20-1444", "id": "ZDI-20-1444", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-11083", "zdi_id": "ZDI-20-1444" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1443/advisory.json", "detail_path": "advisories/ZDI-20-1443", "id": "ZDI-20-1443", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-11082", "zdi_id": "ZDI-20-1443" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1442/advisory.json", "detail_path": "advisories/ZDI-20-1442", "id": "ZDI-20-1442", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-11080", "zdi_id": "ZDI-20-1442" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1441/advisory.json", "detail_path": "advisories/ZDI-20-1441", "id": "ZDI-20-1441", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-11078", "zdi_id": "ZDI-20-1441" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1440/advisory.json", "detail_path": "advisories/ZDI-20-1440", "id": "ZDI-20-1440", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1440/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-10905", "zdi_id": "ZDI-20-1440" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LibTIFF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1439/advisory.json", "detail_path": "advisories/ZDI-20-1439", "id": "ZDI-20-1439", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) LibTIFF tiff2pdf Converter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1439/", "vendor": "LibTIFF", "vendor_url": null, "zdi_can": "ZDI-CAN-11115", "zdi_id": "ZDI-20-1439" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server, which lis...", "detail_json": "/data/advisories/ZDI-20-1438/advisory.json", "detail_path": "advisories/ZDI-20-1438", "id": "ZDI-20-1438", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1438/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11359", "zdi_id": "ZDI-20-1438" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...", "detail_json": "/data/advisories/ZDI-20-1437/advisory.json", "detail_path": "advisories/ZDI-20-1437", "id": "ZDI-20-1437", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1437/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11352", "zdi_id": "ZDI-20-1437" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of login acti...", "detail_json": "/data/advisories/ZDI-20-1436/advisory.json", "detail_path": "advisories/ZDI-20-1436", "id": "ZDI-20-1436", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1436/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11366", "zdi_id": "ZDI-20-1436" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie...", "detail_json": "/data/advisories/ZDI-20-1435/advisory.json", "detail_path": "advisories/ZDI-20-1435", "id": "ZDI-20-1435", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1435/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-11360", "zdi_id": "ZDI-20-1435" }, { "cve": "CVE-2021-1648", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-1434/advisory.json", "detail_path": "advisories/ZDI-20-1434", "id": "ZDI-20-1434", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1434/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11350", "zdi_id": "ZDI-20-1434" }, { "cve": "CVE-2021-1648", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-1433/advisory.json", "detail_path": "advisories/ZDI-20-1433", "id": "ZDI-20-1433", "kind": "published", "published_date": "2021-01-08", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1433/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11349", "zdi_id": "ZDI-20-1433" }, { "cve": "CVE-2021-1648", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1432/advisory.json", "detail_path": "advisories/ZDI-20-1432", "id": "ZDI-20-1432", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1432/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11351", "zdi_id": "ZDI-20-1432" }, { "cve": "CVE-2020-7468", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of FreeBSD FTPD. Authentication is required to exploit this vulnerability. The specific flaw exists within the enforcement of permissions. The process does not properl...", "detail_json": "/data/advisories/ZDI-20-1431/advisory.json", "detail_path": "advisories/ZDI-20-1431", "id": "ZDI-20-1431", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "FreeBSD FTPD Improper Handling of Exceptional Conditions Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1431/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-11632", "zdi_id": "ZDI-20-1431" }, { "cve": "CVE-2020-27861", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Ho...", "detail_json": "/data/advisories/ZDI-20-1430/advisory.json", "detail_path": "advisories/ZDI-20-1430", "id": "ZDI-20-1430", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "NETGEAR Orbi UA_Parser Host Name Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11076", "zdi_id": "ZDI-20-1430" }, { "cve": "CVE-2020-27865", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which...", "detail_json": "/data/advisories/ZDI-20-1429/advisory.json", "detail_path": "advisories/ZDI-20-1429", "id": "ZDI-20-1429", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1429/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10894", "zdi_id": "ZDI-20-1429" }, { "cve": "CVE-2020-27864", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which l...", "detail_json": "/data/advisories/ZDI-20-1428/advisory.json", "detail_path": "advisories/ZDI-20-1428", "id": "ZDI-20-1428", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "D-Link DAP-1860 HNAP Authorization Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1428/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10880", "zdi_id": "ZDI-20-1428" }, { "cve": "CVE-2020-27863", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd...", "detail_json": "/data/advisories/ZDI-20-1427/advisory.json", "detail_path": "advisories/ZDI-20-1427", "id": "ZDI-20-1427", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "D-Link Multiple Routers dhttpd Authentication Bypass Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1427/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10912", "zdi_id": "ZDI-20-1427" }, { "cve": "CVE-2020-27862", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service...", "detail_json": "/data/advisories/ZDI-20-1426/advisory.json", "detail_path": "advisories/ZDI-20-1426", "id": "ZDI-20-1426", "kind": "published", "published_date": "2020-12-15", "status": "published", "title": "D-Link Multiple Routers dhttpd Command Injection Remote Code Execution Vulnerability", "updated_date": "2021-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1426/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10911", "zdi_id": "ZDI-20-1426" }, { "cve": "CVE-2020-17128", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1425/advisory.json", "detail_path": "advisories/ZDI-20-1425", "id": "ZDI-20-1425", "kind": "published", "published_date": "2020-12-11", "status": "published", "title": "Microsoft Excel XLS File Parsing Integer Signedness Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1425/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11752", "zdi_id": "ZDI-20-1425" }, { "cve": "CVE-2020-17125", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1424/advisory.json", "detail_path": "advisories/ZDI-20-1424", "id": "ZDI-20-1424", "kind": "published", "published_date": "2020-12-11", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1424/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11888", "zdi_id": "ZDI-20-1424" }, { "cve": "CVE-2020-27867", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although a...", "detail_json": "/data/advisories/ZDI-20-1423/advisory.json", "detail_path": "advisories/ZDI-20-1423", "id": "ZDI-20-1423", "kind": "published", "published_date": "2020-12-21", "status": "published", "title": "NETGEAR Multiple Routers mini_httpd Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-12-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-11653", "zdi_id": "ZDI-20-1423" }, { "cve": "CVE-2020-17119", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1422/advisory.json", "detail_path": "advisories/ZDI-20-1422", "id": "ZDI-20-1422", "kind": "published", "published_date": "2020-12-11", "status": "published", "title": "Microsoft Outlook MSG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1422/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11887", "zdi_id": "ZDI-20-1422" }, { "cve": "CVE-2020-25712", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1421/advisory.json", "detail_path": "advisories/ZDI-20-1421", "id": "ZDI-20-1421", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XkbSetDeviceInfo Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1421/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11839", "zdi_id": "ZDI-20-1421" }, { "cve": "CVE-2020-14360", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1420/advisory.json", "detail_path": "advisories/ZDI-20-1420", "id": "ZDI-20-1420", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XkbSetMap Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1420/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11572", "zdi_id": "ZDI-20-1420" }, { "cve": "CVE-2020-14362", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1419/advisory.json", "detail_path": "advisories/ZDI-20-1419", "id": "ZDI-20-1419", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XRecordRegisterClients Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1419/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11574", "zdi_id": "ZDI-20-1419" }, { "cve": "CVE-2020-14361", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1418/advisory.json", "detail_path": "advisories/ZDI-20-1418", "id": "ZDI-20-1418", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XkbSelectEvents Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1418/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11573", "zdi_id": "ZDI-20-1418" }, { "cve": "CVE-2020-14346", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1417/advisory.json", "detail_path": "advisories/ZDI-20-1417", "id": "ZDI-20-1417", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1417/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11429", "zdi_id": "ZDI-20-1417" }, { "cve": "CVE-2020-14345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1416/advisory.json", "detail_path": "advisories/ZDI-20-1416", "id": "ZDI-20-1416", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1416/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11428", "zdi_id": "ZDI-20-1416" }, { "cve": "CVE-2020-27860", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1415/advisory.json", "detail_path": "advisories/ZDI-20-1415", "id": "ZDI-20-1415", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Foxit Reader XFA Template Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1415/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11727", "zdi_id": "ZDI-20-1415" }, { "cve": "CVE-2020-17124", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-1414/advisory.json", "detail_path": "advisories/ZDI-20-1414", "id": "ZDI-20-1414", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Microsoft PowerPoint PPTX File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1414/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11894", "zdi_id": "ZDI-20-1414" }, { "cve": "CVE-2020-17131", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1413/advisory.json", "detail_path": "advisories/ZDI-20-1413", "id": "ZDI-20-1413", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Microsoft Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1413/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11906", "zdi_id": "ZDI-20-1413" }, { "cve": "CVE-2020-17121", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportWeb function. The issue results from th...", "detail_json": "/data/advisories/ZDI-20-1412/advisory.json", "detail_path": "advisories/ZDI-20-1412", "id": "ZDI-20-1412", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Microsoft SharePoint Site Import Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1412/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11873", "zdi_id": "ZDI-20-1412" }, { "cve": "CVE-2020-9956", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-1411/advisory.json", "detail_path": "advisories/ZDI-20-1411", "id": "ZDI-20-1411", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Apple macOS libFontParser TTF Font Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1411/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11588", "zdi_id": "ZDI-20-1411" }, { "cve": "CVE-2020-9955", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-1410/advisory.json", "detail_path": "advisories/ZDI-20-1410", "id": "ZDI-20-1410", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Apple macOS KTX Image DecodeRow Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1410/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11307", "zdi_id": "ZDI-20-1410" }, { "cve": "CVE-2020-10015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1409/advisory.json", "detail_path": "advisories/ZDI-20-1409", "id": "ZDI-20-1409", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Apple macOS process_token_BlitLibSetup3D Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1409/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11122", "zdi_id": "ZDI-20-1409" }, { "cve": "CVE-2020-10015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1408/advisory.json", "detail_path": "advisories/ZDI-20-1408", "id": "ZDI-20-1408", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1408/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11123", "zdi_id": "ZDI-20-1408" }, { "cve": "CVE-2020-27907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1407/advisory.json", "detail_path": "advisories/ZDI-20-1407", "id": "ZDI-20-1407", "kind": "published", "published_date": "2020-12-09", "status": "published", "title": "Apple macOS process_token_GenerateMipmaps Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1407/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11124", "zdi_id": "ZDI-20-1407" }, { "cve": "CVE-2020-9999", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spe...", "detail_json": "/data/advisories/ZDI-20-1406/advisory.json", "detail_path": "advisories/ZDI-20-1406", "id": "ZDI-20-1406", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS CoreText MorxLigatureSubtableBuilder TTF Parsing Out-of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1406/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11828", "zdi_id": "ZDI-20-1406" }, { "cve": "CVE-2020-27931", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementa...", "detail_json": "/data/advisories/ZDI-20-1405/advisory.json", "detail_path": "advisories/ZDI-20-1405", "id": "ZDI-20-1405", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS libFontParser TwOFFStream TTF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1405/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11801", "zdi_id": "ZDI-20-1405" }, { "cve": "CVE-2020-27952", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. Th...", "detail_json": "/data/advisories/ZDI-20-1404/advisory.json", "detail_path": "advisories/ZDI-20-1404", "id": "ZDI-20-1404", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS libFontParser TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1404/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11598", "zdi_id": "ZDI-20-1404" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1403/advisory.json", "detail_path": "advisories/ZDI-20-1403", "id": "ZDI-20-1403", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS Kernel Command 0x10007 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1403/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11209", "zdi_id": "ZDI-20-1403" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1402/advisory.json", "detail_path": "advisories/ZDI-20-1402", "id": "ZDI-20-1402", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS Kernel Command 0x10006 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1402/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11208", "zdi_id": "ZDI-20-1402" }, { "cve": "CVE-2020-27897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1401/advisory.json", "detail_path": "advisories/ZDI-20-1401", "id": "ZDI-20-1401", "kind": "published", "published_date": "2020-12-08", "status": "published", "title": "Apple macOS Kernel Command 0x10005 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1401/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11207", "zdi_id": "ZDI-20-1401" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802...", "detail_json": "/data/advisories/ZDI-20-1400/advisory.json", "detail_path": "advisories/ZDI-20-1400", "id": "ZDI-20-1400", "kind": "published", "published_date": "2020-12-07", "status": "published", "title": "(0Day) Realtek RTL8811AU Wi-Fi Driver rtwlane Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1400/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-10758", "zdi_id": "ZDI-20-1400" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802...", "detail_json": "/data/advisories/ZDI-20-1399/advisory.json", "detail_path": "advisories/ZDI-20-1399", "id": "ZDI-20-1399", "kind": "published", "published_date": "2020-12-07", "status": "published", "title": "(0Day) Realtek RTL8811AU Wi-Fi Driver rtwlanu Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1399/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-10715", "zdi_id": "ZDI-20-1399" }, { "cve": "CVE-2020-0971", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of web parts of type...", "detail_json": "/data/advisories/ZDI-20-1398/advisory.json", "detail_path": "advisories/ZDI-20-1398", "id": "ZDI-20-1398", "kind": "published", "published_date": "2020-12-04", "status": "published", "title": "Microsoft SharePoint DataFormWebPart Server-Side Include Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11267", "zdi_id": "ZDI-20-1398" }, { "cve": "CVE-2020-27858", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper re...", "detail_json": "/data/advisories/ZDI-20-1397/advisory.json", "detail_path": "advisories/ZDI-20-1397", "id": "ZDI-20-1397", "kind": "published", "published_date": "2020-12-04", "status": "published", "title": "Arcserve D2D getNews XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1397/", "vendor": "Arcserve", "vendor_url": null, "zdi_can": "ZDI-CAN-11103", "zdi_id": "ZDI-20-1397" }, { "cve": "CVE-2020-10017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-20-1396/advisory.json", "detail_path": "advisories/ZDI-20-1396", "id": "ZDI-20-1396", "kind": "published", "published_date": "2020-12-04", "status": "published", "title": "Apple macOS AudioCodecs AAC Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1396/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11507", "zdi_id": "ZDI-20-1396" }, { "cve": "CVE-2020-10007", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-1395/advisory.json", "detail_path": "advisories/ZDI-20-1395", "id": "ZDI-20-1395", "kind": "published", "published_date": "2020-12-04", "status": "published", "title": "Apple macOS powerd Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1395/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11183", "zdi_id": "ZDI-20-1395" }, { "cve": "CVE-2020-9950", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-1394/advisory.json", "detail_path": "advisories/ZDI-20-1394", "id": "ZDI-20-1394", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple Safari TextNode Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1394/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11498", "zdi_id": "ZDI-20-1394" }, { "cve": "CVE-2020-9996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-20-1393/advisory.json", "detail_path": "advisories/ZDI-20-1393", "id": "ZDI-20-1393", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple macOS libnetworkextension ne_filter_protocol_remove_input_handler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1393/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11457", "zdi_id": "ZDI-20-1393" }, { "cve": "CVE-2020-9954", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-20-1392/advisory.json", "detail_path": "advisories/ZDI-20-1392", "id": "ZDI-20-1392", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple macOS AudioCodecs Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1392/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11235", "zdi_id": "ZDI-20-1392" }, { "cve": "CVE-2020-9889", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-20-1391/advisory.json", "detail_path": "advisories/ZDI-20-1391", "id": "ZDI-20-1391", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple macOS AudioToolboxCore Wave Header Parsing Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1391/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11189", "zdi_id": "ZDI-20-1391" }, { "cve": "CVE-2020-9947", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1390/advisory.json", "detail_path": "advisories/ZDI-20-1390", "id": "ZDI-20-1390", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1390/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11125", "zdi_id": "ZDI-20-1390" }, { "cve": "CVE-2020-9883", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementat...", "detail_json": "/data/advisories/ZDI-20-1389/advisory.json", "detail_path": "advisories/ZDI-20-1389", "id": "ZDI-20-1389", "kind": "published", "published_date": "2020-12-03", "status": "published", "title": "Apple macOS CoreGraphics JBIG2Stream Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1389/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11210", "zdi_id": "ZDI-20-1389" }, { "cve": "CVE-2020-7335", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-20-1388/advisory.json", "detail_path": "advisories/ZDI-20-1388", "id": "ZDI-20-1388", "kind": "published", "published_date": "2020-12-01", "status": "published", "title": "McAfee Total Protection Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1388/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-11575", "zdi_id": "ZDI-20-1388" }, { "cve": "CVE-2020-28583", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-20-1387/advisory.json", "detail_path": "advisories/ZDI-20-1387", "id": "ZDI-20-1387", "kind": "published", "published_date": "2020-11-27", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1387/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11583", "zdi_id": "ZDI-20-1387" }, { "cve": "CVE-2020-28582", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on T...", "detail_json": "/data/advisories/ZDI-20-1386/advisory.json", "detail_path": "advisories/ZDI-20-1386", "id": "ZDI-20-1386", "kind": "published", "published_date": "2020-11-27", "status": "published", "title": "Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1386/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11582", "zdi_id": "ZDI-20-1386" }, { "cve": "CVE-2020-3992", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1385/advisory.json", "detail_path": "advisories/ZDI-20-1385", "id": "ZDI-20-1385", "kind": "published", "published_date": "2020-11-25", "status": "published", "title": "VMware ESXi SLP Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-12409", "zdi_id": "ZDI-20-1385" }, { "cve": "CVE-2020-25171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1384/advisory.json", "detail_path": "advisories/ZDI-20-1384", "id": "ZDI-20-1384", "kind": "published", "published_date": "2020-11-25", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1384/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11353", "zdi_id": "ZDI-20-1384" }, { "cve": "CVE-2020-16846", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the ssh_remo...", "detail_json": "/data/advisories/ZDI-20-1383/advisory.json", "detail_path": "advisories/ZDI-20-1383", "id": "ZDI-20-1383", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/", "vendor": "SaltStack", "vendor_url": null, "zdi_can": "ZDI-CAN-11173", "zdi_id": "ZDI-20-1383" }, { "cve": "CVE-2020-16846", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the ssh_port...", "detail_json": "/data/advisories/ZDI-20-1382/advisory.json", "detail_path": "advisories/ZDI-20-1382", "id": "ZDI-20-1382", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "SaltStack Salt rest_cherrypy ssh_port Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/", "vendor": "SaltStack", "vendor_url": null, "zdi_can": "ZDI-CAN-11172", "zdi_id": "ZDI-20-1382" }, { "cve": "CVE-2020-16846", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the ssh_opti...", "detail_json": "/data/advisories/ZDI-20-1381/advisory.json", "detail_path": "advisories/ZDI-20-1381", "id": "ZDI-20-1381", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "SaltStack Salt rest_cherrypy ssh_options Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/", "vendor": "SaltStack", "vendor_url": null, "zdi_can": "ZDI-CAN-11169", "zdi_id": "ZDI-20-1381" }, { "cve": "CVE-2020-16846", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the tgt para...", "detail_json": "/data/advisories/ZDI-20-1380/advisory.json", "detail_path": "advisories/ZDI-20-1380", "id": "ZDI-20-1380", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "SaltStack Salt rest_cherrypy tgt Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/", "vendor": "SaltStack", "vendor_url": null, "zdi_can": "ZDI-CAN-11167", "zdi_id": "ZDI-20-1380" }, { "cve": "CVE-2020-16846", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the ssh_priv...", "detail_json": "/data/advisories/ZDI-20-1379/advisory.json", "detail_path": "advisories/ZDI-20-1379", "id": "ZDI-20-1379", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "SaltStack Salt rest_cherrypy ssh_priv Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/", "vendor": "SaltStack", "vendor_url": null, "zdi_can": "ZDI-CAN-11143", "zdi_id": "ZDI-20-1379" }, { "cve": "CVE-2020-28575", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro ServerProtect. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-1378/advisory.json", "detail_path": "advisories/ZDI-20-1378", "id": "ZDI-20-1378", "kind": "published", "published_date": "2020-11-24", "status": "published", "title": "Trend Micro ServerProtect ioctlMod Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1378/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11064", "zdi_id": "ZDI-20-1378" }, { "cve": "CVE-2020-3992", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. The issue re...", "detail_json": "/data/advisories/ZDI-20-1377/advisory.json", "detail_path": "advisories/ZDI-20-1377", "id": "ZDI-20-1377", "kind": "published", "published_date": "2020-11-23", "status": "published", "title": "VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-12190", "zdi_id": "ZDI-20-1377" }, { "cve": "CVE-2020-28577", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-20-1376/advisory.json", "detail_path": "advisories/ZDI-20-1376", "id": "ZDI-20-1376", "kind": "published", "published_date": "2020-11-22", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1376/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11571", "zdi_id": "ZDI-20-1376" }, { "cve": "CVE-2020-28576", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-20-1375/advisory.json", "detail_path": "advisories/ZDI-20-1375", "id": "ZDI-20-1375", "kind": "published", "published_date": "2020-11-22", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1375/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11237", "zdi_id": "ZDI-20-1375" }, { "cve": "CVE-2020-28573", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP...", "detail_json": "/data/advisories/ZDI-20-1374/advisory.json", "detail_path": "advisories/ZDI-20-1374", "id": "ZDI-20-1374", "kind": "published", "published_date": "2020-11-22", "status": "published", "title": "Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1374/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11236", "zdi_id": "ZDI-20-1374" }, { "cve": "CVE-2020-1319", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1373/advisory.json", "detail_path": "advisories/ZDI-20-1373", "id": "ZDI-20-1373", "kind": "published", "published_date": "2020-11-22", "status": "published", "title": "Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1373/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-12020", "zdi_id": "ZDI-20-1373" }, { "cve": "CVE-2020-14351", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1372/advisory.json", "detail_path": "advisories/ZDI-20-1372", "id": "ZDI-20-1372", "kind": "published", "published_date": "2020-11-22", "status": "published", "title": "Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1372/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-11510", "zdi_id": "ZDI-20-1372" }, { "cve": "CVE-2020-17057", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1371/advisory.json", "detail_path": "advisories/ZDI-20-1371", "id": "ZDI-20-1371", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Windows DirectComposition Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1371/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11867", "zdi_id": "ZDI-20-1371" }, { "cve": "CVE-2020-17048", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1370/advisory.json", "detail_path": "advisories/ZDI-20-1370", "id": "ZDI-20-1370", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Chakra Array Iterator Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1370/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11871", "zdi_id": "ZDI-20-1370" }, { "cve": "CVE-2020-17053", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1369/advisory.json", "detail_path": "advisories/ZDI-20-1369", "id": "ZDI-20-1369", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Internet Explorer array Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1369/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11875", "zdi_id": "ZDI-20-1369" }, { "cve": "CVE-2020-17053", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1368/advisory.json", "detail_path": "advisories/ZDI-20-1368", "id": "ZDI-20-1368", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Internet Explorer array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1368/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11874", "zdi_id": "ZDI-20-1368" }, { "cve": "CVE-2020-17019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1367/advisory.json", "detail_path": "advisories/ZDI-20-1367", "id": "ZDI-20-1367", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Excel XLS File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1367/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11518", "zdi_id": "ZDI-20-1367" }, { "cve": "CVE-2020-17014", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-1366/advisory.json", "detail_path": "advisories/ZDI-20-1366", "id": "ZDI-20-1366", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Windows Print Spooler Directory Junction Denial-of-Service Vulnerability", "updated_date": "2020-12-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1366/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11796", "zdi_id": "ZDI-20-1366" }, { "cve": "CVE-2020-17012", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1365/advisory.json", "detail_path": "advisories/ZDI-20-1365", "id": "ZDI-20-1365", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "Microsoft Windows bindflt Driver Missing Authentication Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1365/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11361", "zdi_id": "ZDI-20-1365" }, { "cve": "CVE-2020-26817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1364/advisory.json", "detail_path": "advisories/ZDI-20-1364", "id": "ZDI-20-1364", "kind": "published", "published_date": "2020-11-11", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1364/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11866", "zdi_id": "ZDI-20-1364" }, { "cve": "CVE-2020-3604", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-1363/advisory.json", "detail_path": "advisories/ZDI-20-1363", "id": "ZDI-20-1363", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1363/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11175", "zdi_id": "ZDI-20-1363" }, { "cve": "CVE-2020-3573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-1362/advisory.json", "detail_path": "advisories/ZDI-20-1362", "id": "ZDI-20-1362", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1362/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11176", "zdi_id": "ZDI-20-1362" }, { "cve": "CVE-2020-3603", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-1361/advisory.json", "detail_path": "advisories/ZDI-20-1361", "id": "ZDI-20-1361", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1361/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-11133", "zdi_id": "ZDI-20-1361" }, { "cve": "CVE-2020-25181", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1360/advisory.json", "detail_path": "advisories/ZDI-20-1360", "id": "ZDI-20-1360", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON PLC Editor WCP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1360/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11187", "zdi_id": "ZDI-20-1360" }, { "cve": "CVE-2020-25181", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1359/advisory.json", "detail_path": "advisories/ZDI-20-1359", "id": "ZDI-20-1359", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON PLC Editor WCP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1359/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11186", "zdi_id": "ZDI-20-1359" }, { "cve": "CVE-2020-25177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1358/advisory.json", "detail_path": "advisories/ZDI-20-1358", "id": "ZDI-20-1358", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON PLC Editor WCP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1358/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11185", "zdi_id": "ZDI-20-1358" }, { "cve": "CVE-2020-24438", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1357/advisory.json", "detail_path": "advisories/ZDI-20-1357", "id": "ZDI-20-1357", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Adobe Acrobat Reader DC AVDocumentLocal Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1357/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-12015", "zdi_id": "ZDI-20-1357" }, { "cve": "CVE-2020-24434", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1356/advisory.json", "detail_path": "advisories/ZDI-20-1356", "id": "ZDI-20-1356", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1356/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11958", "zdi_id": "ZDI-20-1356" }, { "cve": "CVE-2020-24436", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-1355/advisory.json", "detail_path": "advisories/ZDI-20-1355", "id": "ZDI-20-1355", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1355/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11957", "zdi_id": "ZDI-20-1355" }, { "cve": "CVE-2020-24426", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1354/advisory.json", "detail_path": "advisories/ZDI-20-1354", "id": "ZDI-20-1354", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "Adobe Acrobat Reader DC ID Parameter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1354/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11540", "zdi_id": "ZDI-20-1354" }, { "cve": "CVE-2020-16243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1353/advisory.json", "detail_path": "advisories/ZDI-20-1353", "id": "ZDI-20-1353", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON LeviStudioU HSC File Parsing CharSize Attribute Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1353/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11100", "zdi_id": "ZDI-20-1353" }, { "cve": "CVE-2020-16243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1352/advisory.json", "detail_path": "advisories/ZDI-20-1352", "id": "ZDI-20-1352", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON LeviStudioU HFT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1352/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11098", "zdi_id": "ZDI-20-1352" }, { "cve": "CVE-2020-16243", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1351/advisory.json", "detail_path": "advisories/ZDI-20-1351", "id": "ZDI-20-1351", "kind": "published", "published_date": "2020-11-10", "status": "published", "title": "WECON LeviStudioU HFT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1351/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-11097", "zdi_id": "ZDI-20-1351" }, { "cve": "CVE-2020-27857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1350/advisory.json", "detail_path": "advisories/ZDI-20-1350", "id": "ZDI-20-1350", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo NEF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1350/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11488", "zdi_id": "ZDI-20-1350" }, { "cve": "CVE-2020-27856", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1349/advisory.json", "detail_path": "advisories/ZDI-20-1349", "id": "ZDI-20-1349", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1349/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11434", "zdi_id": "ZDI-20-1349" }, { "cve": "CVE-2020-27855", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1348/advisory.json", "detail_path": "advisories/ZDI-20-1348", "id": "ZDI-20-1348", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo SR2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1348/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11433", "zdi_id": "ZDI-20-1348" }, { "cve": "CVE-2020-17436", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1347/advisory.json", "detail_path": "advisories/ZDI-20-1347", "id": "ZDI-20-1347", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1347/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11432", "zdi_id": "ZDI-20-1347" }, { "cve": "CVE-2020-17435", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1346/advisory.json", "detail_path": "advisories/ZDI-20-1346", "id": "ZDI-20-1346", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1346/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11358", "zdi_id": "ZDI-20-1346" }, { "cve": "CVE-2020-17434", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1345/advisory.json", "detail_path": "advisories/ZDI-20-1345", "id": "ZDI-20-1345", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo ARW File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1345/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11357", "zdi_id": "ZDI-20-1345" }, { "cve": "CVE-2020-17433", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1344/advisory.json", "detail_path": "advisories/ZDI-20-1344", "id": "ZDI-20-1344", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1344/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11356", "zdi_id": "ZDI-20-1344" }, { "cve": "CVE-2020-17432", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1343/advisory.json", "detail_path": "advisories/ZDI-20-1343", "id": "ZDI-20-1343", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1343/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11335", "zdi_id": "ZDI-20-1343" }, { "cve": "CVE-2020-17431", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1342/advisory.json", "detail_path": "advisories/ZDI-20-1342", "id": "ZDI-20-1342", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1342/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11333", "zdi_id": "ZDI-20-1342" }, { "cve": "CVE-2020-17430", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1341/advisory.json", "detail_path": "advisories/ZDI-20-1341", "id": "ZDI-20-1341", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1341/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11332", "zdi_id": "ZDI-20-1341" }, { "cve": "CVE-2020-17429", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1340/advisory.json", "detail_path": "advisories/ZDI-20-1340", "id": "ZDI-20-1340", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1340/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11337", "zdi_id": "ZDI-20-1340" }, { "cve": "CVE-2020-17428", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1339/advisory.json", "detail_path": "advisories/ZDI-20-1339", "id": "ZDI-20-1339", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1339/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11336", "zdi_id": "ZDI-20-1339" }, { "cve": "CVE-2020-17427", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1338/advisory.json", "detail_path": "advisories/ZDI-20-1338", "id": "ZDI-20-1338", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo NEF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1338/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11334", "zdi_id": "ZDI-20-1338" }, { "cve": "CVE-2020-17426", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1337/advisory.json", "detail_path": "advisories/ZDI-20-1337", "id": "ZDI-20-1337", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo CR2 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1337/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11230", "zdi_id": "ZDI-20-1337" }, { "cve": "CVE-2020-17425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1336/advisory.json", "detail_path": "advisories/ZDI-20-1336", "id": "ZDI-20-1336", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1336/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11259", "zdi_id": "ZDI-20-1336" }, { "cve": "CVE-2020-17424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1335/advisory.json", "detail_path": "advisories/ZDI-20-1335", "id": "ZDI-20-1335", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo EZI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1335/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11247", "zdi_id": "ZDI-20-1335" }, { "cve": "CVE-2020-17423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1334/advisory.json", "detail_path": "advisories/ZDI-20-1334", "id": "ZDI-20-1334", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo ARW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1334/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11196", "zdi_id": "ZDI-20-1334" }, { "cve": "CVE-2020-17422", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1333/advisory.json", "detail_path": "advisories/ZDI-20-1333", "id": "ZDI-20-1333", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1333/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11195", "zdi_id": "ZDI-20-1333" }, { "cve": "CVE-2020-17421", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1332/advisory.json", "detail_path": "advisories/ZDI-20-1332", "id": "ZDI-20-1332", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo NEF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1332/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11194", "zdi_id": "ZDI-20-1332" }, { "cve": "CVE-2020-17420", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-1331/advisory.json", "detail_path": "advisories/ZDI-20-1331", "id": "ZDI-20-1331", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo NEF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1331/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11193", "zdi_id": "ZDI-20-1331" }, { "cve": "CVE-2020-17419", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1330/advisory.json", "detail_path": "advisories/ZDI-20-1330", "id": "ZDI-20-1330", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo NEF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1330/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11192", "zdi_id": "ZDI-20-1330" }, { "cve": "CVE-2020-17418", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1329/advisory.json", "detail_path": "advisories/ZDI-20-1329", "id": "ZDI-20-1329", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Foxit Studio Photo EZIX channel id Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1329/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11197", "zdi_id": "ZDI-20-1329" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SAMDownloadServlet endpoint. Th...", "detail_json": "/data/advisories/ZDI-20-1328/advisory.json", "detail_path": "advisories/ZDI-20-1328", "id": "ZDI-20-1328", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SAMDownloadServlet Deserialization Of Untrusted Data Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1328/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11198", "zdi_id": "ZDI-20-1328" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the RegistrationServlet endpoint. T...", "detail_json": "/data/advisories/ZDI-20-1327/advisory.json", "detail_path": "advisories/ZDI-20-1327", "id": "ZDI-20-1327", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager RegistrationServlet Deserialization Of Untrusted Data Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1327/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11203", "zdi_id": "ZDI-20-1327" }, { "cve": "CVE-2020-11858", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-20-1326/advisory.json", "detail_path": "advisories/ZDI-20-1326", "id": "ZDI-20-1326", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1326/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11204", "zdi_id": "ZDI-20-1326" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1325/advisory.json", "detail_path": "advisories/ZDI-20-1325", "id": "ZDI-20-1325", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager GenericAdapterService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1325/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11417", "zdi_id": "ZDI-20-1325" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1324/advisory.json", "detail_path": "advisories/ZDI-20-1324", "id": "ZDI-20-1324", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager LicensingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1324/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11416", "zdi_id": "ZDI-20-1324" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1323/advisory.json", "detail_path": "advisories/ZDI-20-1323", "id": "ZDI-20-1323", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager AutomationMappingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1323/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11415", "zdi_id": "ZDI-20-1323" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1322/advisory.json", "detail_path": "advisories/ZDI-20-1322", "id": "ZDI-20-1322", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager ResourceManagementService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1322/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11414", "zdi_id": "ZDI-20-1322" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1321/advisory.json", "detail_path": "advisories/ZDI-20-1321", "id": "ZDI-20-1321", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager MultiTenancyService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1321/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11413", "zdi_id": "ZDI-20-1321" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1320/advisory.json", "detail_path": "advisories/ZDI-20-1320", "id": "ZDI-20-1320", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CITService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1320/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11412", "zdi_id": "ZDI-20-1320" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1319/advisory.json", "detail_path": "advisories/ZDI-20-1319", "id": "ZDI-20-1319", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager LDAPService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1319/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11411", "zdi_id": "ZDI-20-1319" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1318/advisory.json", "detail_path": "advisories/ZDI-20-1318", "id": "ZDI-20-1318", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SnapshotService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1318/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11410", "zdi_id": "ZDI-20-1318" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1317/advisory.json", "detail_path": "advisories/ZDI-20-1317", "id": "ZDI-20-1317", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager ClassModelService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1317/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11409", "zdi_id": "ZDI-20-1317" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1316/advisory.json", "detail_path": "advisories/ZDI-20-1316", "id": "ZDI-20-1316", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager PermissionsService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1316/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11408", "zdi_id": "ZDI-20-1316" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1315/advisory.json", "detail_path": "advisories/ZDI-20-1315", "id": "ZDI-20-1315", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CommonService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1315/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11407", "zdi_id": "ZDI-20-1315" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1314/advisory.json", "detail_path": "advisories/ZDI-20-1314", "id": "ZDI-20-1314", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager ImpactService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1314/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11406", "zdi_id": "ZDI-20-1314" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1313/advisory.json", "detail_path": "advisories/ZDI-20-1313", "id": "ZDI-20-1313", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SchedulerService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1313/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11405", "zdi_id": "ZDI-20-1313" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1312/advisory.json", "detail_path": "advisories/ZDI-20-1312", "id": "ZDI-20-1312", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager LocationService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1312/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11404", "zdi_id": "ZDI-20-1312" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1311/advisory.json", "detail_path": "advisories/ZDI-20-1311", "id": "ZDI-20-1311", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager BundleService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1311/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11403", "zdi_id": "ZDI-20-1311" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1310/advisory.json", "detail_path": "advisories/ZDI-20-1310", "id": "ZDI-20-1310", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager HistoryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1310/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11402", "zdi_id": "ZDI-20-1310" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1309/advisory.json", "detail_path": "advisories/ZDI-20-1309", "id": "ZDI-20-1309", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CIService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1309/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11401", "zdi_id": "ZDI-20-1309" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1308/advisory.json", "detail_path": "advisories/ZDI-20-1308", "id": "ZDI-20-1308", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager DataAcquisitionService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1308/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11400", "zdi_id": "ZDI-20-1308" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1307/advisory.json", "detail_path": "advisories/ZDI-20-1307", "id": "ZDI-20-1307", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SoftwareLibraryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1307/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11399", "zdi_id": "ZDI-20-1307" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1306/advisory.json", "detail_path": "advisories/ZDI-20-1306", "id": "ZDI-20-1306", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager ServiceDiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1306/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11398", "zdi_id": "ZDI-20-1306" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1305/advisory.json", "detail_path": "advisories/ZDI-20-1305", "id": "ZDI-20-1305", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager DiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1305/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11397", "zdi_id": "ZDI-20-1305" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1304/advisory.json", "detail_path": "advisories/ZDI-20-1304", "id": "ZDI-20-1304", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager MailService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1304/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11396", "zdi_id": "ZDI-20-1304" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1303/advisory.json", "detail_path": "advisories/ZDI-20-1303", "id": "ZDI-20-1303", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager RelatedCIsService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1303/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11395", "zdi_id": "ZDI-20-1303" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1302/advisory.json", "detail_path": "advisories/ZDI-20-1302", "id": "ZDI-20-1302", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager FolderService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1302/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11394", "zdi_id": "ZDI-20-1302" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1301/advisory.json", "detail_path": "advisories/ZDI-20-1301", "id": "ZDI-20-1301", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager PatternService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1301/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11393", "zdi_id": "ZDI-20-1301" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1300/advisory.json", "detail_path": "advisories/ZDI-20-1300", "id": "ZDI-20-1300", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CMSImagesService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1300/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11392", "zdi_id": "ZDI-20-1300" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1299/advisory.json", "detail_path": "advisories/ZDI-20-1299", "id": "ZDI-20-1299", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager ReportService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1299/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11391", "zdi_id": "ZDI-20-1299" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1298/advisory.json", "detail_path": "advisories/ZDI-20-1298", "id": "ZDI-20-1298", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager TopologyService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1298/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11390", "zdi_id": "ZDI-20-1298" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1297/advisory.json", "detail_path": "advisories/ZDI-20-1297", "id": "ZDI-20-1297", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager WatchServerAPI Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1297/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11389", "zdi_id": "ZDI-20-1297" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1296/advisory.json", "detail_path": "advisories/ZDI-20-1296", "id": "ZDI-20-1296", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager BusinessModelFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1296/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11388", "zdi_id": "ZDI-20-1296" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1295/advisory.json", "detail_path": "advisories/ZDI-20-1295", "id": "ZDI-20-1295", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager FoldersFacade Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1295/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11387", "zdi_id": "ZDI-20-1295" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1294/advisory.json", "detail_path": "advisories/ZDI-20-1294", "id": "ZDI-20-1294", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SchedulerFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1294/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11386", "zdi_id": "ZDI-20-1294" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1293/advisory.json", "detail_path": "advisories/ZDI-20-1293", "id": "ZDI-20-1293", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager PackageFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1293/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11385", "zdi_id": "ZDI-20-1293" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1292/advisory.json", "detail_path": "advisories/ZDI-20-1292", "id": "ZDI-20-1292", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CorrelationRunnerFacade Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1292/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11384", "zdi_id": "ZDI-20-1292" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1291/advisory.json", "detail_path": "advisories/ZDI-20-1291", "id": "ZDI-20-1291", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CorrelationFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1291/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11383", "zdi_id": "ZDI-20-1291" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1290/advisory.json", "detail_path": "advisories/ZDI-20-1290", "id": "ZDI-20-1290", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CategoryFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1290/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11382", "zdi_id": "ZDI-20-1290" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1289/advisory.json", "detail_path": "advisories/ZDI-20-1289", "id": "ZDI-20-1289", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager CmdbOperationExecuterService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1289/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11381", "zdi_id": "ZDI-20-1289" }, { "cve": "CVE-2020-11853", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-20-1288/advisory.json", "detail_path": "advisories/ZDI-20-1288", "id": "ZDI-20-1288", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager SecurityService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1288/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11200", "zdi_id": "ZDI-20-1288" }, { "cve": "CVE-2020-11854", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product's authentication...", "detail_json": "/data/advisories/ZDI-20-1287/advisory.json", "detail_path": "advisories/ZDI-20-1287", "id": "ZDI-20-1287", "kind": "published", "published_date": "2020-10-28", "status": "published", "title": "Micro Focus Operations Bridge Manager diagnostics Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11201", "zdi_id": "ZDI-20-1287" }, { "cve": "CVE-2020-27015", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-20-1286/advisory.json", "detail_path": "advisories/ZDI-20-1286", "id": "ZDI-20-1286", "kind": "published", "published_date": "2020-10-26", "status": "published", "title": "Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11047", "zdi_id": "ZDI-20-1286" }, { "cve": "CVE-2020-27014", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-20-1285/advisory.json", "detail_path": "advisories/ZDI-20-1285", "id": "ZDI-20-1285", "kind": "published", "published_date": "2020-10-26", "status": "published", "title": "Trend Micro Antivirus for Mac Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11045", "zdi_id": "ZDI-20-1285" }, { "cve": "CVE-2020-25186", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1284/advisory.json", "detail_path": "advisories/ZDI-20-1284", "id": "ZDI-20-1284", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "WECON LeviStudioU XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1284/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10607", "zdi_id": "ZDI-20-1284" }, { "cve": "CVE-2020-14876", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within ozfVendorLov.jsp. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-1283/advisory.json", "detail_path": "advisories/ZDI-20-1283", "id": "ZDI-20-1283", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle E-Business Suite ozfVendorLov SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1283/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11687", "zdi_id": "ZDI-20-1283" }, { "cve": "CVE-2020-14825", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted da...", "detail_json": "/data/advisories/ZDI-20-1282/advisory.json", "detail_path": "advisories/ZDI-20-1282", "id": "ZDI-20-1282", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1282/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11829", "zdi_id": "ZDI-20-1282" }, { "cve": "CVE-2020-14885", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1281/advisory.json", "detail_path": "advisories/ZDI-20-1281", "id": "ZDI-20-1281", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1281/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11679", "zdi_id": "ZDI-20-1281" }, { "cve": "CVE-2020-14886", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1280/advisory.json", "detail_path": "advisories/ZDI-20-1280", "id": "ZDI-20-1280", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1280/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11677", "zdi_id": "ZDI-20-1280" }, { "cve": "CVE-2020-14884", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1279/advisory.json", "detail_path": "advisories/ZDI-20-1279", "id": "ZDI-20-1279", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle VirtualBox Shader Bytecode Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1279/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11676", "zdi_id": "ZDI-20-1279" }, { "cve": "CVE-2020-14881", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1278/advisory.json", "detail_path": "advisories/ZDI-20-1278", "id": "ZDI-20-1278", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1278/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11678", "zdi_id": "ZDI-20-1278" }, { "cve": "CVE-2020-14825", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted da...", "detail_json": "/data/advisories/ZDI-20-1277/advisory.json", "detail_path": "advisories/ZDI-20-1277", "id": "ZDI-20-1277", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1277/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11591", "zdi_id": "ZDI-20-1277" }, { "cve": "CVE-2020-14841", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. Crafted data in...", "detail_json": "/data/advisories/ZDI-20-1276/advisory.json", "detail_path": "advisories/ZDI-20-1276", "id": "ZDI-20-1276", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server IIOP Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1276/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11453", "zdi_id": "ZDI-20-1276" }, { "cve": "CVE-2020-14859", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a...", "detail_json": "/data/advisories/ZDI-20-1275/advisory.json", "detail_path": "advisories/ZDI-20-1275", "id": "ZDI-20-1275", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1275/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11305", "zdi_id": "ZDI-20-1275" }, { "cve": "CVE-2020-14841", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. Crafted data in...", "detail_json": "/data/advisories/ZDI-20-1274/advisory.json", "detail_path": "advisories/ZDI-20-1274", "id": "ZDI-20-1274", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server IIOP Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1274/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10818", "zdi_id": "ZDI-20-1274" }, { "cve": "CVE-2020-14825", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a...", "detail_json": "/data/advisories/ZDI-20-1273/advisory.json", "detail_path": "advisories/ZDI-20-1273", "id": "ZDI-20-1273", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1273/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10968", "zdi_id": "ZDI-20-1273" }, { "cve": "CVE-2020-24410", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1272/advisory.json", "detail_path": "advisories/ZDI-20-1272", "id": "ZDI-20-1272", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1272/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11477", "zdi_id": "ZDI-20-1272" }, { "cve": "CVE-2020-24409", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1271/advisory.json", "detail_path": "advisories/ZDI-20-1271", "id": "ZDI-20-1271", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1271/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11474", "zdi_id": "ZDI-20-1271" }, { "cve": "CVE-2020-24411", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1270/advisory.json", "detail_path": "advisories/ZDI-20-1270", "id": "ZDI-20-1270", "kind": "published", "published_date": "2020-10-22", "status": "published", "title": "Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1270/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11346", "zdi_id": "ZDI-20-1270" }, { "cve": "CVE-2020-3992", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. The issue results from...", "detail_json": "/data/advisories/ZDI-20-1269/advisory.json", "detail_path": "advisories/ZDI-20-1269", "id": "ZDI-20-1269", "kind": "published", "published_date": "2020-10-20", "status": "published", "title": "VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1269/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11563", "zdi_id": "ZDI-20-1269" }, { "cve": "CVE-2020-3982", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-1268/advisory.json", "detail_path": "advisories/ZDI-20-1268", "id": "ZDI-20-1268", "kind": "published", "published_date": "2020-10-20", "status": "published", "title": "VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1268/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11228", "zdi_id": "ZDI-20-1268" }, { "cve": "CVE-2020-3981", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-20-1267/advisory.json", "detail_path": "advisories/ZDI-20-1267", "id": "ZDI-20-1267", "kind": "published", "published_date": "2020-10-20", "status": "published", "title": "VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1267/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11227", "zdi_id": "ZDI-20-1267" }, { "cve": "CVE-2020-6374", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1266/advisory.json", "detail_path": "advisories/ZDI-20-1266", "id": "ZDI-20-1266", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1266/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11705", "zdi_id": "ZDI-20-1266" }, { "cve": "CVE-2020-6315", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-20-1265/advisory.json", "detail_path": "advisories/ZDI-20-1265", "id": "ZDI-20-1265", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1265/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11243", "zdi_id": "ZDI-20-1265" }, { "cve": "CVE-2020-6372", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1264/advisory.json", "detail_path": "advisories/ZDI-20-1264", "id": "ZDI-20-1264", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1264/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11467", "zdi_id": "ZDI-20-1264" }, { "cve": "CVE-2020-6373", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1263/advisory.json", "detail_path": "advisories/ZDI-20-1263", "id": "ZDI-20-1263", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1263/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11462", "zdi_id": "ZDI-20-1263" }, { "cve": "CVE-2020-25157", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within device_position.php. When parsing the d...", "detail_json": "/data/advisories/ZDI-20-1262/advisory.json", "detail_path": "advisories/ZDI-20-1262", "id": "ZDI-20-1262", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Advantech R-SeeNet device_position device_id SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1262/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11373", "zdi_id": "ZDI-20-1262" }, { "cve": "CVE-2020-25161", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-1261/advisory.json", "detail_path": "advisories/ZDI-20-1261", "id": "ZDI-20-1261", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Advantech WebAccess/SCADA WADashboard External Control of File Path Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1261/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-11262", "zdi_id": "ZDI-20-1261" }, { "cve": "CVE-2020-9990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1260/advisory.json", "detail_path": "advisories/ZDI-20-1260", "id": "ZDI-20-1260", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Apple macOS process_token_SetFence Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1260/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10924", "zdi_id": "ZDI-20-1260" }, { "cve": "CVE-2020-9990", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1259/advisory.json", "detail_path": "advisories/ZDI-20-1259", "id": "ZDI-20-1259", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Apple macOS process_token_SetFence Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1259/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10823", "zdi_id": "ZDI-20-1259" }, { "cve": "CVE-2020-16968", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1258/advisory.json", "detail_path": "advisories/ZDI-20-1258", "id": "ZDI-20-1258", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1258/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11981", "zdi_id": "ZDI-20-1258" }, { "cve": "CVE-2020-16915", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-1257/advisory.json", "detail_path": "advisories/ZDI-20-1257", "id": "ZDI-20-1257", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1257/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11980", "zdi_id": "ZDI-20-1257" }, { "cve": "CVE-2020-16930", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1256/advisory.json", "detail_path": "advisories/ZDI-20-1256", "id": "ZDI-20-1256", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Excel XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1256/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11602", "zdi_id": "ZDI-20-1256" }, { "cve": "CVE-2020-16931", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1255/advisory.json", "detail_path": "advisories/ZDI-20-1255", "id": "ZDI-20-1255", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Excel XLS File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1255/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11613", "zdi_id": "ZDI-20-1255" }, { "cve": "CVE-2020-16939", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1254/advisory.json", "detail_path": "advisories/ZDI-20-1254", "id": "ZDI-20-1254", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Windows Group Policy Client Service Link Resolution Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1254/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11622", "zdi_id": "ZDI-20-1254" }, { "cve": "CVE-2020-16932", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1253/advisory.json", "detail_path": "advisories/ZDI-20-1253", "id": "ZDI-20-1253", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Excel XLS File Parsing Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1253/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11529", "zdi_id": "ZDI-20-1253" }, { "cve": "CVE-2020-16930", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1252/advisory.json", "detail_path": "advisories/ZDI-20-1252", "id": "ZDI-20-1252", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Excel XLS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1252/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11524", "zdi_id": "ZDI-20-1252" }, { "cve": "CVE-2020-16929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1251/advisory.json", "detail_path": "advisories/ZDI-20-1251", "id": "ZDI-20-1251", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1251/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11516", "zdi_id": "ZDI-20-1251" }, { "cve": "CVE-2020-16947", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email or view it in the preview pa...", "detail_json": "/data/advisories/ZDI-20-1250/advisory.json", "detail_path": "advisories/ZDI-20-1250", "id": "ZDI-20-1250", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Outlook HTML Email Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1250/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11250", "zdi_id": "ZDI-20-1250" }, { "cve": "CVE-2020-16947", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email or view it in the preview pane. The...", "detail_json": "/data/advisories/ZDI-20-1249/advisory.json", "detail_path": "advisories/ZDI-20-1249", "id": "ZDI-20-1249", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Outlook HTML Email Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1249/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11249", "zdi_id": "ZDI-20-1249" }, { "cve": "CVE-2020-16940", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-1248/advisory.json", "detail_path": "advisories/ZDI-20-1248", "id": "ZDI-20-1248", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft Windows User Profile Service Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1248/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11129", "zdi_id": "ZDI-20-1248" }, { "cve": "CVE-2020-1167", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-1247/advisory.json", "detail_path": "advisories/ZDI-20-1247", "id": "ZDI-20-1247", "kind": "published", "published_date": "2020-10-19", "status": "published", "title": "Microsoft 3D Builder GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1247/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11174", "zdi_id": "ZDI-20-1247" }, { "cve": "CVE-2020-17003", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-1246/advisory.json", "detail_path": "advisories/ZDI-20-1246", "id": "ZDI-20-1246", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "Microsoft 3D Viewer FBX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1246/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11032", "zdi_id": "ZDI-20-1246" }, { "cve": "CVE-2020-16967", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1245/advisory.json", "detail_path": "advisories/ZDI-20-1245", "id": "ZDI-20-1245", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1245/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11241", "zdi_id": "ZDI-20-1245" }, { "cve": "CVE-2020-25188", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1244/advisory.json", "detail_path": "advisories/ZDI-20-1244", "id": "ZDI-20-1244", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1244/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-11029", "zdi_id": "ZDI-20-1244" }, { "cve": "CVE-2020-27013", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-20-1243/advisory.json", "detail_path": "advisories/ZDI-20-1243", "id": "ZDI-20-1243", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "Trend Micro Antivirus for Mac Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1243/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10945", "zdi_id": "ZDI-20-1243" }, { "cve": "CVE-2020-25777", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass web filtering on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1242/advisory.json", "detail_path": "advisories/ZDI-20-1242", "id": "ZDI-20-1242", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "Trend Micro Antivirus for Mac Protection Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11046", "zdi_id": "ZDI-20-1242" }, { "cve": "CVE-2020-25778", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-20-1241/advisory.json", "detail_path": "advisories/ZDI-20-1241", "id": "ZDI-20-1241", "kind": "published", "published_date": "2020-10-14", "status": "published", "title": "Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1241/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11048", "zdi_id": "ZDI-20-1241" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Realtek rtl81xx SDK Wi-Fi driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.1...", "detail_json": "/data/advisories/ZDI-20-1240/advisory.json", "detail_path": "advisories/ZDI-20-1240", "id": "ZDI-20-1240", "kind": "published", "published_date": "2020-10-08", "status": "published", "title": "(0Day) Realtek rtl81xx SDK Wi-Fi Driver rtwlane Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1240/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-10181", "zdi_id": "ZDI-20-1240" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Realtek rtl81xx SDK Wi-Fi driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.1...", "detail_json": "/data/advisories/ZDI-20-1239/advisory.json", "detail_path": "advisories/ZDI-20-1239", "id": "ZDI-20-1239", "kind": "published", "published_date": "2020-10-08", "status": "published", "title": "(0Day) Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1239/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-10180", "zdi_id": "ZDI-20-1239" }, { "cve": "CVE-2020-9883", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-20-1238/advisory.json", "detail_path": "advisories/ZDI-20-1238", "id": "ZDI-20-1238", "kind": "published", "published_date": "2020-10-08", "status": "published", "title": "Apple macOS CoreGraphics JBIG2Bitmap Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1238/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11184", "zdi_id": "ZDI-20-1238" }, { "cve": "CVE-2020-4799", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of IBM Informix. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1237/advisory.json", "detail_path": "advisories/ZDI-20-1237", "id": "ZDI-20-1237", "kind": "published", "published_date": "2020-10-08", "status": "published", "title": "IBM Informix spatial Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1237/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10580", "zdi_id": "ZDI-20-1237" }, { "cve": "CVE-2020-25776", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-20-1236/advisory.json", "detail_path": "advisories/ZDI-20-1236", "id": "ZDI-20-1236", "kind": "published", "published_date": "2020-10-01", "status": "published", "title": "Trend Micro Antivirus for Mac Symbolic Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1236/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10941", "zdi_id": "ZDI-20-1236" }, { "cve": "CVE-2020-17413", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1235/advisory.json", "detail_path": "advisories/ZDI-20-1235", "id": "ZDI-20-1235", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1235/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11226", "zdi_id": "ZDI-20-1235" }, { "cve": "CVE-2020-17417", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1234/advisory.json", "detail_path": "advisories/ZDI-20-1234", "id": "ZDI-20-1234", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1234/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11657", "zdi_id": "ZDI-20-1234" }, { "cve": "CVE-2020-17416", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1233/advisory.json", "detail_path": "advisories/ZDI-20-1233", "id": "ZDI-20-1233", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1233/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11497", "zdi_id": "ZDI-20-1233" }, { "cve": "CVE-2020-17415", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1232/advisory.json", "detail_path": "advisories/ZDI-20-1232", "id": "ZDI-20-1232", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit PhantomPDF Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1232/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11308", "zdi_id": "ZDI-20-1232" }, { "cve": "CVE-2020-17414", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1231/advisory.json", "detail_path": "advisories/ZDI-20-1231", "id": "ZDI-20-1231", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit Reader Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1231/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11229", "zdi_id": "ZDI-20-1231" }, { "cve": "CVE-2020-17412", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1230/advisory.json", "detail_path": "advisories/ZDI-20-1230", "id": "ZDI-20-1230", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1230/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11224", "zdi_id": "ZDI-20-1230" }, { "cve": "CVE-2020-17411", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-1229/advisory.json", "detail_path": "advisories/ZDI-20-1229", "id": "ZDI-20-1229", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1229/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11190", "zdi_id": "ZDI-20-1229" }, { "cve": "CVE-2020-17410", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1228/advisory.json", "detail_path": "advisories/ZDI-20-1228", "id": "ZDI-20-1228", "kind": "published", "published_date": "2020-09-29", "status": "published", "title": "Foxit PhantomPDF GIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-10-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1228/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11135", "zdi_id": "ZDI-20-1228" }, { "cve": "CVE-2020-25775", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1227/advisory.json", "detail_path": "advisories/ZDI-20-1227", "id": "ZDI-20-1227", "kind": "published", "published_date": "2020-09-28", "status": "published", "title": "Trend Micro Maximum Security Race Condition Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10819", "zdi_id": "ZDI-20-1227" }, { "cve": "CVE-2020-24562", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-1226/advisory.json", "detail_path": "advisories/ZDI-20-1226", "id": "ZDI-20-1226", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro OfficeScan Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1226/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10794", "zdi_id": "ZDI-20-1226" }, { "cve": "CVE-2020-25774", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan ServerMigrationTool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-20-1225/advisory.json", "detail_path": "advisories/ZDI-20-1225", "id": "ZDI-20-1225", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro OfficeScan ServerMigrationTool ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1225/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11108", "zdi_id": "ZDI-20-1225" }, { "cve": "CVE-2020-25773", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro OfficeScan ServerMigrationTool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-20-1224/advisory.json", "detail_path": "advisories/ZDI-20-1224", "id": "ZDI-20-1224", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro OfficeScan ServerMigrationTool DAT File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1224/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10973", "zdi_id": "ZDI-20-1224" }, { "cve": "CVE-2020-25771", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1223/advisory.json", "detail_path": "advisories/ZDI-20-1223", "id": "ZDI-20-1223", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1223/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10844", "zdi_id": "ZDI-20-1223" }, { "cve": "CVE-2020-25772", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1222/advisory.json", "detail_path": "advisories/ZDI-20-1222", "id": "ZDI-20-1222", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1222/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10839", "zdi_id": "ZDI-20-1222" }, { "cve": "CVE-2020-25770", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1221/advisory.json", "detail_path": "advisories/ZDI-20-1221", "id": "ZDI-20-1221", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1221/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10848", "zdi_id": "ZDI-20-1221" }, { "cve": "CVE-2020-24565", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1220/advisory.json", "detail_path": "advisories/ZDI-20-1220", "id": "ZDI-20-1220", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1220/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10847", "zdi_id": "ZDI-20-1220" }, { "cve": "CVE-2020-24564", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1219/advisory.json", "detail_path": "advisories/ZDI-20-1219", "id": "ZDI-20-1219", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1219/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10826", "zdi_id": "ZDI-20-1219" }, { "cve": "CVE-2020-24563", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-1218/advisory.json", "detail_path": "advisories/ZDI-20-1218", "id": "ZDI-20-1218", "kind": "published", "published_date": "2020-09-25", "status": "published", "title": "Trend Micro Apex One Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1218/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10515", "zdi_id": "ZDI-20-1218" }, { "cve": "CVE-2020-11855", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Reporter. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-20-1217/advisory.json", "detail_path": "advisories/ZDI-20-1217", "id": "ZDI-20-1217", "kind": "published", "published_date": "2020-09-23", "status": "published", "title": "Micro Focus Operations Bridge Reporter HPE-OBR Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11073", "zdi_id": "ZDI-20-1217" }, { "cve": "CVE-2020-11856", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JM...", "detail_json": "/data/advisories/ZDI-20-1216/advisory.json", "detail_path": "advisories/ZDI-20-1216", "id": "ZDI-20-1216", "kind": "published", "published_date": "2020-09-23", "status": "published", "title": "Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11071", "zdi_id": "ZDI-20-1216" }, { "cve": "CVE-2020-11857", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboad...", "detail_json": "/data/advisories/ZDI-20-1215/advisory.json", "detail_path": "advisories/ZDI-20-1215", "id": "ZDI-20-1215", "kind": "published", "published_date": "2020-09-23", "status": "published", "title": "Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-11075", "zdi_id": "ZDI-20-1215" }, { "cve": "CVE-2020-9948", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-1214/advisory.json", "detail_path": "advisories/ZDI-20-1214", "id": "ZDI-20-1214", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple Safari replace Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1214/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11116", "zdi_id": "ZDI-20-1214" }, { "cve": "CVE-2020-9921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1213/advisory.json", "detail_path": "advisories/ZDI-20-1213", "id": "ZDI-20-1213", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple macOS process_token_BlitFramebuffer Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1213/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10942", "zdi_id": "ZDI-20-1213" }, { "cve": "CVE-2020-9921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1212/advisory.json", "detail_path": "advisories/ZDI-20-1212", "id": "ZDI-20-1212", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple macOS process_token_CopyPixelsSrcFBO Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1212/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10943", "zdi_id": "ZDI-20-1212" }, { "cve": "CVE-2020-9921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1211/advisory.json", "detail_path": "advisories/ZDI-20-1211", "id": "ZDI-20-1211", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple macOS process_token_TexSubImage2D Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1211/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10944", "zdi_id": "ZDI-20-1211" }, { "cve": "CVE-2020-9921", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1210/advisory.json", "detail_path": "advisories/ZDI-20-1210", "id": "ZDI-20-1210", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple macOS process_token_TexPBOUpload Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1210/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10946", "zdi_id": "ZDI-20-1210" }, { "cve": "CVE-2020-9927", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-1209/advisory.json", "detail_path": "advisories/ZDI-20-1209", "id": "ZDI-20-1209", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Apple macOS AMDSupport Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1209/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10643", "zdi_id": "ZDI-20-1209" }, { "cve": "CVE-2020-24623", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Universal API Framework. Authentication is not required to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-20-1208/advisory.json", "detail_path": "advisories/ZDI-20-1208", "id": "ZDI-20-1208", "kind": "published", "published_date": "2020-09-21", "status": "published", "title": "Hewlett Packard Enterprise Universal API Framework uaf_token SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1208/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-11502", "zdi_id": "ZDI-20-1208" }, { "cve": "CVE-2020-16226", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Electric MELSEC iQ-F. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ACK packets. Whe...", "detail_json": "/data/advisories/ZDI-20-1207/advisory.json", "detail_path": "advisories/ZDI-20-1207", "id": "ZDI-20-1207", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "Mitsubishi Electric MELSEC iQ-F Predictable TCP Sequence Number Remote Code Execution Vulnerability", "updated_date": "2020-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1207/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10966", "zdi_id": "ZDI-20-1207" }, { "cve": "CVE-2020-17407", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The i...", "detail_json": "/data/advisories/ZDI-20-1206/advisory.json", "detail_path": "advisories/ZDI-20-1206", "id": "ZDI-20-1206", "kind": "published", "published_date": "2020-08-26", "status": "published", "title": "Microhard Bullet-LTE Basic Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2020-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1206/", "vendor": "Microhard", "vendor_url": null, "zdi_can": "ZDI-CAN-10596", "zdi_id": "ZDI-20-1206" }, { "cve": "CVE-2020-17406", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to to...", "detail_json": "/data/advisories/ZDI-20-1205/advisory.json", "detail_path": "advisories/ZDI-20-1205", "id": "ZDI-20-1205", "kind": "published", "published_date": "2020-08-26", "status": "published", "title": "Microhard Bullet-LTE Ping Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1205/", "vendor": "Microhard", "vendor_url": null, "zdi_can": "ZDI-CAN-10595", "zdi_id": "ZDI-20-1205" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1204/advisory.json", "detail_path": "advisories/ZDI-20-1204", "id": "ZDI-20-1204", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1204/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-11010", "zdi_id": "ZDI-20-1204" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1203/advisory.json", "detail_path": "advisories/ZDI-20-1203", "id": "ZDI-20-1203", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1203/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10987", "zdi_id": "ZDI-20-1203" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1202/advisory.json", "detail_path": "advisories/ZDI-20-1202", "id": "ZDI-20-1202", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1202/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10986", "zdi_id": "ZDI-20-1202" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1201/advisory.json", "detail_path": "advisories/ZDI-20-1201", "id": "ZDI-20-1201", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1201/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10985", "zdi_id": "ZDI-20-1201" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1200/advisory.json", "detail_path": "advisories/ZDI-20-1200", "id": "ZDI-20-1200", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1200/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10984", "zdi_id": "ZDI-20-1200" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1199/advisory.json", "detail_path": "advisories/ZDI-20-1199", "id": "ZDI-20-1199", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1199/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10983", "zdi_id": "ZDI-20-1199" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1198/advisory.json", "detail_path": "advisories/ZDI-20-1198", "id": "ZDI-20-1198", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1198/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10929", "zdi_id": "ZDI-20-1198" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1197/advisory.json", "detail_path": "advisories/ZDI-20-1197", "id": "ZDI-20-1197", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1197/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10961", "zdi_id": "ZDI-20-1197" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1196/advisory.json", "detail_path": "advisories/ZDI-20-1196", "id": "ZDI-20-1196", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1196/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10960", "zdi_id": "ZDI-20-1196" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1195/advisory.json", "detail_path": "advisories/ZDI-20-1195", "id": "ZDI-20-1195", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1195/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10959", "zdi_id": "ZDI-20-1195" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1194/advisory.json", "detail_path": "advisories/ZDI-20-1194", "id": "ZDI-20-1194", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1194/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10958", "zdi_id": "ZDI-20-1194" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1193/advisory.json", "detail_path": "advisories/ZDI-20-1193", "id": "ZDI-20-1193", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1193/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10957", "zdi_id": "ZDI-20-1193" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1192/advisory.json", "detail_path": "advisories/ZDI-20-1192", "id": "ZDI-20-1192", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1192/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10956", "zdi_id": "ZDI-20-1192" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1191/advisory.json", "detail_path": "advisories/ZDI-20-1191", "id": "ZDI-20-1191", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1191/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10928", "zdi_id": "ZDI-20-1191" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1190/advisory.json", "detail_path": "advisories/ZDI-20-1190", "id": "ZDI-20-1190", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1190/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10927", "zdi_id": "ZDI-20-1190" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1189/advisory.json", "detail_path": "advisories/ZDI-20-1189", "id": "ZDI-20-1189", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1189/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10906", "zdi_id": "ZDI-20-1189" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1188/advisory.json", "detail_path": "advisories/ZDI-20-1188", "id": "ZDI-20-1188", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1188/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10931", "zdi_id": "ZDI-20-1188" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1187/advisory.json", "detail_path": "advisories/ZDI-20-1187", "id": "ZDI-20-1187", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1187/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10930", "zdi_id": "ZDI-20-1187" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1186/advisory.json", "detail_path": "advisories/ZDI-20-1186", "id": "ZDI-20-1186", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1186/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10611", "zdi_id": "ZDI-20-1186" }, { "cve": "CVE-2020-9919", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-20-1185/advisory.json", "detail_path": "advisories/ZDI-20-1185", "id": "ZDI-20-1185", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Apple macOS ImageIO PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1185/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11086", "zdi_id": "ZDI-20-1185" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1184/advisory.json", "detail_path": "advisories/ZDI-20-1184", "id": "ZDI-20-1184", "kind": "published", "published_date": "2020-09-17", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 SIM2 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1184/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10610", "zdi_id": "ZDI-20-1184" }, { "cve": "CVE-2020-9876", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-20-1183/advisory.json", "detail_path": "advisories/ZDI-20-1183", "id": "ZDI-20-1183", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Apple macOS ImageIO TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1183/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11165", "zdi_id": "ZDI-20-1183" }, { "cve": "CVE-2020-9887", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-20-1182/advisory.json", "detail_path": "advisories/ZDI-20-1182", "id": "ZDI-20-1182", "kind": "published", "published_date": "2020-09-16", "status": "published", "title": "Apple macOS AppleVPA JPEG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1182/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11106", "zdi_id": "ZDI-20-1182" }, { "cve": "CVE-2020-3988", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1181/advisory.json", "detail_path": "advisories/ZDI-20-1181", "id": "ZDI-20-1181", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1181/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10979", "zdi_id": "ZDI-20-1181" }, { "cve": "CVE-2020-3987", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1180/advisory.json", "detail_path": "advisories/ZDI-20-1180", "id": "ZDI-20-1180", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "VMware Workstation ThinPrint EMR_STRETCHDIBITS Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2020-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1180/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11066", "zdi_id": "ZDI-20-1180" }, { "cve": "CVE-2020-3986", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1179/advisory.json", "detail_path": "advisories/ZDI-20-1179", "id": "ZDI-20-1179", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "VMware Workstation ThinPrint EMF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2020-09-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1179/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-11065", "zdi_id": "ZDI-20-1179" }, { "cve": "CVE-2020-3990", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1178/advisory.json", "detail_path": "advisories/ZDI-20-1178", "id": "ZDI-20-1178", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1178/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10923", "zdi_id": "ZDI-20-1178" }, { "cve": "CVE-2020-3989", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-1177/advisory.json", "detail_path": "advisories/ZDI-20-1177", "id": "ZDI-20-1177", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "VMware Workstation ThinPrint name Table Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1177/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10922", "zdi_id": "ZDI-20-1177" }, { "cve": "CVE-2020-17409", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers. Authentication is not required to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-20-1176/advisory.json", "detail_path": "advisories/ZDI-20-1176", "id": "ZDI-20-1176", "kind": "published", "published_date": "2020-09-15", "status": "published", "title": "NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-10754", "zdi_id": "ZDI-20-1176" }, { "cve": "CVE-2020-0997", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1175/advisory.json", "detail_path": "advisories/ZDI-20-1175", "id": "ZDI-20-1175", "kind": "published", "published_date": "2020-10-16", "status": "published", "title": "Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1175/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11263", "zdi_id": "ZDI-20-1175" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation PLC WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-20-1174/advisory.json", "detail_path": "advisories/ZDI-20-1174", "id": "ZDI-20-1174", "kind": "published", "published_date": "2020-09-14", "status": "published", "title": "(0Day) Fatek Automation PLC WinProladder TAB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1174/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10146", "zdi_id": "ZDI-20-1174" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation PLC WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-20-1173/advisory.json", "detail_path": "advisories/ZDI-20-1173", "id": "ZDI-20-1173", "kind": "published", "published_date": "2020-09-14", "status": "published", "title": "(0Day) Fatek Automation PLC WinProladder SPF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1173/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10570", "zdi_id": "ZDI-20-1173" }, { "cve": "CVE-2020-6361", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1172/advisory.json", "detail_path": "advisories/ZDI-20-1172", "id": "ZDI-20-1172", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1172/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11501", "zdi_id": "ZDI-20-1172" }, { "cve": "CVE-2020-6360", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1171/advisory.json", "detail_path": "advisories/ZDI-20-1171", "id": "ZDI-20-1171", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer DIB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1171/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11500", "zdi_id": "ZDI-20-1171" }, { "cve": "CVE-2020-6359", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1170/advisory.json", "detail_path": "advisories/ZDI-20-1170", "id": "ZDI-20-1170", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PLT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1170/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11499", "zdi_id": "ZDI-20-1170" }, { "cve": "CVE-2020-6358", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1169/advisory.json", "detail_path": "advisories/ZDI-20-1169", "id": "ZDI-20-1169", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1169/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11484", "zdi_id": "ZDI-20-1169" }, { "cve": "CVE-2020-6357", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1168/advisory.json", "detail_path": "advisories/ZDI-20-1168", "id": "ZDI-20-1168", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1168/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11340", "zdi_id": "ZDI-20-1168" }, { "cve": "CVE-2020-6350", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1167/advisory.json", "detail_path": "advisories/ZDI-20-1167", "id": "ZDI-20-1167", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BMP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1167/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11290", "zdi_id": "ZDI-20-1167" }, { "cve": "CVE-2020-6349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1166/advisory.json", "detail_path": "advisories/ZDI-20-1166", "id": "ZDI-20-1166", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2021-01-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1166/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11289", "zdi_id": "ZDI-20-1166" }, { "cve": "CVE-2020-6348", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1165/advisory.json", "detail_path": "advisories/ZDI-20-1165", "id": "ZDI-20-1165", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1165/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11286", "zdi_id": "ZDI-20-1165" }, { "cve": "CVE-2020-6347", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1164/advisory.json", "detail_path": "advisories/ZDI-20-1164", "id": "ZDI-20-1164", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HDR File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1164/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11285", "zdi_id": "ZDI-20-1164" }, { "cve": "CVE-2020-6346", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1163/advisory.json", "detail_path": "advisories/ZDI-20-1163", "id": "ZDI-20-1163", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BMP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1163/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11284", "zdi_id": "ZDI-20-1163" }, { "cve": "CVE-2020-6356", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1162/advisory.json", "detail_path": "advisories/ZDI-20-1162", "id": "ZDI-20-1162", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1162/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11283", "zdi_id": "ZDI-20-1162" }, { "cve": "CVE-2020-6355", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1161/advisory.json", "detail_path": "advisories/ZDI-20-1161", "id": "ZDI-20-1161", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer TGA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1161/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11282", "zdi_id": "ZDI-20-1161" }, { "cve": "CVE-2020-6345", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1160/advisory.json", "detail_path": "advisories/ZDI-20-1160", "id": "ZDI-20-1160", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer TGA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1160/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11281", "zdi_id": "ZDI-20-1160" }, { "cve": "CVE-2020-6336", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1159/advisory.json", "detail_path": "advisories/ZDI-20-1159", "id": "ZDI-20-1159", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1159/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11280", "zdi_id": "ZDI-20-1159" }, { "cve": "CVE-2020-6354", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1158/advisory.json", "detail_path": "advisories/ZDI-20-1158", "id": "ZDI-20-1158", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1158/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11292", "zdi_id": "ZDI-20-1158" }, { "cve": "CVE-2020-6338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1157/advisory.json", "detail_path": "advisories/ZDI-20-1157", "id": "ZDI-20-1157", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer RH File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1157/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11291", "zdi_id": "ZDI-20-1157" }, { "cve": "CVE-2020-6339", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1156/advisory.json", "detail_path": "advisories/ZDI-20-1156", "id": "ZDI-20-1156", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1156/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11288", "zdi_id": "ZDI-20-1156" }, { "cve": "CVE-2020-6337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1155/advisory.json", "detail_path": "advisories/ZDI-20-1155", "id": "ZDI-20-1155", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HDR File Parsing Memory Corruption Remote Code Execution Vulnerabililty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1155/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11287", "zdi_id": "ZDI-20-1155" }, { "cve": "CVE-2020-6340", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1154/advisory.json", "detail_path": "advisories/ZDI-20-1154", "id": "ZDI-20-1154", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1154/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11275", "zdi_id": "ZDI-20-1154" }, { "cve": "CVE-2020-6341", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1153/advisory.json", "detail_path": "advisories/ZDI-20-1153", "id": "ZDI-20-1153", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1153/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11345", "zdi_id": "ZDI-20-1153" }, { "cve": "CVE-2020-6342", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1152/advisory.json", "detail_path": "advisories/ZDI-20-1152", "id": "ZDI-20-1152", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1152/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11344", "zdi_id": "ZDI-20-1152" }, { "cve": "CVE-2020-6343", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1151/advisory.json", "detail_path": "advisories/ZDI-20-1151", "id": "ZDI-20-1151", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1151/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11342", "zdi_id": "ZDI-20-1151" }, { "cve": "CVE-2020-6344", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1150/advisory.json", "detail_path": "advisories/ZDI-20-1150", "id": "ZDI-20-1150", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1150/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11294", "zdi_id": "ZDI-20-1150" }, { "cve": "CVE-2020-6353", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1149/advisory.json", "detail_path": "advisories/ZDI-20-1149", "id": "ZDI-20-1149", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1149/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11272", "zdi_id": "ZDI-20-1149" }, { "cve": "CVE-2020-6352", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1148/advisory.json", "detail_path": "advisories/ZDI-20-1148", "id": "ZDI-20-1148", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1148/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11265", "zdi_id": "ZDI-20-1148" }, { "cve": "CVE-2020-6351", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1147/advisory.json", "detail_path": "advisories/ZDI-20-1147", "id": "ZDI-20-1147", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1147/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11261", "zdi_id": "ZDI-20-1147" }, { "cve": "CVE-2020-6335", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1146/advisory.json", "detail_path": "advisories/ZDI-20-1146", "id": "ZDI-20-1146", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing hpgl Plugin Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1146/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11158", "zdi_id": "ZDI-20-1146" }, { "cve": "CVE-2020-6334", "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1145/advisory.json", "detail_path": "advisories/ZDI-20-1145", "id": "ZDI-20-1145", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1145/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11161", "zdi_id": "ZDI-20-1145" }, { "cve": "CVE-2020-6333", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1144/advisory.json", "detail_path": "advisories/ZDI-20-1144", "id": "ZDI-20-1144", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1144/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11159", "zdi_id": "ZDI-20-1144" }, { "cve": "CVE-2020-6332", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1143/advisory.json", "detail_path": "advisories/ZDI-20-1143", "id": "ZDI-20-1143", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing hpgl Plugin Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1143/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11160", "zdi_id": "ZDI-20-1143" }, { "cve": "CVE-2020-6331", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1142/advisory.json", "detail_path": "advisories/ZDI-20-1142", "id": "ZDI-20-1142", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing hpgl Plugin Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1142/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11205", "zdi_id": "ZDI-20-1142" }, { "cve": "CVE-2020-6314", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1141/advisory.json", "detail_path": "advisories/ZDI-20-1141", "id": "ZDI-20-1141", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer HPGL File Parsing hpgl Plugin Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1141/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11152", "zdi_id": "ZDI-20-1141" }, { "cve": "CVE-2020-6321", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1140/advisory.json", "detail_path": "advisories/ZDI-20-1140", "id": "ZDI-20-1140", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D File Parsing 3difr Plugin Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1140/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-10940", "zdi_id": "ZDI-20-1140" }, { "cve": "CVE-2020-6322", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1139/advisory.json", "detail_path": "advisories/ZDI-20-1139", "id": "ZDI-20-1139", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer 3DM File Parsing rhino Plugin Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1139/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11090", "zdi_id": "ZDI-20-1139" }, { "cve": "CVE-2020-6327", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1138/advisory.json", "detail_path": "advisories/ZDI-20-1138", "id": "ZDI-20-1138", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer 3DM File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1138/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11089", "zdi_id": "ZDI-20-1138" }, { "cve": "CVE-2020-6328", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1137/advisory.json", "detail_path": "advisories/ZDI-20-1137", "id": "ZDI-20-1137", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer CGM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1137/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11147", "zdi_id": "ZDI-20-1137" }, { "cve": "CVE-2020-6329", "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1136/advisory.json", "detail_path": "advisories/ZDI-20-1136", "id": "ZDI-20-1136", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1136/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11113", "zdi_id": "ZDI-20-1136" }, { "cve": "CVE-2020-6330", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1135/advisory.json", "detail_path": "advisories/ZDI-20-1135", "id": "ZDI-20-1135", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "SAP 3D Visual Enterprise Viewer 3DM File Parsing rhino Plugin Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1135/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-11091", "zdi_id": "ZDI-20-1135" }, { "cve": "CVE-2020-1319", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1134/advisory.json", "detail_path": "advisories/ZDI-20-1134", "id": "ZDI-20-1134", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1134/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11511", "zdi_id": "ZDI-20-1134" }, { "cve": "CVE-2020-1594", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1133/advisory.json", "detail_path": "advisories/ZDI-20-1133", "id": "ZDI-20-1133", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Excel XLS File SST Record Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1133/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11446", "zdi_id": "ZDI-20-1133" }, { "cve": "CVE-2020-1193", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1132/advisory.json", "detail_path": "advisories/ZDI-20-1132", "id": "ZDI-20-1132", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1132/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11276", "zdi_id": "ZDI-20-1132" }, { "cve": "CVE-2020-1338", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-1131/advisory.json", "detail_path": "advisories/ZDI-20-1131", "id": "ZDI-20-1131", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Word DOCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1131/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11242", "zdi_id": "ZDI-20-1131" }, { "cve": "CVE-2020-0914", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-1130/advisory.json", "detail_path": "advisories/ZDI-20-1130", "id": "ZDI-20-1130", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows State Repository Service Race Condition Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1130/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11126", "zdi_id": "ZDI-20-1130" }, { "cve": "CVE-2020-1129", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-1129/advisory.json", "detail_path": "advisories/ZDI-20-1129", "id": "ZDI-20-1129", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows Media Player HEVC Stream Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1129/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11215", "zdi_id": "ZDI-20-1129" }, { "cve": "CVE-2020-1074", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1128/advisory.json", "detail_path": "advisories/ZDI-20-1128", "id": "ZDI-20-1128", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1128/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11153", "zdi_id": "ZDI-20-1128" }, { "cve": "CVE-2020-1039", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1127/advisory.json", "detail_path": "advisories/ZDI-20-1127", "id": "ZDI-20-1127", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1127/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11128", "zdi_id": "ZDI-20-1127" }, { "cve": "CVE-2020-16874", "cvss": 7.0, "cvss_vector": null, "description_snippet": "These vulnerabilities allow remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit these vulnerabilities in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1126/advisory.json", "detail_path": "advisories/ZDI-20-1126", "id": "ZDI-20-1126", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Multiple Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1126/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11214", "zdi_id": "ZDI-20-1126" }, { "cve": "CVE-2020-16856", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-1125/advisory.json", "detail_path": "advisories/ZDI-20-1125", "id": "ZDI-20-1125", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1125/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11213", "zdi_id": "ZDI-20-1125" }, { "cve": "CVE-2020-16874", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-1124/advisory.json", "detail_path": "advisories/ZDI-20-1124", "id": "ZDI-20-1124", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1124/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11212", "zdi_id": "ZDI-20-1124" }, { "cve": "CVE-2020-0908", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-1123/advisory.json", "detail_path": "advisories/ZDI-20-1123", "id": "ZDI-20-1123", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Internet Explorer CTSF3CandidateMessage Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1123/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10834", "zdi_id": "ZDI-20-1123" }, { "cve": "CVE-2020-0997", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1122/advisory.json", "detail_path": "advisories/ZDI-20-1122", "id": "ZDI-20-1122", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1122/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11240", "zdi_id": "ZDI-20-1122" }, { "cve": "CVE-2020-16874", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-1121/advisory.json", "detail_path": "advisories/ZDI-20-1121", "id": "ZDI-20-1121", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1121/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11156", "zdi_id": "ZDI-20-1121" }, { "cve": "CVE-2020-16874", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-1120/advisory.json", "detail_path": "advisories/ZDI-20-1120", "id": "ZDI-20-1120", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1120/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11095", "zdi_id": "ZDI-20-1120" }, { "cve": "CVE-2020-9725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1119/advisory.json", "detail_path": "advisories/ZDI-20-1119", "id": "ZDI-20-1119", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Adobe FrameMaker FM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1119/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11221", "zdi_id": "ZDI-20-1119" }, { "cve": "CVE-2020-9726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1118/advisory.json", "detail_path": "advisories/ZDI-20-1118", "id": "ZDI-20-1118", "kind": "published", "published_date": "2020-09-10", "status": "published", "title": "Adobe FrameMaker FM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1118/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11110", "zdi_id": "ZDI-20-1118" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1117/advisory.json", "detail_path": "advisories/ZDI-20-1117", "id": "ZDI-20-1117", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1117/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10737", "zdi_id": "ZDI-20-1117" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1116/advisory.json", "detail_path": "advisories/ZDI-20-1116", "id": "ZDI-20-1116", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1116/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10736", "zdi_id": "ZDI-20-1116" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1115/advisory.json", "detail_path": "advisories/ZDI-20-1115", "id": "ZDI-20-1115", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1115/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10735", "zdi_id": "ZDI-20-1115" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1114/advisory.json", "detail_path": "advisories/ZDI-20-1114", "id": "ZDI-20-1114", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1114/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10734", "zdi_id": "ZDI-20-1114" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1113/advisory.json", "detail_path": "advisories/ZDI-20-1113", "id": "ZDI-20-1113", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1113/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10705", "zdi_id": "ZDI-20-1113" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1112/advisory.json", "detail_path": "advisories/ZDI-20-1112", "id": "ZDI-20-1112", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1112/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10698", "zdi_id": "ZDI-20-1112" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1111/advisory.json", "detail_path": "advisories/ZDI-20-1111", "id": "ZDI-20-1111", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1111/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10697", "zdi_id": "ZDI-20-1111" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1110/advisory.json", "detail_path": "advisories/ZDI-20-1110", "id": "ZDI-20-1110", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1110/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10696", "zdi_id": "ZDI-20-1110" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1109/advisory.json", "detail_path": "advisories/ZDI-20-1109", "id": "ZDI-20-1109", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1109/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10695", "zdi_id": "ZDI-20-1109" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1108/advisory.json", "detail_path": "advisories/ZDI-20-1108", "id": "ZDI-20-1108", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1108/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10680", "zdi_id": "ZDI-20-1108" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1107/advisory.json", "detail_path": "advisories/ZDI-20-1107", "id": "ZDI-20-1107", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1107/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10679", "zdi_id": "ZDI-20-1107" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1106/advisory.json", "detail_path": "advisories/ZDI-20-1106", "id": "ZDI-20-1106", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1106/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10678", "zdi_id": "ZDI-20-1106" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1105/advisory.json", "detail_path": "advisories/ZDI-20-1105", "id": "ZDI-20-1105", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1105/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10677", "zdi_id": "ZDI-20-1105" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1104/advisory.json", "detail_path": "advisories/ZDI-20-1104", "id": "ZDI-20-1104", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1104/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10676", "zdi_id": "ZDI-20-1104" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-1103/advisory.json", "detail_path": "advisories/ZDI-20-1103", "id": "ZDI-20-1103", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1103/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10675", "zdi_id": "ZDI-20-1103" }, { "cve": "CVE-2020-17408", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the imp...", "detail_json": "/data/advisories/ZDI-20-1102/advisory.json", "detail_path": "advisories/ZDI-20-1102", "id": "ZDI-20-1102", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "NEC ExpressCluster ApplyConfig XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/", "vendor": "NEC", "vendor_url": null, "zdi_can": "ZDI-CAN-10801", "zdi_id": "ZDI-20-1102" }, { "cve": "CVE-2020-3453", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter...", "detail_json": "/data/advisories/ZDI-20-1101/advisory.json", "detail_path": "advisories/ZDI-20-1101", "id": "ZDI-20-1101", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "Cisco RV340 upload.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1101/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-10907", "zdi_id": "ZDI-20-1101" }, { "cve": "CVE-2020-3451", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter...", "detail_json": "/data/advisories/ZDI-20-1100/advisory.json", "detail_path": "advisories/ZDI-20-1100", "id": "ZDI-20-1100", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "Cisco RV340 upload.cgi Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1100/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-10640", "zdi_id": "ZDI-20-1100" }, { "cve": "CVE-2020-24625", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Recei...", "detail_json": "/data/advisories/ZDI-20-1099/advisory.json", "detail_path": "advisories/ZDI-20-1099", "id": "ZDI-20-1099", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Pay per use UCS Meter ReceiverServlet doGet Directory Traversal Information Disclosure Vulnerability", "updated_date": "2020-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1099/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-10603", "zdi_id": "ZDI-20-1099" }, { "cve": "CVE-2020-24624", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Downl...", "detail_json": "/data/advisories/ZDI-20-1098/advisory.json", "detail_path": "advisories/ZDI-20-1098", "id": "ZDI-20-1098", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Pay per use UCS Meter DownloadServlet execute Directory Traversal Information Disclosure Vulnerability", "updated_date": "2020-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1098/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-10602", "zdi_id": "ZDI-20-1098" }, { "cve": "CVE-2020-24626", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReceiverServl...", "detail_json": "/data/advisories/ZDI-20-1097/advisory.json", "detail_path": "advisories/ZDI-20-1097", "id": "ZDI-20-1097", "kind": "published", "published_date": "2020-09-08", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Pay per use UCS Meter ReceiverServlet doPost Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2020-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1097/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-10601", "zdi_id": "ZDI-20-1097" }, { "cve": "CVE-2020-24559", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-1096/advisory.json", "detail_path": "advisories/ZDI-20-1096", "id": "ZDI-20-1096", "kind": "published", "published_date": "2020-08-31", "status": "published", "title": "Trend Micro Apex One Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10790", "zdi_id": "ZDI-20-1096" }, { "cve": "CVE-2020-24558", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-1095/advisory.json", "detail_path": "advisories/ZDI-20-1095", "id": "ZDI-20-1095", "kind": "published", "published_date": "2020-08-31", "status": "published", "title": "Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10760", "zdi_id": "ZDI-20-1095" }, { "cve": "CVE-2020-24557", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-1094/advisory.json", "detail_path": "advisories/ZDI-20-1094", "id": "ZDI-20-1094", "kind": "published", "published_date": "2020-08-31", "status": "published", "title": "Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10514", "zdi_id": "ZDI-20-1094" }, { "cve": "CVE-2020-24556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-1093/advisory.json", "detail_path": "advisories/ZDI-20-1093", "id": "ZDI-20-1093", "kind": "published", "published_date": "2020-08-31", "status": "published", "title": "Trend Micro Apex One Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10513", "zdi_id": "ZDI-20-1093" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findSummaryCfgDevic...", "detail_json": "/data/advisories/ZDI-20-1092/advisory.json", "detail_path": "advisories/ZDI-20-1092", "id": "ZDI-20-1092", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView NetworkServlet findSummaryCfgDeviceListExport Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10995", "zdi_id": "ZDI-20-1092" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findUpdateDeviceLis...", "detail_json": "/data/advisories/ZDI-20-1091/advisory.json", "detail_path": "advisories/ZDI-20-1091", "id": "ZDI-20-1091", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView NetworkServlet findUpdateDeviceListExport Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10994", "zdi_id": "ZDI-20-1091" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findCfgDeviceListEx...", "detail_json": "/data/advisories/ZDI-20-1090/advisory.json", "detail_path": "advisories/ZDI-20-1090", "id": "ZDI-20-1090", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView NetworkServlet findCfgDeviceListExport Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10993", "zdi_id": "ZDI-20-1090" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findSummaryUpdateDe...", "detail_json": "/data/advisories/ZDI-20-1089/advisory.json", "detail_path": "advisories/ZDI-20-1089", "id": "ZDI-20-1089", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView NetworkServlet findSummaryUpdateDeviceListExport Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10992", "zdi_id": "ZDI-20-1089" }, { "cve": "CVE-2020-16245", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the backupDatab...", "detail_json": "/data/advisories/ZDI-20-1088/advisory.json", "detail_path": "advisories/ZDI-20-1088", "id": "ZDI-20-1088", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView NetworkServlet backupDatabase Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10991", "zdi_id": "ZDI-20-1088" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportTaskMgrReport...", "detail_json": "/data/advisories/ZDI-20-1087/advisory.json", "detail_path": "advisories/ZDI-20-1087", "id": "ZDI-20-1087", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView TaskMgrTable exportTaskMgrReportDetails Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10990", "zdi_id": "ZDI-20-1087" }, { "cve": "CVE-2020-16245", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportPSInventoryTa...", "detail_json": "/data/advisories/ZDI-20-1086/advisory.json", "detail_path": "advisories/ZDI-20-1086", "id": "ZDI-20-1086", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView PSTable exportPSInventoryTable Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10989", "zdi_id": "ZDI-20-1086" }, { "cve": "CVE-2020-16245", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportInventoryTabl...", "detail_json": "/data/advisories/ZDI-20-1085/advisory.json", "detail_path": "advisories/ZDI-20-1085", "id": "ZDI-20-1085", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView DeviceTreeTable exportInventoryTable Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10988", "zdi_id": "ZDI-20-1085" }, { "cve": "CVE-2020-16245", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportTaskMgrReport...", "detail_json": "/data/advisories/ZDI-20-1084/advisory.json", "detail_path": "advisories/ZDI-20-1084", "id": "ZDI-20-1084", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Advantech iView DeviceTreeTable exportTaskMgrReport Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10976", "zdi_id": "ZDI-20-1084" }, { "cve": "CVE-2020-15605", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Vulnerability Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vulnerability Protection c...", "detail_json": "/data/advisories/ZDI-20-1083/advisory.json", "detail_path": "advisories/ZDI-20-1083", "id": "ZDI-20-1083", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Trend Micro Vulnerability Protection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1083/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11431", "zdi_id": "ZDI-20-1083" }, { "cve": "CVE-2020-9908", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-1082/advisory.json", "detail_path": "advisories/ZDI-20-1082", "id": "ZDI-20-1082", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Apple macOS Intel Graphics Driver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1082/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11000", "zdi_id": "ZDI-20-1082" }, { "cve": "CVE-2020-1457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1081/advisory.json", "detail_path": "advisories/ZDI-20-1081", "id": "ZDI-20-1081", "kind": "published", "published_date": "2020-08-27", "status": "published", "title": "Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1081/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10962", "zdi_id": "ZDI-20-1081" }, { "cve": "CVE-2020-17405", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results...", "detail_json": "/data/advisories/ZDI-20-1080/advisory.json", "detail_path": "advisories/ZDI-20-1080", "id": "ZDI-20-1080", "kind": "published", "published_date": "2020-08-26", "status": "published", "title": "Senstar Symphony SSOAuth Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/", "vendor": "Senstar", "vendor_url": null, "zdi_can": "ZDI-CAN-10980", "zdi_id": "ZDI-20-1080" }, { "cve": "CVE-2020-17404", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1079/advisory.json", "detail_path": "advisories/ZDI-20-1079", "id": "ZDI-20-1079", "kind": "published", "published_date": "2020-08-21", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1079/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11191", "zdi_id": "ZDI-20-1079" }, { "cve": "CVE-2020-17403", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-1078/advisory.json", "detail_path": "advisories/ZDI-20-1078", "id": "ZDI-20-1078", "kind": "published", "published_date": "2020-08-21", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1078/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-11003", "zdi_id": "ZDI-20-1078" }, { "cve": "CVE-2020-15601", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Deep Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Deep Security Manager console...", "detail_json": "/data/advisories/ZDI-20-1077/advisory.json", "detail_path": "advisories/ZDI-20-1077", "id": "ZDI-20-1077", "kind": "published", "published_date": "2020-08-21", "status": "published", "title": "Trend Micro Deep Security Manager Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1077/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-11368", "zdi_id": "ZDI-20-1077" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1076/advisory.json", "detail_path": "advisories/ZDI-20-1076", "id": "ZDI-20-1076", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU MultiLink bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1076/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10546", "zdi_id": "ZDI-20-1076" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1075/advisory.json", "detail_path": "advisories/ZDI-20-1075", "id": "ZDI-20-1075", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU Alarm bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1075/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10543", "zdi_id": "ZDI-20-1075" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1074/advisory.json", "detail_path": "advisories/ZDI-20-1074", "id": "ZDI-20-1074", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU Disc WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1074/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10542", "zdi_id": "ZDI-20-1074" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1073/advisory.json", "detail_path": "advisories/ZDI-20-1073", "id": "ZDI-20-1073", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU Disc WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1073/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10541", "zdi_id": "ZDI-20-1073" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1072/advisory.json", "detail_path": "advisories/ZDI-20-1072", "id": "ZDI-20-1072", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU Disc WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1072/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10540", "zdi_id": "ZDI-20-1072" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1071/advisory.json", "detail_path": "advisories/ZDI-20-1071", "id": "ZDI-20-1071", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU TrendSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1071/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10528", "zdi_id": "ZDI-20-1071" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1070/advisory.json", "detail_path": "advisories/ZDI-20-1070", "id": "ZDI-20-1070", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU AlarmSet bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1070/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10489", "zdi_id": "ZDI-20-1070" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1069/advisory.json", "detail_path": "advisories/ZDI-20-1069", "id": "ZDI-20-1069", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU AlarmSet WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1069/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10548", "zdi_id": "ZDI-20-1069" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1068/advisory.json", "detail_path": "advisories/ZDI-20-1068", "id": "ZDI-20-1068", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU WordAlarmSet WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1068/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10547", "zdi_id": "ZDI-20-1068" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1067/advisory.json", "detail_path": "advisories/ZDI-20-1067", "id": "ZDI-20-1067", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU MultiLink WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1067/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10545", "zdi_id": "ZDI-20-1067" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1066/advisory.json", "detail_path": "advisories/ZDI-20-1066", "id": "ZDI-20-1066", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU WebSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1066/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10544", "zdi_id": "ZDI-20-1066" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1065/advisory.json", "detail_path": "advisories/ZDI-20-1065", "id": "ZDI-20-1065", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU DiscSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1065/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10539", "zdi_id": "ZDI-20-1065" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1064/advisory.json", "detail_path": "advisories/ZDI-20-1064", "id": "ZDI-20-1064", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU DiscSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1064/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10538", "zdi_id": "ZDI-20-1064" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1063/advisory.json", "detail_path": "advisories/ZDI-20-1063", "id": "ZDI-20-1063", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU XYSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1063/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10537", "zdi_id": "ZDI-20-1063" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1062/advisory.json", "detail_path": "advisories/ZDI-20-1062", "id": "ZDI-20-1062", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU XYSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1062/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10536", "zdi_id": "ZDI-20-1062" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1061/advisory.json", "detail_path": "advisories/ZDI-20-1061", "id": "ZDI-20-1061", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU XYSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1061/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10535", "zdi_id": "ZDI-20-1061" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1060/advisory.json", "detail_path": "advisories/ZDI-20-1060", "id": "ZDI-20-1060", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU XYSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1060/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10534", "zdi_id": "ZDI-20-1060" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1059/advisory.json", "detail_path": "advisories/ZDI-20-1059", "id": "ZDI-20-1059", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU XYSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1059/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10533", "zdi_id": "ZDI-20-1059" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1058/advisory.json", "detail_path": "advisories/ZDI-20-1058", "id": "ZDI-20-1058", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU TrendSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1058/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10532", "zdi_id": "ZDI-20-1058" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1057/advisory.json", "detail_path": "advisories/ZDI-20-1057", "id": "ZDI-20-1057", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU TrendSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1057/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10531", "zdi_id": "ZDI-20-1057" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1056/advisory.json", "detail_path": "advisories/ZDI-20-1056", "id": "ZDI-20-1056", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU TrendSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1056/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10530", "zdi_id": "ZDI-20-1056" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1055/advisory.json", "detail_path": "advisories/ZDI-20-1055", "id": "ZDI-20-1055", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) WECON LeviStudioU TrendSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1055/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-10529", "zdi_id": "ZDI-20-1055" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_calen...", "detail_json": "/data/advisories/ZDI-20-1054/advisory.json", "detail_path": "advisories/ZDI-20-1054", "id": "ZDI-20-1054", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1054/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10441", "zdi_id": "ZDI-20-1054" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fb_cal...", "detail_json": "/data/advisories/ZDI-20-1053/advisory.json", "detail_path": "advisories/ZDI-20-1053", "id": "ZDI-20-1053", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition attendees fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1053/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10440", "zdi_id": "ZDI-20-1053" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within fb.php. When parsing the fb_cals param...", "detail_json": "/data/advisories/ZDI-20-1052/advisory.json", "detail_path": "advisories/ZDI-20-1052", "id": "ZDI-20-1052", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition fb fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1052/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10439", "zdi_id": "ZDI-20-1052" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Sort.php. When parsing the sortpref pa...", "detail_json": "/data/advisories/ZDI-20-1051/advisory.json", "detail_path": "advisories/ZDI-20-1051", "id": "ZDI-20-1051", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Sort sortpref Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1051/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10436", "zdi_id": "ZDI-20-1051" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Poll.php. When parsing the nav_poll pa...", "detail_json": "/data/advisories/ZDI-20-1050/advisory.json", "detail_path": "advisories/ZDI-20-1050", "id": "ZDI-20-1050", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Poll nav_poll Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1050/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10435", "zdi_id": "ZDI-20-1050" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Remote.php. When parsing the remote pa...", "detail_json": "/data/advisories/ZDI-20-1049/advisory.json", "detail_path": "advisories/ZDI-20-1049", "id": "ZDI-20-1049", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Remote Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1049/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10434", "zdi_id": "ZDI-20-1049" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Event.php. When parsing the event_alar...", "detail_json": "/data/advisories/ZDI-20-1048/advisory.json", "detail_path": "advisories/ZDI-20-1048", "id": "ZDI-20-1048", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Event event_alarms Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1048/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10433", "zdi_id": "ZDI-20-1048" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within CalendarsManager.php. The issue result...", "detail_json": "/data/advisories/ZDI-20-1047/advisory.json", "detail_path": "advisories/ZDI-20-1047", "id": "ZDI-20-1047", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition CalendarsManager _checkDisplayCals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1047/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10432", "zdi_id": "ZDI-20-1047" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Search.php. When parsing the filter pa...", "detail_json": "/data/advisories/ZDI-20-1046/advisory.json", "detail_path": "advisories/ZDI-20-1046", "id": "ZDI-20-1046", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Search filter Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1046/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10431", "zdi_id": "ZDI-20-1046" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Search.php. When parsing the vfolder p...", "detail_json": "/data/advisories/ZDI-20-1045/advisory.json", "detail_path": "advisories/ZDI-20-1045", "id": "ZDI-20-1045", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Search vfolder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1045/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10430", "zdi_id": "ZDI-20-1045" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Flags.php. When parsing the msgflags p...", "detail_json": "/data/advisories/ZDI-20-1044/advisory.json", "detail_path": "advisories/ZDI-20-1044", "id": "ZDI-20-1044", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Flags msgflags Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1044/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10429", "zdi_id": "ZDI-20-1044" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Expanded.php. When parsing the expande...", "detail_json": "/data/advisories/ZDI-20-1043/advisory.json", "detail_path": "advisories/ZDI-20-1043", "id": "ZDI-20-1043", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Expanded expanded_folders Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1043/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10428", "zdi_id": "ZDI-20-1043" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Upgrade.php. When parsing the upgrade_...", "detail_json": "/data/advisories/ZDI-20-1042/advisory.json", "detail_path": "advisories/ZDI-20-1042", "id": "ZDI-20-1042", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Upgrade upgrade_tasks Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1042/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10427", "zdi_id": "ZDI-20-1042" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Horde.php. When parsing the last_login...", "detail_json": "/data/advisories/ZDI-20-1041/advisory.json", "detail_path": "advisories/ZDI-20-1041", "id": "ZDI-20-1041", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Horde last_logintasks Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1041/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10426", "zdi_id": "ZDI-20-1041" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Compose.php. When parsing the reply_la...", "detail_json": "/data/advisories/ZDI-20-1040/advisory.json", "detail_path": "advisories/ZDI-20-1040", "id": "ZDI-20-1040", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Compose reply_lang Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1040/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10425", "zdi_id": "ZDI-20-1040" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_calen...", "detail_json": "/data/advisories/ZDI-20-1039/advisory.json", "detail_path": "advisories/ZDI-20-1039", "id": "ZDI-20-1039", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1039/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10458", "zdi_id": "ZDI-20-1039" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the show_externa...", "detail_json": "/data/advisories/ZDI-20-1038/advisory.json", "detail_path": "advisories/ZDI-20-1038", "id": "ZDI-20-1038", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Nag show_external Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1038/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10457", "zdi_id": "ZDI-20-1038" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_lists...", "detail_json": "/data/advisories/ZDI-20-1037/advisory.json", "detail_path": "advisories/ZDI-20-1037", "id": "ZDI-20-1037", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Prefs sync_lists Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1037/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10456", "zdi_id": "ZDI-20-1037" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_lists...", "detail_json": "/data/advisories/ZDI-20-1036/advisory.json", "detail_path": "advisories/ZDI-20-1036", "id": "ZDI-20-1036", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition prefs sync_lists Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1036/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10455", "zdi_id": "ZDI-20-1036" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_task...", "detail_json": "/data/advisories/ZDI-20-1035/advisory.json", "detail_path": "advisories/ZDI-20-1035", "id": "ZDI-20-1035", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1035/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10454", "zdi_id": "ZDI-20-1035" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within List.php. When parsing the tasklist_co...", "detail_json": "/data/advisories/ZDI-20-1034/advisory.json", "detail_path": "advisories/ZDI-20-1034", "id": "ZDI-20-1034", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition List tasklist_columns Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1034/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10453", "zdi_id": "ZDI-20-1034" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Task.php. When parsing the task_alarms...", "detail_json": "/data/advisories/ZDI-20-1033/advisory.json", "detail_path": "advisories/ZDI-20-1033", "id": "ZDI-20-1033", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Task task_alarms Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1033/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10452", "zdi_id": "ZDI-20-1033" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_task...", "detail_json": "/data/advisories/ZDI-20-1032/advisory.json", "detail_path": "advisories/ZDI-20-1032", "id": "ZDI-20-1032", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1032/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10451", "zdi_id": "ZDI-20-1032" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_task...", "detail_json": "/data/advisories/ZDI-20-1031/advisory.json", "detail_path": "advisories/ZDI-20-1031", "id": "ZDI-20-1031", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1031/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10450", "zdi_id": "ZDI-20-1031" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Ui.php. The issue results from the lac...", "detail_json": "/data/advisories/ZDI-20-1030/advisory.json", "detail_path": "advisories/ZDI-20-1030", "id": "ZDI-20-1030", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Ui generateUI Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1030/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10449", "zdi_id": "ZDI-20-1030" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remote...", "detail_json": "/data/advisories/ZDI-20-1029/advisory.json", "detail_path": "advisories/ZDI-20-1029", "id": "ZDI-20-1029", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Kronolith remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1029/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10448", "zdi_id": "ZDI-20-1029" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the display_no...", "detail_json": "/data/advisories/ZDI-20-1028/advisory.json", "detail_path": "advisories/ZDI-20-1028", "id": "ZDI-20-1028", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Mnemo display_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1028/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10447", "zdi_id": "ZDI-20-1028" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_notep...", "detail_json": "/data/advisories/ZDI-20-1027/advisory.json", "detail_path": "advisories/ZDI-20-1027", "id": "ZDI-20-1027", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition prefs sync_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1027/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10446", "zdi_id": "ZDI-20-1027" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the show_t...", "detail_json": "/data/advisories/ZDI-20-1026/advisory.json", "detail_path": "advisories/ZDI-20-1026", "id": "ZDI-20-1026", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Kronolith show_time Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1026/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10445", "zdi_id": "ZDI-20-1026" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_notep...", "detail_json": "/data/advisories/ZDI-20-1025/advisory.json", "detail_path": "advisories/ZDI-20-1025", "id": "ZDI-20-1025", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition prefs sync_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1025/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10444", "zdi_id": "ZDI-20-1025" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the porta...", "detail_json": "/data/advisories/ZDI-20-1024/advisory.json", "detail_path": "advisories/ZDI-20-1024", "id": "ZDI-20-1024", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1024/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10443", "zdi_id": "ZDI-20-1024" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remote...", "detail_json": "/data/advisories/ZDI-20-1023/advisory.json", "detail_path": "advisories/ZDI-20-1023", "id": "ZDI-20-1023", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition Kronolith remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1023/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10442", "zdi_id": "ZDI-20-1023" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within remote_edit.php. When parsing the remo...", "detail_json": "/data/advisories/ZDI-20-1022/advisory.json", "detail_path": "advisories/ZDI-20-1022", "id": "ZDI-20-1022", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition remote_edit remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1022/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10438", "zdi_id": "ZDI-20-1022" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within remote_unsubscribe.php. When parsing t...", "detail_json": "/data/advisories/ZDI-20-1021/advisory.json", "detail_path": "advisories/ZDI-20-1021", "id": "ZDI-20-1021", "kind": "published", "published_date": "2020-08-19", "status": "published", "title": "(0Day) Horde Groupware Webmail Edition remote_unsubscribe remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1021/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10437", "zdi_id": "ZDI-20-1021" }, { "cve": "CVE-2020-17402", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-1020/advisory.json", "detail_path": "advisories/ZDI-20-1020", "id": "ZDI-20-1020", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Incorrect Permission Assignment for Critical Resource Information Disclosure Vulnerability", "updated_date": "2024-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1020/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11063", "zdi_id": "ZDI-20-1020" }, { "cve": "CVE-2020-17401", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-20-1019/advisory.json", "detail_path": "advisories/ZDI-20-1019", "id": "ZDI-20-1019", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop VGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1019/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11363", "zdi_id": "ZDI-20-1019" }, { "cve": "CVE-2020-17400", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1018/advisory.json", "detail_path": "advisories/ZDI-20-1018", "id": "ZDI-20-1018", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1018/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11304", "zdi_id": "ZDI-20-1018" }, { "cve": "CVE-2020-17399", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1017/advisory.json", "detail_path": "advisories/ZDI-20-1017", "id": "ZDI-20-1017", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1017/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11303", "zdi_id": "ZDI-20-1017" }, { "cve": "CVE-2020-17398", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-1016/advisory.json", "detail_path": "advisories/ZDI-20-1016", "id": "ZDI-20-1016", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1016/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11302", "zdi_id": "ZDI-20-1016" }, { "cve": "CVE-2020-17397", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-1015/advisory.json", "detail_path": "advisories/ZDI-20-1015", "id": "ZDI-20-1015", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop Networking Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1015/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11253", "zdi_id": "ZDI-20-1015" }, { "cve": "CVE-2020-17396", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1014/advisory.json", "detail_path": "advisories/ZDI-20-1014", "id": "ZDI-20-1014", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1014/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11217", "zdi_id": "ZDI-20-1014" }, { "cve": "CVE-2020-17395", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-1013/advisory.json", "detail_path": "advisories/ZDI-20-1013", "id": "ZDI-20-1013", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop Networking Service Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1013/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11134", "zdi_id": "ZDI-20-1013" }, { "cve": "CVE-2020-17394", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-1012/advisory.json", "detail_path": "advisories/ZDI-20-1012", "id": "ZDI-20-1012", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop OEMNet Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1012/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-11132", "zdi_id": "ZDI-20-1012" }, { "cve": "CVE-2020-17393", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-1011/advisory.json", "detail_path": "advisories/ZDI-20-1011", "id": "ZDI-20-1011", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Improper Input Validation Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1011/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10520", "zdi_id": "ZDI-20-1011" }, { "cve": "CVE-2020-17392", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1010/advisory.json", "detail_path": "advisories/ZDI-20-1010", "id": "ZDI-20-1010", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1010/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10519", "zdi_id": "ZDI-20-1010" }, { "cve": "CVE-2020-17391", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-1009/advisory.json", "detail_path": "advisories/ZDI-20-1009", "id": "ZDI-20-1009", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop prl_hypervisor Exposed Dangerous Method Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1009/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10518", "zdi_id": "ZDI-20-1009" }, { "cve": "CVE-2020-17390", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1008/advisory.json", "detail_path": "advisories/ZDI-20-1008", "id": "ZDI-20-1008", "kind": "published", "published_date": "2020-08-18", "status": "published", "title": "Parallels Desktop hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1008/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10030", "zdi_id": "ZDI-20-1008" }, { "cve": "CVE-2020-7522", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SoundUploadServlet clas...", "detail_json": "/data/advisories/ZDI-20-1007/advisory.json", "detail_path": "advisories/ZDI-20-1007", "id": "ZDI-20-1007", "kind": "published", "published_date": "2020-08-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online SoundUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1007/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10605", "zdi_id": "ZDI-20-1007" }, { "cve": "CVE-2020-7521", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class...", "detail_json": "/data/advisories/ZDI-20-1006/advisory.json", "detail_path": "advisories/ZDI-20-1006", "id": "ZDI-20-1006", "kind": "published", "published_date": "2020-08-17", "status": "published", "title": "Schneider Electric APC Easy UPS Online FileUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1006/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10604", "zdi_id": "ZDI-20-1006" }, { "cve": "CVE-2020-10756", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-20-1005/advisory.json", "detail_path": "advisories/ZDI-20-1005", "id": "ZDI-20-1005", "kind": "published", "published_date": "2020-08-17", "status": "published", "title": "QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1005/", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-10892", "zdi_id": "ZDI-20-1005" }, { "cve": "CVE-2020-1492", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1004/advisory.json", "detail_path": "advisories/ZDI-20-1004", "id": "ZDI-20-1004", "kind": "published", "published_date": "2020-08-14", "status": "published", "title": "Microsoft Windows QuickTime Video Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10937", "zdi_id": "ZDI-20-1004" }, { "cve": "CVE-2020-1561", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1003/advisory.json", "detail_path": "advisories/ZDI-20-1003", "id": "ZDI-20-1003", "kind": "published", "published_date": "2020-08-14", "status": "published", "title": "Microsoft Windows fontdrvhost Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1003/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10816", "zdi_id": "ZDI-20-1003" }, { "cve": "CVE-2020-1560", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-1002/advisory.json", "detail_path": "advisories/ZDI-20-1002", "id": "ZDI-20-1002", "kind": "published", "published_date": "2020-08-14", "status": "published", "title": "Microsoft Windows av1decodermft_store MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1002/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11006", "zdi_id": "ZDI-20-1002" }, { "cve": "CVE-2020-1555", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-1001/advisory.json", "detail_path": "advisories/ZDI-20-1001", "id": "ZDI-20-1001", "kind": "published", "published_date": "2020-08-14", "status": "published", "title": "Microsoft Chakra Inline Cache Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1001/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10925", "zdi_id": "ZDI-20-1001" }, { "cve": "CVE-2020-1581", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-1000/advisory.json", "detail_path": "advisories/ZDI-20-1000", "id": "ZDI-20-1000", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Office OfficeClickToRun Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1000/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10974", "zdi_id": "ZDI-20-1000" }, { "cve": "CVE-2020-1493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-20-999/advisory.json", "detail_path": "advisories/ZDI-20-999", "id": "ZDI-20-999", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Outlook EML Rendering Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-999/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10914", "zdi_id": "ZDI-20-999" }, { "cve": "CVE-2020-1520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-998/advisory.json", "detail_path": "advisories/ZDI-20-998", "id": "ZDI-20-998", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows PFB Font File Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-998/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10908", "zdi_id": "ZDI-20-998" }, { "cve": "CVE-2020-1556", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-997/advisory.json", "detail_path": "advisories/ZDI-20-997", "id": "ZDI-20-997", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows WalletService Race Condition Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-997/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11590", "zdi_id": "ZDI-20-997" }, { "cve": "CVE-2020-1556", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-996/advisory.json", "detail_path": "advisories/ZDI-20-996", "id": "ZDI-20-996", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows WalletService Race Condition Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-996/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11589", "zdi_id": "ZDI-20-996" }, { "cve": "CVE-2020-1337", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-995/advisory.json", "detail_path": "advisories/ZDI-20-995", "id": "ZDI-20-995", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows Print Spooler Directory Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-995/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11136", "zdi_id": "ZDI-20-995" }, { "cve": "CVE-2020-1577", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-994/advisory.json", "detail_path": "advisories/ZDI-20-994", "id": "ZDI-20-994", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows findBaseLigature TTF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-994/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10812", "zdi_id": "ZDI-20-994" }, { "cve": "CVE-2020-1585", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-993/advisory.json", "detail_path": "advisories/ZDI-20-993", "id": "ZDI-20-993", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows av1decodermft_store AVIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-993/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11007", "zdi_id": "ZDI-20-993" }, { "cve": "CVE-2020-1574", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-992/advisory.json", "detail_path": "advisories/ZDI-20-992", "id": "ZDI-20-992", "kind": "published", "published_date": "2020-08-13", "status": "published", "title": "Microsoft Windows WEBP VP8X Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-992/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10609", "zdi_id": "ZDI-20-992" }, { "cve": "CVE-2020-9715", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-991/advisory.json", "detail_path": "advisories/ZDI-20-991", "id": "ZDI-20-991", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Reader DC ESObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-991/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11254", "zdi_id": "ZDI-20-991" }, { "cve": "CVE-2020-9712", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-990/advisory.json", "detail_path": "advisories/ZDI-20-990", "id": "ZDI-20-990", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC Web2PDF:AppLinks JavaScript Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-990/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11166", "zdi_id": "ZDI-20-990" }, { "cve": "CVE-2020-9710", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-989/advisory.json", "detail_path": "advisories/ZDI-20-989", "id": "ZDI-20-989", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC convert Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2020-08-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-989/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11164", "zdi_id": "ZDI-20-989" }, { "cve": "CVE-2020-9706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-988/advisory.json", "detail_path": "advisories/ZDI-20-988", "id": "ZDI-20-988", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC updateFeed Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-988/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11162", "zdi_id": "ZDI-20-988" }, { "cve": "CVE-2020-9706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-987/advisory.json", "detail_path": "advisories/ZDI-20-987", "id": "ZDI-20-987", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC removeFeed Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-987/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11150", "zdi_id": "ZDI-20-987" }, { "cve": "CVE-2020-9707", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-986/advisory.json", "detail_path": "advisories/ZDI-20-986", "id": "ZDI-20-986", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC selectFeed Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-986/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11149", "zdi_id": "ZDI-20-986" }, { "cve": "CVE-2020-9706", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-985/advisory.json", "detail_path": "advisories/ZDI-20-985", "id": "ZDI-20-985", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Pro DC addFeed Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-985/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11148", "zdi_id": "ZDI-20-985" }, { "cve": "CVE-2020-9697", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-20-984/advisory.json", "detail_path": "advisories/ZDI-20-984", "id": "ZDI-20-984", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Reader DC app.measureDialog Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-984/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11105", "zdi_id": "ZDI-20-984" }, { "cve": "CVE-2020-9694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-983/advisory.json", "detail_path": "advisories/ZDI-20-983", "id": "ZDI-20-983", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-983/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11026", "zdi_id": "ZDI-20-983" }, { "cve": "CVE-2020-9693", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-982/advisory.json", "detail_path": "advisories/ZDI-20-982", "id": "ZDI-20-982", "kind": "published", "published_date": "2020-08-12", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-982/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-11025", "zdi_id": "ZDI-20-982" }, { "cve": "CVE-2020-15708", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to write arbitrary files on affected installations of Libvirt. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-20-981/advisory.json", "detail_path": "advisories/ZDI-20-981", "id": "ZDI-20-981", "kind": "published", "published_date": "2020-08-11", "status": "published", "title": "Canonical Ubuntu Virtualization Library Arbitrary File Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-981/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-11561", "zdi_id": "ZDI-20-981" }, { "cve": "CVE-2020-15704", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to read arbitrary files on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-980/advisory.json", "detail_path": "advisories/ZDI-20-980", "id": "ZDI-20-980", "kind": "published", "published_date": "2020-08-11", "status": "published", "title": "Canonical Ubuntu Point-to-Point Protocol Daemon Arbitrary File Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-980/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-11504", "zdi_id": "ZDI-20-980" }, { "cve": "CVE-2020-15702", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-979/advisory.json", "detail_path": "advisories/ZDI-20-979", "id": "ZDI-20-979", "kind": "published", "published_date": "2020-08-11", "status": "published", "title": "Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-11234", "zdi_id": "ZDI-20-979" }, { "cve": "CVE-2020-11936", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-20-978/advisory.json", "detail_path": "advisories/ZDI-20-978", "id": "ZDI-20-978", "kind": "published", "published_date": "2020-08-11", "status": "published", "title": "Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-978/", "vendor": "Canonical", "vendor_url": null, "zdi_can": "ZDI-CAN-11233", "zdi_id": "ZDI-20-978" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Secure Messaging Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within manage_domains_save_data.php. Whe...", "detail_json": "/data/advisories/ZDI-20-977/advisory.json", "detail_path": "advisories/ZDI-20-977", "id": "ZDI-20-977", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Micro Focus Secure Messaging Gateway manage_domains_save_data SaveData Command Injection Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-977/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-10333", "zdi_id": "ZDI-20-977" }, { "cve": "CVE-2020-17389", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-976/advisory.json", "detail_path": "advisories/ZDI-20-976", "id": "ZDI-20-976", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole GWTTestServiceImpl decryptFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-976/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10502", "zdi_id": "ZDI-20-976" }, { "cve": "CVE-2020-17388", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-975/advisory.json", "detail_path": "advisories/ZDI-20-975", "id": "ZDI-20-975", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole Exposed Dangerous Method or Function Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-975/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10799", "zdi_id": "ZDI-20-975" }, { "cve": "CVE-2020-17387", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-974/advisory.json", "detail_path": "advisories/ZDI-20-974", "id": "ZDI-20-974", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole writeObjectToConfigFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-974/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10565", "zdi_id": "ZDI-20-974" }, { "cve": "CVE-2020-15645", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-973/advisory.json", "detail_path": "advisories/ZDI-20-973", "id": "ZDI-20-973", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-973/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10553", "zdi_id": "ZDI-20-973" }, { "cve": "CVE-2020-15644", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-972/advisory.json", "detail_path": "advisories/ZDI-20-972", "id": "ZDI-20-972", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole setAppFileBytes Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-972/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10550", "zdi_id": "ZDI-20-972" }, { "cve": "CVE-2020-15643", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-971/advisory.json", "detail_path": "advisories/ZDI-20-971", "id": "ZDI-20-971", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-971/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10549", "zdi_id": "ZDI-20-971" }, { "cve": "CVE-2020-15642", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-970/advisory.json", "detail_path": "advisories/ZDI-20-970", "id": "ZDI-20-970", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole isHPSmartComponent Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-970/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10501", "zdi_id": "ZDI-20-970" }, { "cve": "CVE-2020-15641", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of...", "detail_json": "/data/advisories/ZDI-20-969/advisory.json", "detail_path": "advisories/ZDI-20-969", "id": "ZDI-20-969", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-969/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10499", "zdi_id": "ZDI-20-969" }, { "cve": "CVE-2020-15640", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of...", "detail_json": "/data/advisories/ZDI-20-968/advisory.json", "detail_path": "advisories/ZDI-20-968", "id": "ZDI-20-968", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-968/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10497", "zdi_id": "ZDI-20-968" }, { "cve": "CVE-2020-15639", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValida...", "detail_json": "/data/advisories/ZDI-20-967/advisory.json", "detail_path": "advisories/ZDI-20-967", "id": "ZDI-20-967", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Marvell QConvergeConsole decryptFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-967/", "vendor": "Marvell", "vendor_url": null, "zdi_can": "ZDI-CAN-10496", "zdi_id": "ZDI-20-967" }, { "cve": "CVE-2020-16223", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-966/advisory.json", "detail_path": "advisories/ZDI-20-966", "id": "ZDI-20-966", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-966/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-11041", "zdi_id": "ZDI-20-966" }, { "cve": "CVE-2020-16227", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-965/advisory.json", "detail_path": "advisories/ZDI-20-965", "id": "ZDI-20-965", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-965/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10667", "zdi_id": "ZDI-20-965" }, { "cve": "CVE-2020-16225", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-964/advisory.json", "detail_path": "advisories/ZDI-20-964", "id": "ZDI-20-964", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Write-what-where Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-964/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10726", "zdi_id": "ZDI-20-964" }, { "cve": "CVE-2020-16219", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-963/advisory.json", "detail_path": "advisories/ZDI-20-963", "id": "ZDI-20-963", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-963/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8564", "zdi_id": "ZDI-20-963" }, { "cve": "CVE-2020-16221", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-962/advisory.json", "detail_path": "advisories/ZDI-20-962", "id": "ZDI-20-962", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-962/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10130", "zdi_id": "ZDI-20-962" }, { "cve": "CVE-2020-16219", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-961/advisory.json", "detail_path": "advisories/ZDI-20-961", "id": "ZDI-20-961", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-961/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10128", "zdi_id": "ZDI-20-961" }, { "cve": "CVE-2020-9939", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-960/advisory.json", "detail_path": "advisories/ZDI-20-960", "id": "ZDI-20-960", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "(Pwn2Own) Apple macOS kextload Time-Of-Check Time-Of-Use Memory Corruption Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-960/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10778", "zdi_id": "ZDI-20-960" }, { "cve": "CVE-2020-16207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-959/advisory.json", "detail_path": "advisories/ZDI-20-959", "id": "ZDI-20-959", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-959/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10122", "zdi_id": "ZDI-20-959" }, { "cve": "CVE-2020-16207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-958/advisory.json", "detail_path": "advisories/ZDI-20-958", "id": "ZDI-20-958", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-958/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10133", "zdi_id": "ZDI-20-958" }, { "cve": "CVE-2020-16211", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-20-957/advisory.json", "detail_path": "advisories/ZDI-20-957", "id": "ZDI-20-957", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-957/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10134", "zdi_id": "ZDI-20-957" }, { "cve": "CVE-2020-16213", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-956/advisory.json", "detail_path": "advisories/ZDI-20-956", "id": "ZDI-20-956", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-956/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10135", "zdi_id": "ZDI-20-956" }, { "cve": "CVE-2020-16207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-955/advisory.json", "detail_path": "advisories/ZDI-20-955", "id": "ZDI-20-955", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-955/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10136", "zdi_id": "ZDI-20-955" }, { "cve": "CVE-2020-16229", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-954/advisory.json", "detail_path": "advisories/ZDI-20-954", "id": "ZDI-20-954", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-954/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10139", "zdi_id": "ZDI-20-954" }, { "cve": "CVE-2020-16215", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwPFile.exe when invoked via IOCTL 0x2711. The...", "detail_json": "/data/advisories/ZDI-20-953/advisory.json", "detail_path": "advisories/ZDI-20-953", "id": "ZDI-20-953", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess IOCTL 0x2711 BwPFile Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-953/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10144", "zdi_id": "ZDI-20-953" }, { "cve": "CVE-2020-16217", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-952/advisory.json", "detail_path": "advisories/ZDI-20-952", "id": "ZDI-20-952", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-952/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10187", "zdi_id": "ZDI-20-952" }, { "cve": "CVE-2020-16207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-951/advisory.json", "detail_path": "advisories/ZDI-20-951", "id": "ZDI-20-951", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-951/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10188", "zdi_id": "ZDI-20-951" }, { "cve": "CVE-2020-16207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-20-950/advisory.json", "detail_path": "advisories/ZDI-20-950", "id": "ZDI-20-950", "kind": "published", "published_date": "2020-08-10", "status": "published", "title": "Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-950/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10121", "zdi_id": "ZDI-20-950" }, { "cve": "CVE-2020-7460", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-20-949/advisory.json", "detail_path": "advisories/ZDI-20-949", "id": "ZDI-20-949", "kind": "published", "published_date": "2020-08-06", "status": "published", "title": "FreeBSD Kernel sendmsg System Call Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-949/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-11543", "zdi_id": "ZDI-20-949" }, { "cve": "CVE-2020-16203", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-948/advisory.json", "detail_path": "advisories/ZDI-20-948", "id": "ZDI-20-948", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-948/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10893", "zdi_id": "ZDI-20-948" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-947/advisory.json", "detail_path": "advisories/ZDI-20-947", "id": "ZDI-20-947", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-947/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10888", "zdi_id": "ZDI-20-947" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-946/advisory.json", "detail_path": "advisories/ZDI-20-946", "id": "ZDI-20-946", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-946/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10887", "zdi_id": "ZDI-20-946" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-945/advisory.json", "detail_path": "advisories/ZDI-20-945", "id": "ZDI-20-945", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-945/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10885", "zdi_id": "ZDI-20-945" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-944/advisory.json", "detail_path": "advisories/ZDI-20-944", "id": "ZDI-20-944", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-944/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10883", "zdi_id": "ZDI-20-944" }, { "cve": "CVE-2020-16199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-943/advisory.json", "detail_path": "advisories/ZDI-20-943", "id": "ZDI-20-943", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-943/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10881", "zdi_id": "ZDI-20-943" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-942/advisory.json", "detail_path": "advisories/ZDI-20-942", "id": "ZDI-20-942", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-942/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10882", "zdi_id": "ZDI-20-942" }, { "cve": "CVE-2020-16201", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-941/advisory.json", "detail_path": "advisories/ZDI-20-941", "id": "ZDI-20-941", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-941/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10886", "zdi_id": "ZDI-20-941" }, { "cve": "CVE-2020-16199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-940/advisory.json", "detail_path": "advisories/ZDI-20-940", "id": "ZDI-20-940", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-940/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10889", "zdi_id": "ZDI-20-940" }, { "cve": "CVE-2020-16199", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-939/advisory.json", "detail_path": "advisories/ZDI-20-939", "id": "ZDI-20-939", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-939/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10890", "zdi_id": "ZDI-20-939" }, { "cve": "CVE-2020-9875", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-20-938/advisory.json", "detail_path": "advisories/ZDI-20-938", "id": "ZDI-20-938", "kind": "published", "published_date": "2020-08-05", "status": "published", "title": "Apple macOS ImageIO EXR Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-938/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11151", "zdi_id": "ZDI-20-938" }, { "cve": "CVE-2020-15636", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers. Authentication is not required to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-20-937/advisory.json", "detail_path": "advisories/ZDI-20-937", "id": "ZDI-20-937", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "NETGEAR Multiple Routers check_ra Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-937/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9852", "zdi_id": "ZDI-20-937" }, { "cve": "CVE-2020-15635", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on...", "detail_json": "/data/advisories/ZDI-20-936/advisory.json", "detail_path": "advisories/ZDI-20-936", "id": "ZDI-20-936", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "NETGEAR R6700 acsd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-936/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9853", "zdi_id": "ZDI-20-936" }, { "cve": "CVE-2020-15634", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file...", "detail_json": "/data/advisories/ZDI-20-935/advisory.json", "detail_path": "advisories/ZDI-20-935", "id": "ZDI-20-935", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "NETGEAR R6700 httpd strtblupgrade Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-935/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9755", "zdi_id": "ZDI-20-935" }, { "cve": "CVE-2020-14347", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-20-934/advisory.json", "detail_path": "advisories/ZDI-20-934", "id": "ZDI-20-934", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-934/", "vendor": "X.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-11426", "zdi_id": "ZDI-20-934" }, { "cve": "CVE-2020-15638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-933/advisory.json", "detail_path": "advisories/ZDI-20-933", "id": "ZDI-20-933", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-933/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10950", "zdi_id": "ZDI-20-933" }, { "cve": "CVE-2020-15637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-932/advisory.json", "detail_path": "advisories/ZDI-20-932", "id": "ZDI-20-932", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Foxit PhantomPDF SetLocalDescription Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-932/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10972", "zdi_id": "ZDI-20-932" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-931/advisory.json", "detail_path": "advisories/ZDI-20-931", "id": "ZDI-20-931", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10559", "zdi_id": "ZDI-20-931" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-930/advisory.json", "detail_path": "advisories/ZDI-20-930", "id": "ZDI-20-930", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10558", "zdi_id": "ZDI-20-930" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-929/advisory.json", "detail_path": "advisories/ZDI-20-929", "id": "ZDI-20-929", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10557", "zdi_id": "ZDI-20-929" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-928/advisory.json", "detail_path": "advisories/ZDI-20-928", "id": "ZDI-20-928", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10556", "zdi_id": "ZDI-20-928" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-927/advisory.json", "detail_path": "advisories/ZDI-20-927", "id": "ZDI-20-927", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10555", "zdi_id": "ZDI-20-927" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-926/advisory.json", "detail_path": "advisories/ZDI-20-926", "id": "ZDI-20-926", "kind": "published", "published_date": "2020-08-04", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10554", "zdi_id": "ZDI-20-926" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Informix. Authentication is required to exploit this vulnerability. The specific flaw exists within the bts_tracefile function. When parsing the trace filena...", "detail_json": "/data/advisories/ZDI-20-925/advisory.json", "detail_path": "advisories/ZDI-20-925", "id": "ZDI-20-925", "kind": "published", "published_date": "2020-07-28", "status": "published", "title": "(0Day) IBM Informix bts_tracefile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-925/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10332", "zdi_id": "ZDI-20-925" }, { "cve": "CVE-2020-1400", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-924/advisory.json", "detail_path": "advisories/ZDI-20-924", "id": "ZDI-20-924", "kind": "published", "published_date": "2020-07-23", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-924/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-11121", "zdi_id": "ZDI-20-924" }, { "cve": "CVE-2020-1421", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-923/advisory.json", "detail_path": "advisories/ZDI-20-923", "id": "ZDI-20-923", "kind": "published", "published_date": "2020-07-23", "status": "published", "title": "Microsoft Windows LNK File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-923/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10895", "zdi_id": "ZDI-20-923" }, { "cve": "CVE-2020-9680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-922/advisory.json", "detail_path": "advisories/ZDI-20-922", "id": "ZDI-20-922", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Prelude MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-922/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10875", "zdi_id": "ZDI-20-922" }, { "cve": "CVE-2020-9679", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-20-921/advisory.json", "detail_path": "advisories/ZDI-20-921", "id": "ZDI-20-921", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Prelude MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-921/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10874", "zdi_id": "ZDI-20-921" }, { "cve": "CVE-2020-9678", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-920/advisory.json", "detail_path": "advisories/ZDI-20-920", "id": "ZDI-20-920", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Prelude MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-920/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10873", "zdi_id": "ZDI-20-920" }, { "cve": "CVE-2020-9677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-919/advisory.json", "detail_path": "advisories/ZDI-20-919", "id": "ZDI-20-919", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Prelude 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-919/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10872", "zdi_id": "ZDI-20-919" }, { "cve": "CVE-2020-9687", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-918/advisory.json", "detail_path": "advisories/ZDI-20-918", "id": "ZDI-20-918", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Photoshop MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-918/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10863", "zdi_id": "ZDI-20-918" }, { "cve": "CVE-2020-9686", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-917/advisory.json", "detail_path": "advisories/ZDI-20-917", "id": "ZDI-20-917", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Photoshop MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-917/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10862", "zdi_id": "ZDI-20-917" }, { "cve": "CVE-2020-9685", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-916/advisory.json", "detail_path": "advisories/ZDI-20-916", "id": "ZDI-20-916", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Photoshop MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-916/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10861", "zdi_id": "ZDI-20-916" }, { "cve": "CVE-2020-9684", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-915/advisory.json", "detail_path": "advisories/ZDI-20-915", "id": "ZDI-20-915", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Photoshop MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-915/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10860", "zdi_id": "ZDI-20-915" }, { "cve": "CVE-2020-9683", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-914/advisory.json", "detail_path": "advisories/ZDI-20-914", "id": "ZDI-20-914", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Photoshop 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-914/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10859", "zdi_id": "ZDI-20-914" }, { "cve": "CVE-2020-9674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-913/advisory.json", "detail_path": "advisories/ZDI-20-913", "id": "ZDI-20-913", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Bridge MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-913/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10858", "zdi_id": "ZDI-20-913" }, { "cve": "CVE-2020-9676", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-912/advisory.json", "detail_path": "advisories/ZDI-20-912", "id": "ZDI-20-912", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Bridge MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-912/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10857", "zdi_id": "ZDI-20-912" }, { "cve": "CVE-2020-9675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-911/advisory.json", "detail_path": "advisories/ZDI-20-911", "id": "ZDI-20-911", "kind": "published", "published_date": "2020-07-22", "status": "published", "title": "Adobe Bridge 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-911/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10856", "zdi_id": "ZDI-20-911" }, { "cve": "CVE-2020-9936", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The spec...", "detail_json": "/data/advisories/ZDI-20-910/advisory.json", "detail_path": "advisories/ZDI-20-910", "id": "ZDI-20-910", "kind": "published", "published_date": "2020-07-21", "status": "published", "title": "Apple macOS decodePICT PIC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-910/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-11107", "zdi_id": "ZDI-20-910" }, { "cve": "CVE-2020-9894", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-909/advisory.json", "detail_path": "advisories/ZDI-20-909", "id": "ZDI-20-909", "kind": "published", "published_date": "2020-07-21", "status": "published", "title": "Apple Safari getAnimations Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-909/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10832", "zdi_id": "ZDI-20-909" }, { "cve": "CVE-2020-9884", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-20-908/advisory.json", "detail_path": "advisories/ZDI-20-908", "id": "ZDI-20-908", "kind": "published", "published_date": "2020-07-21", "status": "published", "title": "Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-908/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10653", "zdi_id": "ZDI-20-908" }, { "cve": "CVE-2020-9893", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-907/advisory.json", "detail_path": "advisories/ZDI-20-907", "id": "ZDI-20-907", "kind": "published", "published_date": "2020-07-21", "status": "published", "title": "Apple Safari RenderWidget Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-907/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10111", "zdi_id": "ZDI-20-907" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-906/advisory.json", "detail_path": "advisories/ZDI-20-906", "id": "ZDI-20-906", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "(0Day) Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-906/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10686", "zdi_id": "ZDI-20-906" }, { "cve": "CVE-2020-14703", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-905/advisory.json", "detail_path": "advisories/ZDI-20-905", "id": "ZDI-20-905", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox e1000 Unintialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-905/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11274", "zdi_id": "ZDI-20-905" }, { "cve": "CVE-2020-14704", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-904/advisory.json", "detail_path": "advisories/ZDI-20-904", "id": "ZDI-20-904", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox BusLogicSCSI Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-904/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11273", "zdi_id": "ZDI-20-904" }, { "cve": "CVE-2020-14700", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-903/advisory.json", "detail_path": "advisories/ZDI-20-903", "id": "ZDI-20-903", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-903/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11140", "zdi_id": "ZDI-20-903" }, { "cve": "CVE-2020-14699", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-902/advisory.json", "detail_path": "advisories/ZDI-20-902", "id": "ZDI-20-902", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox e1000 Integer Underflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-902/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11138", "zdi_id": "ZDI-20-902" }, { "cve": "CVE-2020-14698", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-901/advisory.json", "detail_path": "advisories/ZDI-20-901", "id": "ZDI-20-901", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox virtio-net Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-901/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11137", "zdi_id": "ZDI-20-901" }, { "cve": "CVE-2020-14695", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-900/advisory.json", "detail_path": "advisories/ZDI-20-900", "id": "ZDI-20-900", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox BusLogicSCSI Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-900/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11145", "zdi_id": "ZDI-20-900" }, { "cve": "CVE-2020-14694", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-899/advisory.json", "detail_path": "advisories/ZDI-20-899", "id": "ZDI-20-899", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox BusLogicSCSI Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-899/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11142", "zdi_id": "ZDI-20-899" }, { "cve": "CVE-2020-14673", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-898/advisory.json", "detail_path": "advisories/ZDI-20-898", "id": "ZDI-20-898", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-898/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-11028", "zdi_id": "ZDI-20-898" }, { "cve": "CVE-2020-14664", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Java Runtime Environment. Interaction with the JavaFX library is required to exploit this vulnerability but attack vectors may vary depending on the imple...", "detail_json": "/data/advisories/ZDI-20-897/advisory.json", "detail_path": "advisories/ZDI-20-897", "id": "ZDI-20-897", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle Java Runtime Environment HTML Rendering Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10965", "zdi_id": "ZDI-20-897" }, { "cve": "CVE-2020-14674", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-896/advisory.json", "detail_path": "advisories/ZDI-20-896", "id": "ZDI-20-896", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-896/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10954", "zdi_id": "ZDI-20-896" }, { "cve": "CVE-2020-14675", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-895/advisory.json", "detail_path": "advisories/ZDI-20-895", "id": "ZDI-20-895", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox PCnet Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-895/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10900", "zdi_id": "ZDI-20-895" }, { "cve": "CVE-2020-14676", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-894/advisory.json", "detail_path": "advisories/ZDI-20-894", "id": "ZDI-20-894", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox PCnet Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-894/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10899", "zdi_id": "ZDI-20-894" }, { "cve": "CVE-2020-14677", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-893/advisory.json", "detail_path": "advisories/ZDI-20-893", "id": "ZDI-20-893", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox PCnet Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-893/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10898", "zdi_id": "ZDI-20-893" }, { "cve": "CVE-2020-14650", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-892/advisory.json", "detail_path": "advisories/ZDI-20-892", "id": "ZDI-20-892", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-892/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10978", "zdi_id": "ZDI-20-892" }, { "cve": "CVE-2020-14649", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-891/advisory.json", "detail_path": "advisories/ZDI-20-891", "id": "ZDI-20-891", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-891/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10953", "zdi_id": "ZDI-20-891" }, { "cve": "CVE-2020-14647", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-890/advisory.json", "detail_path": "advisories/ZDI-20-890", "id": "ZDI-20-890", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-890/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10952", "zdi_id": "ZDI-20-890" }, { "cve": "CVE-2020-14648", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-889/advisory.json", "detail_path": "advisories/ZDI-20-889", "id": "ZDI-20-889", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-889/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10951", "zdi_id": "ZDI-20-889" }, { "cve": "CVE-2020-14646", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-888/advisory.json", "detail_path": "advisories/ZDI-20-888", "id": "ZDI-20-888", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox LsiLogicSCSI Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-888/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10913", "zdi_id": "ZDI-20-888" }, { "cve": "CVE-2020-14629", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-887/advisory.json", "detail_path": "advisories/ZDI-20-887", "id": "ZDI-20-887", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox virtio-net Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-887/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10795", "zdi_id": "ZDI-20-887" }, { "cve": "CVE-2020-14628", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-886/advisory.json", "detail_path": "advisories/ZDI-20-886", "id": "ZDI-20-886", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle VirtualBox Guest Additions Unnecessary Privileges Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-886/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10762", "zdi_id": "ZDI-20-886" }, { "cve": "CVE-2020-14625", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the aspectjweaver library. The issue results from...", "detail_json": "/data/advisories/ZDI-20-885/advisory.json", "detail_path": "advisories/ZDI-20-885", "id": "ZDI-20-885", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-885/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10741", "zdi_id": "ZDI-20-885" }, { "cve": "CVE-2020-9650", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-884/advisory.json", "detail_path": "advisories/ZDI-20-884", "id": "ZDI-20-884", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-884/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10846", "zdi_id": "ZDI-20-884" }, { "cve": "CVE-2020-9646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-883/advisory.json", "detail_path": "advisories/ZDI-20-883", "id": "ZDI-20-883", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-883/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10838", "zdi_id": "ZDI-20-883" }, { "cve": "CVE-2020-9649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-882/advisory.json", "detail_path": "advisories/ZDI-20-882", "id": "ZDI-20-882", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "Adobe Media Encoder 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-882/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10830", "zdi_id": "ZDI-20-882" }, { "cve": "CVE-2020-15633", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-20-881/advisory.json", "detail_path": "advisories/ZDI-20-881", "id": "ZDI-20-881", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "D-Link Multiple Routers HNAP GetCAPTCHAsetting Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-881/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10835", "zdi_id": "ZDI-20-881" }, { "cve": "CVE-2020-15632", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAs...", "detail_json": "/data/advisories/ZDI-20-880/advisory.json", "detail_path": "advisories/ZDI-20-880", "id": "ZDI-20-880", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "D-Link DIR-842 HNAP GetCAPTCHAsetting Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10083", "zdi_id": "ZDI-20-880" }, { "cve": "CVE-2020-15631", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypasse...", "detail_json": "/data/advisories/ZDI-20-879/advisory.json", "detail_path": "advisories/ZDI-20-879", "id": "ZDI-20-879", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "D-Link DAP-1860 HNAP SOAPAction Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-879/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10084", "zdi_id": "ZDI-20-879" }, { "cve": "CVE-2020-4464", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAP protocol. The issue results...", "detail_json": "/data/advisories/ZDI-20-878/advisory.json", "detail_path": "advisories/ZDI-20-878", "id": "ZDI-20-878", "kind": "published", "published_date": "2020-07-20", "status": "published", "title": "IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-878/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10767", "zdi_id": "ZDI-20-878" }, { "cve": "CVE-2020-1436", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-877/advisory.json", "detail_path": "advisories/ZDI-20-877", "id": "ZDI-20-877", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-877/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10903", "zdi_id": "ZDI-20-877" }, { "cve": "CVE-2020-0987", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-876/advisory.json", "detail_path": "advisories/ZDI-20-876", "id": "ZDI-20-876", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Microsoft Windows mf3216 EMF EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-876/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10831", "zdi_id": "ZDI-20-876" }, { "cve": "CVE-2020-1355", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-875/advisory.json", "detail_path": "advisories/ZDI-20-875", "id": "ZDI-20-875", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Microsoft Windows fontdrvhost Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-875/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10808", "zdi_id": "ZDI-20-875" }, { "cve": "CVE-2020-1439", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft....", "detail_json": "/data/advisories/ZDI-20-874/advisory.json", "detail_path": "advisories/ZDI-20-874", "id": "ZDI-20-874", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10963", "zdi_id": "ZDI-20-874" }, { "cve": "CVE-2020-1382", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-873/advisory.json", "detail_path": "advisories/ZDI-20-873", "id": "ZDI-20-873", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectComposition RemoveBindingManagerReferenceFromTrackerIfNecessary Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-873/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10781", "zdi_id": "ZDI-20-873" }, { "cve": "CVE-2020-1381", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-872/advisory.json", "detail_path": "advisories/ZDI-20-872", "id": "ZDI-20-872", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectComposition SetBufferProperty Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-872/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10779", "zdi_id": "ZDI-20-872" }, { "cve": "CVE-2020-15630", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-871/advisory.json", "detail_path": "advisories/ZDI-20-871", "id": "ZDI-20-871", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Foxit Studio Photo PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-871/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10977", "zdi_id": "ZDI-20-871" }, { "cve": "CVE-2020-15629", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-870/advisory.json", "detail_path": "advisories/ZDI-20-870", "id": "ZDI-20-870", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-870/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10764", "zdi_id": "ZDI-20-870" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results f...", "detail_json": "/data/advisories/ZDI-20-869/advisory.json", "detail_path": "advisories/ZDI-20-869", "id": "ZDI-20-869", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable getTaskEditorSearchDevices SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10716", "zdi_id": "ZDI-20-869" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue r...", "detail_json": "/data/advisories/ZDI-20-868/advisory.json", "detail_path": "advisories/ZDI-20-868", "id": "ZDI-20-868", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable updateSelected SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10707", "zdi_id": "ZDI-20-868" }, { "cve": "CVE-2020-14499", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results f...", "detail_json": "/data/advisories/ZDI-20-867/advisory.json", "detail_path": "advisories/ZDI-20-867", "id": "ZDI-20-867", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView UserServlet getAllUsersAccountInfo Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10701", "zdi_id": "ZDI-20-867" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results f...", "detail_json": "/data/advisories/ZDI-20-866/advisory.json", "detail_path": "advisories/ZDI-20-866", "id": "ZDI-20-866", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable getDeviceCount SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10708", "zdi_id": "ZDI-20-866" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue resul...", "detail_json": "/data/advisories/ZDI-20-865/advisory.json", "detail_path": "advisories/ZDI-20-865", "id": "ZDI-20-865", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable getUpdateDeviceListDetails SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10717", "zdi_id": "ZDI-20-865" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue r...", "detail_json": "/data/advisories/ZDI-20-864/advisory.json", "detail_path": "advisories/ZDI-20-864", "id": "ZDI-20-864", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable clearTaskEditorTable SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10706", "zdi_id": "ZDI-20-864" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results f...", "detail_json": "/data/advisories/ZDI-20-863/advisory.json", "detail_path": "advisories/ZDI-20-863", "id": "ZDI-20-863", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable initTaskEditorSearchValues SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10704", "zdi_id": "ZDI-20-863" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-862/advisory.json", "detail_path": "advisories/ZDI-20-862", "id": "ZDI-20-862", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView User setUserAccountInfo SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10703", "zdi_id": "ZDI-20-862" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-861/advisory.json", "detail_path": "advisories/ZDI-20-861", "id": "ZDI-20-861", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView User addUser SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10702", "zdi_id": "ZDI-20-861" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of...", "detail_json": "/data/advisories/ZDI-20-860/advisory.json", "detail_path": "advisories/ZDI-20-860", "id": "ZDI-20-860", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView User checkForDuplicateUserName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10700", "zdi_id": "ZDI-20-860" }, { "cve": "CVE-2020-14501", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results f...", "detail_json": "/data/advisories/ZDI-20-859/advisory.json", "detail_path": "advisories/ZDI-20-859", "id": "ZDI-20-859", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView UserServlet performDeleteUser Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10699", "zdi_id": "ZDI-20-859" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue r...", "detail_json": "/data/advisories/ZDI-20-858/advisory.json", "detail_path": "advisories/ZDI-20-858", "id": "ZDI-20-858", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable updateDeviceAuthentication SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10673", "zdi_id": "ZDI-20-858" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the deleteLinks method...", "detail_json": "/data/advisories/ZDI-20-857/advisory.json", "detail_path": "advisories/ZDI-20-857", "id": "ZDI-20-857", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView LinksTable deleteLinks SQL Injection Remote code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10970", "zdi_id": "ZDI-20-857" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue resul...", "detail_json": "/data/advisories/ZDI-20-856/advisory.json", "detail_path": "advisories/ZDI-20-856", "id": "ZDI-20-856", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable setDeviceAuthentication SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10672", "zdi_id": "ZDI-20-856" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateTable class. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-855/advisory.json", "detail_path": "advisories/ZDI-20-855", "id": "ZDI-20-855", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView UpdateTable insertUpdateItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10671", "zdi_id": "ZDI-20-855" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZTPConfigTable class. The issue results from t...", "detail_json": "/data/advisories/ZDI-20-854/advisory.json", "detail_path": "advisories/ZDI-20-854", "id": "ZDI-20-854", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView ZTPConfigTable findConfiguration SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10670", "zdi_id": "ZDI-20-854" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue r...", "detail_json": "/data/advisories/ZDI-20-853/advisory.json", "detail_path": "advisories/ZDI-20-853", "id": "ZDI-20-853", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskEditDeviceTable updateSelectedPROMVersion SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10669", "zdi_id": "ZDI-20-853" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue resul...", "detail_json": "/data/advisories/ZDI-20-852/advisory.json", "detail_path": "advisories/ZDI-20-852", "id": "ZDI-20-852", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable updateSegmentInfo SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10668", "zdi_id": "ZDI-20-852" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue r...", "detail_json": "/data/advisories/ZDI-20-851/advisory.json", "detail_path": "advisories/ZDI-20-851", "id": "ZDI-20-851", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView ZTPConfigTable findConfiguration SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10661", "zdi_id": "ZDI-20-851" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getExportDataDetail...", "detail_json": "/data/advisories/ZDI-20-850/advisory.json", "detail_path": "advisories/ZDI-20-850", "id": "ZDI-20-850", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskMgrTable getExportDataDetails SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10660", "zdi_id": "ZDI-20-850" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskMgrTable class. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-849/advisory.json", "detail_path": "advisories/ZDI-20-849", "id": "ZDI-20-849", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TaskMgrTable getExportData SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10659", "zdi_id": "ZDI-20-849" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue resu...", "detail_json": "/data/advisories/ZDI-20-848/advisory.json", "detail_path": "advisories/ZDI-20-848", "id": "ZDI-20-848", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10631", "zdi_id": "ZDI-20-848" }, { "cve": "CVE-2020-14507", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportLinks method...", "detail_json": "/data/advisories/ZDI-20-847/advisory.json", "detail_path": "advisories/ZDI-20-847", "id": "ZDI-20-847", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView LinksTable exportLinks Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10630", "zdi_id": "ZDI-20-847" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveActiveTrapC...", "detail_json": "/data/advisories/ZDI-20-846/advisory.json", "detail_path": "advisories/ZDI-20-846", "id": "ZDI-20-846", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TrapTable retrieveActiveTrapCount SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10629", "zdi_id": "ZDI-20-846" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getInventoryReportD...", "detail_json": "/data/advisories/ZDI-20-845/advisory.json", "detail_path": "advisories/ZDI-20-845", "id": "ZDI-20-845", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable getInventoryReportData SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10628", "zdi_id": "ZDI-20-845" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveDeviceTrapC...", "detail_json": "/data/advisories/ZDI-20-844/advisory.json", "detail_path": "advisories/ZDI-20-844", "id": "ZDI-20-844", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView TrapEventConfig retrieveDeviceTrapConfig SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10627", "zdi_id": "ZDI-20-844" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setConfigur...", "detail_json": "/data/advisories/ZDI-20-843/advisory.json", "detail_path": "advisories/ZDI-20-843", "id": "ZDI-20-843", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView ConfigurationTable setConfigurationItem SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10626", "zdi_id": "ZDI-20-843" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from...", "detail_json": "/data/advisories/ZDI-20-842/advisory.json", "detail_path": "advisories/ZDI-20-842", "id": "ZDI-20-842", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10625", "zdi_id": "ZDI-20-842" }, { "cve": "CVE-2020-14507", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from...", "detail_json": "/data/advisories/ZDI-20-841/advisory.json", "detail_path": "advisories/ZDI-20-841", "id": "ZDI-20-841", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10623", "zdi_id": "ZDI-20-841" }, { "cve": "CVE-2020-14507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MenuServlet servlet. The issue results...", "detail_json": "/data/advisories/ZDI-20-840/advisory.json", "detail_path": "advisories/ZDI-20-840", "id": "ZDI-20-840", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView MenuServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10622", "zdi_id": "ZDI-20-840" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet servlet. The issue results from th...", "detail_json": "/data/advisories/ZDI-20-839/advisory.json", "detail_path": "advisories/ZDI-20-839", "id": "ZDI-20-839", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView UserServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10621", "zdi_id": "ZDI-20-839" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getInventoryExportD...", "detail_json": "/data/advisories/ZDI-20-838/advisory.json", "detail_path": "advisories/ZDI-20-838", "id": "ZDI-20-838", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable getInventoryExportData SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10658", "zdi_id": "ZDI-20-838" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getPSInventoryExpor...", "detail_json": "/data/advisories/ZDI-20-837/advisory.json", "detail_path": "advisories/ZDI-20-837", "id": "ZDI-20-837", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView PSTable getPSInventoryExportData SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10657", "zdi_id": "ZDI-20-837" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateNamin...", "detail_json": "/data/advisories/ZDI-20-836/advisory.json", "detail_path": "advisories/ZDI-20-836", "id": "ZDI-20-836", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable updateNamingData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10656", "zdi_id": "ZDI-20-836" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateLDAPS...", "detail_json": "/data/advisories/ZDI-20-835/advisory.json", "detail_path": "advisories/ZDI-20-835", "id": "ZDI-20-835", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView SystemTable updateLDAPSettings SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10655", "zdi_id": "ZDI-20-835" }, { "cve": "CVE-2020-14503", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from...", "detail_json": "/data/advisories/ZDI-20-834/advisory.json", "detail_path": "advisories/ZDI-20-834", "id": "ZDI-20-834", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10646", "zdi_id": "ZDI-20-834" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the checkForChassisUpda...", "detail_json": "/data/advisories/ZDI-20-833/advisory.json", "detail_path": "advisories/ZDI-20-833", "id": "ZDI-20-833", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView DeviceTreeTable checkForChassisUpdates SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10633", "zdi_id": "ZDI-20-833" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue resu...", "detail_json": "/data/advisories/ZDI-20-832/advisory.json", "detail_path": "advisories/ZDI-20-832", "id": "ZDI-20-832", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10632", "zdi_id": "ZDI-20-832" }, { "cve": "CVE-2020-14505", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the restoreDatabase met...", "detail_json": "/data/advisories/ZDI-20-831/advisory.json", "detail_path": "advisories/ZDI-20-831", "id": "ZDI-20-831", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet restoreDatabase Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10645", "zdi_id": "ZDI-20-831" }, { "cve": "CVE-2020-14497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue resu...", "detail_json": "/data/advisories/ZDI-20-830/advisory.json", "detail_path": "advisories/ZDI-20-830", "id": "ZDI-20-830", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10637", "zdi_id": "ZDI-20-830" }, { "cve": "CVE-2020-14507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importZtpCo...", "detail_json": "/data/advisories/ZDI-20-829/advisory.json", "detail_path": "advisories/ZDI-20-829", "id": "ZDI-20-829", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView ZTPConfig importZtpConfiguration Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10636", "zdi_id": "ZDI-20-829" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from...", "detail_json": "/data/advisories/ZDI-20-828/advisory.json", "detail_path": "advisories/ZDI-20-828", "id": "ZDI-20-828", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView NetworkServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10635", "zdi_id": "ZDI-20-828" }, { "cve": "CVE-2020-14497", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveSearchLinks...", "detail_json": "/data/advisories/ZDI-20-827/advisory.json", "detail_path": "advisories/ZDI-20-827", "id": "ZDI-20-827", "kind": "published", "published_date": "2020-07-16", "status": "published", "title": "Advantech iView LinksTable retrieveSearchLinks SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10634", "zdi_id": "ZDI-20-827" }, { "cve": "CVE-2020-12498", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-826/advisory.json", "detail_path": "advisories/ZDI-20-826", "id": "ZDI-20-826", "kind": "published", "published_date": "2020-07-10", "status": "published", "title": "Phoenix Contact Automationworx PC WORX MWE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-10586", "zdi_id": "ZDI-20-826" }, { "cve": "CVE-2020-12497", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-825/advisory.json", "detail_path": "advisories/ZDI-20-825", "id": "ZDI-20-825", "kind": "published", "published_date": "2020-07-10", "status": "published", "title": "Phoenix Contact Automationworx PLCOpen XML File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-10147", "zdi_id": "ZDI-20-825" }, { "cve": "CVE-2020-12025", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of AML files....", "detail_json": "/data/advisories/ZDI-20-824/advisory.json", "detail_path": "advisories/ZDI-20-824", "id": "ZDI-20-824", "kind": "published", "published_date": "2020-07-09", "status": "published", "title": "(0Day) (Pwn2Own) Rockwell Automation Studio 5000 AML File Parsing XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-824/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10290", "zdi_id": "ZDI-20-824" }, { "cve": "CVE-2020-9815", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-823/advisory.json", "detail_path": "advisories/ZDI-20-823", "id": "ZDI-20-823", "kind": "published", "published_date": "2020-07-09", "status": "published", "title": "Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10579", "zdi_id": "ZDI-20-823" }, { "cve": "CVE-2020-15419", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the imp...", "detail_json": "/data/advisories/ZDI-20-822/advisory.json", "detail_path": "advisories/ZDI-20-822", "id": "ZDI-20-822", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Veeam ONE Reporter_ImportLicense Page_Load XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-822/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-10710", "zdi_id": "ZDI-20-822" }, { "cve": "CVE-2020-15418", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRSReport class. Due to the improper restri...", "detail_json": "/data/advisories/ZDI-20-821/advisory.json", "detail_path": "advisories/ZDI-20-821", "id": "ZDI-20-821", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Veeam ONE SSRSReport GetCustomElementText XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-821/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-10709", "zdi_id": "ZDI-20-821" }, { "cve": "CVE-2020-1457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-820/advisory.json", "detail_path": "advisories/ZDI-20-820", "id": "ZDI-20-820", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-820/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10896", "zdi_id": "ZDI-20-820" }, { "cve": "CVE-2020-1425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-819/advisory.json", "detail_path": "advisories/ZDI-20-819", "id": "ZDI-20-819", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-819/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10765", "zdi_id": "ZDI-20-819" }, { "cve": "CVE-2020-1425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-818/advisory.json", "detail_path": "advisories/ZDI-20-818", "id": "ZDI-20-818", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-818/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10692", "zdi_id": "ZDI-20-818" }, { "cve": "CVE-2020-1425", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-817/advisory.json", "detail_path": "advisories/ZDI-20-817", "id": "ZDI-20-817", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-817/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10685", "zdi_id": "ZDI-20-817" }, { "cve": "CVE-2020-1425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-816/advisory.json", "detail_path": "advisories/ZDI-20-816", "id": "ZDI-20-816", "kind": "published", "published_date": "2020-07-08", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-816/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10684", "zdi_id": "ZDI-20-816" }, { "cve": "CVE-2020-1425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-815/advisory.json", "detail_path": "advisories/ZDI-20-815", "id": "ZDI-20-815", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Microsoft Windows hevcdecoder_store MKV File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-815/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10936", "zdi_id": "ZDI-20-815" }, { "cve": "CVE-2019-13511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-814/advisory.json", "detail_path": "advisories/ZDI-20-814", "id": "ZDI-20-814", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-814/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10470", "zdi_id": "ZDI-20-814" }, { "cve": "CVE-2019-13511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-813/advisory.json", "detail_path": "advisories/ZDI-20-813", "id": "ZDI-20-813", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-813/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10374", "zdi_id": "ZDI-20-813" }, { "cve": "CVE-2019-13511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-812/advisory.json", "detail_path": "advisories/ZDI-20-812", "id": "ZDI-20-812", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-812/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10373", "zdi_id": "ZDI-20-812" }, { "cve": "CVE-2019-13511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-811/advisory.json", "detail_path": "advisories/ZDI-20-811", "id": "ZDI-20-811", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-811/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10129", "zdi_id": "ZDI-20-811" }, { "cve": "CVE-2019-13511", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-810/advisory.json", "detail_path": "advisories/ZDI-20-810", "id": "ZDI-20-810", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-810/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10186", "zdi_id": "ZDI-20-810" }, { "cve": "CVE-2020-10922", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe p...", "detail_json": "/data/advisories/ZDI-20-809/advisory.json", "detail_path": "advisories/ZDI-20-809", "id": "ZDI-20-809", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "C-MORE HMI EA9 EA-HTTP Improper Input Validation Denial-of-Service Vulnerability", "updated_date": "2020-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-809/", "vendor": "C-MORE", "vendor_url": null, "zdi_can": "ZDI-CAN-10527", "zdi_id": "ZDI-20-809" }, { "cve": "CVE-2020-10920", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which list...", "detail_json": "/data/advisories/ZDI-20-808/advisory.json", "detail_path": "advisories/ZDI-20-808", "id": "ZDI-20-808", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "C-MORE HMI EA9 Control Port Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": "2020-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-808/", "vendor": "C-MORE", "vendor_url": null, "zdi_can": "ZDI-CAN-10493", "zdi_id": "ZDI-20-808" }, { "cve": "CVE-2020-10921", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue resu...", "detail_json": "/data/advisories/ZDI-20-807/advisory.json", "detail_path": "advisories/ZDI-20-807", "id": "ZDI-20-807", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "C-MORE HMI EA9 EA-HTTP Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": "2020-07-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-807/", "vendor": "C-MORE", "vendor_url": null, "zdi_can": "ZDI-CAN-10482", "zdi_id": "ZDI-20-807" }, { "cve": "CVE-2020-10919", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwor...", "detail_json": "/data/advisories/ZDI-20-806/advisory.json", "detail_path": "advisories/ZDI-20-806", "id": "ZDI-20-806", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "C-MORE HMI EA9 Weak Cryptography for Passwords Information Disclosure Vulnerability", "updated_date": "2020-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-806/", "vendor": "C-MORE", "vendor_url": null, "zdi_can": "ZDI-CAN-10185", "zdi_id": "ZDI-20-806" }, { "cve": "CVE-2020-10918", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. Th...", "detail_json": "/data/advisories/ZDI-20-805/advisory.json", "detail_path": "advisories/ZDI-20-805", "id": "ZDI-20-805", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "C-MORE HMI EA9 Authentication Bypass Vulnerability", "updated_date": "2020-11-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-805/", "vendor": "C-MORE", "vendor_url": null, "zdi_can": "ZDI-CAN-10182", "zdi_id": "ZDI-20-805" }, { "cve": "CVE-2020-1425", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-804/advisory.json", "detail_path": "advisories/ZDI-20-804", "id": "ZDI-20-804", "kind": "published", "published_date": "2020-07-07", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-804/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10690", "zdi_id": "ZDI-20-804" }, { "cve": "CVE-2020-6013", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-20-803/advisory.json", "detail_path": "advisories/ZDI-20-803", "id": "ZDI-20-803", "kind": "published", "published_date": "2020-07-02", "status": "published", "title": "Check Point ZoneAlarm Symlink Following Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-803/", "vendor": "Check Point", "vendor_url": null, "zdi_can": "ZDI-CAN-10071", "zdi_id": "ZDI-20-803" }, { "cve": "CVE-2020-1425", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-802/advisory.json", "detail_path": "advisories/ZDI-20-802", "id": "ZDI-20-802", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-802/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10683", "zdi_id": "ZDI-20-802" }, { "cve": "CVE-2020-1457", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-801/advisory.json", "detail_path": "advisories/ZDI-20-801", "id": "ZDI-20-801", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-801/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10687", "zdi_id": "ZDI-20-801" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-800/advisory.json", "detail_path": "advisories/ZDI-20-800", "id": "ZDI-20-800", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(Pwn2Own) ICONICS Genesis64 PKGX Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-800/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10273", "zdi_id": "ZDI-20-800" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-799/advisory.json", "detail_path": "advisories/ZDI-20-799", "id": "ZDI-20-799", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing EnRcpNoName Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-799/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10471", "zdi_id": "ZDI-20-799" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-798/advisory.json", "detail_path": "advisories/ZDI-20-798", "id": "ZDI-20-798", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-798/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10459", "zdi_id": "ZDI-20-798" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-797/advisory.json", "detail_path": "advisories/ZDI-20-797", "id": "ZDI-20-797", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-797/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10183", "zdi_id": "ZDI-20-797" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-796/advisory.json", "detail_path": "advisories/ZDI-20-796", "id": "ZDI-20-796", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-796/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10472", "zdi_id": "ZDI-20-796" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-795/advisory.json", "detail_path": "advisories/ZDI-20-795", "id": "ZDI-20-795", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-795/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10480", "zdi_id": "ZDI-20-795" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-794/advisory.json", "detail_path": "advisories/ZDI-20-794", "id": "ZDI-20-794", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-794/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10481", "zdi_id": "ZDI-20-794" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-793/advisory.json", "detail_path": "advisories/ZDI-20-793", "id": "ZDI-20-793", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-793/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10483", "zdi_id": "ZDI-20-793" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-792/advisory.json", "detail_path": "advisories/ZDI-20-792", "id": "ZDI-20-792", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-792/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10494", "zdi_id": "ZDI-20-792" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-791/advisory.json", "detail_path": "advisories/ZDI-20-791", "id": "ZDI-20-791", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-791/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10508", "zdi_id": "ZDI-20-791" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-790/advisory.json", "detail_path": "advisories/ZDI-20-790", "id": "ZDI-20-790", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-790/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10509", "zdi_id": "ZDI-20-790" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-20-789/advisory.json", "detail_path": "advisories/ZDI-20-789", "id": "ZDI-20-789", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-789/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10571", "zdi_id": "ZDI-20-789" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-788/advisory.json", "detail_path": "advisories/ZDI-20-788", "id": "ZDI-20-788", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-788/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10572", "zdi_id": "ZDI-20-788" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-20-787/advisory.json", "detail_path": "advisories/ZDI-20-787", "id": "ZDI-20-787", "kind": "published", "published_date": "2020-07-01", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-787/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10184", "zdi_id": "ZDI-20-787" }, { "cve": "CVE-2020-3969", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-786/advisory.json", "detail_path": "advisories/ZDI-20-786", "id": "ZDI-20-786", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation SVGA3D Command Heap Overflow Privilege Escalation Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-786/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10891", "zdi_id": "ZDI-20-786" }, { "cve": "CVE-2020-3962", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-785/advisory.json", "detail_path": "advisories/ZDI-20-785", "id": "ZDI-20-785", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation SVGA DXInvalidateContext Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-785/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10786", "zdi_id": "ZDI-20-785" }, { "cve": "CVE-2020-3967", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-784/advisory.json", "detail_path": "advisories/ZDI-20-784", "id": "ZDI-20-784", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation EHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-784/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10694", "zdi_id": "ZDI-20-784" }, { "cve": "CVE-2020-3966", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-783/advisory.json", "detail_path": "advisories/ZDI-20-783", "id": "ZDI-20-783", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation EHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-783/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10608", "zdi_id": "ZDI-20-783" }, { "cve": "CVE-2020-3970", "cvss": 2.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-782/advisory.json", "detail_path": "advisories/ZDI-20-782", "id": "ZDI-20-782", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-782/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10478", "zdi_id": "ZDI-20-782" }, { "cve": "CVE-2020-3968", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-781/advisory.json", "detail_path": "advisories/ZDI-20-781", "id": "ZDI-20-781", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "VMware Workstation xHCI Isoch TD Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-781/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10097", "zdi_id": "ZDI-20-781" }, { "cve": "CVE-2020-12015", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of serialized objects. The issue resu...", "detail_json": "/data/advisories/ZDI-20-780/advisory.json", "detail_path": "advisories/ZDI-20-780", "id": "ZDI-20-780", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "(Pwn2Own) ICONICS Genesis64 IcoFwxServer Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-780/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10297", "zdi_id": "ZDI-20-780" }, { "cve": "CVE-2020-12013", "cvss": 9.8, "cvss_vector": null, "description_snippet": "The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the TestQuery endpoi...", "detail_json": "/data/advisories/ZDI-20-779/advisory.json", "detail_path": "advisories/ZDI-20-779", "id": "ZDI-20-779", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-779/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10288", "zdi_id": "ZDI-20-779" }, { "cve": "CVE-2020-12011", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of indexes. The issue results from...", "detail_json": "/data/advisories/ZDI-20-778/advisory.json", "detail_path": "advisories/ZDI-20-778", "id": "ZDI-20-778", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-778/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10274", "zdi_id": "ZDI-20-778" }, { "cve": "CVE-2020-12009", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-777/advisory.json", "detail_path": "advisories/ZDI-20-777", "id": "ZDI-20-777", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-777/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10272", "zdi_id": "ZDI-20-777" }, { "cve": "CVE-2020-12007", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of serialized objects....", "detail_json": "/data/advisories/ZDI-20-776/advisory.json", "detail_path": "advisories/ZDI-20-776", "id": "ZDI-20-776", "kind": "published", "published_date": "2020-06-30", "status": "published", "title": "(Pwn2Own) ICONICS Genesis64 fwxserver Deserialization Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-776/", "vendor": "ICONICS", "vendor_url": null, "zdi_can": "ZDI-CAN-10267", "zdi_id": "ZDI-20-776" }, { "cve": "CVE-2020-15628", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-775/advisory.json", "detail_path": "advisories/ZDI-20-775", "id": "ZDI-20-775", "kind": "published", "published_date": "2020-06-26", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mail_autoreply user SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-775/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9710", "zdi_id": "ZDI-20-775" }, { "cve": "CVE-2020-15627", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-774/advisory.json", "detail_path": "advisories/ZDI-20-774", "id": "ZDI-20-774", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mail_autoreply account SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-774/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9738", "zdi_id": "ZDI-20-774" }, { "cve": "CVE-2020-15626", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term...", "detail_json": "/data/advisories/ZDI-20-773/advisory.json", "detail_path": "advisories/ZDI-20-773", "id": "ZDI-20-773", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_dashboard term SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-773/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9730", "zdi_id": "ZDI-20-773" }, { "cve": "CVE-2020-15625", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the us...", "detail_json": "/data/advisories/ZDI-20-772/advisory.json", "detail_path": "advisories/ZDI-20-772", "id": "ZDI-20-772", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_add_mailbox username SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-772/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9729", "zdi_id": "ZDI-20-772" }, { "cve": "CVE-2020-15624", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the do...", "detail_json": "/data/advisories/ZDI-20-771/advisory.json", "detail_path": "advisories/ZDI-20-771", "id": "ZDI-20-771", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_new_account domain SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-771/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9727", "zdi_id": "ZDI-20-771" }, { "cve": "CVE-2020-15623", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo pa...", "detail_json": "/data/advisories/ZDI-20-770/advisory.json", "detail_path": "advisories/ZDI-20-770", "id": "ZDI-20-770", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security archivo Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-770/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9722", "zdi_id": "ZDI-20-770" }, { "cve": "CVE-2020-15622", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-769/advisory.json", "detail_path": "advisories/ZDI-20-769", "id": "ZDI-20-769", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mail_autoreply search SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-769/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9712", "zdi_id": "ZDI-20-769" }, { "cve": "CVE-2020-15621", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-768/advisory.json", "detail_path": "advisories/ZDI-20-768", "id": "ZDI-20-768", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mail_autoreply email SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-768/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9711", "zdi_id": "ZDI-20-768" }, { "cve": "CVE-2020-15620", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-767/advisory.json", "detail_path": "advisories/ZDI-20-767", "id": "ZDI-20-767", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts id SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-767/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9741", "zdi_id": "ZDI-20-767" }, { "cve": "CVE-2020-15619", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-766/advisory.json", "detail_path": "advisories/ZDI-20-766", "id": "ZDI-20-766", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts type SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-766/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9723", "zdi_id": "ZDI-20-766" }, { "cve": "CVE-2020-15618", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-765/advisory.json", "detail_path": "advisories/ZDI-20-765", "id": "ZDI-20-765", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts username SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-765/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9717", "zdi_id": "ZDI-20-765" }, { "cve": "CVE-2020-15617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-764/advisory.json", "detail_path": "advisories/ZDI-20-764", "id": "ZDI-20-764", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts status SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-764/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9708", "zdi_id": "ZDI-20-764" }, { "cve": "CVE-2020-15616", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the...", "detail_json": "/data/advisories/ZDI-20-763/advisory.json", "detail_path": "advisories/ZDI-20-763", "id": "ZDI-20-763", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts package SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-763/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9706", "zdi_id": "ZDI-20-763" }, { "cve": "CVE-2020-15615", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-762/advisory.json", "detail_path": "advisories/ZDI-20-762", "id": "ZDI-20-762", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_ftp_manager Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-762/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9746", "zdi_id": "ZDI-20-762" }, { "cve": "CVE-2020-15614", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter...", "detail_json": "/data/advisories/ZDI-20-761/advisory.json", "detail_path": "advisories/ZDI-20-761", "id": "ZDI-20-761", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_php_pecl cha Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-761/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9718", "zdi_id": "ZDI-20-761" }, { "cve": "CVE-2020-15613", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parame...", "detail_json": "/data/advisories/ZDI-20-760/advisory.json", "detail_path": "advisories/ZDI-20-760", "id": "ZDI-20-760", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_admin_apis line Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-760/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9739", "zdi_id": "ZDI-20-760" }, { "cve": "CVE-2020-15612", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin...", "detail_json": "/data/advisories/ZDI-20-759/advisory.json", "detail_path": "advisories/ZDI-20-759", "id": "ZDI-20-759", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_ftp_manager userLogin Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-759/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9737", "zdi_id": "ZDI-20-759" }, { "cve": "CVE-2020-15611", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_rest...", "detail_json": "/data/advisories/ZDI-20-758/advisory.json", "detail_path": "advisories/ZDI-20-758", "id": "ZDI-20-758", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_dashboard service_restart Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-758/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9734", "zdi_id": "ZDI-20-758" }, { "cve": "CVE-2020-15610", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo parame...", "detail_json": "/data/advisories/ZDI-20-757/advisory.json", "detail_path": "advisories/ZDI-20-757", "id": "ZDI-20-757", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_php_pecl modulo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-757/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9728", "zdi_id": "ZDI-20-757" }, { "cve": "CVE-2020-15609", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop...", "detail_json": "/data/advisories/ZDI-20-756/advisory.json", "detail_path": "advisories/ZDI-20-756", "id": "ZDI-20-756", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_dashboard service_stop Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-756/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9726", "zdi_id": "ZDI-20-756" }, { "cve": "CVE-2020-15608", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service p...", "detail_json": "/data/advisories/ZDI-20-755/advisory.json", "detail_path": "advisories/ZDI-20-755", "id": "ZDI-20-755", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_dashboard ai_service Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-755/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9724", "zdi_id": "ZDI-20-755" }, { "cve": "CVE-2020-15607", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parame...", "detail_json": "/data/advisories/ZDI-20-754/advisory.json", "detail_path": "advisories/ZDI-20-754", "id": "ZDI-20-754", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_admin_apis line Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-754/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9721", "zdi_id": "ZDI-20-754" }, { "cve": "CVE-2020-15606", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the l...", "detail_json": "/data/advisories/ZDI-20-753/advisory.json", "detail_path": "advisories/ZDI-20-753", "id": "ZDI-20-753", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_admin_apis Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-753/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9720", "zdi_id": "ZDI-20-753" }, { "cve": "CVE-2020-15435", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_star...", "detail_json": "/data/advisories/ZDI-20-752/advisory.json", "detail_path": "advisories/ZDI-20-752", "id": "ZDI-20-752", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_dashboard service_start Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-752/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9719", "zdi_id": "ZDI-20-752" }, { "cve": "CVE-2020-15434", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal paramet...", "detail_json": "/data/advisories/ZDI-20-751/advisory.json", "detail_path": "advisories/ZDI-20-751", "id": "ZDI-20-751", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_php_pecl canal Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-751/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9745", "zdi_id": "ZDI-20-751" }, { "cve": "CVE-2020-15433", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion pa...", "detail_json": "/data/advisories/ZDI-20-750/advisory.json", "detail_path": "advisories/ZDI-20-750", "id": "ZDI-20-750", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_php_pecl phpversion Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-750/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9715", "zdi_id": "ZDI-20-750" }, { "cve": "CVE-2020-15432", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the files...", "detail_json": "/data/advisories/ZDI-20-749/advisory.json", "detail_path": "advisories/ZDI-20-749", "id": "ZDI-20-749", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_migration_cpanel filespace Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-749/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9743", "zdi_id": "ZDI-20-749" }, { "cve": "CVE-2020-15431", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter,...", "detail_json": "/data/advisories/ZDI-20-748/advisory.json", "detail_path": "advisories/ZDI-20-748", "id": "ZDI-20-748", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_crons user Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-748/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9740", "zdi_id": "ZDI-20-748" }, { "cve": "CVE-2020-15430", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username...", "detail_json": "/data/advisories/ZDI-20-747/advisory.json", "detail_path": "advisories/ZDI-20-747", "id": "ZDI-20-747", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_list_accounts username Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-747/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9736", "zdi_id": "ZDI-20-747" }, { "cve": "CVE-2020-15429", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter,...", "detail_json": "/data/advisories/ZDI-20-746/advisory.json", "detail_path": "advisories/ZDI-20-746", "id": "ZDI-20-746", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_crons user Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-746/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9716", "zdi_id": "ZDI-20-746" }, { "cve": "CVE-2020-15428", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter,...", "detail_json": "/data/advisories/ZDI-20-745/advisory.json", "detail_path": "advisories/ZDI-20-745", "id": "ZDI-20-745", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_crons line Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-745/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9714", "zdi_id": "ZDI-20-745" }, { "cve": "CVE-2020-15427", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_disk_usage.php. When parsing the folderName...", "detail_json": "/data/advisories/ZDI-20-744/advisory.json", "detail_path": "advisories/ZDI-20-744", "id": "ZDI-20-744", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_disk_usage folderName Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-744/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9713", "zdi_id": "ZDI-20-744" }, { "cve": "CVE-2020-15426", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the serve...", "detail_json": "/data/advisories/ZDI-20-743/advisory.json", "detail_path": "advisories/ZDI-20-743", "id": "ZDI-20-743", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_migration_cpanel serverip Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-743/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9709", "zdi_id": "ZDI-20-743" }, { "cve": "CVE-2020-15425", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-742/advisory.json", "detail_path": "advisories/ZDI-20-742", "id": "ZDI-20-742", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-742/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9742", "zdi_id": "ZDI-20-742" }, { "cve": "CVE-2020-15424", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain pa...", "detail_json": "/data/advisories/ZDI-20-741/advisory.json", "detail_path": "advisories/ZDI-20-741", "id": "ZDI-20-741", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security domain Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-741/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9735", "zdi_id": "ZDI-20-741" }, { "cve": "CVE-2020-15423", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the dominio p...", "detail_json": "/data/advisories/ZDI-20-740/advisory.json", "detail_path": "advisories/ZDI-20-740", "id": "ZDI-20-740", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security dominio Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-740/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9732", "zdi_id": "ZDI-20-740" }, { "cve": "CVE-2020-15422", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo p...", "detail_json": "/data/advisories/ZDI-20-739/advisory.json", "detail_path": "advisories/ZDI-20-739", "id": "ZDI-20-739", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security archivo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-739/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9731", "zdi_id": "ZDI-20-739" }, { "cve": "CVE-2020-15421", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_ip...", "detail_json": "/data/advisories/ZDI-20-738/advisory.json", "detail_path": "advisories/ZDI-20-738", "id": "ZDI-20-738", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel ajax_mod_security check_ip Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-738/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9707", "zdi_id": "ZDI-20-738" }, { "cve": "CVE-2020-15420", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter,...", "detail_json": "/data/advisories/ZDI-20-737/advisory.json", "detail_path": "advisories/ZDI-20-737", "id": "ZDI-20-737", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) CentOS Web Panel loader_ajax line Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-737/", "vendor": "CentOS Web Panel", "vendor_url": null, "zdi_can": "ZDI-CAN-9259", "zdi_id": "ZDI-20-737" }, { "cve": "CVE-2020-27859", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The...", "detail_json": "/data/advisories/ZDI-20-736/advisory.json", "detail_path": "advisories/ZDI-20-736", "id": "ZDI-20-736", "kind": "published", "published_date": "2020-06-25", "status": "published", "title": "(0Day) NEC ESMPRO Manager GetEuaLogDownloadAction Directory Traversal Information Disclosure Vulnerability", "updated_date": "2020-12-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-736/", "vendor": "NEC", "vendor_url": null, "zdi_can": "ZDI-CAN-9607", "zdi_id": "ZDI-20-736" }, { "cve": "CVE-2020-12033", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AddAgent method. The i...", "detail_json": "/data/advisories/ZDI-20-735/advisory.json", "detail_path": "advisories/ZDI-20-735", "id": "ZDI-20-735", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE AddAgent Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-735/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10299", "zdi_id": "ZDI-20-735" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of fileName p...", "detail_json": "/data/advisories/ZDI-20-734/advisory.json", "detail_path": "advisories/ZDI-20-734", "id": "ZDI-20-734", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE RegisterEDSFiles Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-734/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10298", "zdi_id": "ZDI-20-734" }, { "cve": "CVE-2020-12001", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the CopyRenameProj...", "detail_json": "/data/advisories/ZDI-20-733/advisory.json", "detail_path": "advisories/ZDI-20-733", "id": "ZDI-20-733", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk Linx CopyRenameProject Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2020-06-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10292", "zdi_id": "ZDI-20-733" }, { "cve": "CVE-2020-12027", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Versio...", "detail_json": "/data/advisories/ZDI-20-732/advisory.json", "detail_path": "advisories/ZDI-20-732", "id": "ZDI-20-732", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation Studio 5000 Version Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-732/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10291", "zdi_id": "ZDI-20-732" }, { "cve": "CVE-2020-12031", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-20-731/advisory.json", "detail_path": "advisories/ZDI-20-731", "id": "ZDI-20-731", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE Project File Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-731/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10270", "zdi_id": "ZDI-20-731" }, { "cve": "CVE-2020-12029", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project fi...", "detail_json": "/data/advisories/ZDI-20-730/advisory.json", "detail_path": "advisories/ZDI-20-730", "id": "ZDI-20-730", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-730/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10284", "zdi_id": "ZDI-20-730" }, { "cve": "CVE-2020-12028", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project ba...", "detail_json": "/data/advisories/ZDI-20-729/advisory.json", "detail_path": "advisories/ZDI-20-729", "id": "ZDI-20-729", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE Backup Missing Authentication for Critical Function Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-729/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10283", "zdi_id": "ZDI-20-729" }, { "cve": "CVE-2020-12027", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of th...", "detail_json": "/data/advisories/ZDI-20-728/advisory.json", "detail_path": "advisories/ZDI-20-728", "id": "ZDI-20-728", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE GetHMIProjectPaths Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-728/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10282", "zdi_id": "ZDI-20-728" }, { "cve": "CVE-2020-12027", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of th...", "detail_json": "/data/advisories/ZDI-20-727/advisory.json", "detail_path": "advisories/ZDI-20-727", "id": "ZDI-20-727", "kind": "published", "published_date": "2020-06-22", "status": "published", "title": "(Pwn2Own) Rockwell Automation FactoryTalk View SE GetHMIProjects Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-727/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10281", "zdi_id": "ZDI-20-727" }, { "cve": "CVE-2020-9662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-726/advisory.json", "detail_path": "advisories/ZDI-20-726", "id": "ZDI-20-726", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-726/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10877", "zdi_id": "ZDI-20-726" }, { "cve": "CVE-2020-9660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-725/advisory.json", "detail_path": "advisories/ZDI-20-725", "id": "ZDI-20-725", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-725/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10878", "zdi_id": "ZDI-20-725" }, { "cve": "CVE-2020-9661", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-724/advisory.json", "detail_path": "advisories/ZDI-20-724", "id": "ZDI-20-724", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe After Effects 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-724/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10876", "zdi_id": "ZDI-20-724" }, { "cve": "CVE-2020-9655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-723/advisory.json", "detail_path": "advisories/ZDI-20-723", "id": "ZDI-20-723", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Rush 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-723/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10868", "zdi_id": "ZDI-20-723" }, { "cve": "CVE-2020-9656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-722/advisory.json", "detail_path": "advisories/ZDI-20-722", "id": "ZDI-20-722", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Rush MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-722/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10869", "zdi_id": "ZDI-20-722" }, { "cve": "CVE-2020-9657", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-721/advisory.json", "detail_path": "advisories/ZDI-20-721", "id": "ZDI-20-721", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Rush MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-721/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10870", "zdi_id": "ZDI-20-721" }, { "cve": "CVE-2020-9659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-720/advisory.json", "detail_path": "advisories/ZDI-20-720", "id": "ZDI-20-720", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-720/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10854", "zdi_id": "ZDI-20-720" }, { "cve": "CVE-2020-9658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-719/advisory.json", "detail_path": "advisories/ZDI-20-719", "id": "ZDI-20-719", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Audition MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-719/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10853", "zdi_id": "ZDI-20-719" }, { "cve": "CVE-2020-9652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-718/advisory.json", "detail_path": "advisories/ZDI-20-718", "id": "ZDI-20-718", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Pro 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-718/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10864", "zdi_id": "ZDI-20-718" }, { "cve": "CVE-2020-9653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-717/advisory.json", "detail_path": "advisories/ZDI-20-717", "id": "ZDI-20-717", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-717/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10865", "zdi_id": "ZDI-20-717" }, { "cve": "CVE-2020-9654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-716/advisory.json", "detail_path": "advisories/ZDI-20-716", "id": "ZDI-20-716", "kind": "published", "published_date": "2020-06-18", "status": "published", "title": "Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-716/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10866", "zdi_id": "ZDI-20-716" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-20-715/advisory.json", "detail_path": "advisories/ZDI-20-715", "id": "ZDI-20-715", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "Docker Desktop Execution with Unnecessary Privileges Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-715/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-10074", "zdi_id": "ZDI-20-715" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized d...", "detail_json": "/data/advisories/ZDI-20-714/advisory.json", "detail_path": "advisories/ZDI-20-714", "id": "ZDI-20-714", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) Inductive Automation Ignition ServerMessageHeader Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-714/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10277", "zdi_id": "ZDI-20-714" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file...", "detail_json": "/data/advisories/ZDI-20-713/advisory.json", "detail_path": "advisories/ZDI-20-713", "id": "ZDI-20-713", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) NETGEAR R6700 httpd strtblupgrade Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-713/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9756", "zdi_id": "ZDI-20-713" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...", "detail_json": "/data/advisories/ZDI-20-712/advisory.json", "detail_path": "advisories/ZDI-20-712", "id": "ZDI-20-712", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) NETGEAR R6700 httpd Firmware Upload Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-712/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9703", "zdi_id": "ZDI-20-712" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The...", "detail_json": "/data/advisories/ZDI-20-711/advisory.json", "detail_path": "advisories/ZDI-20-711", "id": "ZDI-20-711", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) NETGEAR R6700 httpd Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-711/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9618", "zdi_id": "ZDI-20-711" }, { "cve": "CVE-2020-4216", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the...", "detail_json": "/data/advisories/ZDI-20-710/advisory.json", "detail_path": "advisories/ZDI-20-710", "id": "ZDI-20-710", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "IBM Spectrum Protect Plus Hardcoded Username And Password Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-710/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9751", "zdi_id": "ZDI-20-710" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file...", "detail_json": "/data/advisories/ZDI-20-709/advisory.json", "detail_path": "advisories/ZDI-20-709", "id": "ZDI-20-709", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) NETGEAR R6700 httpd strtblupgrade Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9768", "zdi_id": "ZDI-20-709" }, { "cve": null, "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file...", "detail_json": "/data/advisories/ZDI-20-708/advisory.json", "detail_path": "advisories/ZDI-20-708", "id": "ZDI-20-708", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) NETGEAR R6700 httpd strtblupgrade Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-708/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9767", "zdi_id": "ZDI-20-708" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update...", "detail_json": "/data/advisories/ZDI-20-707/advisory.json", "detail_path": "advisories/ZDI-20-707", "id": "ZDI-20-707", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) NETGEAR R6700 check_ra Use of a Broken or Risky Cryptographic Algorithm Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-707/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9649", "zdi_id": "ZDI-20-707" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates....", "detail_json": "/data/advisories/ZDI-20-706/advisory.json", "detail_path": "advisories/ZDI-20-706", "id": "ZDI-20-706", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) NETGEAR R6700 check_ra Download of Code Without Integrity Check Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-706/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9648", "zdi_id": "ZDI-20-706" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the do...", "detail_json": "/data/advisories/ZDI-20-705/advisory.json", "detail_path": "advisories/ZDI-20-705", "id": "ZDI-20-705", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) NETGEAR R6700 check_ra Improper Certificate Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9647", "zdi_id": "ZDI-20-705" }, { "cve": "CVE-2020-10924", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe...", "detail_json": "/data/advisories/ZDI-20-704/advisory.json", "detail_path": "advisories/ZDI-20-704", "id": "ZDI-20-704", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) NETGEAR R6700 UPnP NewBlockSiteName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-704/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9643", "zdi_id": "ZDI-20-704" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on...", "detail_json": "/data/advisories/ZDI-20-703/advisory.json", "detail_path": "advisories/ZDI-20-703", "id": "ZDI-20-703", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "(0Day) (Pwn2Own) NETGEAR R6700 UPnP SOAPAction Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-9642", "zdi_id": "ZDI-20-703" }, { "cve": "CVE-2020-7280", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of McAfee VirusScan Enterprise. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-20-702/advisory.json", "detail_path": "advisories/ZDI-20-702", "id": "ZDI-20-702", "kind": "published", "published_date": "2020-06-15", "status": "published", "title": "McAfee VirusScan Enterprise Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-702/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-10005", "zdi_id": "ZDI-20-702" }, { "cve": null, "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-701/advisory.json", "detail_path": "advisories/ZDI-20-701", "id": "ZDI-20-701", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "(0Day) (Pwn2Own) Apple macOS Quarantine Attribute Bypass Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-701/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10776", "zdi_id": "ZDI-20-701" }, { "cve": "CVE-2020-9634", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-700/advisory.json", "detail_path": "advisories/ZDI-20-700", "id": "ZDI-20-700", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Adobe FrameMaker GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-700/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10592", "zdi_id": "ZDI-20-700" }, { "cve": "CVE-2020-9635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-699/advisory.json", "detail_path": "advisories/ZDI-20-699", "id": "ZDI-20-699", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-699/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10576", "zdi_id": "ZDI-20-699" }, { "cve": "CVE-2020-1219", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-698/advisory.json", "detail_path": "advisories/ZDI-20-698", "id": "ZDI-20-698", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Chakra Intl Object Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-698/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10788", "zdi_id": "ZDI-20-698" }, { "cve": "CVE-2020-1239", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-697/advisory.json", "detail_path": "advisories/ZDI-20-697", "id": "ZDI-20-697", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Windows Media Player mpg2splt Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-697/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10681", "zdi_id": "ZDI-20-697" }, { "cve": "CVE-2020-1238", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-696/advisory.json", "detail_path": "advisories/ZDI-20-696", "id": "ZDI-20-696", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Windows Media Foundation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-696/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10693", "zdi_id": "ZDI-20-696" }, { "cve": "CVE-2020-1238", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-695/advisory.json", "detail_path": "advisories/ZDI-20-695", "id": "ZDI-20-695", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Windows Media Foundation Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-695/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10654", "zdi_id": "ZDI-20-695" }, { "cve": "CVE-2020-1181", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of Web Parts. When creating a...", "detail_json": "/data/advisories/ZDI-20-694/advisory.json", "detail_path": "advisories/ZDI-20-694", "id": "ZDI-20-694", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft SharePoint Server Web Part Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10589", "zdi_id": "ZDI-20-694" }, { "cve": "CVE-2020-1232", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-20-693/advisory.json", "detail_path": "advisories/ZDI-20-693", "id": "ZDI-20-693", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Windows Media Player DTS Stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-693/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10512", "zdi_id": "ZDI-20-693" }, { "cve": "CVE-2020-1207", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-692/advisory.json", "detail_path": "advisories/ZDI-20-692", "id": "ZDI-20-692", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "Microsoft Windows win32kfull PDEVOBJ Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-692/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10033", "zdi_id": "ZDI-20-692" }, { "cve": "CVE-2020-13818", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpmSkipFilter class. The issue...", "detail_json": "/data/advisories/ZDI-20-691/advisory.json", "detail_path": "advisories/ZDI-20-691", "id": "ZDI-20-691", "kind": "published", "published_date": "2020-06-09", "status": "published", "title": "ManageEngine OpManager OpmSkipFilter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-691/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-11127", "zdi_id": "ZDI-20-691" }, { "cve": "CVE-2020-4449", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue...", "detail_json": "/data/advisories/ZDI-20-690/advisory.json", "detail_path": "advisories/ZDI-20-690", "id": "ZDI-20-690", "kind": "published", "published_date": "2020-06-05", "status": "published", "title": "IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-690/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10756", "zdi_id": "ZDI-20-690" }, { "cve": "CVE-2020-4450", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results...", "detail_json": "/data/advisories/ZDI-20-689/advisory.json", "detail_path": "advisories/ZDI-20-689", "id": "ZDI-20-689", "kind": "published", "published_date": "2020-06-05", "status": "published", "title": "IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-689/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10749", "zdi_id": "ZDI-20-689" }, { "cve": "CVE-2020-4448", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BroadcastMessageManager class. The issue results...", "detail_json": "/data/advisories/ZDI-20-688/advisory.json", "detail_path": "advisories/ZDI-20-688", "id": "ZDI-20-688", "kind": "published", "published_date": "2020-06-05", "status": "published", "title": "IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2020-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-10732", "zdi_id": "ZDI-20-688" }, { "cve": "CVE-2020-12000", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of serialized data. The i...", "detail_json": "/data/advisories/ZDI-20-687/advisory.json", "detail_path": "advisories/ZDI-20-687", "id": "ZDI-20-687", "kind": "published", "published_date": "2020-06-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition ServerMessageHeader Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-687/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10278", "zdi_id": "ZDI-20-687" }, { "cve": "CVE-2020-10644", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of project diffs. The iss...", "detail_json": "/data/advisories/ZDI-20-686/advisory.json", "detail_path": "advisories/ZDI-20-686", "id": "ZDI-20-686", "kind": "published", "published_date": "2020-06-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition getDiffs Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-686/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10276", "zdi_id": "ZDI-20-686" }, { "cve": "CVE-2020-12004", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getDiffs method of the c...", "detail_json": "/data/advisories/ZDI-20-685/advisory.json", "detail_path": "advisories/ZDI-20-685", "id": "ZDI-20-685", "kind": "published", "published_date": "2020-06-01", "status": "published", "title": "(Pwn2Own) Inductive Automation Ignition getDiffs Missing Authentication for Critical Function Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-685/", "vendor": "Inductive Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10275", "zdi_id": "ZDI-20-685" }, { "cve": "CVE-2020-10917", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lac...", "detail_json": "/data/advisories/ZDI-20-684/advisory.json", "detail_path": "advisories/ZDI-20-684", "id": "ZDI-20-684", "kind": "published", "published_date": "2020-06-01", "status": "published", "title": "NEC ESMPRO Manager RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-684/", "vendor": "NEC", "vendor_url": null, "zdi_can": "ZDI-CAN-10007", "zdi_id": "ZDI-20-684" }, { "cve": "CVE-2020-9841", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-683/advisory.json", "detail_path": "advisories/ZDI-20-683", "id": "ZDI-20-683", "kind": "published", "published_date": "2020-05-28", "status": "published", "title": "Apple macOS SkyLight Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-683/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10077", "zdi_id": "ZDI-20-683" }, { "cve": "CVE-2020-9800", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-682/advisory.json", "detail_path": "advisories/ZDI-20-682", "id": "ZDI-20-682", "kind": "published", "published_date": "2020-05-28", "status": "published", "title": "Apple Safari HasIndexedProperty Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-682/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10504", "zdi_id": "ZDI-20-682" }, { "cve": "CVE-2020-9839", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-681/advisory.json", "detail_path": "advisories/ZDI-20-681", "id": "ZDI-20-681", "kind": "published", "published_date": "2020-05-28", "status": "published", "title": "(Pwn2Own) Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-681/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10777", "zdi_id": "ZDI-20-681" }, { "cve": "CVE-2020-9856", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-680/advisory.json", "detail_path": "advisories/ZDI-20-680", "id": "ZDI-20-680", "kind": "published", "published_date": "2020-05-28", "status": "published", "title": "(Pwn2Own) Apple macOS Core Virtual Machine Service Heap-based Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-680/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10775", "zdi_id": "ZDI-20-680" }, { "cve": "CVE-2020-9801", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-679/advisory.json", "detail_path": "advisories/ZDI-20-679", "id": "ZDI-20-679", "kind": "published", "published_date": "2020-05-28", "status": "published", "title": "(Pwn2Own) Apple Safari Symbolic Link Arbitrary Application Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-679/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10774", "zdi_id": "ZDI-20-679" }, { "cve": "CVE-2020-8604", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the A...", "detail_json": "/data/advisories/ZDI-20-678/advisory.json", "detail_path": "advisories/ZDI-20-678", "id": "ZDI-20-678", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability", "updated_date": "2020-05-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-678/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10329", "zdi_id": "ZDI-20-678" }, { "cve": "CVE-2020-8606", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. The specific flaw exists within the Apache Solr application. The issue results from the lack of proper imple...", "detail_json": "/data/advisories/ZDI-20-677/advisory.json", "detail_path": "advisories/ZDI-20-677", "id": "ZDI-20-677", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass Vulnerability", "updated_date": "2020-05-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10117", "zdi_id": "ZDI-20-677" }, { "cve": "CVE-2020-8605", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the LogSettingHan...", "detail_json": "/data/advisories/ZDI-20-676/advisory.json", "detail_path": "advisories/ZDI-20-676", "id": "ZDI-20-676", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-05-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-676/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10095", "zdi_id": "ZDI-20-676" }, { "cve": "CVE-2020-8603", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to tamper with the web interface of affected installations of Trend Micro InterScan Web Security Virtual Appliance. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-20-675/advisory.json", "detail_path": "advisories/ZDI-20-675", "id": "ZDI-20-675", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability", "updated_date": "2020-05-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-675/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10088", "zdi_id": "ZDI-20-675" }, { "cve": "CVE-2020-9815", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...", "detail_json": "/data/advisories/ZDI-20-674/advisory.json", "detail_path": "advisories/ZDI-20-674", "id": "ZDI-20-674", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-674/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10652", "zdi_id": "ZDI-20-674" }, { "cve": "CVE-2020-9816", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-20-673/advisory.json", "detail_path": "advisories/ZDI-20-673", "id": "ZDI-20-673", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Apple macOS libFontParser Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-673/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10651", "zdi_id": "ZDI-20-673" }, { "cve": "CVE-2020-9850", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-672/advisory.json", "detail_path": "advisories/ZDI-20-672", "id": "ZDI-20-672", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "(Pwn2Own) Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-672/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10773", "zdi_id": "ZDI-20-672" }, { "cve": "CVE-2020-9791", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-671/advisory.json", "detail_path": "advisories/ZDI-20-671", "id": "ZDI-20-671", "kind": "published", "published_date": "2020-05-27", "status": "published", "title": "Apple macOS AudioToolboxCore AIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-671/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-10581", "zdi_id": "ZDI-20-671" }, { "cve": "CVE-2020-9617", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-670/advisory.json", "detail_path": "advisories/ZDI-20-670", "id": "ZDI-20-670", "kind": "published", "published_date": "2020-05-25", "status": "published", "title": "Adobe Premiere Rush MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-670/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10871", "zdi_id": "ZDI-20-670" }, { "cve": "CVE-2020-9616", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-669/advisory.json", "detail_path": "advisories/ZDI-20-669", "id": "ZDI-20-669", "kind": "published", "published_date": "2020-05-25", "status": "published", "title": "Adobe Premiere Pro MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-669/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10867", "zdi_id": "ZDI-20-669" }, { "cve": "CVE-2020-9586", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-668/advisory.json", "detail_path": "advisories/ZDI-20-668", "id": "ZDI-20-668", "kind": "published", "published_date": "2020-05-25", "status": "published", "title": "Adobe Character Animator EPS BoundingBox Element Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-668/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10879", "zdi_id": "ZDI-20-668" }, { "cve": "CVE-2020-9618", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-20-667/advisory.json", "detail_path": "advisories/ZDI-20-667", "id": "ZDI-20-667", "kind": "published", "published_date": "2020-05-25", "status": "published", "title": "Adobe Audition MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-667/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10855", "zdi_id": "ZDI-20-667" }, { "cve": null, "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-666/advisory.json", "detail_path": "advisories/ZDI-20-666", "id": "ZDI-20-666", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "(0Day) Microsoft Windows WLAN Connection Profile Missing Authentication Privilege Escalation Vulnerability", "updated_date": "2020-07-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-666/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10037", "zdi_id": "ZDI-20-666" }, { "cve": "CVE-2020-0916", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-665/advisory.json", "detail_path": "advisories/ZDI-20-665", "id": "ZDI-20-665", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-665/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10016", "zdi_id": "ZDI-20-665" }, { "cve": "CVE-2020-0915", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-664/advisory.json", "detail_path": "advisories/ZDI-20-664", "id": "ZDI-20-664", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-664/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10012", "zdi_id": "ZDI-20-664" }, { "cve": "CVE-2020-0986", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-663/advisory.json", "detail_path": "advisories/ZDI-20-663", "id": "ZDI-20-663", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-663/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9851", "zdi_id": "ZDI-20-663" }, { "cve": "CVE-2020-0915", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-662/advisory.json", "detail_path": "advisories/ZDI-20-662", "id": "ZDI-20-662", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-662/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10014", "zdi_id": "ZDI-20-662" }, { "cve": "CVE-2020-7455", "cvss": 4.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of FreeBSD Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results fro...", "detail_json": "/data/advisories/ZDI-20-661/advisory.json", "detail_path": "advisories/ZDI-20-661", "id": "ZDI-20-661", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "FreeBSD Kernel NAT Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-661/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-10850", "zdi_id": "ZDI-20-661" }, { "cve": "CVE-2020-7454", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from t...", "detail_json": "/data/advisories/ZDI-20-660/advisory.json", "detail_path": "advisories/ZDI-20-660", "id": "ZDI-20-660", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-660/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-10849", "zdi_id": "ZDI-20-660" }, { "cve": "CVE-2020-7454", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from t...", "detail_json": "/data/advisories/ZDI-20-659/advisory.json", "detail_path": "advisories/ZDI-20-659", "id": "ZDI-20-659", "kind": "published", "published_date": "2020-05-19", "status": "published", "title": "FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-659/", "vendor": "FreeBSD", "vendor_url": null, "zdi_can": "ZDI-CAN-10624", "zdi_id": "ZDI-20-659" }, { "cve": "CVE-2020-7493", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerablity allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-20-658/advisory.json", "detail_path": "advisories/ZDI-20-658", "id": "ZDI-20-658", "kind": "published", "published_date": "2020-05-14", "status": "published", "title": "Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-658/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10287", "zdi_id": "ZDI-20-658" }, { "cve": "CVE-2020-7495", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...", "detail_json": "/data/advisories/ZDI-20-657/advisory.json", "detail_path": "advisories/ZDI-20-657", "id": "ZDI-20-657", "kind": "published", "published_date": "2020-05-14", "status": "published", "title": "(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert ZIP Path Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-657/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10280", "zdi_id": "ZDI-20-657" }, { "cve": "CVE-2020-7494", "cvss": 7.8, "cvss_vector": null, "description_snippet": "The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...", "detail_json": "/data/advisories/ZDI-20-656/advisory.json", "detail_path": "advisories/ZDI-20-656", "id": "ZDI-20-656", "kind": "published", "published_date": "2020-05-14", "status": "published", "title": "(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-656/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10279", "zdi_id": "ZDI-20-656" }, { "cve": "CVE-2020-12019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-655/advisory.json", "detail_path": "advisories/ZDI-20-655", "id": "ZDI-20-655", "kind": "published", "published_date": "2020-05-14", "status": "published", "title": "(0Day) Advantech WebAccess Node Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-655/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10017", "zdi_id": "ZDI-20-655" }, { "cve": "CVE-2020-12019", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within DATACORE.exe. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-654/advisory.json", "detail_path": "advisories/ZDI-20-654", "id": "ZDI-20-654", "kind": "published", "published_date": "2020-05-14", "status": "published", "title": "(0Day) Advantech WebAccess Node DATACORE Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-654/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9779", "zdi_id": "ZDI-20-654" }, { "cve": "CVE-2020-9612", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-653/advisory.json", "detail_path": "advisories/ZDI-20-653", "id": "ZDI-20-653", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-653/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10822", "zdi_id": "ZDI-20-653" }, { "cve": "CVE-2020-9597", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-652/advisory.json", "detail_path": "advisories/ZDI-20-652", "id": "ZDI-20-652", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Adobe Acrobat Reader DC JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-652/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10106", "zdi_id": "ZDI-20-652" }, { "cve": "CVE-2020-9606", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-651/advisory.json", "detail_path": "advisories/ZDI-20-651", "id": "ZDI-20-651", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "(Pwn2Own) Adobe Acrobat Reader DC Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-651/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10784", "zdi_id": "ZDI-20-651" }, { "cve": "CVE-2020-6652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Eaton Intelligent Power Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the mc2 binary. The issue results from th...", "detail_json": "/data/advisories/ZDI-20-650/advisory.json", "detail_path": "advisories/ZDI-20-650", "id": "ZDI-20-650", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Eaton Intelligent Power Manager mc2 Incorrect Privilege Assignment Privilege Escalation Vulnerability", "updated_date": "2020-05-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-650/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-11085", "zdi_id": "ZDI-20-650" }, { "cve": "CVE-2020-6651", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton Intelligent Power Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within system_srv.js. The issue results from...", "detail_json": "/data/advisories/ZDI-20-649/advisory.json", "detail_path": "advisories/ZDI-20-649", "id": "ZDI-20-649", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Eaton Intelligent Power Manager mc2 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-649/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-9854", "zdi_id": "ZDI-20-649" }, { "cve": "CVE-2020-1102", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to i...", "detail_json": "/data/advisories/ZDI-20-648/advisory.json", "detail_path": "advisories/ZDI-20-648", "id": "ZDI-20-648", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft SharePoint Shared Forms Incomplete Blacklist Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-648/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10124", "zdi_id": "ZDI-20-648" }, { "cve": "CVE-2020-0987", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-647/advisory.json", "detail_path": "advisories/ZDI-20-647", "id": "ZDI-20-647", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows EMF EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-647/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10743", "zdi_id": "ZDI-20-647" }, { "cve": "CVE-2020-1135", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-646/advisory.json", "detail_path": "advisories/ZDI-20-646", "id": "ZDI-20-646", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectComposition SetReferenceArrayProperty Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-646/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10785", "zdi_id": "ZDI-20-646" }, { "cve": "CVE-2020-1062", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-645/advisory.json", "detail_path": "advisories/ZDI-20-645", "id": "ZDI-20-645", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Internet Explorer JScript Garbage Collection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10397", "zdi_id": "ZDI-20-645" }, { "cve": "CVE-2020-1126", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-644/advisory.json", "detail_path": "advisories/ZDI-20-644", "id": "ZDI-20-644", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-644/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10566", "zdi_id": "ZDI-20-644" }, { "cve": "CVE-2020-1126", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-643/advisory.json", "detail_path": "advisories/ZDI-20-643", "id": "ZDI-20-643", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-643/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10569", "zdi_id": "ZDI-20-643" }, { "cve": "CVE-2020-1028", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-642/advisory.json", "detail_path": "advisories/ZDI-20-642", "id": "ZDI-20-642", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows Media Player HEVC Stream Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-642/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10516", "zdi_id": "ZDI-20-642" }, { "cve": "CVE-2020-1096", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-641/advisory.json", "detail_path": "advisories/ZDI-20-641", "id": "ZDI-20-641", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows PDF Library DirectWrite Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-641/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10381", "zdi_id": "ZDI-20-641" }, { "cve": "CVE-2020-1051", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-640/advisory.json", "detail_path": "advisories/ZDI-20-640", "id": "ZDI-20-640", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-640/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10039", "zdi_id": "ZDI-20-640" }, { "cve": "CVE-2020-1150", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-639/advisory.json", "detail_path": "advisories/ZDI-20-639", "id": "ZDI-20-639", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Internet Explorer CWMPErrorDlg Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10103", "zdi_id": "ZDI-20-639" }, { "cve": "CVE-2020-1176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-638/advisory.json", "detail_path": "advisories/ZDI-20-638", "id": "ZDI-20-638", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-638/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10064", "zdi_id": "ZDI-20-638" }, { "cve": "CVE-2020-1174", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-637/advisory.json", "detail_path": "advisories/ZDI-20-637", "id": "ZDI-20-637", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-637/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10056", "zdi_id": "ZDI-20-637" }, { "cve": "CVE-2020-1175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-636/advisory.json", "detail_path": "advisories/ZDI-20-636", "id": "ZDI-20-636", "kind": "published", "published_date": "2020-05-12", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-636/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10060", "zdi_id": "ZDI-20-636" }, { "cve": "CVE-2020-10638", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwBacNetJ driver. The issue results...", "detail_json": "/data/advisories/ZDI-20-635/advisory.json", "detail_path": "advisories/ZDI-20-635", "id": "ZDI-20-635", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwBacNetJ Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-635/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10026", "zdi_id": "ZDI-20-635" }, { "cve": "CVE-2020-12002", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwBacNetJ driver. The issue results...", "detail_json": "/data/advisories/ZDI-20-634/advisory.json", "detail_path": "advisories/ZDI-20-634", "id": "ZDI-20-634", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-634/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10080", "zdi_id": "ZDI-20-634" }, { "cve": "CVE-2020-12002", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwBacNetJ driver. The issue results...", "detail_json": "/data/advisories/ZDI-20-633/advisory.json", "detail_path": "advisories/ZDI-20-633", "id": "ZDI-20-633", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-633/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10079", "zdi_id": "ZDI-20-633" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwscrp.exe when invoked via IOCTL 0x2711. The...", "detail_json": "/data/advisories/ZDI-20-632/advisory.json", "detail_path": "advisories/ZDI-20-632", "id": "ZDI-20-632", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess IOCTL 0x2711 bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-632/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10325", "zdi_id": "ZDI-20-632" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x00013c80 in Bw...", "detail_json": "/data/advisories/ZDI-20-631/advisory.json", "detail_path": "advisories/ZDI-20-631", "id": "ZDI-20-631", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c80 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-631/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9892", "zdi_id": "ZDI-20-631" }, { "cve": "CVE-2020-12018", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00...", "detail_json": "/data/advisories/ZDI-20-630/advisory.json", "detail_path": "advisories/ZDI-20-630", "id": "ZDI-20-630", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-630/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9896", "zdi_id": "ZDI-20-630" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x5217 in dataco...", "detail_json": "/data/advisories/ZDI-20-629/advisory.json", "detail_path": "advisories/ZDI-20-629", "id": "ZDI-20-629", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x5217 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-629/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9940", "zdi_id": "ZDI-20-629" }, { "cve": "CVE-2020-12018", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00...", "detail_json": "/data/advisories/ZDI-20-628/advisory.json", "detail_path": "advisories/ZDI-20-628", "id": "ZDI-20-628", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-628/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9903", "zdi_id": "ZDI-20-628" }, { "cve": "CVE-2020-12026", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000277d...", "detail_json": "/data/advisories/ZDI-20-627/advisory.json", "detail_path": "advisories/ZDI-20-627", "id": "ZDI-20-627", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x0000277d Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-627/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9899", "zdi_id": "ZDI-20-627" }, { "cve": "CVE-2020-12026", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000277d...", "detail_json": "/data/advisories/ZDI-20-626/advisory.json", "detail_path": "advisories/ZDI-20-626", "id": "ZDI-20-626", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x0000277d Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-626/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9907", "zdi_id": "ZDI-20-626" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyntecUA device driver. The issue re...", "detail_json": "/data/advisories/ZDI-20-625/advisory.json", "detail_path": "advisories/ZDI-20-625", "id": "ZDI-20-625", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA SyntecUA Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-625/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10339", "zdi_id": "ZDI-20-625" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OPCUA device driver. The issue resul...", "detail_json": "/data/advisories/ZDI-20-624/advisory.json", "detail_path": "advisories/ZDI-20-624", "id": "ZDI-20-624", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA OPCUA Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-624/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10338", "zdi_id": "ZDI-20-624" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ModDuDrv device driver. The issue re...", "detail_json": "/data/advisories/ZDI-20-623/advisory.json", "detail_path": "advisories/ZDI-20-623", "id": "ZDI-20-623", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ModDuDrv Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-623/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10337", "zdi_id": "ZDI-20-623" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GpsET200 device driver. The issue re...", "detail_json": "/data/advisories/ZDI-20-622/advisory.json", "detail_path": "advisories/ZDI-20-622", "id": "ZDI-20-622", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA GpsET200 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-622/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10086", "zdi_id": "ZDI-20-622" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwTCPIP device driver. The issue res...", "detail_json": "/data/advisories/ZDI-20-621/advisory.json", "detail_path": "advisories/ZDI-20-621", "id": "ZDI-20-621", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwTCPIP Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-621/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10085", "zdi_id": "ZDI-20-621" }, { "cve": "CVE-2020-10638", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwTCPIP device driver. The issue res...", "detail_json": "/data/advisories/ZDI-20-620/advisory.json", "detail_path": "advisories/ZDI-20-620", "id": "ZDI-20-620", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwTCPIP Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-620/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10081", "zdi_id": "ZDI-20-620" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwBacNetJ device driver. The issue r...", "detail_json": "/data/advisories/ZDI-20-619/advisory.json", "detail_path": "advisories/ZDI-20-619", "id": "ZDI-20-619", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BacNetDrvJ Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-619/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10025", "zdi_id": "ZDI-20-619" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x00013c84 in Bw...", "detail_json": "/data/advisories/ZDI-20-618/advisory.json", "detail_path": "advisories/ZDI-20-618", "id": "ZDI-20-618", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c84 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-618/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9891", "zdi_id": "ZDI-20-618" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00013c7b i...", "detail_json": "/data/advisories/ZDI-20-617/advisory.json", "detail_path": "advisories/ZDI-20-617", "id": "ZDI-20-617", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c7b Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-617/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9890", "zdi_id": "ZDI-20-617" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x00013c77 in Bw...", "detail_json": "/data/advisories/ZDI-20-616/advisory.json", "detail_path": "advisories/ZDI-20-616", "id": "ZDI-20-616", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c77 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-616/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9889", "zdi_id": "ZDI-20-616" }, { "cve": "CVE-2020-12014", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00...", "detail_json": "/data/advisories/ZDI-20-615/advisory.json", "detail_path": "advisories/ZDI-20-615", "id": "ZDI-20-615", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c76 IOCTL 0x00013c77 SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-615/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9884", "zdi_id": "ZDI-20-615" }, { "cve": "CVE-2020-12014", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00...", "detail_json": "/data/advisories/ZDI-20-614/advisory.json", "detail_path": "advisories/ZDI-20-614", "id": "ZDI-20-614", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c74 IOCTL 0x00013c75 SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-614/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9883", "zdi_id": "ZDI-20-614" }, { "cve": "CVE-2020-12014", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00...", "detail_json": "/data/advisories/ZDI-20-613/advisory.json", "detail_path": "advisories/ZDI-20-613", "id": "ZDI-20-613", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c71 SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-613/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9882", "zdi_id": "ZDI-20-613" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x5218 in dataco...", "detail_json": "/data/advisories/ZDI-20-612/advisory.json", "detail_path": "advisories/ZDI-20-612", "id": "ZDI-20-612", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x5218 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-612/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9948", "zdi_id": "ZDI-20-612" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x521B in dataco...", "detail_json": "/data/advisories/ZDI-20-611/advisory.json", "detail_path": "advisories/ZDI-20-611", "id": "ZDI-20-611", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x521B Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-611/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9947", "zdi_id": "ZDI-20-611" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x520B in dataco...", "detail_json": "/data/advisories/ZDI-20-610/advisory.json", "detail_path": "advisories/ZDI-20-610", "id": "ZDI-20-610", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x520B Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-610/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9941", "zdi_id": "ZDI-20-610" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x5213 in dataco...", "detail_json": "/data/advisories/ZDI-20-609/advisory.json", "detail_path": "advisories/ZDI-20-609", "id": "ZDI-20-609", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x5213 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-609/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9939", "zdi_id": "ZDI-20-609" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x5208 in dataco...", "detail_json": "/data/advisories/ZDI-20-608/advisory.json", "detail_path": "advisories/ZDI-20-608", "id": "ZDI-20-608", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x5208 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-608/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9938", "zdi_id": "ZDI-20-608" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x5209 in dataco...", "detail_json": "/data/advisories/ZDI-20-607/advisory.json", "detail_path": "advisories/ZDI-20-607", "id": "ZDI-20-607", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x5209 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-607/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9936", "zdi_id": "ZDI-20-607" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x520B in dataco...", "detail_json": "/data/advisories/ZDI-20-606/advisory.json", "detail_path": "advisories/ZDI-20-606", "id": "ZDI-20-606", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x520B Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-606/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9935", "zdi_id": "ZDI-20-606" }, { "cve": "CVE-2020-12006", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002711 i...", "detail_json": "/data/advisories/ZDI-20-605/advisory.json", "detail_path": "advisories/ZDI-20-605", "id": "ZDI-20-605", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002711 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-605/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9901", "zdi_id": "ZDI-20-605" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002774 i...", "detail_json": "/data/advisories/ZDI-20-604/advisory.json", "detail_path": "advisories/ZDI-20-604", "id": "ZDI-20-604", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002774 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-604/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9898", "zdi_id": "ZDI-20-604" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002723 i...", "detail_json": "/data/advisories/ZDI-20-603/advisory.json", "detail_path": "advisories/ZDI-20-603", "id": "ZDI-20-603", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002723 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-603/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9897", "zdi_id": "ZDI-20-603" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002775 i...", "detail_json": "/data/advisories/ZDI-20-602/advisory.json", "detail_path": "advisories/ZDI-20-602", "id": "ZDI-20-602", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002775 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-602/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9895", "zdi_id": "ZDI-20-602" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791d i...", "detail_json": "/data/advisories/ZDI-20-601/advisory.json", "detail_path": "advisories/ZDI-20-601", "id": "ZDI-20-601", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791d Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-601/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9998", "zdi_id": "ZDI-20-601" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791e i...", "detail_json": "/data/advisories/ZDI-20-600/advisory.json", "detail_path": "advisories/ZDI-20-600", "id": "ZDI-20-600", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791e Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-600/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9997", "zdi_id": "ZDI-20-600" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791c i...", "detail_json": "/data/advisories/ZDI-20-599/advisory.json", "detail_path": "advisories/ZDI-20-599", "id": "ZDI-20-599", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791c Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-599/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9994", "zdi_id": "ZDI-20-599" }, { "cve": "CVE-2020-12022", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000521e i...", "detail_json": "/data/advisories/ZDI-20-598/advisory.json", "detail_path": "advisories/ZDI-20-598", "id": "ZDI-20-598", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000521e Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-598/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9988", "zdi_id": "ZDI-20-598" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00005226 i...", "detail_json": "/data/advisories/ZDI-20-597/advisory.json", "detail_path": "advisories/ZDI-20-597", "id": "ZDI-20-597", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x00005226 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-597/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9985", "zdi_id": "ZDI-20-597" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002775 i...", "detail_json": "/data/advisories/ZDI-20-596/advisory.json", "detail_path": "advisories/ZDI-20-596", "id": "ZDI-20-596", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002775 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-596/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9908", "zdi_id": "ZDI-20-596" }, { "cve": "CVE-2020-12006", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002711 i...", "detail_json": "/data/advisories/ZDI-20-595/advisory.json", "detail_path": "advisories/ZDI-20-595", "id": "ZDI-20-595", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002711 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-595/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9905", "zdi_id": "ZDI-20-595" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002774 i...", "detail_json": "/data/advisories/ZDI-20-594/advisory.json", "detail_path": "advisories/ZDI-20-594", "id": "ZDI-20-594", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002774 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-594/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9904", "zdi_id": "ZDI-20-594" }, { "cve": "CVE-2020-10638", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002723 i...", "detail_json": "/data/advisories/ZDI-20-593/advisory.json", "detail_path": "advisories/ZDI-20-593", "id": "ZDI-20-593", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002723 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-593/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9902", "zdi_id": "ZDI-20-593" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00005227 i...", "detail_json": "/data/advisories/ZDI-20-592/advisory.json", "detail_path": "advisories/ZDI-20-592", "id": "ZDI-20-592", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x00005227 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-592/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9906", "zdi_id": "ZDI-20-592" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791e...", "detail_json": "/data/advisories/ZDI-20-591/advisory.json", "detail_path": "advisories/ZDI-20-591", "id": "ZDI-20-591", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791e Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-591/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9996", "zdi_id": "ZDI-20-591" }, { "cve": "CVE-2020-12002", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00005241 i...", "detail_json": "/data/advisories/ZDI-20-590/advisory.json", "detail_path": "advisories/ZDI-20-590", "id": "ZDI-20-590", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x00005241 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-590/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9987", "zdi_id": "ZDI-20-590" }, { "cve": "CVE-2020-12006", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791e...", "detail_json": "/data/advisories/ZDI-20-589/advisory.json", "detail_path": "advisories/ZDI-20-589", "id": "ZDI-20-589", "kind": "published", "published_date": "2020-05-08", "status": "published", "title": "Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791e Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-589/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9995", "zdi_id": "ZDI-20-589" }, { "cve": "CVE-2020-10626", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vul...", "detail_json": "/data/advisories/ZDI-20-588/advisory.json", "detail_path": "advisories/ZDI-20-588", "id": "ZDI-20-588", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Schneider Electric EcoStruxure IT Gateway Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-588/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10377", "zdi_id": "ZDI-20-588" }, { "cve": "CVE-2020-3915", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-587/advisory.json", "detail_path": "advisories/ZDI-20-587", "id": "ZDI-20-587", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Apple macOS printtool Daemon Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-587/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9859", "zdi_id": "ZDI-20-587" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trading Technologies X_TRADER. Authentication is not required to exploit this vulnerability. The specific flaw exists within the messaging daemon. The issue resu...", "detail_json": "/data/advisories/ZDI-20-586/advisory.json", "detail_path": "advisories/ZDI-20-586", "id": "ZDI-20-586", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Trading Technologies X_TRADER remove_park Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-586/", "vendor": "Trading Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-9973", "zdi_id": "ZDI-20-586" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trading Technologies X_TRADER. Authentication is not required to exploit this vulnerability. The specific flaw exists within the messaging daemon. The issue resu...", "detail_json": "/data/advisories/ZDI-20-585/advisory.json", "detail_path": "advisories/ZDI-20-585", "id": "ZDI-20-585", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Trading Technologies X_TRADER disconnect_proxy_site Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-585/", "vendor": "Trading Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-9972", "zdi_id": "ZDI-20-585" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trading Technologies X_TRADER. Authentication is not required to exploit this vulnerability. The specific flaw exists within the messaging daemon. The issue resu...", "detail_json": "/data/advisories/ZDI-20-584/advisory.json", "detail_path": "advisories/ZDI-20-584", "id": "ZDI-20-584", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Trading Technologies X_TRADER block_proxy_site Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-584/", "vendor": "Trading Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-9971", "zdi_id": "ZDI-20-584" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trading Technologies X_TRADER. Authentication is not required to exploit this vulnerability. The specific flaw exists within the messaging daemon. The issue resu...", "detail_json": "/data/advisories/ZDI-20-583/advisory.json", "detail_path": "advisories/ZDI-20-583", "id": "ZDI-20-583", "kind": "published", "published_date": "2020-05-06", "status": "published", "title": "Trading Technologies X_TRADER unblock_proxy_site Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-583/", "vendor": "Trading Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-9970", "zdi_id": "ZDI-20-583" }, { "cve": "CVE-2020-2575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-582/advisory.json", "detail_path": "advisories/ZDI-20-582", "id": "ZDI-20-582", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI Uninitialized Variable Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-582/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10783", "zdi_id": "ZDI-20-582" }, { "cve": "CVE-2020-2894", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-581/advisory.json", "detail_path": "advisories/ZDI-20-581", "id": "ZDI-20-581", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox E1000 IP Checksum Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10782", "zdi_id": "ZDI-20-581" }, { "cve": "CVE-2020-9568", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-580/advisory.json", "detail_path": "advisories/ZDI-20-580", "id": "ZDI-20-580", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "Adobe Bridge DCM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-580/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10035", "zdi_id": "ZDI-20-580" }, { "cve": "CVE-2020-3765", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-579/advisory.json", "detail_path": "advisories/ZDI-20-579", "id": "ZDI-20-579", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-07-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-579/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10090", "zdi_id": "ZDI-20-579" }, { "cve": "CVE-2020-0744", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-578/advisory.json", "detail_path": "advisories/ZDI-20-578", "id": "ZDI-20-578", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "Microsoft Windows user32 DIB Scaling Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-578/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10402", "zdi_id": "ZDI-20-578" }, { "cve": "CVE-2020-10622", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-577/advisory.json", "detail_path": "advisories/ZDI-20-577", "id": "ZDI-20-577", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-577/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10321", "zdi_id": "ZDI-20-577" }, { "cve": "CVE-2020-10622", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-576/advisory.json", "detail_path": "advisories/ZDI-20-576", "id": "ZDI-20-576", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-576/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10320", "zdi_id": "ZDI-20-576" }, { "cve": "CVE-2020-10618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-575/advisory.json", "detail_path": "advisories/ZDI-20-575", "id": "ZDI-20-575", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-575/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10319", "zdi_id": "ZDI-20-575" }, { "cve": "CVE-2020-10618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-574/advisory.json", "detail_path": "advisories/ZDI-20-574", "id": "ZDI-20-574", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-574/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10316", "zdi_id": "ZDI-20-574" }, { "cve": "CVE-2020-10618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-573/advisory.json", "detail_path": "advisories/ZDI-20-573", "id": "ZDI-20-573", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-573/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10197", "zdi_id": "ZDI-20-573" }, { "cve": "CVE-2020-10618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-572/advisory.json", "detail_path": "advisories/ZDI-20-572", "id": "ZDI-20-572", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-572/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10318", "zdi_id": "ZDI-20-572" }, { "cve": "CVE-2020-10618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-571/advisory.json", "detail_path": "advisories/ZDI-20-571", "id": "ZDI-20-571", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-571/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-10317", "zdi_id": "ZDI-20-571" }, { "cve": "CVE-2020-2883", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Oracle Coherence library. The issue results fr...", "detail_json": "/data/advisories/ZDI-20-570/advisory.json", "detail_path": "advisories/ZDI-20-570", "id": "ZDI-20-570", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-570/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10492", "zdi_id": "ZDI-20-570" }, { "cve": "CVE-2020-9553", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-569/advisory.json", "detail_path": "advisories/ZDI-20-569", "id": "ZDI-20-569", "kind": "published", "published_date": "2020-04-30", "status": "published", "title": "Adobe Bridge TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10018", "zdi_id": "ZDI-20-569" }, { "cve": "CVE-2020-9565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-568/advisory.json", "detail_path": "advisories/ZDI-20-568", "id": "ZDI-20-568", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript callothersubr Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10048", "zdi_id": "ZDI-20-568" }, { "cve": "CVE-2020-9567", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-567/advisory.json", "detail_path": "advisories/ZDI-20-567", "id": "ZDI-20-567", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge TTF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-567/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10066", "zdi_id": "ZDI-20-567" }, { "cve": "CVE-2020-9554", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-566/advisory.json", "detail_path": "advisories/ZDI-20-566", "id": "ZDI-20-566", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-566/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10067", "zdi_id": "ZDI-20-566" }, { "cve": "CVE-2020-9555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-565/advisory.json", "detail_path": "advisories/ZDI-20-565", "id": "ZDI-20-565", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge EPS BoundingBox Element Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-565/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10052", "zdi_id": "ZDI-20-565" }, { "cve": "CVE-2020-9556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-564/advisory.json", "detail_path": "advisories/ZDI-20-564", "id": "ZDI-20-564", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript put Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10049", "zdi_id": "ZDI-20-564" }, { "cve": "CVE-2020-9557", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-563/advisory.json", "detail_path": "advisories/ZDI-20-563", "id": "ZDI-20-563", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript blend Command Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-563/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10040", "zdi_id": "ZDI-20-563" }, { "cve": "CVE-2020-9558", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-562/advisory.json", "detail_path": "advisories/ZDI-20-562", "id": "ZDI-20-562", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-562/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10041", "zdi_id": "ZDI-20-562" }, { "cve": "CVE-2020-9560", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-561/advisory.json", "detail_path": "advisories/ZDI-20-561", "id": "ZDI-20-561", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript drop Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-561/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10042", "zdi_id": "ZDI-20-561" }, { "cve": "CVE-2020-9559", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-560/advisory.json", "detail_path": "advisories/ZDI-20-560", "id": "ZDI-20-560", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript load Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-560/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10043", "zdi_id": "ZDI-20-560" }, { "cve": "CVE-2020-9561", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-559/advisory.json", "detail_path": "advisories/ZDI-20-559", "id": "ZDI-20-559", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript callothersubr Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-559/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10044", "zdi_id": "ZDI-20-559" }, { "cve": "CVE-2020-9562", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-558/advisory.json", "detail_path": "advisories/ZDI-20-558", "id": "ZDI-20-558", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-558/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10045", "zdi_id": "ZDI-20-558" }, { "cve": "CVE-2020-9563", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-557/advisory.json", "detail_path": "advisories/ZDI-20-557", "id": "ZDI-20-557", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript CharString Directory Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-557/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10046", "zdi_id": "ZDI-20-557" }, { "cve": "CVE-2020-9564", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-556/advisory.json", "detail_path": "advisories/ZDI-20-556", "id": "ZDI-20-556", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript hsbw Command Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-556/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10047", "zdi_id": "ZDI-20-556" }, { "cve": "CVE-2020-9569", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-555/advisory.json", "detail_path": "advisories/ZDI-20-555", "id": "ZDI-20-555", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-555/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10109", "zdi_id": "ZDI-20-555" }, { "cve": "CVE-2020-9566", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-554/advisory.json", "detail_path": "advisories/ZDI-20-554", "id": "ZDI-20-554", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "Adobe Bridge PostScript File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-554/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10094", "zdi_id": "ZDI-20-554" }, { "cve": "CVE-2020-10916", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-553/advisory.json", "detail_path": "advisories/ZDI-20-553", "id": "ZDI-20-553", "kind": "published", "published_date": "2020-04-28", "status": "published", "title": "TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-553/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10003", "zdi_id": "ZDI-20-553" }, { "cve": "CVE-2020-0744", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-552/advisory.json", "detail_path": "advisories/ZDI-20-552", "id": "ZDI-20-552", "kind": "published", "published_date": "2020-04-23", "status": "published", "title": "Microsoft Windows gdi32full StretchDIBitsImpl Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-552/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10378", "zdi_id": "ZDI-20-552" }, { "cve": "CVE-2020-2911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-551/advisory.json", "detail_path": "advisories/ZDI-20-551", "id": "ZDI-20-551", "kind": "published", "published_date": "2020-04-20", "status": "published", "title": "Oracle VirtualBox vmsvga3dSetLightData Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-551/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10410", "zdi_id": "ZDI-20-551" }, { "cve": "CVE-2020-2701", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-550/advisory.json", "detail_path": "advisories/ZDI-20-550", "id": "ZDI-20-550", "kind": "published", "published_date": "2020-04-20", "status": "published", "title": "Oracle VirtualBox xHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-550/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10096", "zdi_id": "ZDI-20-550" }, { "cve": "CVE-2020-10611", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set el...", "detail_json": "/data/advisories/ZDI-20-549/advisory.json", "detail_path": "advisories/ZDI-20-549", "id": "ZDI-20-549", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-549/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-10301", "zdi_id": "ZDI-20-549" }, { "cve": "CVE-2020-10613", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of data...", "detail_json": "/data/advisories/ZDI-20-548/advisory.json", "detail_path": "advisories/ZDI-20-548", "id": "ZDI-20-548", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-548/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-10300", "zdi_id": "ZDI-20-548" }, { "cve": "CVE-2020-10615", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle Microworks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of opcodes for G...", "detail_json": "/data/advisories/ZDI-20-547/advisory.json", "detail_path": "advisories/ZDI-20-547", "id": "ZDI-20-547", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "(Pwn2Own) Triangle Microworks SCADA Data Gateway DNP3 GET_FILE_INFO Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2020-04-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-547/", "vendor": "Triangle MicroWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-10266", "zdi_id": "ZDI-20-547" }, { "cve": "CVE-2020-10915", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the l...", "detail_json": "/data/advisories/ZDI-20-546/advisory.json", "detail_path": "advisories/ZDI-20-546", "id": "ZDI-20-546", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Veeam ONE HandshakeResult Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2020-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-546/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-10401", "zdi_id": "ZDI-20-546" }, { "cve": "CVE-2020-10914", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the...", "detail_json": "/data/advisories/ZDI-20-545/advisory.json", "detail_path": "advisories/ZDI-20-545", "id": "ZDI-20-545", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Veeam ONE PerformHandshake Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2020-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-545/", "vendor": "Veeam", "vendor_url": null, "zdi_can": "ZDI-CAN-10400", "zdi_id": "ZDI-20-545" }, { "cve": "CVE-2020-3249", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveWindowsNetworkConfig method. The iss...", "detail_json": "/data/advisories/ZDI-20-544/advisory.json", "detail_path": "advisories/ZDI-20-544", "id": "ZDI-20-544", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director saveWindowsNetworkConfig Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9604", "zdi_id": "ZDI-20-544" }, { "cve": "CVE-2020-3248", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveStaticConfig method. The issue results...", "detail_json": "/data/advisories/ZDI-20-543/advisory.json", "detail_path": "advisories/ZDI-20-543", "id": "ZDI-20-543", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director saveStaticConfig Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-543/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9596", "zdi_id": "ZDI-20-543" }, { "cve": "CVE-2020-3240", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptModuleAddJarPage method. The issue re...", "detail_json": "/data/advisories/ZDI-20-542/advisory.json", "detail_path": "advisories/ZDI-20-542", "id": "ZDI-20-542", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director ScriptModuleAddJarPage Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-542/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9565", "zdi_id": "ZDI-20-542" }, { "cve": "CVE-2020-3247", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of tar files by the LargeFileUpl...", "detail_json": "/data/advisories/ZDI-20-541/advisory.json", "detail_path": "advisories/ZDI-20-541", "id": "ZDI-20-541", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director CopyFileRunnable run Symlink Following Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-541/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9593", "zdi_id": "ZDI-20-541" }, { "cve": "CVE-2020-3243", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the X-Cloupia-Request-Key fiel...", "detail_json": "/data/advisories/ZDI-20-540/advisory.json", "detail_path": "advisories/ZDI-20-540", "id": "ZDI-20-540", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-540/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9559", "zdi_id": "ZDI-20-540" }, { "cve": "CVE-2020-3239", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of zip files by the LargeFileUpl...", "detail_json": "/data/advisories/ZDI-20-539/advisory.json", "detail_path": "advisories/ZDI-20-539", "id": "ZDI-20-539", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director ApplianceStorageUtil unzip Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-539/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9586", "zdi_id": "ZDI-20-539" }, { "cve": "CVE-2020-3250", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the userAPIDownloadFi...", "detail_json": "/data/advisories/ZDI-20-538/advisory.json", "detail_path": "advisories/ZDI-20-538", "id": "ZDI-20-538", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Cisco UCS Director downloadFile Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-538/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9557", "zdi_id": "ZDI-20-538" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon Echo Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-537/advisory.json", "detail_path": "advisories/ZDI-20-537", "id": "ZDI-20-537", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "(Pwn2Own) Amazon Echo Show Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-537/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-9644", "zdi_id": "ZDI-20-537" }, { "cve": "CVE-2020-8867", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sess...", "detail_json": "/data/advisories/ZDI-20-536/advisory.json", "detail_path": "advisories/ZDI-20-536", "id": "ZDI-20-536", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "(Pwn2Own) OPC Foundation UA .NET Standard CreateSessionRequest Race Condition Denial-of-Service Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-536/", "vendor": "OPC Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-10295", "zdi_id": "ZDI-20-536" }, { "cve": "CVE-2020-10907", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-535/advisory.json", "detail_path": "advisories/ZDI-20-535", "id": "ZDI-20-535", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit Reader XFA Widget Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-535/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10650", "zdi_id": "ZDI-20-535" }, { "cve": "CVE-2020-10906", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-534/advisory.json", "detail_path": "advisories/ZDI-20-534", "id": "ZDI-20-534", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit Reader resetForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-534/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10614", "zdi_id": "ZDI-20-534" }, { "cve": "CVE-2020-10905", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-533/advisory.json", "detail_path": "advisories/ZDI-20-533", "id": "ZDI-20-533", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3D File Parsing vertex Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-533/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10568", "zdi_id": "ZDI-20-533" }, { "cve": "CVE-2020-10904", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-532/advisory.json", "detail_path": "advisories/ZDI-20-532", "id": "ZDI-20-532", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-532/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10464", "zdi_id": "ZDI-20-532" }, { "cve": "CVE-2020-10903", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-531/advisory.json", "detail_path": "advisories/ZDI-20-531", "id": "ZDI-20-531", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-531/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10463", "zdi_id": "ZDI-20-531" }, { "cve": "CVE-2020-10902", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-530/advisory.json", "detail_path": "advisories/ZDI-20-530", "id": "ZDI-20-530", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-530/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10462", "zdi_id": "ZDI-20-530" }, { "cve": "CVE-2020-10901", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-529/advisory.json", "detail_path": "advisories/ZDI-20-529", "id": "ZDI-20-529", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-529/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10461", "zdi_id": "ZDI-20-529" }, { "cve": "CVE-2020-10900", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-528/advisory.json", "detail_path": "advisories/ZDI-20-528", "id": "ZDI-20-528", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-528/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10142", "zdi_id": "ZDI-20-528" }, { "cve": "CVE-2020-10899", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-527/advisory.json", "detail_path": "advisories/ZDI-20-527", "id": "ZDI-20-527", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit Reader XFA Template Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-527/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10132", "zdi_id": "ZDI-20-527" }, { "cve": "CVE-2020-10898", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-526/advisory.json", "detail_path": "advisories/ZDI-20-526", "id": "ZDI-20-526", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-526/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10195", "zdi_id": "ZDI-20-526" }, { "cve": "CVE-2020-10897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-525/advisory.json", "detail_path": "advisories/ZDI-20-525", "id": "ZDI-20-525", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-525/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10193", "zdi_id": "ZDI-20-525" }, { "cve": "CVE-2020-10896", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-524/advisory.json", "detail_path": "advisories/ZDI-20-524", "id": "ZDI-20-524", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-524/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10192", "zdi_id": "ZDI-20-524" }, { "cve": "CVE-2020-10895", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-523/advisory.json", "detail_path": "advisories/ZDI-20-523", "id": "ZDI-20-523", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-523/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10191", "zdi_id": "ZDI-20-523" }, { "cve": "CVE-2020-10894", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-522/advisory.json", "detail_path": "advisories/ZDI-20-522", "id": "ZDI-20-522", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-522/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10190", "zdi_id": "ZDI-20-522" }, { "cve": "CVE-2020-10893", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-521/advisory.json", "detail_path": "advisories/ZDI-20-521", "id": "ZDI-20-521", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-521/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-10189", "zdi_id": "ZDI-20-521" }, { "cve": "CVE-2020-10913", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-520/advisory.json", "detail_path": "advisories/ZDI-20-520", "id": "ZDI-20-520", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF OCRAndExportToExcel Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-520/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9946", "zdi_id": "ZDI-20-520" }, { "cve": "CVE-2020-10912", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-519/advisory.json", "detail_path": "advisories/ZDI-20-519", "id": "ZDI-20-519", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF SetFieldValue Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-519/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9945", "zdi_id": "ZDI-20-519" }, { "cve": "CVE-2020-10911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-518/advisory.json", "detail_path": "advisories/ZDI-20-518", "id": "ZDI-20-518", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF GetFieldValue Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-518/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9944", "zdi_id": "ZDI-20-518" }, { "cve": "CVE-2020-10910", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-517/advisory.json", "detail_path": "advisories/ZDI-20-517", "id": "ZDI-20-517", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF RotatePage Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-517/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9943", "zdi_id": "ZDI-20-517" }, { "cve": "CVE-2020-10909", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-516/advisory.json", "detail_path": "advisories/ZDI-20-516", "id": "ZDI-20-516", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF AddWatermark Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-516/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9942", "zdi_id": "ZDI-20-516" }, { "cve": "CVE-2020-10908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-515/advisory.json", "detail_path": "advisories/ZDI-20-515", "id": "ZDI-20-515", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF Export Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-515/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9865", "zdi_id": "ZDI-20-515" }, { "cve": "CVE-2020-10891", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-514/advisory.json", "detail_path": "advisories/ZDI-20-514", "id": "ZDI-20-514", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF Save Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-514/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9831", "zdi_id": "ZDI-20-514" }, { "cve": "CVE-2020-10892", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-513/advisory.json", "detail_path": "advisories/ZDI-20-513", "id": "ZDI-20-513", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF CombineFiles Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-513/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9830", "zdi_id": "ZDI-20-513" }, { "cve": "CVE-2020-10890", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-512/advisory.json", "detail_path": "advisories/ZDI-20-512", "id": "ZDI-20-512", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF ConvertToPDF Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-512/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9829", "zdi_id": "ZDI-20-512" }, { "cve": "CVE-2020-10889", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-511/advisory.json", "detail_path": "advisories/ZDI-20-511", "id": "ZDI-20-511", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Foxit PhantomPDF DuplicatePages Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-511/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9828", "zdi_id": "ZDI-20-511" }, { "cve": "CVE-2020-2907", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-510/advisory.json", "detail_path": "advisories/ZDI-20-510", "id": "ZDI-20-510", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox VBoxSVGA Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-510/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10742", "zdi_id": "ZDI-20-510" }, { "cve": "CVE-2020-2907", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-509/advisory.json", "detail_path": "advisories/ZDI-20-509", "id": "ZDI-20-509", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox VBoxSVGA Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-509/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10719", "zdi_id": "ZDI-20-509" }, { "cve": "CVE-2020-2929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results fro...", "detail_json": "/data/advisories/ZDI-20-508/advisory.json", "detail_path": "advisories/ZDI-20-508", "id": "ZDI-20-508", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox SLiRP Networking Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-508/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10416", "zdi_id": "ZDI-20-508" }, { "cve": "CVE-2020-2758", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-507/advisory.json", "detail_path": "advisories/ZDI-20-507", "id": "ZDI-20-507", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox VBoxVGA VBoxVHWASurfaceBase Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-507/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10423", "zdi_id": "ZDI-20-507" }, { "cve": "CVE-2020-2748", "cvss": 3.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-506/advisory.json", "detail_path": "advisories/ZDI-20-506", "id": "ZDI-20-506", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox vmsvgaR3FifoUpdateCursor Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-506/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10422", "zdi_id": "ZDI-20-506" }, { "cve": "CVE-2020-2950", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within BIRemotingServlet. The issue results...", "detail_json": "/data/advisories/ZDI-20-505/advisory.json", "detail_path": "advisories/ZDI-20-505", "id": "ZDI-20-505", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle Business Intelligence AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-505/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9334", "zdi_id": "ZDI-20-505" }, { "cve": "CVE-2020-2883", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a...", "detail_json": "/data/advisories/ZDI-20-504/advisory.json", "detail_path": "advisories/ZDI-20-504", "id": "ZDI-20-504", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-504/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10341", "zdi_id": "ZDI-20-504" }, { "cve": "CVE-2020-2956", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite Human Resources. Authentication is required to exploit this vulnerability. The specific flaw exists within the Organization Hierarchy Viewer...", "detail_json": "/data/advisories/ZDI-20-503/advisory.json", "detail_path": "advisories/ZDI-20-503", "id": "ZDI-20-503", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle E-Business Suite Human Resources Organization Hierarchy Viewer PosServer SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-503/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10466", "zdi_id": "ZDI-20-503" }, { "cve": "CVE-2020-2882", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite Human Resources. Authentication is required to exploit this vulnerability. The specific flaw exists within the Organization Hierarchy Viewer...", "detail_json": "/data/advisories/ZDI-20-502/advisory.json", "detail_path": "advisories/ZDI-20-502", "id": "ZDI-20-502", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle E-Business Suite Human Resources Organization Hierarchy Viewer OrgServer SQL Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-502/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10465", "zdi_id": "ZDI-20-502" }, { "cve": "CVE-2020-2908", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-501/advisory.json", "detail_path": "advisories/ZDI-20-501", "id": "ZDI-20-501", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox Virtual USB Numeric Truncation Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-501/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10179", "zdi_id": "ZDI-20-501" }, { "cve": "CVE-2020-2743", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-500/advisory.json", "detail_path": "advisories/ZDI-20-500", "id": "ZDI-20-500", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox xHCI Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-500/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10023", "zdi_id": "ZDI-20-500" }, { "cve": "CVE-2020-2742", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-499/advisory.json", "detail_path": "advisories/ZDI-20-499", "id": "ZDI-20-499", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox xHCI Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-499/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-10022", "zdi_id": "ZDI-20-499" }, { "cve": "CVE-2020-2741", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-498/advisory.json", "detail_path": "advisories/ZDI-20-498", "id": "ZDI-20-498", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox shader_glsl_get_register_name Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-498/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9113", "zdi_id": "ZDI-20-498" }, { "cve": "CVE-2020-2902", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-497/advisory.json", "detail_path": "advisories/ZDI-20-497", "id": "ZDI-20-497", "kind": "published", "published_date": "2020-04-16", "status": "published", "title": "Oracle VirtualBox D3D9 Shader Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-497/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9960", "zdi_id": "ZDI-20-497" }, { "cve": "CVE-2020-0557", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Intel Wi-Fi Link Driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.11 frames....", "detail_json": "/data/advisories/ZDI-20-496/advisory.json", "detail_path": "advisories/ZDI-20-496", "id": "ZDI-20-496", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Intel Wi-Fi Link Driver Netwtw06 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-496/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-9402", "zdi_id": "ZDI-20-496" }, { "cve": "CVE-2020-0558", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Intel Wi-Fi Link Driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.11 frames....", "detail_json": "/data/advisories/ZDI-20-495/advisory.json", "detail_path": "advisories/ZDI-20-495", "id": "ZDI-20-495", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Intel Wi-Fi Link Driver Netwtw06 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-495/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-9376", "zdi_id": "ZDI-20-495" }, { "cve": "CVE-2020-0558", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Intel Wi-Fi Link Driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.11 frames....", "detail_json": "/data/advisories/ZDI-20-494/advisory.json", "detail_path": "advisories/ZDI-20-494", "id": "ZDI-20-494", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Intel Wi-Fi Link Driver Netwtw04 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-494/", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-9277", "zdi_id": "ZDI-20-494" }, { "cve": "CVE-2020-10637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-20-493/advisory.json", "detail_path": "advisories/ZDI-20-493", "id": "ZDI-20-493", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-493/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10473", "zdi_id": "ZDI-20-493" }, { "cve": "CVE-2020-10637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-20-492/advisory.json", "detail_path": "advisories/ZDI-20-492", "id": "ZDI-20-492", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wDescribeLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-492/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10417", "zdi_id": "ZDI-20-492" }, { "cve": "CVE-2020-10637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-20-491/advisory.json", "detail_path": "advisories/ZDI-20-491", "id": "ZDI-20-491", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing Giffile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-491/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10421", "zdi_id": "ZDI-20-491" }, { "cve": "CVE-2020-10637", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-20-490/advisory.json", "detail_path": "advisories/ZDI-20-490", "id": "ZDI-20-490", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing Base64TextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-490/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10411", "zdi_id": "ZDI-20-490" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-489/advisory.json", "detail_path": "advisories/ZDI-20-489", "id": "ZDI-20-489", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-489/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10340", "zdi_id": "ZDI-20-489" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-488/advisory.json", "detail_path": "advisories/ZDI-20-488", "id": "ZDI-20-488", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing LinkSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-488/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10167", "zdi_id": "ZDI-20-488" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-487/advisory.json", "detail_path": "advisories/ZDI-20-487", "id": "ZDI-20-487", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing LinkSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-487/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10166", "zdi_id": "ZDI-20-487" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-486/advisory.json", "detail_path": "advisories/ZDI-20-486", "id": "ZDI-20-486", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing GifName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-486/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10165", "zdi_id": "ZDI-20-486" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-485/advisory.json", "detail_path": "advisories/ZDI-20-485", "id": "ZDI-20-485", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTitleTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-485/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10164", "zdi_id": "ZDI-20-485" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-484/advisory.json", "detail_path": "advisories/ZDI-20-484", "id": "ZDI-20-484", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wMailBlindCopyToLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-484/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10162", "zdi_id": "ZDI-20-484" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-483/advisory.json", "detail_path": "advisories/ZDI-20-483", "id": "ZDI-20-483", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-483/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10161", "zdi_id": "ZDI-20-483" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-482/advisory.json", "detail_path": "advisories/ZDI-20-482", "id": "ZDI-20-482", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wMailToLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-482/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10160", "zdi_id": "ZDI-20-482" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-481/advisory.json", "detail_path": "advisories/ZDI-20-481", "id": "ZDI-20-481", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wMailCopyToLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-481/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10159", "zdi_id": "ZDI-20-481" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-480/advisory.json", "detail_path": "advisories/ZDI-20-480", "id": "ZDI-20-480", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wMailContentLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-480/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10158", "zdi_id": "ZDI-20-480" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-479/advisory.json", "detail_path": "advisories/ZDI-20-479", "id": "ZDI-20-479", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-479/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10157", "zdi_id": "ZDI-20-479" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-478/advisory.json", "detail_path": "advisories/ZDI-20-478", "id": "ZDI-20-478", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTDateLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-478/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10153", "zdi_id": "ZDI-20-478" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-477/advisory.json", "detail_path": "advisories/ZDI-20-477", "id": "ZDI-20-477", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTTimeLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-477/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10152", "zdi_id": "ZDI-20-477" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-476/advisory.json", "detail_path": "advisories/ZDI-20-476", "id": "ZDI-20-476", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-476/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10151", "zdi_id": "ZDI-20-476" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-475/advisory.json", "detail_path": "advisories/ZDI-20-475", "id": "ZDI-20-475", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-475/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10163", "zdi_id": "ZDI-20-475" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-474/advisory.json", "detail_path": "advisories/ZDI-20-474", "id": "ZDI-20-474", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTitleLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-474/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10150", "zdi_id": "ZDI-20-474" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-473/advisory.json", "detail_path": "advisories/ZDI-20-473", "id": "ZDI-20-473", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-473/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10149", "zdi_id": "ZDI-20-473" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-472/advisory.json", "detail_path": "advisories/ZDI-20-472", "id": "ZDI-20-472", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing LinkSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-472/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10148", "zdi_id": "ZDI-20-472" }, { "cve": "CVE-2020-10639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-20-471/advisory.json", "detail_path": "advisories/ZDI-20-471", "id": "ZDI-20-471", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Eaton HMiSoft VU3 File Parsing wTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-471/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-10145", "zdi_id": "ZDI-20-471" }, { "cve": "CVE-2020-0906", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-470/advisory.json", "detail_path": "advisories/ZDI-20-470", "id": "ZDI-20-470", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Excel XLS File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-470/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10638", "zdi_id": "ZDI-20-470" }, { "cve": "CVE-2020-0906", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-469/advisory.json", "detail_path": "advisories/ZDI-20-469", "id": "ZDI-20-469", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Excel XLSM File Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-469/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10140", "zdi_id": "ZDI-20-469" }, { "cve": "CVE-2020-0932", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the use of TypeConverter classes. The issu...", "detail_json": "/data/advisories/ZDI-20-468/advisory.json", "detail_path": "advisories/ZDI-20-468", "id": "ZDI-20-468", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft SharePoint TypeConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2020-10-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-468/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10027", "zdi_id": "ZDI-20-468" }, { "cve": "CVE-2020-0821", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-467/advisory.json", "detail_path": "advisories/ZDI-20-467", "id": "ZDI-20-467", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows user32 Icon Extraction Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-467/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10403", "zdi_id": "ZDI-20-467" }, { "cve": "CVE-2020-0953", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-466/advisory.json", "detail_path": "advisories/ZDI-20-466", "id": "ZDI-20-466", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-466/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10054", "zdi_id": "ZDI-20-466" }, { "cve": "CVE-2020-0931", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.Perform...", "detail_json": "/data/advisories/ZDI-20-465/advisory.json", "detail_path": "advisories/ZDI-20-465", "id": "ZDI-20-465", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-465/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10089", "zdi_id": "ZDI-20-465" }, { "cve": "CVE-2020-0960", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-464/advisory.json", "detail_path": "advisories/ZDI-20-464", "id": "ZDI-20-464", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-464/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10062", "zdi_id": "ZDI-20-464" }, { "cve": "CVE-2020-0959", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-463/advisory.json", "detail_path": "advisories/ZDI-20-463", "id": "ZDI-20-463", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-463/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10061", "zdi_id": "ZDI-20-463" }, { "cve": "CVE-2020-0953", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-462/advisory.json", "detail_path": "advisories/ZDI-20-462", "id": "ZDI-20-462", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-462/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10058", "zdi_id": "ZDI-20-462" }, { "cve": "CVE-2020-0992", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-461/advisory.json", "detail_path": "advisories/ZDI-20-461", "id": "ZDI-20-461", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-461/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10063", "zdi_id": "ZDI-20-461" }, { "cve": "CVE-2020-0992", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-460/advisory.json", "detail_path": "advisories/ZDI-20-460", "id": "ZDI-20-460", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-460/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9968", "zdi_id": "ZDI-20-460" }, { "cve": "CVE-2020-0956", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-459/advisory.json", "detail_path": "advisories/ZDI-20-459", "id": "ZDI-20-459", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-459/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9934", "zdi_id": "ZDI-20-459" }, { "cve": "CVE-2020-0988", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-458/advisory.json", "detail_path": "advisories/ZDI-20-458", "id": "ZDI-20-458", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-458/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10057", "zdi_id": "ZDI-20-458" }, { "cve": "CVE-2020-0994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-457/advisory.json", "detail_path": "advisories/ZDI-20-457", "id": "ZDI-20-457", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-457/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10059", "zdi_id": "ZDI-20-457" }, { "cve": "CVE-2020-0821", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-456/advisory.json", "detail_path": "advisories/ZDI-20-456", "id": "ZDI-20-456", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Microsoft Windows KERNELBASE Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-456/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9748", "zdi_id": "ZDI-20-456" }, { "cve": "CVE-2020-3809", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-455/advisory.json", "detail_path": "advisories/ZDI-20-455", "id": "ZDI-20-455", "kind": "published", "published_date": "2020-04-15", "status": "published", "title": "Adobe After Effects TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-455/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10068", "zdi_id": "ZDI-20-455" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-454/advisory.json", "detail_path": "advisories/ZDI-20-454", "id": "ZDI-20-454", "kind": "published", "published_date": "2020-04-09", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-454/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10137", "zdi_id": "ZDI-20-454" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-453/advisory.json", "detail_path": "advisories/ZDI-20-453", "id": "ZDI-20-453", "kind": "published", "published_date": "2020-04-09", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-453/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10138", "zdi_id": "ZDI-20-453" }, { "cve": "CVE-2020-10646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-452/advisory.json", "detail_path": "advisories/ZDI-20-452", "id": "ZDI-20-452", "kind": "published", "published_date": "2020-04-09", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-452/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10120", "zdi_id": "ZDI-20-452" }, { "cve": "CVE-2020-10646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-451/advisory.json", "detail_path": "advisories/ZDI-20-451", "id": "ZDI-20-451", "kind": "published", "published_date": "2020-04-09", "status": "published", "title": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-451/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-10119", "zdi_id": "ZDI-20-451" }, { "cve": "CVE-2020-12010", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x2738. The issue...", "detail_json": "/data/advisories/ZDI-20-450/advisory.json", "detail_path": "advisories/ZDI-20-450", "id": "ZDI-20-450", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "(0Day) Advantech WebAccess IOCTL 0x2738 Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-450/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10176", "zdi_id": "ZDI-20-450" }, { "cve": "CVE-2020-12010", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be use...", "detail_json": "/data/advisories/ZDI-20-449/advisory.json", "detail_path": "advisories/ZDI-20-449", "id": "ZDI-20-449", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "(0Day) Advantech WebAccess IOCTL 0x2711 BwFLApp Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-449/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10174", "zdi_id": "ZDI-20-449" }, { "cve": "CVE-2020-12010", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be use...", "detail_json": "/data/advisories/ZDI-20-448/advisory.json", "detail_path": "advisories/ZDI-20-448", "id": "ZDI-20-448", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "(0Day) Advantech WebAccess IOCTL 0x2711 BwPSLink Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-448/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10173", "zdi_id": "ZDI-20-448" }, { "cve": "CVE-2020-12010", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be use...", "detail_json": "/data/advisories/ZDI-20-447/advisory.json", "detail_path": "advisories/ZDI-20-447", "id": "ZDI-20-447", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "(0Day) Advantech WebAccess IOCTL 0x2711 BwPFile Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-447/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10170", "zdi_id": "ZDI-20-447" }, { "cve": "CVE-2020-12010", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x2715 in the...", "detail_json": "/data/advisories/ZDI-20-446/advisory.json", "detail_path": "advisories/ZDI-20-446", "id": "ZDI-20-446", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "(0Day) Advantech WebAccess webvrpc IOCTL 0x2715 Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-446/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-10175", "zdi_id": "ZDI-20-446" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the add...", "detail_json": "/data/advisories/ZDI-20-445/advisory.json", "detail_path": "advisories/ZDI-20-445", "id": "ZDI-20-445", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS addLinkMonitor SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-445/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9827", "zdi_id": "ZDI-20-445" }, { "cve": "CVE-2020-10603", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-20-444/advisory.json", "detail_path": "advisories/ZDI-20-444", "id": "ZDI-20-444", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DatabaseMgmtResource OS Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-444/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9826", "zdi_id": "ZDI-20-444" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-443/advisory.json", "detail_path": "advisories/ZDI-20-443", "id": "ZDI-20-443", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS getTrunkNumber SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-443/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9825", "zdi_id": "ZDI-20-443" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-442/advisory.json", "detail_path": "advisories/ZDI-20-442", "id": "ZDI-20-442", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-442/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9824", "zdi_id": "ZDI-20-442" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-441/advisory.json", "detail_path": "advisories/ZDI-20-441", "id": "ZDI-20-441", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-441/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9823", "zdi_id": "ZDI-20-441" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-440/advisory.json", "detail_path": "advisories/ZDI-20-440", "id": "ZDI-20-440", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-440/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9822", "zdi_id": "ZDI-20-440" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-439/advisory.json", "detail_path": "advisories/ZDI-20-439", "id": "ZDI-20-439", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-439/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9821", "zdi_id": "ZDI-20-439" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-438/advisory.json", "detail_path": "advisories/ZDI-20-438", "id": "ZDI-20-438", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-438/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9820", "zdi_id": "ZDI-20-438" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the upd...", "detail_json": "/data/advisories/ZDI-20-437/advisory.json", "detail_path": "advisories/ZDI-20-437", "id": "ZDI-20-437", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-437/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9819", "zdi_id": "ZDI-20-437" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-436/advisory.json", "detail_path": "advisories/ZDI-20-436", "id": "ZDI-20-436", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-436/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9818", "zdi_id": "ZDI-20-436" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-435/advisory.json", "detail_path": "advisories/ZDI-20-435", "id": "ZDI-20-435", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-435/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9817", "zdi_id": "ZDI-20-435" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-434/advisory.json", "detail_path": "advisories/ZDI-20-434", "id": "ZDI-20-434", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-434/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9816", "zdi_id": "ZDI-20-434" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-433/advisory.json", "detail_path": "advisories/ZDI-20-433", "id": "ZDI-20-433", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-433/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9815", "zdi_id": "ZDI-20-433" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-432/advisory.json", "detail_path": "advisories/ZDI-20-432", "id": "ZDI-20-432", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-432/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9814", "zdi_id": "ZDI-20-432" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-431/advisory.json", "detail_path": "advisories/ZDI-20-431", "id": "ZDI-20-431", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-431/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9813", "zdi_id": "ZDI-20-431" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-430/advisory.json", "detail_path": "advisories/ZDI-20-430", "id": "ZDI-20-430", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-430/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9812", "zdi_id": "ZDI-20-430" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-429/advisory.json", "detail_path": "advisories/ZDI-20-429", "id": "ZDI-20-429", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-429/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9810", "zdi_id": "ZDI-20-429" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-428/advisory.json", "detail_path": "advisories/ZDI-20-428", "id": "ZDI-20-428", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-428/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9807", "zdi_id": "ZDI-20-428" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-427/advisory.json", "detail_path": "advisories/ZDI-20-427", "id": "ZDI-20-427", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-427/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9806", "zdi_id": "ZDI-20-427" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the set...", "detail_json": "/data/advisories/ZDI-20-426/advisory.json", "detail_path": "advisories/ZDI-20-426", "id": "ZDI-20-426", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-426/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9805", "zdi_id": "ZDI-20-426" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-425/advisory.json", "detail_path": "advisories/ZDI-20-425", "id": "ZDI-20-425", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-425/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9804", "zdi_id": "ZDI-20-425" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-424/advisory.json", "detail_path": "advisories/ZDI-20-424", "id": "ZDI-20-424", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-424/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9803", "zdi_id": "ZDI-20-424" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-423/advisory.json", "detail_path": "advisories/ZDI-20-423", "id": "ZDI-20-423", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-423/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9802", "zdi_id": "ZDI-20-423" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Che...", "detail_json": "/data/advisories/ZDI-20-422/advisory.json", "detail_path": "advisories/ZDI-20-422", "id": "ZDI-20-422", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-422/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9801", "zdi_id": "ZDI-20-422" }, { "cve": "CVE-2020-10623", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-20-421/advisory.json", "detail_path": "advisories/ZDI-20-421", "id": "ZDI-20-421", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS setDevicechoose SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-421/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9800", "zdi_id": "ZDI-20-421" }, { "cve": "CVE-2020-10623", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-20-420/advisory.json", "detail_path": "advisories/ZDI-20-420", "id": "ZDI-20-420", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS getFWUpgradeInfo SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-420/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9799", "zdi_id": "ZDI-20-420" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-419/advisory.json", "detail_path": "advisories/ZDI-20-419", "id": "ZDI-20-419", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-419/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9793", "zdi_id": "ZDI-20-419" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the del...", "detail_json": "/data/advisories/ZDI-20-418/advisory.json", "detail_path": "advisories/ZDI-20-418", "id": "ZDI-20-418", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-418/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9778", "zdi_id": "ZDI-20-418" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-417/advisory.json", "detail_path": "advisories/ZDI-20-417", "id": "ZDI-20-417", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-417/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9777", "zdi_id": "ZDI-20-417" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-416/advisory.json", "detail_path": "advisories/ZDI-20-416", "id": "ZDI-20-416", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-416/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9776", "zdi_id": "ZDI-20-416" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-415/advisory.json", "detail_path": "advisories/ZDI-20-415", "id": "ZDI-20-415", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-415/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9775", "zdi_id": "ZDI-20-415" }, { "cve": "CVE-2020-10625", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the usersInputAc...", "detail_json": "/data/advisories/ZDI-20-414/advisory.json", "detail_path": "advisories/ZDI-20-414", "id": "ZDI-20-414", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS UsersInputAction Missing Authentication for Critical Function Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-414/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9769", "zdi_id": "ZDI-20-414" }, { "cve": "CVE-2020-10623", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-20-413/advisory.json", "detail_path": "advisories/ZDI-20-413", "id": "ZDI-20-413", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS getSyslogUiList SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-413/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9764", "zdi_id": "ZDI-20-413" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Dev...", "detail_json": "/data/advisories/ZDI-20-412/advisory.json", "detail_path": "advisories/ZDI-20-412", "id": "ZDI-20-412", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DeviceData Performance SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-412/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9765", "zdi_id": "ZDI-20-412" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the han...", "detail_json": "/data/advisories/ZDI-20-411/advisory.json", "detail_path": "advisories/ZDI-20-411", "id": "ZDI-20-411", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-411/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9760", "zdi_id": "ZDI-20-411" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the han...", "detail_json": "/data/advisories/ZDI-20-410/advisory.json", "detail_path": "advisories/ZDI-20-410", "id": "ZDI-20-410", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-410/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9759", "zdi_id": "ZDI-20-410" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the sin...", "detail_json": "/data/advisories/ZDI-20-409/advisory.json", "detail_path": "advisories/ZDI-20-409", "id": "ZDI-20-409", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS single-vlan-info SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-409/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9701", "zdi_id": "ZDI-20-409" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-408/advisory.json", "detail_path": "advisories/ZDI-20-408", "id": "ZDI-20-408", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-408/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9700", "zdi_id": "ZDI-20-408" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-407/advisory.json", "detail_path": "advisories/ZDI-20-407", "id": "ZDI-20-407", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-407/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9699", "zdi_id": "ZDI-20-407" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importprofi...", "detail_json": "/data/advisories/ZDI-20-406/advisory.json", "detail_path": "advisories/ZDI-20-406", "id": "ZDI-20-406", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS ProfileResource Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-406/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9693", "zdi_id": "ZDI-20-406" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the DBBackup en...", "detail_json": "/data/advisories/ZDI-20-405/advisory.json", "detail_path": "advisories/ZDI-20-405", "id": "ZDI-20-405", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBBackupResource Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-405/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9692", "zdi_id": "ZDI-20-405" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-404/advisory.json", "detail_path": "advisories/ZDI-20-404", "id": "ZDI-20-404", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-404/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9629", "zdi_id": "ZDI-20-404" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the set...", "detail_json": "/data/advisories/ZDI-20-403/advisory.json", "detail_path": "advisories/ZDI-20-403", "id": "ZDI-20-403", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-403/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9628", "zdi_id": "ZDI-20-403" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the ConfigResto...", "detail_json": "/data/advisories/ZDI-20-402/advisory.json", "detail_path": "advisories/ZDI-20-402", "id": "ZDI-20-402", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS ConfigRestoreAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-402/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9627", "zdi_id": "ZDI-20-402" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-401/advisory.json", "detail_path": "advisories/ZDI-20-401", "id": "ZDI-20-401", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-401/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9623", "zdi_id": "ZDI-20-401" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the DBBackupRes...", "detail_json": "/data/advisories/ZDI-20-400/advisory.json", "detail_path": "advisories/ZDI-20-400", "id": "ZDI-20-400", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBBackupRestoreAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-400/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9614", "zdi_id": "ZDI-20-400" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the get...", "detail_json": "/data/advisories/ZDI-20-399/advisory.json", "detail_path": "advisories/ZDI-20-399", "id": "ZDI-20-399", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-399/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9613", "zdi_id": "ZDI-20-399" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Acc...", "detail_json": "/data/advisories/ZDI-20-398/advisory.json", "detail_path": "advisories/ZDI-20-398", "id": "ZDI-20-398", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS AccesslogAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-398/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9605", "zdi_id": "ZDI-20-398" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the SupportDevi...", "detail_json": "/data/advisories/ZDI-20-397/advisory.json", "detail_path": "advisories/ZDI-20-397", "id": "ZDI-20-397", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS SupportDeviceaddAction Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-397/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9602", "zdi_id": "ZDI-20-397" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the set...", "detail_json": "/data/advisories/ZDI-20-396/advisory.json", "detail_path": "advisories/ZDI-20-396", "id": "ZDI-20-396", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-396/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9601", "zdi_id": "ZDI-20-396" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the upd...", "detail_json": "/data/advisories/ZDI-20-395/advisory.json", "detail_path": "advisories/ZDI-20-395", "id": "ZDI-20-395", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-395/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9589", "zdi_id": "ZDI-20-395" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the upd...", "detail_json": "/data/advisories/ZDI-20-394/advisory.json", "detail_path": "advisories/ZDI-20-394", "id": "ZDI-20-394", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-394/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9588", "zdi_id": "ZDI-20-394" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the for...", "detail_json": "/data/advisories/ZDI-20-393/advisory.json", "detail_path": "advisories/ZDI-20-393", "id": "ZDI-20-393", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS forcedScanDevice SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-393/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9587", "zdi_id": "ZDI-20-393" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the FwS...", "detail_json": "/data/advisories/ZDI-20-392/advisory.json", "detail_path": "advisories/ZDI-20-392", "id": "ZDI-20-392", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS FwStatusReportAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-392/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9585", "zdi_id": "ZDI-20-392" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the FwS...", "detail_json": "/data/advisories/ZDI-20-391/advisory.json", "detail_path": "advisories/ZDI-20-391", "id": "ZDI-20-391", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS FwStatusReportAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-391/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9584", "zdi_id": "ZDI-20-391" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Top...", "detail_json": "/data/advisories/ZDI-20-390/advisory.json", "detail_path": "advisories/ZDI-20-390", "id": "ZDI-20-390", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS TopogroupeditAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-390/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9583", "zdi_id": "ZDI-20-390" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the FwUpgradeAc...", "detail_json": "/data/advisories/ZDI-20-389/advisory.json", "detail_path": "advisories/ZDI-20-389", "id": "ZDI-20-389", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS FwUpgradeAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-389/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9582", "zdi_id": "ZDI-20-389" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Top...", "detail_json": "/data/advisories/ZDI-20-388/advisory.json", "detail_path": "advisories/ZDI-20-388", "id": "ZDI-20-388", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS TopogroupeditAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-388/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9581", "zdi_id": "ZDI-20-388" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramA...", "detail_json": "/data/advisories/ZDI-20-387/advisory.json", "detail_path": "advisories/ZDI-20-387", "id": "ZDI-20-387", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-387/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9580", "zdi_id": "ZDI-20-387" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramA...", "detail_json": "/data/advisories/ZDI-20-386/advisory.json", "detail_path": "advisories/ZDI-20-386", "id": "ZDI-20-386", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-386/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9579", "zdi_id": "ZDI-20-386" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the licenseImpo...", "detail_json": "/data/advisories/ZDI-20-385/advisory.json", "detail_path": "advisories/ZDI-20-385", "id": "ZDI-20-385", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS LicenseImportAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-385/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9578", "zdi_id": "ZDI-20-385" }, { "cve": "CVE-2020-10631", "cvss": 9.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pro...", "detail_json": "/data/advisories/ZDI-20-384/advisory.json", "detail_path": "advisories/ZDI-20-384", "id": "ZDI-20-384", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS download.jsp Directory Traversal Information Disclosure and Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-384/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9577", "zdi_id": "ZDI-20-384" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the FwUpgradeAc...", "detail_json": "/data/advisories/ZDI-20-383/advisory.json", "detail_path": "advisories/ZDI-20-383", "id": "ZDI-20-383", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS FwUpgradeAction Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-383/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9576", "zdi_id": "ZDI-20-383" }, { "cve": "CVE-2020-10629", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Mib...", "detail_json": "/data/advisories/ZDI-20-382/advisory.json", "detail_path": "advisories/ZDI-20-382", "id": "ZDI-20-382", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS MibbrowserTrapAddAction XML External Entity Reference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-382/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9575", "zdi_id": "ZDI-20-382" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the ref...", "detail_json": "/data/advisories/ZDI-20-381/advisory.json", "detail_path": "advisories/ZDI-20-381", "id": "ZDI-20-381", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS reflashEventLog SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-381/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9574", "zdi_id": "ZDI-20-381" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Log...", "detail_json": "/data/advisories/ZDI-20-380/advisory.json", "detail_path": "advisories/ZDI-20-380", "id": "ZDI-20-380", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS Login SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-380/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9573", "zdi_id": "ZDI-20-380" }, { "cve": "CVE-2020-10619", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackgrou...", "detail_json": "/data/advisories/ZDI-20-379/advisory.json", "detail_path": "advisories/ZDI-20-379", "id": "ZDI-20-379", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS saveBackgroundAction Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-379/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9572", "zdi_id": "ZDI-20-379" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the sav...", "detail_json": "/data/advisories/ZDI-20-378/advisory.json", "detail_path": "advisories/ZDI-20-378", "id": "ZDI-20-378", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS saveBackground SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-378/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9571", "zdi_id": "ZDI-20-378" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the EMS...", "detail_json": "/data/advisories/ZDI-20-377/advisory.json", "detail_path": "advisories/ZDI-20-377", "id": "ZDI-20-377", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS EMSgroupAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-377/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9570", "zdi_id": "ZDI-20-377" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the mib...", "detail_json": "/data/advisories/ZDI-20-376/advisory.json", "detail_path": "advisories/ZDI-20-376", "id": "ZDI-20-376", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS mibBrowserSetAction SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-376/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9569", "zdi_id": "ZDI-20-376" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the sea...", "detail_json": "/data/advisories/ZDI-20-375/advisory.json", "detail_path": "advisories/ZDI-20-375", "id": "ZDI-20-375", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS searchDevice SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-375/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9568", "zdi_id": "ZDI-20-375" }, { "cve": "CVE-2020-10617", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Log...", "detail_json": "/data/advisories/ZDI-20-374/advisory.json", "detail_path": "advisories/ZDI-20-374", "id": "ZDI-20-374", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS Login isAccessDenied SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-374/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9567", "zdi_id": "ZDI-20-374" }, { "cve": "CVE-2020-10621", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackgro...", "detail_json": "/data/advisories/ZDI-20-373/advisory.json", "detail_path": "advisories/ZDI-20-373", "id": "ZDI-20-373", "kind": "published", "published_date": "2020-04-08", "status": "published", "title": "Advantech WebAccess/NMS saveBackground Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-373/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9566", "zdi_id": "ZDI-20-373" }, { "cve": "CVE-2020-3766", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Genuine Software Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-20-372/advisory.json", "detail_path": "advisories/ZDI-20-372", "id": "ZDI-20-372", "kind": "published", "published_date": "2020-04-07", "status": "published", "title": "Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-372/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9598", "zdi_id": "ZDI-20-372" }, { "cve": "CVE-2020-7478", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSupdateservice service, whi...", "detail_json": "/data/advisories/ZDI-20-371/advisory.json", "detail_path": "advisories/ZDI-20-371", "id": "ZDI-20-371", "kind": "published", "published_date": "2020-04-03", "status": "published", "title": "Schneider Electric IGSS IGSSupdateservice Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-371/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-9757", "zdi_id": "ZDI-20-371" }, { "cve": "CVE-2020-7479", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-20-370/advisory.json", "detail_path": "advisories/ZDI-20-370", "id": "ZDI-20-370", "kind": "published", "published_date": "2020-04-03", "status": "published", "title": "Schneider Electric IGSS IGSSupdateservice Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-370/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-9758", "zdi_id": "ZDI-20-370" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Vmware Workstation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-369/advisory.json", "detail_path": "advisories/ZDI-20-369", "id": "ZDI-20-369", "kind": "published", "published_date": "2020-04-03", "status": "published", "title": "VMware Workstation OVF NTLM Challenge Response Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-369/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-9345", "zdi_id": "ZDI-20-369" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-368/advisory.json", "detail_path": "advisories/ZDI-20-368", "id": "ZDI-20-368", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-368/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9770", "zdi_id": "ZDI-20-368" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-367/advisory.json", "detail_path": "advisories/ZDI-20-367", "id": "ZDI-20-367", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-367/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9772", "zdi_id": "ZDI-20-367" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-366/advisory.json", "detail_path": "advisories/ZDI-20-366", "id": "ZDI-20-366", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-366/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9771", "zdi_id": "ZDI-20-366" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-365/advisory.json", "detail_path": "advisories/ZDI-20-365", "id": "ZDI-20-365", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-365/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9698", "zdi_id": "ZDI-20-365" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-364/advisory.json", "detail_path": "advisories/ZDI-20-364", "id": "ZDI-20-364", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-364/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9697", "zdi_id": "ZDI-20-364" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-363/advisory.json", "detail_path": "advisories/ZDI-20-363", "id": "ZDI-20-363", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-363/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9696", "zdi_id": "ZDI-20-363" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-362/advisory.json", "detail_path": "advisories/ZDI-20-362", "id": "ZDI-20-362", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-362/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9695", "zdi_id": "ZDI-20-362" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-361/advisory.json", "detail_path": "advisories/ZDI-20-361", "id": "ZDI-20-361", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-361/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9694", "zdi_id": "ZDI-20-361" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-360/advisory.json", "detail_path": "advisories/ZDI-20-360", "id": "ZDI-20-360", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-360/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9639", "zdi_id": "ZDI-20-360" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-359/advisory.json", "detail_path": "advisories/ZDI-20-359", "id": "ZDI-20-359", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-359/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9638", "zdi_id": "ZDI-20-359" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-358/advisory.json", "detail_path": "advisories/ZDI-20-358", "id": "ZDI-20-358", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-358/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9637", "zdi_id": "ZDI-20-358" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-357/advisory.json", "detail_path": "advisories/ZDI-20-357", "id": "ZDI-20-357", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-357/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9636", "zdi_id": "ZDI-20-357" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-356/advisory.json", "detail_path": "advisories/ZDI-20-356", "id": "ZDI-20-356", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-356/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9635", "zdi_id": "ZDI-20-356" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-355/advisory.json", "detail_path": "advisories/ZDI-20-355", "id": "ZDI-20-355", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-355/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9634", "zdi_id": "ZDI-20-355" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-354/advisory.json", "detail_path": "advisories/ZDI-20-354", "id": "ZDI-20-354", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-354/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9633", "zdi_id": "ZDI-20-354" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-353/advisory.json", "detail_path": "advisories/ZDI-20-353", "id": "ZDI-20-353", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-353/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9632", "zdi_id": "ZDI-20-353" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-352/advisory.json", "detail_path": "advisories/ZDI-20-352", "id": "ZDI-20-352", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-352/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9631", "zdi_id": "ZDI-20-352" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-351/advisory.json", "detail_path": "advisories/ZDI-20-351", "id": "ZDI-20-351", "kind": "published", "published_date": "2020-04-02", "status": "published", "title": "(0Day) Corel PaintShop Pro J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-351/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-9630", "zdi_id": "ZDI-20-351" }, { "cve": "CVE-2020-8835", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-20-350/advisory.json", "detail_path": "advisories/ZDI-20-350", "id": "ZDI-20-350", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "(Pwn2Own) Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-350/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-10780", "zdi_id": "ZDI-20-350" }, { "cve": "CVE-2020-4240", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-349/advisory.json", "detail_path": "advisories/ZDI-20-349", "id": "ZDI-20-349", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-349/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9950", "zdi_id": "ZDI-20-349" }, { "cve": "CVE-2020-4241", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-348/advisory.json", "detail_path": "advisories/ZDI-20-348", "id": "ZDI-20-348", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-348/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9958", "zdi_id": "ZDI-20-348" }, { "cve": "CVE-2020-4242", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-347/advisory.json", "detail_path": "advisories/ZDI-20-347", "id": "ZDI-20-347", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-347/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9957", "zdi_id": "ZDI-20-347" }, { "cve": "CVE-2020-4208", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework serv...", "detail_json": "/data/advisories/ZDI-20-346/advisory.json", "detail_path": "advisories/ZDI-20-346", "id": "ZDI-20-346", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus serveradmin Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-346/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9953", "zdi_id": "ZDI-20-346" }, { "cve": "CVE-2020-4209", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-345/advisory.json", "detail_path": "advisories/ZDI-20-345", "id": "ZDI-20-345", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-345/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9952", "zdi_id": "ZDI-20-345" }, { "cve": "CVE-2020-4209", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-344/advisory.json", "detail_path": "advisories/ZDI-20-344", "id": "ZDI-20-344", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus uploadLdapCertificate Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-344/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9951", "zdi_id": "ZDI-20-344" }, { "cve": "CVE-2020-4214", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary directories on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framewo...", "detail_json": "/data/advisories/ZDI-20-343/advisory.json", "detail_path": "advisories/ZDI-20-343", "id": "ZDI-20-343", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-343/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9949", "zdi_id": "ZDI-20-343" }, { "cve": "CVE-2020-4206", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-20-342/advisory.json", "detail_path": "advisories/ZDI-20-342", "id": "ZDI-20-342", "kind": "published", "published_date": "2020-03-31", "status": "published", "title": "IBM Spectrum Protect Plus timezone Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-342/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9753", "zdi_id": "ZDI-20-342" }, { "cve": "CVE-2020-3897", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-341/advisory.json", "detail_path": "advisories/ZDI-20-341", "id": "ZDI-20-341", "kind": "published", "published_date": "2020-03-26", "status": "published", "title": "Apple Safari Object Transition Cache Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-341/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9855", "zdi_id": "ZDI-20-341" }, { "cve": "CVE-2020-10888", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwardin...", "detail_json": "/data/advisories/ZDI-20-340/advisory.json", "detail_path": "advisories/ZDI-20-340", "id": "ZDI-20-340", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 SSH Port Forwarding Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-340/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9664", "zdi_id": "ZDI-20-340" }, { "cve": "CVE-2020-10886", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which list...", "detail_json": "/data/advisories/ZDI-20-339/advisory.json", "detail_path": "advisories/ZDI-20-339", "id": "ZDI-20-339", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 tmpServer Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-339/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9662", "zdi_id": "ZDI-20-339" }, { "cve": "CVE-2020-10887", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from t...", "detail_json": "/data/advisories/ZDI-20-338/advisory.json", "detail_path": "advisories/ZDI-20-338", "id": "ZDI-20-338", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-338/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9663", "zdi_id": "ZDI-20-338" }, { "cve": "CVE-2020-10885", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. Th...", "detail_json": "/data/advisories/ZDI-20-337/advisory.json", "detail_path": "advisories/ZDI-20-337", "id": "ZDI-20-337", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 DNS Response Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-337/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9661", "zdi_id": "ZDI-20-337" }, { "cve": "CVE-2020-10884", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, whi...", "detail_json": "/data/advisories/ZDI-20-336/advisory.json", "detail_path": "advisories/ZDI-20-336", "id": "ZDI-20-336", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 tdpServer Use of Hard-coded Cryptographic Key Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-336/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9652", "zdi_id": "ZDI-20-336" }, { "cve": "CVE-2020-10883", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...", "detail_json": "/data/advisories/ZDI-20-335/advisory.json", "detail_path": "advisories/ZDI-20-335", "id": "ZDI-20-335", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 File System Incorrect Permission Assignment for Critical Resource Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-335/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9651", "zdi_id": "ZDI-20-335" }, { "cve": "CVE-2020-10882", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service,...", "detail_json": "/data/advisories/ZDI-20-334/advisory.json", "detail_path": "advisories/ZDI-20-334", "id": "ZDI-20-334", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 tdpServer Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-334/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9650", "zdi_id": "ZDI-20-334" }, { "cve": "CVE-2020-10881", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A...", "detail_json": "/data/advisories/ZDI-20-333/advisory.json", "detail_path": "advisories/ZDI-20-333", "id": "ZDI-20-333", "kind": "published", "published_date": "2020-03-25", "status": "published", "title": "(Pwn2Own) TP-Link Archer A7 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-333/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9660", "zdi_id": "ZDI-20-333" }, { "cve": "CVE-2020-3764", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-20-332/advisory.json", "detail_path": "advisories/ZDI-20-332", "id": "ZDI-20-332", "kind": "published", "published_date": "2020-03-24", "status": "published", "title": "Adobe Media Encoder CC MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-332/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9808", "zdi_id": "ZDI-20-332" }, { "cve": "CVE-2020-3764", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-20-331/advisory.json", "detail_path": "advisories/ZDI-20-331", "id": "ZDI-20-331", "kind": "published", "published_date": "2020-03-24", "status": "published", "title": "Adobe Media Encoder 3GP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-331/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10070", "zdi_id": "ZDI-20-331" }, { "cve": "CVE-2020-3802", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-330/advisory.json", "detail_path": "advisories/ZDI-20-330", "id": "ZDI-20-330", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-330/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10126", "zdi_id": "ZDI-20-330" }, { "cve": "CVE-2020-9552", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-329/advisory.json", "detail_path": "advisories/ZDI-20-329", "id": "ZDI-20-329", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Bridge XD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-329/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9984", "zdi_id": "ZDI-20-329" }, { "cve": "CVE-2020-9551", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-328/advisory.json", "detail_path": "advisories/ZDI-20-328", "id": "ZDI-20-328", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Bridge CC GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-328/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9705", "zdi_id": "ZDI-20-328" }, { "cve": "CVE-2020-3766", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Acrobat Pro DC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-327/advisory.json", "detail_path": "advisories/ZDI-20-327", "id": "ZDI-20-327", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-327/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9599", "zdi_id": "ZDI-20-327" }, { "cve": "CVE-2020-3766", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Acrobat Pro DC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-20-326/advisory.json", "detail_path": "advisories/ZDI-20-326", "id": "ZDI-20-326", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-326/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9597", "zdi_id": "ZDI-20-326" }, { "cve": "CVE-2020-3791", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-325/advisory.json", "detail_path": "advisories/ZDI-20-325", "id": "ZDI-20-325", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop Type 1 Font Parsing Charstring Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-325/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9484", "zdi_id": "ZDI-20-325" }, { "cve": "CVE-2020-3790", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-324/advisory.json", "detail_path": "advisories/ZDI-20-324", "id": "ZDI-20-324", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop DCM File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-324/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10034", "zdi_id": "ZDI-20-324" }, { "cve": "CVE-2020-3782", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-323/advisory.json", "detail_path": "advisories/ZDI-20-323", "id": "ZDI-20-323", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-323/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10050", "zdi_id": "ZDI-20-323" }, { "cve": "CVE-2020-3781", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-322/advisory.json", "detail_path": "advisories/ZDI-20-322", "id": "ZDI-20-322", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-322/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10051", "zdi_id": "ZDI-20-322" }, { "cve": "CVE-2020-3780", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-321/advisory.json", "detail_path": "advisories/ZDI-20-321", "id": "ZDI-20-321", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop EPS BoundingBox Element Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-321/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10053", "zdi_id": "ZDI-20-321" }, { "cve": "CVE-2020-3779", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-320/advisory.json", "detail_path": "advisories/ZDI-20-320", "id": "ZDI-20-320", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-320/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10065", "zdi_id": "ZDI-20-320" }, { "cve": "CVE-2020-3778", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-319/advisory.json", "detail_path": "advisories/ZDI-20-319", "id": "ZDI-20-319", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-319/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10019", "zdi_id": "ZDI-20-319" }, { "cve": "CVE-2020-3773", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-318/advisory.json", "detail_path": "advisories/ZDI-20-318", "id": "ZDI-20-318", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-318/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9989", "zdi_id": "ZDI-20-318" }, { "cve": "CVE-2020-3772", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-317/advisory.json", "detail_path": "advisories/ZDI-20-317", "id": "ZDI-20-317", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop U3D File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-317/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-10013", "zdi_id": "ZDI-20-317" }, { "cve": "CVE-2020-3771", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-316/advisory.json", "detail_path": "advisories/ZDI-20-316", "id": "ZDI-20-316", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop DCM Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-316/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9809", "zdi_id": "ZDI-20-316" }, { "cve": "CVE-2020-3770", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-315/advisory.json", "detail_path": "advisories/ZDI-20-315", "id": "ZDI-20-315", "kind": "published", "published_date": "2020-03-19", "status": "published", "title": "Adobe Photoshop PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-315/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9926", "zdi_id": "ZDI-20-315" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-20-314/advisory.json", "detail_path": "advisories/ZDI-20-314", "id": "ZDI-20-314", "kind": "published", "published_date": "2020-03-18", "status": "published", "title": "(Pwn2Own) Samsung Q60 Smart QLED TV JavaScript Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-314/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-9645", "zdi_id": "ZDI-20-314" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-313/advisory.json", "detail_path": "advisories/ZDI-20-313", "id": "ZDI-20-313", "kind": "published", "published_date": "2020-03-18", "status": "published", "title": "Microsoft Windows AppX Deployment Service Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-313/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10131", "zdi_id": "ZDI-20-313" }, { "cve": "CVE-2020-8870", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-312/advisory.json", "detail_path": "advisories/ZDI-20-312", "id": "ZDI-20-312", "kind": "published", "published_date": "2020-03-18", "status": "published", "title": "Foxit Studio Photo GetTIFPalette TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-312/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9931", "zdi_id": "ZDI-20-312" }, { "cve": "CVE-2020-8869", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-311/advisory.json", "detail_path": "advisories/ZDI-20-311", "id": "ZDI-20-311", "kind": "published", "published_date": "2020-03-18", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-311/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9881", "zdi_id": "ZDI-20-311" }, { "cve": "CVE-2020-6976", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-20-310/advisory.json", "detail_path": "advisories/ZDI-20-310", "id": "ZDI-20-310", "kind": "published", "published_date": "2020-03-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Giffile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-310/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10420", "zdi_id": "ZDI-20-310" }, { "cve": "CVE-2020-7002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-309/advisory.json", "detail_path": "advisories/ZDI-20-309", "id": "ZDI-20-309", "kind": "published", "published_date": "2020-03-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-309/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10413", "zdi_id": "ZDI-20-309" }, { "cve": "CVE-2020-7002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-20-308/advisory.json", "detail_path": "advisories/ZDI-20-308", "id": "ZDI-20-308", "kind": "published", "published_date": "2020-03-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing GifName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-308/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-10141", "zdi_id": "ZDI-20-308" }, { "cve": "CVE-2020-8600", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TempFi...", "detail_json": "/data/advisories/ZDI-20-307/advisory.json", "detail_path": "advisories/ZDI-20-307", "id": "ZDI-20-307", "kind": "published", "published_date": "2020-03-17", "status": "published", "title": "Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-307/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-10073", "zdi_id": "ZDI-20-307" }, { "cve": "CVE-2020-8883", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-306/advisory.json", "detail_path": "advisories/ZDI-20-306", "id": "ZDI-20-306", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-306/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9880", "zdi_id": "ZDI-20-306" }, { "cve": "CVE-2020-8882", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-305/advisory.json", "detail_path": "advisories/ZDI-20-305", "id": "ZDI-20-305", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-305/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9811", "zdi_id": "ZDI-20-305" }, { "cve": "CVE-2020-8881", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-304/advisory.json", "detail_path": "advisories/ZDI-20-304", "id": "ZDI-20-304", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-304/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9774", "zdi_id": "ZDI-20-304" }, { "cve": "CVE-2020-8880", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-303/advisory.json", "detail_path": "advisories/ZDI-20-303", "id": "ZDI-20-303", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-303/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9773", "zdi_id": "ZDI-20-303" }, { "cve": "CVE-2020-8879", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-302/advisory.json", "detail_path": "advisories/ZDI-20-302", "id": "ZDI-20-302", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-302/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9626", "zdi_id": "ZDI-20-302" }, { "cve": "CVE-2020-8878", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-301/advisory.json", "detail_path": "advisories/ZDI-20-301", "id": "ZDI-20-301", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-301/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9625", "zdi_id": "ZDI-20-301" }, { "cve": "CVE-2020-8877", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-20-300/advisory.json", "detail_path": "advisories/ZDI-20-300", "id": "ZDI-20-300", "kind": "published", "published_date": "2020-03-16", "status": "published", "title": "Foxit Studio Photo PSD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2020-03-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-300/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9624", "zdi_id": "ZDI-20-300" }, { "cve": "CVE-2020-3948", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-299/advisory.json", "detail_path": "advisories/ZDI-20-299", "id": "ZDI-20-299", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "VMware Workstation Virtual Printer External Control of File Name Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-299/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-10099", "zdi_id": "ZDI-20-299" }, { "cve": "CVE-2020-3947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-20-298/advisory.json", "detail_path": "advisories/ZDI-20-298", "id": "ZDI-20-298", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "VMware Workstation vmnetdhcp Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-298/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-9292", "zdi_id": "ZDI-20-298" }, { "cve": "CVE-2020-8876", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-20-297/advisory.json", "detail_path": "advisories/ZDI-20-297", "id": "ZDI-20-297", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop OS X Host Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-297/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10029", "zdi_id": "ZDI-20-297" }, { "cve": "CVE-2020-8875", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-296/advisory.json", "detail_path": "advisories/ZDI-20-296", "id": "ZDI-20-296", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop OS X Host Kernel Module Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-296/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10028", "zdi_id": "ZDI-20-296" }, { "cve": "CVE-2020-8874", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-295/advisory.json", "detail_path": "advisories/ZDI-20-295", "id": "ZDI-20-295", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop xHCI Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-295/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10032", "zdi_id": "ZDI-20-295" }, { "cve": "CVE-2020-8873", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-294/advisory.json", "detail_path": "advisories/ZDI-20-294", "id": "ZDI-20-294", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-294/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-10031", "zdi_id": "ZDI-20-294" }, { "cve": "CVE-2020-8872", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-293/advisory.json", "detail_path": "advisories/ZDI-20-293", "id": "ZDI-20-293", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop xHCI Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-293/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-9428", "zdi_id": "ZDI-20-293" }, { "cve": "CVE-2020-8871", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-20-292/advisory.json", "detail_path": "advisories/ZDI-20-292", "id": "ZDI-20-292", "kind": "published", "published_date": "2020-03-13", "status": "published", "title": "Parallels Desktop VGA Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-292/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-9403", "zdi_id": "ZDI-20-292" }, { "cve": "CVE-2020-6208", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-291/advisory.json", "detail_path": "advisories/ZDI-20-291", "id": "ZDI-20-291", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "SAP Crystal Reports RPT File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-9460", "zdi_id": "ZDI-20-291" }, { "cve": "CVE-2020-8868", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product co...", "detail_json": "/data/advisories/ZDI-20-290/advisory.json", "detail_path": "advisories/ZDI-20-290", "id": "ZDI-20-290", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-290/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-9553", "zdi_id": "ZDI-20-290" }, { "cve": "CVE-2020-9530", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-289/advisory.json", "detail_path": "advisories/ZDI-20-289", "id": "ZDI-20-289", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "(Pwn2Own) Xiaomi Mi9 Browser manualUpgradeInfo Improper Control of Generation of Code Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-289/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-9665", "zdi_id": "ZDI-20-289" }, { "cve": "CVE-2020-9531", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Xiaomi GetApps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-20-288/advisory.json", "detail_path": "advisories/ZDI-20-288", "id": "ZDI-20-288", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "(Pwn2Own) Xiaomi GetApps Intent Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-288/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-9657", "zdi_id": "ZDI-20-288" }, { "cve": "CVE-2020-9531", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-287/advisory.json", "detail_path": "advisories/ZDI-20-287", "id": "ZDI-20-287", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-287/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-9656", "zdi_id": "ZDI-20-287" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-286/advisory.json", "detail_path": "advisories/ZDI-20-286", "id": "ZDI-20-286", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "(Pwn2Own) Xiaomi Mi9 Browser ParseFormalParameterList Improper Input Validation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-286/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-9646", "zdi_id": "ZDI-20-286" }, { "cve": "CVE-2020-0807", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-20-285/advisory.json", "detail_path": "advisories/ZDI-20-285", "id": "ZDI-20-285", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows Media Player AVI Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-285/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10525", "zdi_id": "ZDI-20-285" }, { "cve": "CVE-2020-0851", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-284/advisory.json", "detail_path": "advisories/ZDI-20-284", "id": "ZDI-20-284", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Word HTML Rendering Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9959", "zdi_id": "ZDI-20-284" }, { "cve": "CVE-2020-0887", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-283/advisory.json", "detail_path": "advisories/ZDI-20-283", "id": "ZDI-20-283", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows Printer Device Context Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-283/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9875", "zdi_id": "ZDI-20-283" }, { "cve": "CVE-2020-0841", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-282/advisory.json", "detail_path": "advisories/ZDI-20-282", "id": "ZDI-20-282", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows DiagTrack Service Hard Link Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-282/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9691", "zdi_id": "ZDI-20-282" }, { "cve": "CVE-2020-0840", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-281/advisory.json", "detail_path": "advisories/ZDI-20-281", "id": "ZDI-20-281", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows AppX Deployment Service Hard Link Escalation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-281/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9502", "zdi_id": "ZDI-20-281" }, { "cve": "CVE-2020-0788", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-280/advisory.json", "detail_path": "advisories/ZDI-20-280", "id": "ZDI-20-280", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-280/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9858", "zdi_id": "ZDI-20-280" }, { "cve": "CVE-2020-0788", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-279/advisory.json", "detail_path": "advisories/ZDI-20-279", "id": "ZDI-20-279", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-279/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9857", "zdi_id": "ZDI-20-279" }, { "cve": "CVE-2020-0788", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-278/advisory.json", "detail_path": "advisories/ZDI-20-278", "id": "ZDI-20-278", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows ulGetNearestIndexFromColorref Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-278/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9856", "zdi_id": "ZDI-20-278" }, { "cve": "CVE-2020-0776", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-277/advisory.json", "detail_path": "advisories/ZDI-20-277", "id": "ZDI-20-277", "kind": "published", "published_date": "2020-03-12", "status": "published", "title": "Microsoft Windows AppX Deployment Service Link Resolution Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-277/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9473", "zdi_id": "ZDI-20-277" }, { "cve": "CVE-2020-8865", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[tem...", "detail_json": "/data/advisories/ZDI-20-276/advisory.json", "detail_path": "advisories/ZDI-20-276", "id": "ZDI-20-276", "kind": "published", "published_date": "2020-03-10", "status": "published", "title": "Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10469", "zdi_id": "ZDI-20-276" }, { "cve": "CVE-2020-8866", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the la...", "detail_json": "/data/advisories/ZDI-20-275/advisory.json", "detail_path": "advisories/ZDI-20-275", "id": "ZDI-20-275", "kind": "published", "published_date": "2020-03-10", "status": "published", "title": "Horde Groupware Webmail Edition add Page Unrestricted File Upload Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-275/", "vendor": "Horde", "vendor_url": null, "zdi_can": "ZDI-CAN-10125", "zdi_id": "ZDI-20-275" }, { "cve": "CVE-2020-4210", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-274/advisory.json", "detail_path": "advisories/ZDI-20-274", "id": "ZDI-20-274", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "IBM Spectrum Protect Plus changeAdministratorPassword Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-274/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9956", "zdi_id": "ZDI-20-274" }, { "cve": "CVE-2020-4211", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-273/advisory.json", "detail_path": "advisories/ZDI-20-273", "id": "ZDI-20-273", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "IBM Spectrum Protect Plus hostname Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-273/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9955", "zdi_id": "ZDI-20-273" }, { "cve": "CVE-2020-4212", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-272/advisory.json", "detail_path": "advisories/ZDI-20-272", "id": "ZDI-20-272", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "IBM Spectrum Protect Plus hfpackage Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-272/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9954", "zdi_id": "ZDI-20-272" }, { "cve": "CVE-2020-4222", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-271/advisory.json", "detail_path": "advisories/ZDI-20-271", "id": "ZDI-20-271", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "IBM Spectrum Protect Plus password Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-271/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9752", "zdi_id": "ZDI-20-271" }, { "cve": "CVE-2020-4213", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework ser...", "detail_json": "/data/advisories/ZDI-20-270/advisory.json", "detail_path": "advisories/ZDI-20-270", "id": "ZDI-20-270", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "IBM Spectrum Protect Plus username Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-270/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-9750", "zdi_id": "ZDI-20-270" }, { "cve": "CVE-2020-3127", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-20-269/advisory.json", "detail_path": "advisories/ZDI-20-269", "id": "ZDI-20-269", "kind": "published", "published_date": "2020-03-05", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9491", "zdi_id": "ZDI-20-269" }, { "cve": "CVE-2020-8864", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-20-268/advisory.json", "detail_path": "advisories/ZDI-20-268", "id": "ZDI-20-268", "kind": "published", "published_date": "2020-02-24", "status": "published", "title": "D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-268/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9471", "zdi_id": "ZDI-20-268" }, { "cve": "CVE-2020-8863", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-20-267/advisory.json", "detail_path": "advisories/ZDI-20-267", "id": "ZDI-20-267", "kind": "published", "published_date": "2020-02-24", "status": "published", "title": "D-Link Multiple Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-267/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9470", "zdi_id": "ZDI-20-267" }, { "cve": "CVE-2020-8862", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The is...", "detail_json": "/data/advisories/ZDI-20-266/advisory.json", "detail_path": "advisories/ZDI-20-266", "id": "ZDI-20-266", "kind": "published", "published_date": "2020-02-21", "status": "published", "title": "D-Link DAP-2610 Router login Incorrect Comparison Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-266/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-10082", "zdi_id": "ZDI-20-266" }, { "cve": "CVE-2020-8861", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNA...", "detail_json": "/data/advisories/ZDI-20-265/advisory.json", "detail_path": "advisories/ZDI-20-265", "id": "ZDI-20-265", "kind": "published", "published_date": "2020-02-21", "status": "published", "title": "D-Link DAP-1330 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-265/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-9554", "zdi_id": "ZDI-20-265" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-264/advisory.json", "detail_path": "advisories/ZDI-20-264", "id": "ZDI-20-264", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(0Day) WECON LeviStudioU MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-264/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-9304", "zdi_id": "ZDI-20-264" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-263/advisory.json", "detail_path": "advisories/ZDI-20-263", "id": "ZDI-20-263", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(0Day) WECON LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-263/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-9290", "zdi_id": "ZDI-20-263" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-20-262/advisory.json", "detail_path": "advisories/ZDI-20-262", "id": "ZDI-20-262", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(0Day) WECON LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-262/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-9280", "zdi_id": "ZDI-20-262" }, { "cve": "CVE-2020-6967", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RNADiagnosticsSrv endpoint, wh...", "detail_json": "/data/advisories/ZDI-20-261/advisory.json", "detail_path": "advisories/ZDI-20-261", "id": "ZDI-20-261", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(0Day) Rockwell Automation FactoryTalk RNADiagnosticsSrv Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-261/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-9309", "zdi_id": "ZDI-20-261" }, { "cve": null, "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to trigger a Denial-of-Service condition on vulnerable installations of AMD Radeon drivers on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to expl...", "detail_json": "/data/advisories/ZDI-20-260/advisory.json", "detail_path": "advisories/ZDI-20-260", "id": "ZDI-20-260", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(0Day) AMD Radeon Divide By Zero Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-260/", "vendor": "AMD", "vendor_url": null, "zdi_can": "ZDI-CAN-8315", "zdi_id": "ZDI-20-260" }, { "cve": "CVE-2020-0792", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-259/advisory.json", "detail_path": "advisories/ZDI-20-259", "id": "ZDI-20-259", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "Microsoft Windows NtUserResolveDesktopForWOW Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-259/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-10076", "zdi_id": "ZDI-20-259" }, { "cve": "CVE-2020-0688", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application....", "detail_json": "/data/advisories/ZDI-20-258/advisory.json", "detail_path": "advisories/ZDI-20-258", "id": "ZDI-20-258", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9615", "zdi_id": "ZDI-20-258" }, { "cve": "CVE-2020-0668", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-257/advisory.json", "detail_path": "advisories/ZDI-20-257", "id": "ZDI-20-257", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "Microsoft Windows Service Tracing Arbitrary File Move Privilege Escalation Vulnerability", "updated_date": "2020-03-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-257/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9538", "zdi_id": "ZDI-20-257" }, { "cve": null, "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-20-256/advisory.json", "detail_path": "advisories/ZDI-20-256", "id": "ZDI-20-256", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S10 IndexedDB Use-After-Free Sandbox Escape Vulnerability", "updated_date": "2020-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-256/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-9666", "zdi_id": "ZDI-20-256" }, { "cve": "CVE-2020-8860", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy 10. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Ca...", "detail_json": "/data/advisories/ZDI-20-255/advisory.json", "detail_path": "advisories/ZDI-20-255", "id": "ZDI-20-255", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S10 Call Control Setup Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2020-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-255/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-9658", "zdi_id": "ZDI-20-255" }, { "cve": null, "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-20-254/advisory.json", "detail_path": "advisories/ZDI-20-254", "id": "ZDI-20-254", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S10 FileWriter Use-After-Free Sandbox Escape Vulnerability", "updated_date": "2020-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-254/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-9655", "zdi_id": "ZDI-20-254" }, { "cve": null, "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-20-253/advisory.json", "detail_path": "advisories/ZDI-20-253", "id": "ZDI-20-253", "kind": "published", "published_date": "2020-02-20", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S10 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-253/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-9654", "zdi_id": "ZDI-20-253" }, { "cve": "CVE-2020-8859", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP param...", "detail_json": "/data/advisories/ZDI-20-252/advisory.json", "detail_path": "advisories/ZDI-20-252", "id": "ZDI-20-252", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "ELOG Electronic Logbook drop-count Null Pointer Dereference Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/", "vendor": "ELOG", "vendor_url": null, "zdi_can": "ZDI-CAN-10115", "zdi_id": "ZDI-20-252" }, { "cve": "CVE-2020-3740", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-251/advisory.json", "detail_path": "advisories/ZDI-20-251", "id": "ZDI-20-251", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-251/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9454", "zdi_id": "ZDI-20-251" }, { "cve": "CVE-2020-3739", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-250/advisory.json", "detail_path": "advisories/ZDI-20-250", "id": "ZDI-20-250", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker IFF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-250/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9453", "zdi_id": "ZDI-20-250" }, { "cve": "CVE-2020-3748", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-20-249/advisory.json", "detail_path": "advisories/ZDI-20-249", "id": "ZDI-20-249", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-249/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9617", "zdi_id": "ZDI-20-249" }, { "cve": "CVE-2020-3738", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-248/advisory.json", "detail_path": "advisories/ZDI-20-248", "id": "ZDI-20-248", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-248/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9432", "zdi_id": "ZDI-20-248" }, { "cve": "CVE-2020-3737", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-247/advisory.json", "detail_path": "advisories/ZDI-20-247", "id": "ZDI-20-247", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-247/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9436", "zdi_id": "ZDI-20-247" }, { "cve": "CVE-2020-3736", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-246/advisory.json", "detail_path": "advisories/ZDI-20-246", "id": "ZDI-20-246", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-246/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9445", "zdi_id": "ZDI-20-246" }, { "cve": "CVE-2020-3735", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-245/advisory.json", "detail_path": "advisories/ZDI-20-245", "id": "ZDI-20-245", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-245/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9446", "zdi_id": "ZDI-20-245" }, { "cve": "CVE-2020-3734", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-244/advisory.json", "detail_path": "advisories/ZDI-20-244", "id": "ZDI-20-244", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TGA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-244/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9447", "zdi_id": "ZDI-20-244" }, { "cve": "CVE-2020-3733", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-243/advisory.json", "detail_path": "advisories/ZDI-20-243", "id": "ZDI-20-243", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-243/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9442", "zdi_id": "ZDI-20-243" }, { "cve": "CVE-2020-3732", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-242/advisory.json", "detail_path": "advisories/ZDI-20-242", "id": "ZDI-20-242", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker IFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-242/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9444", "zdi_id": "ZDI-20-242" }, { "cve": "CVE-2020-3731", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-241/advisory.json", "detail_path": "advisories/ZDI-20-241", "id": "ZDI-20-241", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker CEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-241/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9443", "zdi_id": "ZDI-20-241" }, { "cve": "CVE-2020-3730", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-240/advisory.json", "detail_path": "advisories/ZDI-20-240", "id": "ZDI-20-240", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-240/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9439", "zdi_id": "ZDI-20-240" }, { "cve": "CVE-2020-3729", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-239/advisory.json", "detail_path": "advisories/ZDI-20-239", "id": "ZDI-20-239", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-239/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9430", "zdi_id": "ZDI-20-239" }, { "cve": "CVE-2020-3728", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-238/advisory.json", "detail_path": "advisories/ZDI-20-238", "id": "ZDI-20-238", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-238/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9435", "zdi_id": "ZDI-20-238" }, { "cve": "CVE-2020-3727", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-237/advisory.json", "detail_path": "advisories/ZDI-20-237", "id": "ZDI-20-237", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-237/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9437", "zdi_id": "ZDI-20-237" }, { "cve": "CVE-2020-3726", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-236/advisory.json", "detail_path": "advisories/ZDI-20-236", "id": "ZDI-20-236", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-236/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9438", "zdi_id": "ZDI-20-236" }, { "cve": "CVE-2020-3725", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-235/advisory.json", "detail_path": "advisories/ZDI-20-235", "id": "ZDI-20-235", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-235/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9440", "zdi_id": "ZDI-20-235" }, { "cve": "CVE-2020-3724", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-234/advisory.json", "detail_path": "advisories/ZDI-20-234", "id": "ZDI-20-234", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-234/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9441", "zdi_id": "ZDI-20-234" }, { "cve": "CVE-2020-3723", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-233/advisory.json", "detail_path": "advisories/ZDI-20-233", "id": "ZDI-20-233", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-233/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9429", "zdi_id": "ZDI-20-233" }, { "cve": "CVE-2020-3722", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-232/advisory.json", "detail_path": "advisories/ZDI-20-232", "id": "ZDI-20-232", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-232/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9431", "zdi_id": "ZDI-20-232" }, { "cve": "CVE-2020-3721", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-231/advisory.json", "detail_path": "advisories/ZDI-20-231", "id": "ZDI-20-231", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-231/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9433", "zdi_id": "ZDI-20-231" }, { "cve": "CVE-2020-3720", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-230/advisory.json", "detail_path": "advisories/ZDI-20-230", "id": "ZDI-20-230", "kind": "published", "published_date": "2020-02-12", "status": "published", "title": "Adobe FrameMaker PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-230/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9434", "zdi_id": "ZDI-20-230" }, { "cve": "CVE-2020-5826", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-229/advisory.json", "detail_path": "advisories/ZDI-20-229", "id": "ZDI-20-229", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-229/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9418", "zdi_id": "ZDI-20-229" }, { "cve": "CVE-2020-5825", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to move arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-20-228/advisory.json", "detail_path": "advisories/ZDI-20-228", "id": "ZDI-20-228", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Move Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-228/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9397", "zdi_id": "ZDI-20-228" }, { "cve": "CVE-2020-5825", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-20-227/advisory.json", "detail_path": "advisories/ZDI-20-227", "id": "ZDI-20-227", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-227/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9404", "zdi_id": "ZDI-20-227" }, { "cve": "CVE-2020-5825", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to rename arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-20-226/advisory.json", "detail_path": "advisories/ZDI-20-226", "id": "ZDI-20-226", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Rename Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-226/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9396", "zdi_id": "ZDI-20-226" }, { "cve": "CVE-2020-5831", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-225/advisory.json", "detail_path": "advisories/ZDI-20-225", "id": "ZDI-20-225", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-225/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9537", "zdi_id": "ZDI-20-225" }, { "cve": "CVE-2020-5830", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-224/advisory.json", "detail_path": "advisories/ZDI-20-224", "id": "ZDI-20-224", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-224/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9536", "zdi_id": "ZDI-20-224" }, { "cve": "CVE-2020-5829", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-223/advisory.json", "detail_path": "advisories/ZDI-20-223", "id": "ZDI-20-223", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-223/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9535", "zdi_id": "ZDI-20-223" }, { "cve": "CVE-2020-5828", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-222/advisory.json", "detail_path": "advisories/ZDI-20-222", "id": "ZDI-20-222", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-222/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9534", "zdi_id": "ZDI-20-222" }, { "cve": "CVE-2020-5824", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-20-221/advisory.json", "detail_path": "advisories/ZDI-20-221", "id": "ZDI-20-221", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Missing Authentication Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-221/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9395", "zdi_id": "ZDI-20-221" }, { "cve": "CVE-2020-5827", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-20-220/advisory.json", "detail_path": "advisories/ZDI-20-220", "id": "ZDI-20-220", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-220/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9459", "zdi_id": "ZDI-20-220" }, { "cve": "CVE-2020-5823", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-219/advisory.json", "detail_path": "advisories/ZDI-20-219", "id": "ZDI-20-219", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection ccJobMgr Missing Authentication Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-219/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9450", "zdi_id": "ZDI-20-219" }, { "cve": "CVE-2020-5822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-218/advisory.json", "detail_path": "advisories/ZDI-20-218", "id": "ZDI-20-218", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection ccSvc Missing Authentication Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-218/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9426", "zdi_id": "ZDI-20-218" }, { "cve": "CVE-2020-5820", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-20-217/advisory.json", "detail_path": "advisories/ZDI-20-217", "id": "ZDI-20-217", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Symantec Endpoint Protection AvHostPlugin Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-217/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9420", "zdi_id": "ZDI-20-217" }, { "cve": "CVE-2020-3877", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Messages. User interaction is required to exploit this vulnerability in that the target must open the Messages application. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-20-216/advisory.json", "detail_path": "advisories/ZDI-20-216", "id": "ZDI-20-216", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Apple Messages HandwritingProvider Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-216/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9383", "zdi_id": "ZDI-20-216" }, { "cve": "CVE-2020-3839", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-215/advisory.json", "detail_path": "advisories/ZDI-20-215", "id": "ZDI-20-215", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Apple macOS IO80211Family Stack-based Buffer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-215/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9595", "zdi_id": "ZDI-20-215" }, { "cve": "CVE-2020-8858", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The i...", "detail_json": "/data/advisories/ZDI-20-214/advisory.json", "detail_path": "advisories/ZDI-20-214", "id": "ZDI-20-214", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Moxa MGate 5105-MB-EIP DestIP Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-214/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-9552", "zdi_id": "ZDI-20-214" }, { "cve": "CVE-2020-8857", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-213/advisory.json", "detail_path": "advisories/ZDI-20-213", "id": "ZDI-20-213", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader Annotations AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-213/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9862", "zdi_id": "ZDI-20-213" }, { "cve": "CVE-2020-8856", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-212/advisory.json", "detail_path": "advisories/ZDI-20-212", "id": "ZDI-20-212", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-212/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9640", "zdi_id": "ZDI-20-212" }, { "cve": "CVE-2020-8855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-211/advisory.json", "detail_path": "advisories/ZDI-20-211", "id": "ZDI-20-211", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF fxhtml2pdf Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-211/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9560", "zdi_id": "ZDI-20-211" }, { "cve": "CVE-2020-8854", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-210/advisory.json", "detail_path": "advisories/ZDI-20-210", "id": "ZDI-20-210", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-210/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9606", "zdi_id": "ZDI-20-210" }, { "cve": "CVE-2020-8853", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-209/advisory.json", "detail_path": "advisories/ZDI-20-209", "id": "ZDI-20-209", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-209/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9591", "zdi_id": "ZDI-20-209" }, { "cve": "CVE-2020-8852", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-208/advisory.json", "detail_path": "advisories/ZDI-20-208", "id": "ZDI-20-208", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-208/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9416", "zdi_id": "ZDI-20-208" }, { "cve": "CVE-2020-8851", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-207/advisory.json", "detail_path": "advisories/ZDI-20-207", "id": "ZDI-20-207", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-11-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-207/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9406", "zdi_id": "ZDI-20-207" }, { "cve": "CVE-2020-8850", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-206/advisory.json", "detail_path": "advisories/ZDI-20-206", "id": "ZDI-20-206", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-206/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9415", "zdi_id": "ZDI-20-206" }, { "cve": "CVE-2020-8849", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-205/advisory.json", "detail_path": "advisories/ZDI-20-205", "id": "ZDI-20-205", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-205/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9413", "zdi_id": "ZDI-20-205" }, { "cve": "CVE-2020-8848", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-204/advisory.json", "detail_path": "advisories/ZDI-20-204", "id": "ZDI-20-204", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-11-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-204/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9407", "zdi_id": "ZDI-20-204" }, { "cve": "CVE-2020-8847", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-203/advisory.json", "detail_path": "advisories/ZDI-20-203", "id": "ZDI-20-203", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-203/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9414", "zdi_id": "ZDI-20-203" }, { "cve": "CVE-2020-8846", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-202/advisory.json", "detail_path": "advisories/ZDI-20-202", "id": "ZDI-20-202", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF text Field Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-02-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-202/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9400", "zdi_id": "ZDI-20-202" }, { "cve": "CVE-2020-8845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-20-201/advisory.json", "detail_path": "advisories/ZDI-20-201", "id": "ZDI-20-201", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-201/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9358", "zdi_id": "ZDI-20-201" }, { "cve": "CVE-2020-8844", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-20-200/advisory.json", "detail_path": "advisories/ZDI-20-200", "id": "ZDI-20-200", "kind": "published", "published_date": "2020-02-11", "status": "published", "title": "Foxit Reader ConvertToPDF JPEG Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-200/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9102", "zdi_id": "ZDI-20-200" }, { "cve": "CVE-2019-14088", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-20-199/advisory.json", "detail_path": "advisories/ZDI-20-199", "id": "ZDI-20-199", "kind": "published", "published_date": "2020-02-07", "status": "published", "title": "Google Android V4l2 cam_actuator_driver_cmd Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-199/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-9549", "zdi_id": "ZDI-20-199" }, { "cve": "CVE-2020-8095", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitDefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v...", "detail_json": "/data/advisories/ZDI-20-198/advisory.json", "detail_path": "advisories/ZDI-20-198", "id": "ZDI-20-198", "kind": "published", "published_date": "2020-02-05", "status": "published", "title": "Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-8956", "zdi_id": "ZDI-20-198" }, { "cve": "CVE-2020-7176", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-197/advisory.json", "detail_path": "advisories/ZDI-20-197", "id": "ZDI-20-197", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center viewTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-197/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9015", "zdi_id": "ZDI-20-197" }, { "cve": "CVE-2020-7188", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-196/advisory.json", "detail_path": "advisories/ZDI-20-196", "id": "ZDI-20-196", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center userSelectPagingContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-196/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9013", "zdi_id": "ZDI-20-196" }, { "cve": "CVE-2020-7185", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-195/advisory.json", "detail_path": "advisories/ZDI-20-195", "id": "ZDI-20-195", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center tvxlanLegend Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-195/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9014", "zdi_id": "ZDI-20-195" }, { "cve": "CVE-2020-7177", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-194/advisory.json", "detail_path": "advisories/ZDI-20-194", "id": "ZDI-20-194", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center wmiConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-194/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9012", "zdi_id": "ZDI-20-194" }, { "cve": "CVE-2020-7183", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-193/advisory.json", "detail_path": "advisories/ZDI-20-193", "id": "ZDI-20-193", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center forwardredirect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-193/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9011", "zdi_id": "ZDI-20-193" }, { "cve": "CVE-2020-7184", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-192/advisory.json", "detail_path": "advisories/ZDI-20-192", "id": "ZDI-20-192", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center viewBatchTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-192/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9010", "zdi_id": "ZDI-20-192" }, { "cve": "CVE-2020-7186", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-191/advisory.json", "detail_path": "advisories/ZDI-20-191", "id": "ZDI-20-191", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-191/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9009", "zdi_id": "ZDI-20-191" }, { "cve": "CVE-2020-7181", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-190/advisory.json", "detail_path": "advisories/ZDI-20-190", "id": "ZDI-20-190", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center smsRulesDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-190/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9008", "zdi_id": "ZDI-20-190" }, { "cve": "CVE-2020-7179", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-189/advisory.json", "detail_path": "advisories/ZDI-20-189", "id": "ZDI-20-189", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center thirdPartyPerfSelectTask Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-189/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9007", "zdi_id": "ZDI-20-189" }, { "cve": "CVE-2020-7187", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-188/advisory.json", "detail_path": "advisories/ZDI-20-188", "id": "ZDI-20-188", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center reportpage index Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-188/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8997", "zdi_id": "ZDI-20-188" }, { "cve": "CVE-2020-7182", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-187/advisory.json", "detail_path": "advisories/ZDI-20-187", "id": "ZDI-20-187", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-187/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9006", "zdi_id": "ZDI-20-187" }, { "cve": "CVE-2020-7194", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-186/advisory.json", "detail_path": "advisories/ZDI-20-186", "id": "ZDI-20-186", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center perfAddorModDeviceMonitor Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-186/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9005", "zdi_id": "ZDI-20-186" }, { "cve": "CVE-2020-7163", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-185/advisory.json", "detail_path": "advisories/ZDI-20-185", "id": "ZDI-20-185", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center navigationTo Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-185/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8998", "zdi_id": "ZDI-20-185" }, { "cve": "CVE-2020-7170", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-184/advisory.json", "detail_path": "advisories/ZDI-20-184", "id": "ZDI-20-184", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-184/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8990", "zdi_id": "ZDI-20-184" }, { "cve": "CVE-2020-7165", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-183/advisory.json", "detail_path": "advisories/ZDI-20-183", "id": "ZDI-20-183", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-183/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8979", "zdi_id": "ZDI-20-183" }, { "cve": "CVE-2020-7160", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-182/advisory.json", "detail_path": "advisories/ZDI-20-182", "id": "ZDI-20-182", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDeviceSeries Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-182/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8978", "zdi_id": "ZDI-20-182" }, { "cve": "CVE-2020-7175", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-181/advisory.json", "detail_path": "advisories/ZDI-20-181", "id": "ZDI-20-181", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-181/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8977", "zdi_id": "ZDI-20-181" }, { "cve": "CVE-2020-7158", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-180/advisory.json", "detail_path": "advisories/ZDI-20-180", "id": "ZDI-20-180", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-180/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8996", "zdi_id": "ZDI-20-180" }, { "cve": "CVE-2020-7168", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-179/advisory.json", "detail_path": "advisories/ZDI-20-179", "id": "ZDI-20-179", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center selectUserGroup Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-179/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9004", "zdi_id": "ZDI-20-179" }, { "cve": "CVE-2020-7173", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-178/advisory.json", "detail_path": "advisories/ZDI-20-178", "id": "ZDI-20-178", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center actionSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-178/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8958", "zdi_id": "ZDI-20-178" }, { "cve": "CVE-2020-7164", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-177/advisory.json", "detail_path": "advisories/ZDI-20-177", "id": "ZDI-20-177", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operationSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-177/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9003", "zdi_id": "ZDI-20-177" }, { "cve": "CVE-2020-7161", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-176/advisory.json", "detail_path": "advisories/ZDI-20-176", "id": "ZDI-20-176", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-176/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9002", "zdi_id": "ZDI-20-176" }, { "cve": "CVE-2020-7174", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-175/advisory.json", "detail_path": "advisories/ZDI-20-175", "id": "ZDI-20-175", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-175/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9001", "zdi_id": "ZDI-20-175" }, { "cve": "CVE-2020-7172", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-174/advisory.json", "detail_path": "advisories/ZDI-20-174", "id": "ZDI-20-174", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center templateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-174/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-9000", "zdi_id": "ZDI-20-174" }, { "cve": "CVE-2020-7167", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-173/advisory.json", "detail_path": "advisories/ZDI-20-173", "id": "ZDI-20-173", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-173/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8999", "zdi_id": "ZDI-20-173" }, { "cve": "CVE-2020-7171", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-172/advisory.json", "detail_path": "advisories/ZDI-20-172", "id": "ZDI-20-172", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center guiDataDetail Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-172/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8995", "zdi_id": "ZDI-20-172" }, { "cve": "CVE-2020-7169", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-171/advisory.json", "detail_path": "advisories/ZDI-20-171", "id": "ZDI-20-171", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-171/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8994", "zdi_id": "ZDI-20-171" }, { "cve": "CVE-2020-7166", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-170/advisory.json", "detail_path": "advisories/ZDI-20-170", "id": "ZDI-20-170", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operatorGroupTreeSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-170/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8993", "zdi_id": "ZDI-20-170" }, { "cve": "CVE-2020-7162", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-169/advisory.json", "detail_path": "advisories/ZDI-20-169", "id": "ZDI-20-169", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operatorGroupSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-169/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8992", "zdi_id": "ZDI-20-169" }, { "cve": "CVE-2020-7157", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-168/advisory.json", "detail_path": "advisories/ZDI-20-168", "id": "ZDI-20-168", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-168/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8991", "zdi_id": "ZDI-20-168" }, { "cve": "CVE-2020-7178", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-167/advisory.json", "detail_path": "advisories/ZDI-20-167", "id": "ZDI-20-167", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center mediaForAction Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-167/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8984", "zdi_id": "ZDI-20-167" }, { "cve": "CVE-2020-7180", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-166/advisory.json", "detail_path": "advisories/ZDI-20-166", "id": "ZDI-20-166", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-166/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8983", "zdi_id": "ZDI-20-166" }, { "cve": "CVE-2020-7153", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-165/advisory.json", "detail_path": "advisories/ZDI-20-165", "id": "ZDI-20-165", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-165/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8980", "zdi_id": "ZDI-20-165" }, { "cve": "CVE-2020-7152", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-164/advisory.json", "detail_path": "advisories/ZDI-20-164", "id": "ZDI-20-164", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultParasSet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-164/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8985", "zdi_id": "ZDI-20-164" }, { "cve": "CVE-2020-7156", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-163/advisory.json", "detail_path": "advisories/ZDI-20-163", "id": "ZDI-20-163", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultInfo_content Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-163/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8986", "zdi_id": "ZDI-20-163" }, { "cve": "CVE-2020-7155", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-162/advisory.json", "detail_path": "advisories/ZDI-20-162", "id": "ZDI-20-162", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-162/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8989", "zdi_id": "ZDI-20-162" }, { "cve": "CVE-2020-7151", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-161/advisory.json", "detail_path": "advisories/ZDI-20-161", "id": "ZDI-20-161", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultTrapGroupSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-161/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8988", "zdi_id": "ZDI-20-161" }, { "cve": "CVE-2020-7150", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-160/advisory.json", "detail_path": "advisories/ZDI-20-160", "id": "ZDI-20-160", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultStatChooseFaultType Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-160/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8987", "zdi_id": "ZDI-20-160" }, { "cve": "CVE-2020-7154", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-159/advisory.json", "detail_path": "advisories/ZDI-20-159", "id": "ZDI-20-159", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ifViewSelectPage Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-159/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8982", "zdi_id": "ZDI-20-159" }, { "cve": "CVE-2020-7149", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-158/advisory.json", "detail_path": "advisories/ZDI-20-158", "id": "ZDI-20-158", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-158/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8981", "zdi_id": "ZDI-20-158" }, { "cve": "CVE-2020-7193", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-157/advisory.json", "detail_path": "advisories/ZDI-20-157", "id": "ZDI-20-157", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-157/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8976", "zdi_id": "ZDI-20-157" }, { "cve": "CVE-2020-7195", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-156/advisory.json", "detail_path": "advisories/ZDI-20-156", "id": "ZDI-20-156", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectRules Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-156/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8975", "zdi_id": "ZDI-20-156" }, { "cve": "CVE-2020-7189", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-155/advisory.json", "detail_path": "advisories/ZDI-20-155", "id": "ZDI-20-155", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultFlashEventSelectFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-155/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8974", "zdi_id": "ZDI-20-155" }, { "cve": "CVE-2020-7190", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-154/advisory.json", "detail_path": "advisories/ZDI-20-154", "id": "ZDI-20-154", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deviceSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-154/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8973", "zdi_id": "ZDI-20-154" }, { "cve": "CVE-2020-7191", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-153/advisory.json", "detail_path": "advisories/ZDI-20-153", "id": "ZDI-20-153", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-153/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8972", "zdi_id": "ZDI-20-153" }, { "cve": "CVE-2020-7192", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-152/advisory.json", "detail_path": "advisories/ZDI-20-152", "id": "ZDI-20-152", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deviceThresholdConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-152/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8969", "zdi_id": "ZDI-20-152" }, { "cve": "CVE-2020-7144", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-151/advisory.json", "detail_path": "advisories/ZDI-20-151", "id": "ZDI-20-151", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-151/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8966", "zdi_id": "ZDI-20-151" }, { "cve": "CVE-2020-7148", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-150/advisory.json", "detail_path": "advisories/ZDI-20-150", "id": "ZDI-20-150", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deploySelectSoftware Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-150/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8962", "zdi_id": "ZDI-20-150" }, { "cve": "CVE-2020-7147", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-149/advisory.json", "detail_path": "advisories/ZDI-20-149", "id": "ZDI-20-149", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-149/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8961", "zdi_id": "ZDI-20-149" }, { "cve": "CVE-2020-7146", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-148/advisory.json", "detail_path": "advisories/ZDI-20-148", "id": "ZDI-20-148", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center devGroupSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-148/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8960", "zdi_id": "ZDI-20-148" }, { "cve": "CVE-2020-7159", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-147/advisory.json", "detail_path": "advisories/ZDI-20-147", "id": "ZDI-20-147", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center customTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-147/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8959", "zdi_id": "ZDI-20-147" }, { "cve": "CVE-2020-7145", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-20-146/advisory.json", "detail_path": "advisories/ZDI-20-146", "id": "ZDI-20-146", "kind": "published", "published_date": "2020-02-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center choosePerfView Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-146/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8957", "zdi_id": "ZDI-20-146" }, { "cve": "CVE-2019-16451", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-145/advisory.json", "detail_path": "advisories/ZDI-20-145", "id": "ZDI-20-145", "kind": "published", "published_date": "2020-02-03", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-145/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9401", "zdi_id": "ZDI-20-145" }, { "cve": "CVE-2019-8835", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-20-144/advisory.json", "detail_path": "advisories/ZDI-20-144", "id": "ZDI-20-144", "kind": "published", "published_date": "2020-01-27", "status": "published", "title": "Apple Safari SimpleLineLayout Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-144/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9399", "zdi_id": "ZDI-20-144" }, { "cve": "CVE-2020-0635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-143/advisory.json", "detail_path": "advisories/ZDI-20-143", "id": "ZDI-20-143", "kind": "published", "published_date": "2020-01-17", "status": "published", "title": "Microsoft Windows WIA Junction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-143/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9969", "zdi_id": "ZDI-20-143" }, { "cve": "CVE-2020-2727", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-142/advisory.json", "detail_path": "advisories/ZDI-20-142", "id": "ZDI-20-142", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-142/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9797", "zdi_id": "ZDI-20-142" }, { "cve": "CVE-2020-2726", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-141/advisory.json", "detail_path": "advisories/ZDI-20-141", "id": "ZDI-20-141", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox SCSI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-141/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9796", "zdi_id": "ZDI-20-141" }, { "cve": "CVE-2020-2705", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-140/advisory.json", "detail_path": "advisories/ZDI-20-140", "id": "ZDI-20-140", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-140/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9141", "zdi_id": "ZDI-20-140" }, { "cve": "CVE-2020-2704", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-139/advisory.json", "detail_path": "advisories/ZDI-20-139", "id": "ZDI-20-139", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-139/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9112", "zdi_id": "ZDI-20-139" }, { "cve": "CVE-2020-2702", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-138/advisory.json", "detail_path": "advisories/ZDI-20-138", "id": "ZDI-20-138", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-138/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9794", "zdi_id": "ZDI-20-138" }, { "cve": "CVE-2020-2701", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-137/advisory.json", "detail_path": "advisories/ZDI-20-137", "id": "ZDI-20-137", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-137/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9763", "zdi_id": "ZDI-20-137" }, { "cve": "CVE-2020-2698", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-136/advisory.json", "detail_path": "advisories/ZDI-20-136", "id": "ZDI-20-136", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-136/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9590", "zdi_id": "ZDI-20-136" }, { "cve": "CVE-2020-2693", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-20-135/advisory.json", "detail_path": "advisories/ZDI-20-135", "id": "ZDI-20-135", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-135/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9457", "zdi_id": "ZDI-20-135" }, { "cve": "CVE-2020-2692", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-134/advisory.json", "detail_path": "advisories/ZDI-20-134", "id": "ZDI-20-134", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-134/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9117", "zdi_id": "ZDI-20-134" }, { "cve": "CVE-2020-2691", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-133/advisory.json", "detail_path": "advisories/ZDI-20-133", "id": "ZDI-20-133", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-133/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9116", "zdi_id": "ZDI-20-133" }, { "cve": "CVE-2020-2690", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-132/advisory.json", "detail_path": "advisories/ZDI-20-132", "id": "ZDI-20-132", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-132/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9115", "zdi_id": "ZDI-20-132" }, { "cve": "CVE-2020-2689", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-131/advisory.json", "detail_path": "advisories/ZDI-20-131", "id": "ZDI-20-131", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-131/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9114", "zdi_id": "ZDI-20-131" }, { "cve": "CVE-2020-2682", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-20-130/advisory.json", "detail_path": "advisories/ZDI-20-130", "id": "ZDI-20-130", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VBoxVHWAHandleTable Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-130/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9389", "zdi_id": "ZDI-20-130" }, { "cve": "CVE-2020-2681", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-129/advisory.json", "detail_path": "advisories/ZDI-20-129", "id": "ZDI-20-129", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-129/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9109", "zdi_id": "ZDI-20-129" }, { "cve": "CVE-2020-2555", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol on TCP port 7001....", "detail_json": "/data/advisories/ZDI-20-128/advisory.json", "detail_path": "advisories/ZDI-20-128", "id": "ZDI-20-128", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-128/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-9020", "zdi_id": "ZDI-20-128" }, { "cve": "CVE-2020-0652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-20-127/advisory.json", "detail_path": "advisories/ZDI-20-127", "id": "ZDI-20-127", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Microsoft Office Graph Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9427", "zdi_id": "ZDI-20-127" }, { "cve": "CVE-2017-5030", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-20-126/advisory.json", "detail_path": "advisories/ZDI-20-126", "id": "ZDI-20-126", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "(Pwn2Own) Sony X800G Smart TV Vewd Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2020-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/", "vendor": "Sony", "vendor_url": null, "zdi_can": "ZDI-CAN-9641", "zdi_id": "ZDI-20-126" }, { "cve": "CVE-2020-0634", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-20-125/advisory.json", "detail_path": "advisories/ZDI-20-125", "id": "ZDI-20-125", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Microsoft Windows CLFS Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9382", "zdi_id": "ZDI-20-125" }, { "cve": "CVE-2020-0616", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-20-124/advisory.json", "detail_path": "advisories/ZDI-20-124", "id": "ZDI-20-124", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Microsoft Windows Device Management Enrollment Service Hard Link Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9377", "zdi_id": "ZDI-20-124" }, { "cve": "CVE-2020-0615", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-123/advisory.json", "detail_path": "advisories/ZDI-20-123", "id": "ZDI-20-123", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Microsoft Windows CLFS Driver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9423", "zdi_id": "ZDI-20-123" }, { "cve": "CVE-2020-0639", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-20-122/advisory.json", "detail_path": "advisories/ZDI-20-122", "id": "ZDI-20-122", "kind": "published", "published_date": "2020-01-15", "status": "published", "title": "Microsoft Windows CLFS Driver Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9421", "zdi_id": "ZDI-20-122" }, { "cve": "CVE-2019-15984", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-121/advisory.json", "detail_path": "advisories/ZDI-20-121", "id": "ZDI-20-121", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanSwitchDataLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-121/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9341", "zdi_id": "ZDI-20-121" }, { "cve": "CVE-2019-15983", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of reques...", "detail_json": "/data/advisories/ZDI-20-120/advisory.json", "detail_path": "advisories/ZDI-20-120", "id": "ZDI-20-120", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getTopologyVlanList XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-120/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9248", "zdi_id": "ZDI-20-120" }, { "cve": "CVE-2019-15983", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-119/advisory.json", "detail_path": "advisories/ZDI-20-119", "id": "ZDI-20-119", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager CablePlans XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-119/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9285", "zdi_id": "ZDI-20-119" }, { "cve": "CVE-2019-15980", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-118/advisory.json", "detail_path": "advisories/ZDI-20-118", "id": "ZDI-20-118", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getDeployContent Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-118/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9469", "zdi_id": "ZDI-20-118" }, { "cve": "CVE-2019-15983", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of reques...", "detail_json": "/data/advisories/ZDI-20-117/advisory.json", "detail_path": "advisories/ZDI-20-117", "id": "ZDI-20-117", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager addGroupNavigation XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-117/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9425", "zdi_id": "ZDI-20-117" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-116/advisory.json", "detail_path": "advisories/ZDI-20-116", "id": "ZDI-20-116", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager checkLinkUUID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-116/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9353", "zdi_id": "ZDI-20-116" }, { "cve": "CVE-2019-15984", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of reques...", "detail_json": "/data/advisories/ZDI-20-115/advisory.json", "detail_path": "advisories/ZDI-20-115", "id": "ZDI-20-115", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSwitchsDataLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-115/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9340", "zdi_id": "ZDI-20-115" }, { "cve": "CVE-2019-15983", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of reques...", "detail_json": "/data/advisories/ZDI-20-114/advisory.json", "detail_path": "advisories/ZDI-20-114", "id": "ZDI-20-114", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getInventoryIslList XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-114/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9247", "zdi_id": "ZDI-20-114" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-113/advisory.json", "detail_path": "advisories/ZDI-20-113", "id": "ZDI-20-113", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSwitchName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-113/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9361", "zdi_id": "ZDI-20-113" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-112/advisory.json", "detail_path": "advisories/ZDI-20-112", "id": "ZDI-20-112", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getRpmJobLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-112/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9360", "zdi_id": "ZDI-20-112" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-111/advisory.json", "detail_path": "advisories/ZDI-20-111", "id": "ZDI-20-111", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getConfigTemplateFileName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-111/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9356", "zdi_id": "ZDI-20-111" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-110/advisory.json", "detail_path": "advisories/ZDI-20-110", "id": "ZDI-20-110", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSwitchDbIdBySerialNumber SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-110/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9352", "zdi_id": "ZDI-20-110" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-109/advisory.json", "detail_path": "advisories/ZDI-20-109", "id": "ZDI-20-109", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getGirTaskLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-109/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9351", "zdi_id": "ZDI-20-109" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-108/advisory.json", "detail_path": "advisories/ZDI-20-108", "id": "ZDI-20-108", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVpcCount SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-108/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9350", "zdi_id": "ZDI-20-108" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-107/advisory.json", "detail_path": "advisories/ZDI-20-107", "id": "ZDI-20-107", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getJobLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-107/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9349", "zdi_id": "ZDI-20-107" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-106/advisory.json", "detail_path": "advisories/ZDI-20-106", "id": "ZDI-20-106", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getZoneDataLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-106/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9348", "zdi_id": "ZDI-20-106" }, { "cve": "CVE-2019-15984", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-105/advisory.json", "detail_path": "advisories/ZDI-20-105", "id": "ZDI-20-105", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVsanDataLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-105/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9347", "zdi_id": "ZDI-20-105" }, { "cve": "CVE-2019-15984", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of reques...", "detail_json": "/data/advisories/ZDI-20-104/advisory.json", "detail_path": "advisories/ZDI-20-104", "id": "ZDI-20-104", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanSwitchDataLength SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-104/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9342", "zdi_id": "ZDI-20-104" }, { "cve": "CVE-2019-15982", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-103/advisory.json", "detail_path": "advisories/ZDI-20-103", "id": "ZDI-20-103", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager AFW Image Upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-103/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9305", "zdi_id": "ZDI-20-103" }, { "cve": "CVE-2019-15978", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-102/advisory.json", "detail_path": "advisories/ZDI-20-102", "id": "ZDI-20-102", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager createLanFabric Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-102/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9286", "zdi_id": "ZDI-20-102" }, { "cve": "CVE-2019-15980", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-101/advisory.json", "detail_path": "advisories/ZDI-20-101", "id": "ZDI-20-101", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager writeToFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-101/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9288", "zdi_id": "ZDI-20-101" }, { "cve": "CVE-2019-15979", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-100/advisory.json", "detail_path": "advisories/ZDI-20-100", "id": "ZDI-20-100", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager importTS Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-100/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9235", "zdi_id": "ZDI-20-100" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-099/advisory.json", "detail_path": "advisories/ZDI-20-099", "id": "ZDI-20-099", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getDiscoveredDeviceCount groupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-099/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9301", "zdi_id": "ZDI-20-099" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-098/advisory.json", "detail_path": "advisories/ZDI-20-098", "id": "ZDI-20-098", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getDiscoveredDeviceCount hostname SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-098/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9300", "zdi_id": "ZDI-20-098" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-097/advisory.json", "detail_path": "advisories/ZDI-20-097", "id": "ZDI-20-097", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getDiscoveredDeviceCount switchIdList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-097/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9289", "zdi_id": "ZDI-20-097" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-096/advisory.json", "detail_path": "advisories/ZDI-20-096", "id": "ZDI-20-096", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager setVxlanProperties SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-096/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9283", "zdi_id": "ZDI-20-096" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-095/advisory.json", "detail_path": "advisories/ZDI-20-095", "id": "ZDI-20-095", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager createSite SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-095/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9267", "zdi_id": "ZDI-20-095" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-094/advisory.json", "detail_path": "advisories/ZDI-20-094", "id": "ZDI-20-094", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager createSite getIp SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-094/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9266", "zdi_id": "ZDI-20-094" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-093/advisory.json", "detail_path": "advisories/ZDI-20-093", "id": "ZDI-20-093", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager checkDiscoveryEthSwCandidates4List SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-093/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9234", "zdi_id": "ZDI-20-093" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-092/advisory.json", "detail_path": "advisories/ZDI-20-092", "id": "ZDI-20-092", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getN3KBufferStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-092/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9218", "zdi_id": "ZDI-20-092" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-091/advisory.json", "detail_path": "advisories/ZDI-20-091", "id": "ZDI-20-091", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndDeviceStatListWithVsan SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-091/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9217", "zdi_id": "ZDI-20-091" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-090/advisory.json", "detail_path": "advisories/ZDI-20-090", "id": "ZDI-20-090", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getNpvLinkStatJoinList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-090/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9216", "zdi_id": "ZDI-20-090" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-089/advisory.json", "detail_path": "advisories/ZDI-20-089", "id": "ZDI-20-089", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getFlowStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-089/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9215", "zdi_id": "ZDI-20-089" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-088/advisory.json", "detail_path": "advisories/ZDI-20-088", "id": "ZDI-20-088", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getTaskList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-088/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9214", "zdi_id": "ZDI-20-088" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-087/advisory.json", "detail_path": "advisories/ZDI-20-087", "id": "ZDI-20-087", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager modifyGroupName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-087/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9210", "zdi_id": "ZDI-20-087" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-086/advisory.json", "detail_path": "advisories/ZDI-20-086", "id": "ZDI-20-086", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-086/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9209", "zdi_id": "ZDI-20-086" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-085/advisory.json", "detail_path": "advisories/ZDI-20-085", "id": "ZDI-20-085", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-085/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9208", "zdi_id": "ZDI-20-085" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-084/advisory.json", "detail_path": "advisories/ZDI-20-084", "id": "ZDI-20-084", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVpcCount SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-084/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9207", "zdi_id": "ZDI-20-084" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-083/advisory.json", "detail_path": "advisories/ZDI-20-083", "id": "ZDI-20-083", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanSwitchBandwidthStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-083/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9203", "zdi_id": "ZDI-20-083" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-082/advisory.json", "detail_path": "advisories/ZDI-20-082", "id": "ZDI-20-082", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanSwitchBandwidthStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-082/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9202", "zdi_id": "ZDI-20-082" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-081/advisory.json", "detail_path": "advisories/ZDI-20-081", "id": "ZDI-20-081", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getAllVpcs SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-081/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9201", "zdi_id": "ZDI-20-081" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-080/advisory.json", "detail_path": "advisories/ZDI-20-080", "id": "ZDI-20-080", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanEthernetStatListES SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-080/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9200", "zdi_id": "ZDI-20-080" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-079/advisory.json", "detail_path": "advisories/ZDI-20-079", "id": "ZDI-20-079", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanIslStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-079/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9199", "zdi_id": "ZDI-20-079" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-078/advisory.json", "detail_path": "advisories/ZDI-20-078", "id": "ZDI-20-078", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getPortGroupStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-078/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9198", "zdi_id": "ZDI-20-078" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-077/advisory.json", "detail_path": "advisories/ZDI-20-077", "id": "ZDI-20-077", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanIslStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-077/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9197", "zdi_id": "ZDI-20-077" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-076/advisory.json", "detail_path": "advisories/ZDI-20-076", "id": "ZDI-20-076", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getNpvLinkStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-076/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9196", "zdi_id": "ZDI-20-076" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-075/advisory.json", "detail_path": "advisories/ZDI-20-075", "id": "ZDI-20-075", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanIslStatJoinList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-075/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9195", "zdi_id": "ZDI-20-075" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-074/advisory.json", "detail_path": "advisories/ZDI-20-074", "id": "ZDI-20-074", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanGigEStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-074/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9194", "zdi_id": "ZDI-20-074" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-073/advisory.json", "detail_path": "advisories/ZDI-20-073", "id": "ZDI-20-073", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanGigEStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-073/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9193", "zdi_id": "ZDI-20-073" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-072/advisory.json", "detail_path": "advisories/ZDI-20-072", "id": "ZDI-20-072", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanIslStatJoinList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-072/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9192", "zdi_id": "ZDI-20-072" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-071/advisory.json", "detail_path": "advisories/ZDI-20-071", "id": "ZDI-20-071", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanSwitchListWithoutUsedPorts SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-071/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9189", "zdi_id": "ZDI-20-071" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-070/advisory.json", "detail_path": "advisories/ZDI-20-070", "id": "ZDI-20-070", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanStatEntities SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-070/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9188", "zdi_id": "ZDI-20-070" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-069/advisory.json", "detail_path": "advisories/ZDI-20-069", "id": "ZDI-20-069", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanStatEntities SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-069/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9187", "zdi_id": "ZDI-20-069" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-068/advisory.json", "detail_path": "advisories/ZDI-20-068", "id": "ZDI-20-068", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getOidSanStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-068/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9186", "zdi_id": "ZDI-20-068" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-067/advisory.json", "detail_path": "advisories/ZDI-20-067", "id": "ZDI-20-067", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getOidLanStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-067/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9185", "zdi_id": "ZDI-20-067" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-066/advisory.json", "detail_path": "advisories/ZDI-20-066", "id": "ZDI-20-066", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getPortGroupMember SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-066/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9180", "zdi_id": "ZDI-20-066" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-065/advisory.json", "detail_path": "advisories/ZDI-20-065", "id": "ZDI-20-065", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getHostEnclList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-065/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9170", "zdi_id": "ZDI-20-065" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-064/advisory.json", "detail_path": "advisories/ZDI-20-064", "id": "ZDI-20-064", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanZoneList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-064/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9169", "zdi_id": "ZDI-20-064" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-063/advisory.json", "detail_path": "advisories/ZDI-20-063", "id": "ZDI-20-063", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVsanList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-063/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9168", "zdi_id": "ZDI-20-063" }, { "cve": "CVE-2019-15985", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-062/advisory.json", "detail_path": "advisories/ZDI-20-062", "id": "ZDI-20-062", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndPortConnectionsForStorageSystem SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-062/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9167", "zdi_id": "ZDI-20-062" }, { "cve": "CVE-2019-15985", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-061/advisory.json", "detail_path": "advisories/ZDI-20-061", "id": "ZDI-20-061", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndPortConnectionsForStorageEnclosure SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-061/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9166", "zdi_id": "ZDI-20-061" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-060/advisory.json", "detail_path": "advisories/ZDI-20-060", "id": "ZDI-20-060", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVmHostData SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-060/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9165", "zdi_id": "ZDI-20-060" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-059/advisory.json", "detail_path": "advisories/ZDI-20-059", "id": "ZDI-20-059", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getDeployerTaskDetails SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-059/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9127", "zdi_id": "ZDI-20-059" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-058/advisory.json", "detail_path": "advisories/ZDI-20-058", "id": "ZDI-20-058", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getJobList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-058/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9124", "zdi_id": "ZDI-20-058" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-057/advisory.json", "detail_path": "advisories/ZDI-20-057", "id": "ZDI-20-057", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVsanListForEnclosures SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-057/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9164", "zdi_id": "ZDI-20-057" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-056/advisory.json", "detail_path": "advisories/ZDI-20-056", "id": "ZDI-20-056", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getAllGroups SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-056/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9163", "zdi_id": "ZDI-20-056" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-055/advisory.json", "detail_path": "advisories/ZDI-20-055", "id": "ZDI-20-055", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getZoneListByZoneNameAndParentId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-055/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9134", "zdi_id": "ZDI-20-055" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-054/advisory.json", "detail_path": "advisories/ZDI-20-054", "id": "ZDI-20-054", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanIslListWithPM SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-054/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9129", "zdi_id": "ZDI-20-054" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-053/advisory.json", "detail_path": "advisories/ZDI-20-053", "id": "ZDI-20-053", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndDeviceList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-053/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9128", "zdi_id": "ZDI-20-053" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-052/advisory.json", "detail_path": "advisories/ZDI-20-052", "id": "ZDI-20-052", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSwitches SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-052/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9060", "zdi_id": "ZDI-20-052" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-051/advisory.json", "detail_path": "advisories/ZDI-20-051", "id": "ZDI-20-051", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSwitches SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-051/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9068", "zdi_id": "ZDI-20-051" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-050/advisory.json", "detail_path": "advisories/ZDI-20-050", "id": "ZDI-20-050", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getModulesBySwitch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-050/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9058", "zdi_id": "ZDI-20-050" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-049/advisory.json", "detail_path": "advisories/ZDI-20-049", "id": "ZDI-20-049", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanIslStatListES SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-049/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9224", "zdi_id": "ZDI-20-049" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-048/advisory.json", "detail_path": "advisories/ZDI-20-048", "id": "ZDI-20-048", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getModules SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-048/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9057", "zdi_id": "ZDI-20-048" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-047/advisory.json", "detail_path": "advisories/ZDI-20-047", "id": "ZDI-20-047", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getNpvLinks SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-047/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9059", "zdi_id": "ZDI-20-047" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-046/advisory.json", "detail_path": "advisories/ZDI-20-046", "id": "ZDI-20-046", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getBackupStatusCount SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-046/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9125", "zdi_id": "ZDI-20-046" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-045/advisory.json", "detail_path": "advisories/ZDI-20-045", "id": "ZDI-20-045", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanIslStatListESBySQL SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-045/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9225", "zdi_id": "ZDI-20-045" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-044/advisory.json", "detail_path": "advisories/ZDI-20-044", "id": "ZDI-20-044", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getFlowStatListES SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-044/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9223", "zdi_id": "ZDI-20-044" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-043/advisory.json", "detail_path": "advisories/ZDI-20-043", "id": "ZDI-20-043", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSanGigEStatListES SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-043/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9220", "zdi_id": "ZDI-20-043" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-042/advisory.json", "detail_path": "advisories/ZDI-20-042", "id": "ZDI-20-042", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getCustomPGStatList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-042/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9219", "zdi_id": "ZDI-20-042" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-041/advisory.json", "detail_path": "advisories/ZDI-20-041", "id": "ZDI-20-041", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndDeviceStatListESBySQL SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-041/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9222", "zdi_id": "ZDI-20-041" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-040/advisory.json", "detail_path": "advisories/ZDI-20-040", "id": "ZDI-20-040", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getIslListWithPMForTopology SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-040/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9221", "zdi_id": "ZDI-20-040" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-039/advisory.json", "detail_path": "advisories/ZDI-20-039", "id": "ZDI-20-039", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getHostEnclList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-039/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9181", "zdi_id": "ZDI-20-039" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-038/advisory.json", "detail_path": "advisories/ZDI-20-038", "id": "ZDI-20-038", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanSwitchList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-038/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9182", "zdi_id": "ZDI-20-038" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-037/advisory.json", "detail_path": "advisories/ZDI-20-037", "id": "ZDI-20-037", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLanIslList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-037/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9184", "zdi_id": "ZDI-20-037" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-036/advisory.json", "detail_path": "advisories/ZDI-20-036", "id": "ZDI-20-036", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getisls SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-036/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9074", "zdi_id": "ZDI-20-036" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-035/advisory.json", "detail_path": "advisories/ZDI-20-035", "id": "ZDI-20-035", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getInterfacesBySwitch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-035/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9073", "zdi_id": "ZDI-20-035" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-034/advisory.json", "detail_path": "advisories/ZDI-20-034", "id": "ZDI-20-034", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getHostEnclList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-034/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9072", "zdi_id": "ZDI-20-034" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-033/advisory.json", "detail_path": "advisories/ZDI-20-033", "id": "ZDI-20-033", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getHostEnclList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-033/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9067", "zdi_id": "ZDI-20-033" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-032/advisory.json", "detail_path": "advisories/ZDI-20-032", "id": "ZDI-20-032", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getEndPorts SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-032/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9065", "zdi_id": "ZDI-20-032" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-031/advisory.json", "detail_path": "advisories/ZDI-20-031", "id": "ZDI-20-031", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getLicenses SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-031/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9061", "zdi_id": "ZDI-20-031" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-030/advisory.json", "detail_path": "advisories/ZDI-20-030", "id": "ZDI-20-030", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getAllTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-030/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9064", "zdi_id": "ZDI-20-030" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-029/advisory.json", "detail_path": "advisories/ZDI-20-029", "id": "ZDI-20-029", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getRPMTasks SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-029/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9063", "zdi_id": "ZDI-20-029" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-028/advisory.json", "detail_path": "advisories/ZDI-20-028", "id": "ZDI-20-028", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getJobExecutionDetails SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-028/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9040", "zdi_id": "ZDI-20-028" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-027/advisory.json", "detail_path": "advisories/ZDI-20-027", "id": "ZDI-20-027", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager DeviceModuleRest getDeviceModulesupport SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-027/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9062", "zdi_id": "ZDI-20-027" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-026/advisory.json", "detail_path": "advisories/ZDI-20-026", "id": "ZDI-20-026", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSyslogEventList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-026/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9070", "zdi_id": "ZDI-20-026" }, { "cve": "CVE-2019-15984", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-025/advisory.json", "detail_path": "advisories/ZDI-20-025", "id": "ZDI-20-025", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager VirtualPortChannel getDomain SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-025/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9053", "zdi_id": "ZDI-20-025" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-024/advisory.json", "detail_path": "advisories/ZDI-20-024", "id": "ZDI-20-024", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getHostEnclDataLength SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-024/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9069", "zdi_id": "ZDI-20-024" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-023/advisory.json", "detail_path": "advisories/ZDI-20-023", "id": "ZDI-20-023", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVpcPeerHistory SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-023/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9052", "zdi_id": "ZDI-20-023" }, { "cve": "CVE-2019-15984", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-022/advisory.json", "detail_path": "advisories/ZDI-20-022", "id": "ZDI-20-022", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getVpcHistory SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-022/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9051", "zdi_id": "ZDI-20-022" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-021/advisory.json", "detail_path": "advisories/ZDI-20-021", "id": "ZDI-20-021", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getAllVpc SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-021/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9050", "zdi_id": "ZDI-20-021" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-020/advisory.json", "detail_path": "advisories/ZDI-20-020", "id": "ZDI-20-020", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager deleteVpcHistory SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-020/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9043", "zdi_id": "ZDI-20-020" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-019/advisory.json", "detail_path": "advisories/ZDI-20-019", "id": "ZDI-20-019", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getSMUTasks SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-019/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9042", "zdi_id": "ZDI-20-019" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-018/advisory.json", "detail_path": "advisories/ZDI-20-018", "id": "ZDI-20-018", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager ImageManagement SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-018/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9041", "zdi_id": "ZDI-20-018" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-017/advisory.json", "detail_path": "advisories/ZDI-20-017", "id": "ZDI-20-017", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager getTokenInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-017/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9030", "zdi_id": "ZDI-20-017" }, { "cve": "CVE-2019-15984", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-016/advisory.json", "detail_path": "advisories/ZDI-20-016", "id": "ZDI-20-016", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager persistUserInfo SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-016/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9029", "zdi_id": "ZDI-20-016" }, { "cve": "CVE-2019-15981", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-015/advisory.json", "detail_path": "advisories/ZDI-20-015", "id": "ZDI-20-015", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager readConfigFileFromDB Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-015/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9139", "zdi_id": "ZDI-20-015" }, { "cve": "CVE-2019-15981", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-014/advisory.json", "detail_path": "advisories/ZDI-20-014", "id": "ZDI-20-014", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager ReportWS deleteReportTemplate Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-014/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9130", "zdi_id": "ZDI-20-014" }, { "cve": "CVE-2019-15977", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-013/advisory.json", "detail_path": "advisories/ZDI-20-013", "id": "ZDI-20-013", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager JBoss_4_2Encrypter Hardcoded Cryptographic Key Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-013/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9038", "zdi_id": "ZDI-20-013" }, { "cve": "CVE-2019-15977", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of web re...", "detail_json": "/data/advisories/ZDI-20-012/advisory.json", "detail_path": "advisories/ZDI-20-012", "id": "ZDI-20-012", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager serverinfo Hardcoded Password Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-012/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9037", "zdi_id": "ZDI-20-012" }, { "cve": "CVE-2019-15980", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-011/advisory.json", "detail_path": "advisories/ZDI-20-011", "id": "ZDI-20-011", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager DbAdminRest installSwitchLicense Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-011/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9025", "zdi_id": "ZDI-20-011" }, { "cve": "CVE-2019-15981", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-010/advisory.json", "detail_path": "advisories/ZDI-20-010", "id": "ZDI-20-010", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager readConfigFileFromDBAsXML Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-010/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9158", "zdi_id": "ZDI-20-010" }, { "cve": "CVE-2019-15981", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-009/advisory.json", "detail_path": "advisories/ZDI-20-009", "id": "ZDI-20-009", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager WebAnalysisWSService storeConfigToFS Directory Traversal Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-009/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9157", "zdi_id": "ZDI-20-009" }, { "cve": "CVE-2019-15976", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validation of SSO tokens of S...", "detail_json": "/data/advisories/ZDI-20-008/advisory.json", "detail_path": "advisories/ZDI-20-008", "id": "ZDI-20-008", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager SecurityManager Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-008/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9140", "zdi_id": "ZDI-20-008" }, { "cve": "CVE-2019-15980", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-007/advisory.json", "detail_path": "advisories/ZDI-20-007", "id": "ZDI-20-007", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager reportTemplateUploadPolicy Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-007/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9035", "zdi_id": "ZDI-20-007" }, { "cve": "CVE-2019-15980", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass...", "detail_json": "/data/advisories/ZDI-20-006/advisory.json", "detail_path": "advisories/ZDI-20-006", "id": "ZDI-20-006", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager ConfigArchiveRest getRestoreLog Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-006/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9027", "zdi_id": "ZDI-20-006" }, { "cve": "CVE-2019-15980", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-005/advisory.json", "detail_path": "advisories/ZDI-20-005", "id": "ZDI-20-005", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager DbAdminRest runZoneMigrationForBrocade Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-005/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9026", "zdi_id": "ZDI-20-005" }, { "cve": "CVE-2019-15980", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-20-004/advisory.json", "detail_path": "advisories/ZDI-20-004", "id": "ZDI-20-004", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager DbAdminRest saveLicenseFileToServer Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-004/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9024", "zdi_id": "ZDI-20-004" }, { "cve": "CVE-2019-15975", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. The specific flaw exists within the processing of the dbadmin/addUser functionality. The issue results from trusting input that...", "detail_json": "/data/advisories/ZDI-20-003/advisory.json", "detail_path": "advisories/ZDI-20-003", "id": "ZDI-20-003", "kind": "published", "published_date": "2020-01-03", "status": "published", "title": "Cisco Data Center Network Manager TrustedClientTokenValidator Hard-coded Cryptographic Key Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-003/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-9021", "zdi_id": "ZDI-20-003" }, { "cve": null, "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open an email. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-20-002/advisory.json", "detail_path": "advisories/ZDI-20-002", "id": "ZDI-20-002", "kind": "published", "published_date": "2020-01-02", "status": "published", "title": "(0Day) Microsoft Outlook HTML Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-002/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9608", "zdi_id": "ZDI-20-002" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-20-001/advisory.json", "detail_path": "advisories/ZDI-20-001", "id": "ZDI-20-001", "kind": "published", "published_date": "2020-01-02", "status": "published", "title": "(0Day) Microsoft Windows Media Player Mpeg Audio Codec Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-001/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8185", "zdi_id": "ZDI-20-001" }, { "cve": "CVE-2020-7143", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1045/advisory.json", "detail_path": "advisories/ZDI-19-1045", "id": "ZDI-19-1045", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center faultDevParasSet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1045/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8970", "zdi_id": "ZDI-19-1045" }, { "cve": "CVE-2020-7142", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1044/advisory.json", "detail_path": "advisories/ZDI-19-1044", "id": "ZDI-19-1044", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center eventInfo_content Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1044/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8971", "zdi_id": "ZDI-19-1044" }, { "cve": "CVE-2020-24652", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1043/advisory.json", "detail_path": "advisories/ZDI-19-1043", "id": "ZDI-19-1043", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1043/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8967", "zdi_id": "ZDI-19-1043" }, { "cve": "CVE-2020-7141", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1042/advisory.json", "detail_path": "advisories/ZDI-19-1042", "id": "ZDI-19-1042", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center addDeviceToView Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1042/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8968", "zdi_id": "ZDI-19-1042" }, { "cve": "CVE-2020-24630", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c...", "detail_json": "/data/advisories/ZDI-19-1041/advisory.json", "detail_path": "advisories/ZDI-19-1041", "id": "ZDI-19-1041", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_content Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1041/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8965", "zdi_id": "ZDI-19-1041" }, { "cve": "CVE-2020-24651", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1040/advisory.json", "detail_path": "advisories/ZDI-19-1040", "id": "ZDI-19-1040", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1040/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8964", "zdi_id": "ZDI-19-1040" }, { "cve": "CVE-2020-24650", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanis...", "detail_json": "/data/advisories/ZDI-19-1039/advisory.json", "detail_path": "advisories/ZDI-19-1039", "id": "ZDI-19-1039", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center legend Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1039/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8963", "zdi_id": "ZDI-19-1039" }, { "cve": "CVE-2020-24629", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise Intelligent Management Center. The specific flaw exists within the UrlAccessController servlet. The issue results from the lack of prop...", "detail_json": "/data/advisories/ZDI-19-1038/advisory.json", "detail_path": "advisories/ZDI-19-1038", "id": "ZDI-19-1038", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1038/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8943", "zdi_id": "ZDI-19-1038" }, { "cve": "CVE-2020-24646", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handl...", "detail_json": "/data/advisories/ZDI-19-1037/advisory.json", "detail_path": "advisories/ZDI-19-1037", "id": "ZDI-19-1037", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center tftpserver Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1037/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8935", "zdi_id": "ZDI-19-1037" }, { "cve": "CVE-2020-24648", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the transform...", "detail_json": "/data/advisories/ZDI-19-1036/advisory.json", "detail_path": "advisories/ZDI-19-1036", "id": "ZDI-19-1036", "kind": "published", "published_date": "2020-01-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1036/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-8928", "zdi_id": "ZDI-19-1036" }, { "cve": "CVE-2019-17151", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attack...", "detail_json": "/data/advisories/ZDI-19-1035/advisory.json", "detail_path": "advisories/ZDI-19-1035", "id": "ZDI-19-1035", "kind": "published", "published_date": "2019-12-31", "status": "published", "title": "Tencent WeChat name Field Unsafe Redirection Vulnerability", "updated_date": "2020-01-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1035/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-9302", "zdi_id": "ZDI-19-1035" }, { "cve": "CVE-2019-18236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-1034/advisory.json", "detail_path": "advisories/ZDI-19-1034", "id": "ZDI-19-1034", "kind": "published", "published_date": "2019-12-30", "status": "published", "title": "(0Day) WECON PLC Editor PLCDataCeter Port Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1034/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-9123", "zdi_id": "ZDI-19-1034" }, { "cve": "CVE-2019-18236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-1033/advisory.json", "detail_path": "advisories/ZDI-19-1033", "id": "ZDI-19-1033", "kind": "published", "published_date": "2019-12-30", "status": "published", "title": "(0Day) WECON PLC Editor PLCDataCeter PortPath Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1033/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-9122", "zdi_id": "ZDI-19-1033" }, { "cve": "CVE-2018-14810", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-1032/advisory.json", "detail_path": "advisories/ZDI-19-1032", "id": "ZDI-19-1032", "kind": "published", "published_date": "2019-12-30", "status": "published", "title": "(0Day) WECON PIStudio HSC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1032/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-8927", "zdi_id": "ZDI-19-1032" }, { "cve": "CVE-2019-17146", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by...", "detail_json": "/data/advisories/ZDI-19-1031/advisory.json", "detail_path": "advisories/ZDI-19-1031", "id": "ZDI-19-1031", "kind": "published", "published_date": "2019-12-23", "status": "published", "title": "D-Link DCS-960L HNAP SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1031/", "vendor": "D-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-8458", "zdi_id": "ZDI-19-1031" }, { "cve": "CVE-2019-17150", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-19-1030/advisory.json", "detail_path": "advisories/ZDI-19-1030", "id": "ZDI-19-1030", "kind": "published", "published_date": "2019-12-20", "status": "published", "title": "Docker docker-credential-secretservice Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1030/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-8921", "zdi_id": "ZDI-19-1030" }, { "cve": "CVE-2019-17149", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Docker. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-19-1029/advisory.json", "detail_path": "advisories/ZDI-19-1029", "id": "ZDI-19-1029", "kind": "published", "published_date": "2019-12-20", "status": "published", "title": "Docker docker-credential-helpers Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1029/", "vendor": "Docker", "vendor_url": null, "zdi_can": "ZDI-CAN-8920", "zdi_id": "ZDI-19-1029" }, { "cve": "CVE-2019-17148", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-19-1028/advisory.json", "detail_path": "advisories/ZDI-19-1028", "id": "ZDI-19-1028", "kind": "published", "published_date": "2019-12-20", "status": "published", "title": "Parallels Desktop Command Injection Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1028/", "vendor": "Parallels", "vendor_url": null, "zdi_can": "ZDI-CAN-8685", "zdi_id": "ZDI-19-1028" }, { "cve": "CVE-2019-8850", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-1027/advisory.json", "detail_path": "advisories/ZDI-19-1027", "id": "ZDI-19-1027", "kind": "published", "published_date": "2019-12-20", "status": "published", "title": "Apple macOS AudioToolbox MP4 Parsing Integer Overflow Information Disclosure Vulnerability", "updated_date": "2019-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1027/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8806", "zdi_id": "ZDI-19-1027" }, { "cve": "CVE-2019-8835", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-1026/advisory.json", "detail_path": "advisories/ZDI-19-1026", "id": "ZDI-19-1026", "kind": "published", "published_date": "2019-12-19", "status": "published", "title": "Apple macOS apfs Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1026/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8767", "zdi_id": "ZDI-19-1026" }, { "cve": "CVE-2019-19693", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the t...", "detail_json": "/data/advisories/ZDI-19-1025/advisory.json", "detail_path": "advisories/ZDI-19-1025", "id": "ZDI-19-1025", "kind": "published", "published_date": "2019-12-19", "status": "published", "title": "Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-9391", "zdi_id": "ZDI-19-1025" }, { "cve": "CVE-2019-2904", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle ADF Faces. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Regions component. The issue results f...", "detail_json": "/data/advisories/ZDI-19-1024/advisory.json", "detail_path": "advisories/ZDI-19-1024", "id": "ZDI-19-1024", "kind": "published", "published_date": "2019-12-19", "status": "published", "title": "Oracle ADF Faces Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8823", "zdi_id": "ZDI-19-1024" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-1023/advisory.json", "detail_path": "advisories/ZDI-19-1023", "id": "ZDI-19-1023", "kind": "published", "published_date": "2019-12-17", "status": "published", "title": "(0Day) Microsoft Windows WebDAV Path Parsing Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9278", "zdi_id": "ZDI-19-1023" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-1022/advisory.json", "detail_path": "advisories/ZDI-19-1022", "id": "ZDI-19-1022", "kind": "published", "published_date": "2019-12-17", "status": "published", "title": "Apple Safari commitPropertyChange Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1022/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8608", "zdi_id": "ZDI-19-1022" }, { "cve": "CVE-2019-18257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FOLDER_REMOVE messages. The...", "detail_json": "/data/advisories/ZDI-19-1021/advisory.json", "detail_path": "advisories/ZDI-19-1021", "id": "ZDI-19-1021", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Advantech DiagAnywhere FOLDER_REMOVE Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1021/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9489", "zdi_id": "ZDI-19-1021" }, { "cve": "CVE-2019-18257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SET_CURR_DIR messages. The...", "detail_json": "/data/advisories/ZDI-19-1020/advisory.json", "detail_path": "advisories/ZDI-19-1020", "id": "ZDI-19-1020", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Advantech DiagAnywhere SET_CURR_DIR Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1020/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9488", "zdi_id": "ZDI-19-1020" }, { "cve": "CVE-2019-18257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FILE_CREATE messages. The i...", "detail_json": "/data/advisories/ZDI-19-1019/advisory.json", "detail_path": "advisories/ZDI-19-1019", "id": "ZDI-19-1019", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Advantech DiagAnywhere FILE_CREATE Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1019/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9485", "zdi_id": "ZDI-19-1019" }, { "cve": "CVE-2019-18257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FILE_OPEN_RO messages. The...", "detail_json": "/data/advisories/ZDI-19-1018/advisory.json", "detail_path": "advisories/ZDI-19-1018", "id": "ZDI-19-1018", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Advantech DiagAnywhere FILE_OPEN_RO Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1018/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9487", "zdi_id": "ZDI-19-1018" }, { "cve": "CVE-2019-18257", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FOLDER_CREATE messages. The...", "detail_json": "/data/advisories/ZDI-19-1017/advisory.json", "detail_path": "advisories/ZDI-19-1017", "id": "ZDI-19-1017", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Advantech DiagAnywhere FOLDER_CREATE Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1017/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9486", "zdi_id": "ZDI-19-1017" }, { "cve": "CVE-2019-1408", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-1016/advisory.json", "detail_path": "advisories/ZDI-19-1016", "id": "ZDI-19-1016", "kind": "published", "published_date": "2019-12-13", "status": "published", "title": "Microsoft Windows GreSetMagicColors Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9385", "zdi_id": "ZDI-19-1016" }, { "cve": "CVE-2019-18236", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wecon PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-1015/advisory.json", "detail_path": "advisories/ZDI-19-1015", "id": "ZDI-19-1015", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) WECON PLC Editor WCP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1015/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-8456", "zdi_id": "ZDI-19-1015" }, { "cve": null, "cvss": 5.7, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of a...", "detail_json": "/data/advisories/ZDI-19-1014/advisory.json", "detail_path": "advisories/ZDI-19-1014", "id": "ZDI-19-1014", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) NETGEAR AC1200 mini_httpd Cleartext Transmission of Sensitive Information Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1014/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-8671", "zdi_id": "ZDI-19-1014" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial-of-service condition on machines running affected versions of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious font. The specifi...", "detail_json": "/data/advisories/ZDI-19-1013/advisory.json", "detail_path": "advisories/ZDI-19-1013", "id": "ZDI-19-1013", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) Microsoft Windows Kernel Type 1 Font Processing Stack Exhaustion Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8824", "zdi_id": "ZDI-19-1013" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-19-1012/advisory.json", "detail_path": "advisories/ZDI-19-1012", "id": "ZDI-19-1012", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) Linux Kernel proc stat Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1012/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-7607", "zdi_id": "ZDI-19-1012" }, { "cve": null, "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability. The specific flaw exists within the storage of ad...", "detail_json": "/data/advisories/ZDI-19-1011/advisory.json", "detail_path": "advisories/ZDI-19-1011", "id": "ZDI-19-1011", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) NETGEAR AC1200 mini_httpd Password Storage Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1011/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-8615", "zdi_id": "ZDI-19-1011" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwOpcBs.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-1010/advisory.json", "detail_path": "advisories/ZDI-19-1010", "id": "ZDI-19-1010", "kind": "published", "published_date": "2019-12-12", "status": "published", "title": "(0Day) Advantech WebAccess Node BwOpcBs Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1010/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7883", "zdi_id": "ZDI-19-1010" }, { "cve": "CVE-2019-8798", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-1009/advisory.json", "detail_path": "advisories/ZDI-19-1009", "id": "ZDI-19-1009", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Apple macOS fseventsd Uninitialized Buffer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1009/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8613", "zdi_id": "ZDI-19-1009" }, { "cve": "CVE-2019-1465", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-1008/advisory.json", "detail_path": "advisories/ZDI-19-1008", "id": "ZDI-19-1008", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1008/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9363", "zdi_id": "ZDI-19-1008" }, { "cve": "CVE-2019-1466", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-1007/advisory.json", "detail_path": "advisories/ZDI-19-1007", "id": "ZDI-19-1007", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9344", "zdi_id": "ZDI-19-1007" }, { "cve": "CVE-2019-1462", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-1006/advisory.json", "detail_path": "advisories/ZDI-19-1006", "id": "ZDI-19-1006", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1006/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9339", "zdi_id": "ZDI-19-1006" }, { "cve": "CVE-2019-1483", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-1005/advisory.json", "detail_path": "advisories/ZDI-19-1005", "id": "ZDI-19-1005", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows AppX Deployment Service Hard Link Escalation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1005/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9320", "zdi_id": "ZDI-19-1005" }, { "cve": "CVE-2019-1468", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-1004/advisory.json", "detail_path": "advisories/ZDI-19-1004", "id": "ZDI-19-1004", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows Font Subsetting Library Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9075", "zdi_id": "ZDI-19-1004" }, { "cve": "CVE-2019-1481", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-1003/advisory.json", "detail_path": "advisories/ZDI-19-1003", "id": "ZDI-19-1003", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows Media Player Color Conversion Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1003/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8186", "zdi_id": "ZDI-19-1003" }, { "cve": "CVE-2019-1480", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-1002/advisory.json", "detail_path": "advisories/ZDI-19-1002", "id": "ZDI-19-1002", "kind": "published", "published_date": "2019-12-11", "status": "published", "title": "Microsoft Windows Media Player Color Transform Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1002/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8029", "zdi_id": "ZDI-19-1002" }, { "cve": "CVE-2019-8257", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-1001/advisory.json", "detail_path": "advisories/ZDI-19-1001", "id": "ZDI-19-1001", "kind": "published", "published_date": "2019-12-10", "status": "published", "title": "Adobe Acrobat Pro DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1001/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9237", "zdi_id": "ZDI-19-1001" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-1000/advisory.json", "detail_path": "advisories/ZDI-19-1000", "id": "ZDI-19-1000", "kind": "published", "published_date": "2019-12-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8624", "zdi_id": "ZDI-19-1000" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-999/advisory.json", "detail_path": "advisories/ZDI-19-999", "id": "ZDI-19-999", "kind": "published", "published_date": "2019-12-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8623", "zdi_id": "ZDI-19-999" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-998/advisory.json", "detail_path": "advisories/ZDI-19-998", "id": "ZDI-19-998", "kind": "published", "published_date": "2019-12-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8600", "zdi_id": "ZDI-19-998" }, { "cve": "CVE-2019-18251", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-997/advisory.json", "detail_path": "advisories/ZDI-19-997", "id": "ZDI-19-997", "kind": "published", "published_date": "2019-12-09", "status": "published", "title": "OMRON CX-Supervisor Vulnerable Third-Party Component Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-9313", "zdi_id": "ZDI-19-997" }, { "cve": "CVE-2019-18580", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dell EMC Storage Monitoring and Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Java RMI service, wh...", "detail_json": "/data/advisories/ZDI-19-996/advisory.json", "detail_path": "advisories/ZDI-19-996", "id": "ZDI-19-996", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "Dell EMC Storage Monitoring and Reporting Java RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-996/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-8929", "zdi_id": "ZDI-19-996" }, { "cve": "CVE-2019-8831", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-995/advisory.json", "detail_path": "advisories/ZDI-19-995", "id": "ZDI-19-995", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "Apple macOS UIFoundation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-995/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8585", "zdi_id": "ZDI-19-995" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-994/advisory.json", "detail_path": "advisories/ZDI-19-994", "id": "ZDI-19-994", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8683", "zdi_id": "ZDI-19-994" }, { "cve": "CVE-2019-13527", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-993/advisory.json", "detail_path": "advisories/ZDI-19-993", "id": "ZDI-19-993", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-993/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8682", "zdi_id": "ZDI-19-993" }, { "cve": "CVE-2019-17147", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP po...", "detail_json": "/data/advisories/ZDI-19-992/advisory.json", "detail_path": "advisories/ZDI-19-992", "id": "ZDI-19-992", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "TP-LINK TL-WR841N Web Service http_parser_main Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-992/", "vendor": "TP-Link", "vendor_url": null, "zdi_can": "ZDI-CAN-8457", "zdi_id": "ZDI-19-992" }, { "cve": "CVE-2019-16675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-991/advisory.json", "detail_path": "advisories/ZDI-19-991", "id": "ZDI-19-991", "kind": "published", "published_date": "2019-11-26", "status": "published", "title": "Phoenix Contact Automationworx MWT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-991/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-8097", "zdi_id": "ZDI-19-991" }, { "cve": "CVE-2019-18372", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-990/advisory.json", "detail_path": "advisories/ZDI-19-990", "id": "ZDI-19-990", "kind": "published", "published_date": "2019-11-14", "status": "published", "title": "Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability", "updated_date": "2021-01-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-990/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9477", "zdi_id": "ZDI-19-990" }, { "cve": "CVE-2019-12759", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-989/advisory.json", "detail_path": "advisories/ZDI-19-989", "id": "ZDI-19-989", "kind": "published", "published_date": "2019-11-14", "status": "published", "title": "Symantec Endpoint Protection Manager LuComServer stDisScriptEngine Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-989/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-9303", "zdi_id": "ZDI-19-989" }, { "cve": "CVE-2019-5541", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-988/advisory.json", "detail_path": "advisories/ZDI-19-988", "id": "ZDI-19-988", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "VMware Workstation e1000 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-988/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-8933", "zdi_id": "ZDI-19-988" }, { "cve": "CVE-2019-1380", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-987/advisory.json", "detail_path": "advisories/ZDI-19-987", "id": "ZDI-19-987", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows splwow64 Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-987/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9393", "zdi_id": "ZDI-19-987" }, { "cve": "CVE-2019-1456", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-986/advisory.json", "detail_path": "advisories/ZDI-19-986", "id": "ZDI-19-986", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows Kernel Type 1 Font Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-986/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9373", "zdi_id": "ZDI-19-986" }, { "cve": "CVE-2019-1441", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-985/advisory.json", "detail_path": "advisories/ZDI-19-985", "id": "ZDI-19-985", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows EMF Parsing Integer Truncation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-985/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9365", "zdi_id": "ZDI-19-985" }, { "cve": "CVE-2019-1394", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-984/advisory.json", "detail_path": "advisories/ZDI-19-984", "id": "ZDI-19-984", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows vMatchAPal Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-984/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9311", "zdi_id": "ZDI-19-984" }, { "cve": "CVE-2019-1393", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-983/advisory.json", "detail_path": "advisories/ZDI-19-983", "id": "ZDI-19-983", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows ptransMatchAPal Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-983/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9291", "zdi_id": "ZDI-19-983" }, { "cve": "CVE-2019-1396", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-982/advisory.json", "detail_path": "advisories/ZDI-19-982", "id": "ZDI-19-982", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-982/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9118", "zdi_id": "ZDI-19-982" }, { "cve": "CVE-2019-1395", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-981/advisory.json", "detail_path": "advisories/ZDI-19-981", "id": "ZDI-19-981", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-981/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9110", "zdi_id": "ZDI-19-981" }, { "cve": "CVE-2019-1412", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-980/advisory.json", "detail_path": "advisories/ZDI-19-980", "id": "ZDI-19-980", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-980/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9265", "zdi_id": "ZDI-19-980" }, { "cve": "CVE-2019-1385", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-979/advisory.json", "detail_path": "advisories/ZDI-19-979", "id": "ZDI-19-979", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows AppX Deployment Service Hard Link Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9162", "zdi_id": "ZDI-19-979" }, { "cve": "CVE-2019-1423", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-978/advisory.json", "detail_path": "advisories/ZDI-19-978", "id": "ZDI-19-978", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows InstallService Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-978/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9156", "zdi_id": "ZDI-19-978" }, { "cve": "CVE-2019-1419", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-977/advisory.json", "detail_path": "advisories/ZDI-19-977", "id": "ZDI-19-977", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-977/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9238", "zdi_id": "ZDI-19-977" }, { "cve": "CVE-2019-1408", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-976/advisory.json", "detail_path": "advisories/ZDI-19-976", "id": "ZDI-19-976", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows ulGetNearestIndexFromColorref Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-976/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9100", "zdi_id": "ZDI-19-976" }, { "cve": "CVE-2019-1388", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to access an interactive desktop as a low-privileged user on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-19-975/advisory.json", "detail_path": "advisories/ZDI-19-975", "id": "ZDI-19-975", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows UAC Unsafe Interaction Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9022", "zdi_id": "ZDI-19-975" }, { "cve": "CVE-2019-1432", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-974/advisory.json", "detail_path": "advisories/ZDI-19-974", "id": "ZDI-19-974", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-974/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8057", "zdi_id": "ZDI-19-974" }, { "cve": "CVE-2019-1411", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-973/advisory.json", "detail_path": "advisories/ZDI-19-973", "id": "ZDI-19-973", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-973/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8053", "zdi_id": "ZDI-19-973" }, { "cve": "CVE-2019-1422", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-972/advisory.json", "detail_path": "advisories/ZDI-19-972", "id": "ZDI-19-972", "kind": "published", "published_date": "2019-11-13", "status": "published", "title": "Microsoft Windows IP Helper Service Hard Link Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-972/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8945", "zdi_id": "ZDI-19-972" }, { "cve": "CVE-2019-18240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-971/advisory.json", "detail_path": "advisories/ZDI-19-971", "id": "ZDI-19-971", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-971/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8932", "zdi_id": "ZDI-19-971" }, { "cve": "CVE-2019-18240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-970/advisory.json", "detail_path": "advisories/ZDI-19-970", "id": "ZDI-19-970", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-970/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8931", "zdi_id": "ZDI-19-970" }, { "cve": "CVE-2019-18240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-969/advisory.json", "detail_path": "advisories/ZDI-19-969", "id": "ZDI-19-969", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-969/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8904", "zdi_id": "ZDI-19-969" }, { "cve": "CVE-2019-18240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-968/advisory.json", "detail_path": "advisories/ZDI-19-968", "id": "ZDI-19-968", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-968/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8848", "zdi_id": "ZDI-19-968" }, { "cve": "CVE-2019-18240", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-967/advisory.json", "detail_path": "advisories/ZDI-19-967", "id": "ZDI-19-967", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-967/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8844", "zdi_id": "ZDI-19-967" }, { "cve": "CVE-2019-1362", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-966/advisory.json", "detail_path": "advisories/ZDI-19-966", "id": "ZDI-19-966", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Microsoft Windows vResetSurfacePalette Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-966/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9359", "zdi_id": "ZDI-19-966" }, { "cve": "CVE-2019-2867", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-965/advisory.json", "detail_path": "advisories/ZDI-19-965", "id": "ZDI-19-965", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Oracle VirtualBox shader_get_registers_used Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-965/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8674", "zdi_id": "ZDI-19-965" }, { "cve": "CVE-2019-2867", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-964/advisory.json", "detail_path": "advisories/ZDI-19-964", "id": "ZDI-19-964", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Oracle VirtualBox Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-964/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8673", "zdi_id": "ZDI-19-964" }, { "cve": "CVE-2019-2867", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-963/advisory.json", "detail_path": "advisories/ZDI-19-963", "id": "ZDI-19-963", "kind": "published", "published_date": "2019-11-11", "status": "published", "title": "Oracle VirtualBox Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-963/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8418", "zdi_id": "ZDI-19-963" }, { "cve": "CVE-2019-8748", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-962/advisory.json", "detail_path": "advisories/ZDI-19-962", "id": "ZDI-19-962", "kind": "published", "published_date": "2019-11-06", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDSIGLContext Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-962/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8851", "zdi_id": "ZDI-19-962" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-19-961/advisory.json", "detail_path": "advisories/ZDI-19-961", "id": "ZDI-19-961", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Apple macOS AudioToolbox Interleave Out-of-Bounds Write Remote Code Execute Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-961/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8160", "zdi_id": "ZDI-19-961" }, { "cve": "CVE-2019-13547", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NodeRed Server, which listens on TCP...", "detail_json": "/data/advisories/ZDI-19-960/advisory.json", "detail_path": "advisories/ZDI-19-960", "id": "ZDI-19-960", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM NodeRed Server Missing Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8891", "zdi_id": "ZDI-19-960" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-959/advisory.json", "detail_path": "advisories/ZDI-19-959", "id": "ZDI-19-959", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt checkSN XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9229", "zdi_id": "ZDI-19-959" }, { "cve": "CVE-2019-13551", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpgradeMgmt class. The issue results f...", "detail_json": "/data/advisories/ZDI-19-958/advisory.json", "detail_path": "advisories/ZDI-19-958", "id": "ZDI-19-958", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM UpgradeMgmt Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9101", "zdi_id": "ZDI-19-958" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-957/advisory.json", "detail_path": "advisories/ZDI-19-957", "id": "ZDI-19-957", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt insertData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9145", "zdi_id": "ZDI-19-957" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-956/advisory.json", "detail_path": "advisories/ZDI-19-956", "id": "ZDI-19-956", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt CreateTable SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9144", "zdi_id": "ZDI-19-956" }, { "cve": "CVE-2019-18229", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-955/advisory.json", "detail_path": "advisories/ZDI-19-955", "id": "ZDI-19-955", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt getTableInfo SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9143", "zdi_id": "ZDI-19-955" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-954/advisory.json", "detail_path": "advisories/ZDI-19-954", "id": "ZDI-19-954", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM AccountMgmt registerAccount XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9098", "zdi_id": "ZDI-19-954" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-953/advisory.json", "detail_path": "advisories/ZDI-19-953", "id": "ZDI-19-953", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM AccountMgmt activateAccount XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9097", "zdi_id": "ZDI-19-953" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-952/advisory.json", "detail_path": "advisories/ZDI-19-952", "id": "ZDI-19-952", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt updateData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9146", "zdi_id": "ZDI-19-952" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-951/advisory.json", "detail_path": "advisories/ZDI-19-951", "id": "ZDI-19-951", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt delData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9147", "zdi_id": "ZDI-19-951" }, { "cve": "CVE-2019-13551", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...", "detail_json": "/data/advisories/ZDI-19-950/advisory.json", "detail_path": "advisories/ZDI-19-950", "id": "ZDI-19-950", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM UpgradeMgmt upload_ota Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9173", "zdi_id": "ZDI-19-950" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-949/advisory.json", "detail_path": "advisories/ZDI-19-949", "id": "ZDI-19-949", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM PowerMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9174", "zdi_id": "ZDI-19-949" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-948/advisory.json", "detail_path": "advisories/ZDI-19-948", "id": "ZDI-19-948", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9177", "zdi_id": "ZDI-19-948" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-947/advisory.json", "detail_path": "advisories/ZDI-19-947", "id": "ZDI-19-947", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM AccountMgmt fuzzySearch XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9095", "zdi_id": "ZDI-19-947" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-946/advisory.json", "detail_path": "advisories/ZDI-19-946", "id": "ZDI-19-946", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM AccountMgmt LoginForJWT XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9096", "zdi_id": "ZDI-19-946" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WechatSignin class. Due to the...", "detail_json": "/data/advisories/ZDI-19-945/advisory.json", "detail_path": "advisories/ZDI-19-945", "id": "ZDI-19-945", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM WechatSignin wechattokenlogin XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9086", "zdi_id": "ZDI-19-945" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-944/advisory.json", "detail_path": "advisories/ZDI-19-944", "id": "ZDI-19-944", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt ActionCommd_ota XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9094", "zdi_id": "ZDI-19-944" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-943/advisory.json", "detail_path": "advisories/ZDI-19-943", "id": "ZDI-19-943", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt groupFuzzSearch XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9231", "zdi_id": "ZDI-19-943" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-942/advisory.json", "detail_path": "advisories/ZDI-19-942", "id": "ZDI-19-942", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt checkSchName XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9230", "zdi_id": "ZDI-19-942" }, { "cve": "CVE-2019-13551", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMSWatchDog service, which lis...", "detail_json": "/data/advisories/ZDI-19-941/advisory.json", "detail_path": "advisories/ZDI-19-941", "id": "ZDI-19-941", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RMSWatchDog distributer Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9226", "zdi_id": "ZDI-19-941" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-940/advisory.json", "detail_path": "advisories/ZDI-19-940", "id": "ZDI-19-940", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM ProtectionMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9190", "zdi_id": "ZDI-19-940" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-939/advisory.json", "detail_path": "advisories/ZDI-19-939", "id": "ZDI-19-939", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM AccountMgmt forgotPwd XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2019-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9213", "zdi_id": "ZDI-19-939" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-938/advisory.json", "detail_path": "advisories/ZDI-19-938", "id": "ZDI-19-938", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM DeviceMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9191", "zdi_id": "ZDI-19-938" }, { "cve": "CVE-2019-18229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp...", "detail_json": "/data/advisories/ZDI-19-937/advisory.json", "detail_path": "advisories/ZDI-19-937", "id": "ZDI-19-937", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM SQLMgmt qryData SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9148", "zdi_id": "ZDI-19-937" }, { "cve": "CVE-2019-18227", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the...", "detail_json": "/data/advisories/ZDI-19-936/advisory.json", "detail_path": "advisories/ZDI-19-936", "id": "ZDI-19-936", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM RecoveryMgmt addRecoverySch XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9232", "zdi_id": "ZDI-19-936" }, { "cve": "CVE-2019-13551", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceMapMgmt class. When parsing the...", "detail_json": "/data/advisories/ZDI-19-935/advisory.json", "detail_path": "advisories/ZDI-19-935", "id": "ZDI-19-935", "kind": "published", "published_date": "2019-11-01", "status": "published", "title": "Advantech WISE-PaaS/RMM upload2eMap Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8892", "zdi_id": "ZDI-19-935" }, { "cve": "CVE-2019-8755, CVE-2019-8758", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-934/advisory.json", "detail_path": "advisories/ZDI-19-934", "id": "ZDI-19-934", "kind": "published", "published_date": "2019-10-31", "status": "published", "title": "Apple macOS AppleIntelCFLGraphicsFramebuffer.kext Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-934/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8828", "zdi_id": "ZDI-19-934" }, { "cve": "CVE-2019-10443", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins iceScrum. Authentication is required to exploit this vulnerability. The specific flaw exists within the iceScrum plugin. The issue results from st...", "detail_json": "/data/advisories/ZDI-19-933/advisory.json", "detail_path": "advisories/ZDI-19-933", "id": "ZDI-19-933", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "Jenkins iceScrum Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-933/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8882", "zdi_id": "ZDI-19-933" }, { "cve": "CVE-2019-10440", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins NeoLoad. Authentication is required to exploit this vulnerability. The specific flaw exists within the NeoLoad plugin. The issue results from stor...", "detail_json": "/data/advisories/ZDI-19-932/advisory.json", "detail_path": "advisories/ZDI-19-932", "id": "ZDI-19-932", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "Jenkins NeoLoad Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-932/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8873", "zdi_id": "ZDI-19-932" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Delphix. Authentication is required to exploit this vulnerability. The specific flaw exists within the Delphix plugin. The issue results from stor...", "detail_json": "/data/advisories/ZDI-19-931/advisory.json", "detail_path": "advisories/ZDI-19-931", "id": "ZDI-19-931", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins Delphix Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-931/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8919", "zdi_id": "ZDI-19-931" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins View26 Test-Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the View26 Test-Reporting plugin....", "detail_json": "/data/advisories/ZDI-19-930/advisory.json", "detail_path": "advisories/ZDI-19-930", "id": "ZDI-19-930", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins View26 Test-Reporting Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-930/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8889", "zdi_id": "ZDI-19-930" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue...", "detail_json": "/data/advisories/ZDI-19-929/advisory.json", "detail_path": "advisories/ZDI-19-929", "id": "ZDI-19-929", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-929/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8885", "zdi_id": "ZDI-19-929" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins ElasticBox CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the ElasticBox CI plugin. The issue resul...", "detail_json": "/data/advisories/ZDI-19-928/advisory.json", "detail_path": "advisories/ZDI-19-928", "id": "ZDI-19-928", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins ElasticBox CI Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-928/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8880", "zdi_id": "ZDI-19-928" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Fortify On Demand Uploader. Authentication is required to exploit this vulnerability. The specific flaw exists within the Fortify On Demand Upload...", "detail_json": "/data/advisories/ZDI-19-927/advisory.json", "detail_path": "advisories/ZDI-19-927", "id": "ZDI-19-927", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins Fortify on Demand Uploader Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-927/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8879", "zdi_id": "ZDI-19-927" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Extensive Testing. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extensive Testing plugin. The iss...", "detail_json": "/data/advisories/ZDI-19-926/advisory.json", "detail_path": "advisories/ZDI-19-926", "id": "ZDI-19-926", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins Extensive Testing Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-926/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8878", "zdi_id": "ZDI-19-926" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Sofy.AI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Sofy.AI plugin. The issue results from stor...", "detail_json": "/data/advisories/ZDI-19-925/advisory.json", "detail_path": "advisories/ZDI-19-925", "id": "ZDI-19-925", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Jenkins Sofy.AI Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-925/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8877", "zdi_id": "ZDI-19-925" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-924/advisory.json", "detail_path": "advisories/ZDI-19-924", "id": "ZDI-19-924", "kind": "published", "published_date": "2019-10-30", "status": "published", "title": "(0Day) Microsoft Windows cdrom Driver Memory Corruption Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-924/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9381", "zdi_id": "ZDI-19-924" }, { "cve": "CVE-2019-16675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-923/advisory.json", "detail_path": "advisories/ZDI-19-923", "id": "ZDI-19-923", "kind": "published", "published_date": "2019-10-29", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-923/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7783", "zdi_id": "ZDI-19-923" }, { "cve": "CVE-2019-16675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-922/advisory.json", "detail_path": "advisories/ZDI-19-922", "id": "ZDI-19-922", "kind": "published", "published_date": "2019-10-29", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-922/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7782", "zdi_id": "ZDI-19-922" }, { "cve": "CVE-2019-13698", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-921/advisory.json", "detail_path": "advisories/ZDI-19-921", "id": "ZDI-19-921", "kind": "published", "published_date": "2019-10-29", "status": "published", "title": "(Pwn2Own) Google Chromium RegExpReplace Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-921/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-8378", "zdi_id": "ZDI-19-921" }, { "cve": "CVE-2019-8735", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-920/advisory.json", "detail_path": "advisories/ZDI-19-920", "id": "ZDI-19-920", "kind": "published", "published_date": "2019-10-25", "status": "published", "title": "Apple Safari FrameDestructionObserver Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-920/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8574", "zdi_id": "ZDI-19-920" }, { "cve": "CVE-2019-8592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-19-919/advisory.json", "detail_path": "advisories/ZDI-19-919", "id": "ZDI-19-919", "kind": "published", "published_date": "2019-10-25", "status": "published", "title": "Apple macOS AudioCodecs Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-919/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8093", "zdi_id": "ZDI-19-919" }, { "cve": "CVE-2019-3031", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-19-918/advisory.json", "detail_path": "advisories/ZDI-19-918", "id": "ZDI-19-918", "kind": "published", "published_date": "2019-10-23", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-918/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8653", "zdi_id": "ZDI-19-918" }, { "cve": "CVE-2019-3026", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-917/advisory.json", "detail_path": "advisories/ZDI-19-917", "id": "ZDI-19-917", "kind": "published", "published_date": "2019-10-23", "status": "published", "title": "Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-917/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8652", "zdi_id": "ZDI-19-917" }, { "cve": "CVE-2019-3017", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-916/advisory.json", "detail_path": "advisories/ZDI-19-916", "id": "ZDI-19-916", "kind": "published", "published_date": "2019-10-23", "status": "published", "title": "Oracle VirtualBox shader_record_register_usage Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-916/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8842", "zdi_id": "ZDI-19-916" }, { "cve": "CVE-2019-17145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-915/advisory.json", "detail_path": "advisories/ZDI-19-915", "id": "ZDI-19-915", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DXF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-11-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9276", "zdi_id": "ZDI-19-915" }, { "cve": "CVE-2019-17144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-914/advisory.json", "detail_path": "advisories/ZDI-19-914", "id": "ZDI-19-914", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9274", "zdi_id": "ZDI-19-914" }, { "cve": "CVE-2019-17143", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-913/advisory.json", "detail_path": "advisories/ZDI-19-913", "id": "ZDI-19-913", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DWG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9273", "zdi_id": "ZDI-19-913" }, { "cve": "CVE-2019-17142", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-912/advisory.json", "detail_path": "advisories/ZDI-19-912", "id": "ZDI-19-912", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF ListBox Field Keystroke Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9081", "zdi_id": "ZDI-19-912" }, { "cve": "CVE-2019-17141", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-911/advisory.json", "detail_path": "advisories/ZDI-19-911", "id": "ZDI-19-911", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF Text Field Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9044", "zdi_id": "ZDI-19-911" }, { "cve": "CVE-2019-17140", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-910/advisory.json", "detail_path": "advisories/ZDI-19-910", "id": "ZDI-19-910", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF Signature Field OnFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9091", "zdi_id": "ZDI-19-910" }, { "cve": "CVE-2019-17139", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-909/advisory.json", "detail_path": "advisories/ZDI-19-909", "id": "ZDI-19-909", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8692", "zdi_id": "ZDI-19-909" }, { "cve": "CVE-2019-17138", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-908/advisory.json", "detail_path": "advisories/ZDI-19-908", "id": "ZDI-19-908", "kind": "published", "published_date": "2019-10-22", "status": "published", "title": "Foxit Studio Photo JPEG Batch Processing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8809", "zdi_id": "ZDI-19-908" }, { "cve": "CVE-2019-8243", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-907/advisory.json", "detail_path": "advisories/ZDI-19-907", "id": "ZDI-19-907", "kind": "published", "published_date": "2019-10-21", "status": "published", "title": "Adobe Media Encoder CC MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-907/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8804", "zdi_id": "ZDI-19-907" }, { "cve": "CVE-2019-8244", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-906/advisory.json", "detail_path": "advisories/ZDI-19-906", "id": "ZDI-19-906", "kind": "published", "published_date": "2019-10-21", "status": "published", "title": "Adobe Media Encoder CC MPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-906/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8803", "zdi_id": "ZDI-19-906" }, { "cve": "CVE-2019-8241", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-905/advisory.json", "detail_path": "advisories/ZDI-19-905", "id": "ZDI-19-905", "kind": "published", "published_date": "2019-10-21", "status": "published", "title": "Adobe Media Encoder MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-905/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8802", "zdi_id": "ZDI-19-905" }, { "cve": "CVE-2019-8242", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-904/advisory.json", "detail_path": "advisories/ZDI-19-904", "id": "ZDI-19-904", "kind": "published", "published_date": "2019-10-21", "status": "published", "title": "Adobe Media Encoder MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-11-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-904/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8785", "zdi_id": "ZDI-19-904" }, { "cve": "CVE-2019-13545", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-903/advisory.json", "detail_path": "advisories/ZDI-19-903", "id": "ZDI-19-903", "kind": "published", "published_date": "2019-10-18", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-903/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8445", "zdi_id": "ZDI-19-903" }, { "cve": "CVE-2019-13541", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-902/advisory.json", "detail_path": "advisories/ZDI-19-902", "id": "ZDI-19-902", "kind": "published", "published_date": "2019-10-18", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-902/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8444", "zdi_id": "ZDI-19-902" }, { "cve": "CVE-2019-8225", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-901/advisory.json", "detail_path": "advisories/ZDI-19-901", "id": "ZDI-19-901", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-901/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9374", "zdi_id": "ZDI-19-901" }, { "cve": "CVE-2019-8224", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-900/advisory.json", "detail_path": "advisories/ZDI-19-900", "id": "ZDI-19-900", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA closeDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-900/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9317", "zdi_id": "ZDI-19-900" }, { "cve": "CVE-2019-8223", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-899/advisory.json", "detail_path": "advisories/ZDI-19-899", "id": "ZDI-19-899", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA closeDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-899/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9331", "zdi_id": "ZDI-19-899" }, { "cve": "CVE-2019-8166", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-898/advisory.json", "detail_path": "advisories/ZDI-19-898", "id": "ZDI-19-898", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-898/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9362", "zdi_id": "ZDI-19-898" }, { "cve": "CVE-2019-8219", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-897/advisory.json", "detail_path": "advisories/ZDI-19-897", "id": "ZDI-19-897", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-897/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9330", "zdi_id": "ZDI-19-897" }, { "cve": "CVE-2019-8217", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-896/advisory.json", "detail_path": "advisories/ZDI-19-896", "id": "ZDI-19-896", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA template Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-896/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9329", "zdi_id": "ZDI-19-896" }, { "cve": "CVE-2019-8210", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-895/advisory.json", "detail_path": "advisories/ZDI-19-895", "id": "ZDI-19-895", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA instanceManager Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-895/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9316", "zdi_id": "ZDI-19-895" }, { "cve": "CVE-2019-8208", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-894/advisory.json", "detail_path": "advisories/ZDI-19-894", "id": "ZDI-19-894", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-894/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9295", "zdi_id": "ZDI-19-894" }, { "cve": "CVE-2019-8209", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-893/advisory.json", "detail_path": "advisories/ZDI-19-893", "id": "ZDI-19-893", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA template Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-893/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9327", "zdi_id": "ZDI-19-893" }, { "cve": "CVE-2019-8204", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-892/advisory.json", "detail_path": "advisories/ZDI-19-892", "id": "ZDI-19-892", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-892/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8937", "zdi_id": "ZDI-19-892" }, { "cve": "CVE-2019-8203", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-891/advisory.json", "detail_path": "advisories/ZDI-19-891", "id": "ZDI-19-891", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-891/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9293", "zdi_id": "ZDI-19-891" }, { "cve": "CVE-2019-8192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-890/advisory.json", "detail_path": "advisories/ZDI-19-890", "id": "ZDI-19-890", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-890/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8793", "zdi_id": "ZDI-19-890" }, { "cve": "CVE-2019-8191", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-889/advisory.json", "detail_path": "advisories/ZDI-19-889", "id": "ZDI-19-889", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DWT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-889/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9153", "zdi_id": "ZDI-19-889" }, { "cve": "CVE-2019-8165", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-888/advisory.json", "detail_path": "advisories/ZDI-19-888", "id": "ZDI-19-888", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-888/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9154", "zdi_id": "ZDI-19-888" }, { "cve": "CVE-2019-8190", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-887/advisory.json", "detail_path": "advisories/ZDI-19-887", "id": "ZDI-19-887", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-887/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9155", "zdi_id": "ZDI-19-887" }, { "cve": "CVE-2019-8163", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-886/advisory.json", "detail_path": "advisories/ZDI-19-886", "id": "ZDI-19-886", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-886/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9261", "zdi_id": "ZDI-19-886" }, { "cve": "CVE-2019-8189", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-885/advisory.json", "detail_path": "advisories/ZDI-19-885", "id": "ZDI-19-885", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-885/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9262", "zdi_id": "ZDI-19-885" }, { "cve": "CVE-2019-8188", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-884/advisory.json", "detail_path": "advisories/ZDI-19-884", "id": "ZDI-19-884", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DWG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-884/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9263", "zdi_id": "ZDI-19-884" }, { "cve": "CVE-2019-8187", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-883/advisory.json", "detail_path": "advisories/ZDI-19-883", "id": "ZDI-19-883", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DWG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-883/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9264", "zdi_id": "ZDI-19-883" }, { "cve": "CVE-2019-8181", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-882/advisory.json", "detail_path": "advisories/ZDI-19-882", "id": "ZDI-19-882", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-882/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8816", "zdi_id": "ZDI-19-882" }, { "cve": "CVE-2019-8180", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-881/advisory.json", "detail_path": "advisories/ZDI-19-881", "id": "ZDI-19-881", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-881/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8817", "zdi_id": "ZDI-19-881" }, { "cve": "CVE-2019-8179", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-880/advisory.json", "detail_path": "advisories/ZDI-19-880", "id": "ZDI-19-880", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-880/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8819", "zdi_id": "ZDI-19-880" }, { "cve": "CVE-2019-8178", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-879/advisory.json", "detail_path": "advisories/ZDI-19-879", "id": "ZDI-19-879", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-879/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8820", "zdi_id": "ZDI-19-879" }, { "cve": "CVE-2019-8177", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-878/advisory.json", "detail_path": "advisories/ZDI-19-878", "id": "ZDI-19-878", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA calculate Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-878/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8854", "zdi_id": "ZDI-19-878" }, { "cve": "CVE-2019-8176", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-877/advisory.json", "detail_path": "advisories/ZDI-19-877", "id": "ZDI-19-877", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA validate Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-877/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8765", "zdi_id": "ZDI-19-877" }, { "cve": "CVE-2019-8064", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-876/advisory.json", "detail_path": "advisories/ZDI-19-876", "id": "ZDI-19-876", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA presence Element Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-876/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8732", "zdi_id": "ZDI-19-876" }, { "cve": "CVE-2019-8175", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-875/advisory.json", "detail_path": "advisories/ZDI-19-875", "id": "ZDI-19-875", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-875/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8818", "zdi_id": "ZDI-19-875" }, { "cve": "CVE-2019-8174", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-874/advisory.json", "detail_path": "advisories/ZDI-19-874", "id": "ZDI-19-874", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC RestorePlugInFrame Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2020-07-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-874/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8689", "zdi_id": "ZDI-19-874" }, { "cve": "CVE-2019-8173", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-873/advisory.json", "detail_path": "advisories/ZDI-19-873", "id": "ZDI-19-873", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC Distiller PostScript JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-873/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8781", "zdi_id": "ZDI-19-873" }, { "cve": "CVE-2019-8172", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-872/advisory.json", "detail_path": "advisories/ZDI-19-872", "id": "ZDI-19-872", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC DST File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-872/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8678", "zdi_id": "ZDI-19-872" }, { "cve": "CVE-2019-8171", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-871/advisory.json", "detail_path": "advisories/ZDI-19-871", "id": "ZDI-19-871", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript CharString Directory NULL Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-871/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8744", "zdi_id": "ZDI-19-871" }, { "cve": "CVE-2019-8170", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-870/advisory.json", "detail_path": "advisories/ZDI-19-870", "id": "ZDI-19-870", "kind": "published", "published_date": "2019-10-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-870/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8681", "zdi_id": "ZDI-19-870" }, { "cve": "CVE-2019-1362", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-869/advisory.json", "detail_path": "advisories/ZDI-19-869", "id": "ZDI-19-869", "kind": "published", "published_date": "2019-10-10", "status": "published", "title": "Microsoft Windows CreateSurfacePal Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-869/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8926", "zdi_id": "ZDI-19-869" }, { "cve": "CVE-2019-1362", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-868/advisory.json", "detail_path": "advisories/ZDI-19-868", "id": "ZDI-19-868", "kind": "published", "published_date": "2019-10-10", "status": "published", "title": "Microsoft Windows CreateSurfacePal Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-868/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8852", "zdi_id": "ZDI-19-868" }, { "cve": "CVE-2019-1361", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-867/advisory.json", "detail_path": "advisories/ZDI-19-867", "id": "ZDI-19-867", "kind": "published", "published_date": "2019-10-10", "status": "published", "title": "Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-867/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8746", "zdi_id": "ZDI-19-867" }, { "cve": "CVE-2019-17137", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path s...", "detail_json": "/data/advisories/ZDI-19-866/advisory.json", "detail_path": "advisories/ZDI-19-866", "id": "ZDI-19-866", "kind": "published", "published_date": "2019-10-10", "status": "published", "title": "NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability", "updated_date": "2020-01-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/", "vendor": "NETGEAR", "vendor_url": null, "zdi_can": "ZDI-CAN-8616", "zdi_id": "ZDI-19-866" }, { "cve": "CVE-2019-8707", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-865/advisory.json", "detail_path": "advisories/ZDI-19-865", "id": "ZDI-19-865", "kind": "published", "published_date": "2019-10-08", "status": "published", "title": "Apple WebKit HashTable Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-865/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8739", "zdi_id": "ZDI-19-865" }, { "cve": "CVE-2019-8707", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-864/advisory.json", "detail_path": "advisories/ZDI-19-864", "id": "ZDI-19-864", "kind": "published", "published_date": "2019-10-08", "status": "published", "title": "Apple WebKit CSSAnimation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-864/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8668", "zdi_id": "ZDI-19-864" }, { "cve": "CVE-2019-8745", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-19-863/advisory.json", "detail_path": "advisories/ZDI-19-863", "id": "ZDI-19-863", "kind": "published", "published_date": "2019-10-08", "status": "published", "title": "Apple macOS CFFromShiftJISLen Out-Of-Bounds Read Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-863/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8588", "zdi_id": "ZDI-19-863" }, { "cve": "CVE-2019-10433", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins. Authentication is required to exploit this vulnerability. The specific flaw exists within the dingding-notifications plugin. The issue results fr...", "detail_json": "/data/advisories/ZDI-19-862/advisory.json", "detail_path": "advisories/ZDI-19-862", "id": "ZDI-19-862", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Jenkins dingding-notifications Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8833", "zdi_id": "ZDI-19-862" }, { "cve": "CVE-2019-17136", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-861/advisory.json", "detail_path": "advisories/ZDI-19-861", "id": "ZDI-19-861", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-861/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8776", "zdi_id": "ZDI-19-861" }, { "cve": "CVE-2019-17135", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-860/advisory.json", "detail_path": "advisories/ZDI-19-860", "id": "ZDI-19-860", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-860/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8775", "zdi_id": "ZDI-19-860" }, { "cve": "CVE-2019-13334", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-859/advisory.json", "detail_path": "advisories/ZDI-19-859", "id": "ZDI-19-859", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DXF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8774", "zdi_id": "ZDI-19-859" }, { "cve": "CVE-2019-13333", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-858/advisory.json", "detail_path": "advisories/ZDI-19-858", "id": "ZDI-19-858", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Foxit PhantomPDF Dwg2Pdf DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-858/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8773", "zdi_id": "ZDI-19-858" }, { "cve": "CVE-2019-8539", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-857/advisory.json", "detail_path": "advisories/ZDI-19-857", "id": "ZDI-19-857", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Apple macOS diskmanagementd Uninitialized Buffer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-857/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8719", "zdi_id": "ZDI-19-857" }, { "cve": "CVE-2019-8657", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-856/advisory.json", "detail_path": "advisories/ZDI-19-856", "id": "ZDI-19-856", "kind": "published", "published_date": "2019-10-04", "status": "published", "title": "Apple macOS parseText1Fast Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-856/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8584", "zdi_id": "ZDI-19-856" }, { "cve": "CVE-2019-13332", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-855/advisory.json", "detail_path": "advisories/ZDI-19-855", "id": "ZDI-19-855", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader XFA Form Template Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-855/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-9149", "zdi_id": "ZDI-19-855" }, { "cve": "CVE-2019-13331", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-854/advisory.json", "detail_path": "advisories/ZDI-19-854", "id": "ZDI-19-854", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader JPG File ConvertToPDF Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-854/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8838", "zdi_id": "ZDI-19-854" }, { "cve": "CVE-2019-13330", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-853/advisory.json", "detail_path": "advisories/ZDI-19-853", "id": "ZDI-19-853", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader JPG File ConvertToPDF Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-853/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8742", "zdi_id": "ZDI-19-853" }, { "cve": "CVE-2019-13329", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-852/advisory.json", "detail_path": "advisories/ZDI-19-852", "id": "ZDI-19-852", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader TIF File ConvertToPDF Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-852/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8695", "zdi_id": "ZDI-19-852" }, { "cve": "CVE-2019-13328", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-851/advisory.json", "detail_path": "advisories/ZDI-19-851", "id": "ZDI-19-851", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-851/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8913", "zdi_id": "ZDI-19-851" }, { "cve": "CVE-2019-13327", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-850/advisory.json", "detail_path": "advisories/ZDI-19-850", "id": "ZDI-19-850", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-850/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8888", "zdi_id": "ZDI-19-850" }, { "cve": "CVE-2019-13326", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-849/advisory.json", "detail_path": "advisories/ZDI-19-849", "id": "ZDI-19-849", "kind": "published", "published_date": "2019-10-01", "status": "published", "title": "Foxit Reader AcroForm Field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-849/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8864", "zdi_id": "ZDI-19-849" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-848/advisory.json", "detail_path": "advisories/ZDI-19-848", "id": "ZDI-19-848", "kind": "published", "published_date": "2019-09-24", "status": "published", "title": "(0Day) Microsoft Windows Storage Service Link Resolution Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-848/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9312", "zdi_id": "ZDI-19-848" }, { "cve": "CVE-2019-13556", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunrpt.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-847/advisory.json", "detail_path": "advisories/ZDI-19-847", "id": "ZDI-19-847", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Advantech WebAccess Node bwrunrpt Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-847/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9272", "zdi_id": "ZDI-19-847" }, { "cve": "CVE-2019-13552", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwDlgpUp.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-846/advisory.json", "detail_path": "advisories/ZDI-19-846", "id": "ZDI-19-846", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Advantech WebAccess Node BwDlgpUp Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-846/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9271", "zdi_id": "ZDI-19-846" }, { "cve": "CVE-2019-13552", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwgetval.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-845/advisory.json", "detail_path": "advisories/ZDI-19-845", "id": "ZDI-19-845", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Advantech WebAccess Node bwgetval Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-845/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9270", "zdi_id": "ZDI-19-845" }, { "cve": "CVE-2019-13552", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunmie.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-844/advisory.json", "detail_path": "advisories/ZDI-19-844", "id": "ZDI-19-844", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Advantech WebAccess Node bwrunmie Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-844/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9269", "zdi_id": "ZDI-19-844" }, { "cve": "CVE-2019-13556", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within cnvlgxtag.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-843/advisory.json", "detail_path": "advisories/ZDI-19-843", "id": "ZDI-19-843", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Advantech WebAccess Node cnvlgxtag Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-843/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-9236", "zdi_id": "ZDI-19-843" }, { "cve": "CVE-2019-13325", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-842/advisory.json", "detail_path": "advisories/ZDI-19-842", "id": "ZDI-19-842", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-842/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8922", "zdi_id": "ZDI-19-842" }, { "cve": "CVE-2019-13324", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-841/advisory.json", "detail_path": "advisories/ZDI-19-841", "id": "ZDI-19-841", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Foxit Studio Photo TIFF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-841/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8782", "zdi_id": "ZDI-19-841" }, { "cve": "CVE-2019-13323", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-840/advisory.json", "detail_path": "advisories/ZDI-19-840", "id": "ZDI-19-840", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-840/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8783", "zdi_id": "ZDI-19-840" }, { "cve": "CVE-2019-10378", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins testlink. Authentication is required to exploit this vulnerability. The specific flaw exists within the testlink plugin. The issue results from st...", "detail_json": "/data/advisories/ZDI-19-839/advisory.json", "detail_path": "advisories/ZDI-19-839", "id": "ZDI-19-839", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins testlink Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-839/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8874", "zdi_id": "ZDI-19-839" }, { "cve": "CVE-2019-10350", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Port Allocator. Authentication is required to exploit this vulnerability. The specific flaw exists within the Port Allocator plugin. The issue res...", "detail_json": "/data/advisories/ZDI-19-838/advisory.json", "detail_path": "advisories/ZDI-19-838", "id": "ZDI-19-838", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins Port Allocator Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-838/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8893", "zdi_id": "ZDI-19-838" }, { "cve": "CVE-2019-10348", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Gogs. Authentication is required to exploit this vulnerability. The specific flaw exists within the Gogs plugin. The issue results from storing cr...", "detail_json": "/data/advisories/ZDI-19-837/advisory.json", "detail_path": "advisories/ZDI-19-837", "id": "ZDI-19-837", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins Gogs Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-837/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8884", "zdi_id": "ZDI-19-837" }, { "cve": "CVE-2019-10351", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Caliper CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Caliper CI plugin. The issue results fro...", "detail_json": "/data/advisories/ZDI-19-836/advisory.json", "detail_path": "advisories/ZDI-19-836", "id": "ZDI-19-836", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins Caliper CI Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-836/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8883", "zdi_id": "ZDI-19-836" }, { "cve": "CVE-2019-10361", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Maven Release. Authentication is required to exploit this vulnerability. The specific flaw exists within the Maven Release plugin. The issue resul...", "detail_json": "/data/advisories/ZDI-19-835/advisory.json", "detail_path": "advisories/ZDI-19-835", "id": "ZDI-19-835", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins Maven Release Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-835/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8881", "zdi_id": "ZDI-19-835" }, { "cve": "CVE-2019-10385", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins eggPlant. Authentication is required to exploit this vulnerability. The specific flaw exists within the eggPlant plugin. The issue results from st...", "detail_json": "/data/advisories/ZDI-19-834/advisory.json", "detail_path": "advisories/ZDI-19-834", "id": "ZDI-19-834", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins eggPlant Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-834/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8876", "zdi_id": "ZDI-19-834" }, { "cve": "CVE-2019-10366", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Skytap Cloud CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Skytap Cloud CI plugin. The issue r...", "detail_json": "/data/advisories/ZDI-19-833/advisory.json", "detail_path": "advisories/ZDI-19-833", "id": "ZDI-19-833", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "Jenkins Skytap Cloud CI Cleartext Storage of Credentials Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-833/", "vendor": "Jenkins", "vendor_url": null, "zdi_can": "ZDI-CAN-8875", "zdi_id": "ZDI-19-833" }, { "cve": "CVE-2019-8585", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-832/advisory.json", "detail_path": "advisories/ZDI-19-832", "id": "ZDI-19-832", "kind": "published", "published_date": "2019-09-17", "status": "published", "title": "QuickTime get_by_tree Memory Corruption Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-832/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8091", "zdi_id": "ZDI-19-832" }, { "cve": "CVE-2019-1208", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-831/advisory.json", "detail_path": "advisories/ZDI-19-831", "id": "ZDI-19-831", "kind": "published", "published_date": "2019-09-12", "status": "published", "title": "Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-831/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8849", "zdi_id": "ZDI-19-831" }, { "cve": "CVE-2019-13544", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-830/advisory.json", "detail_path": "advisories/ZDI-19-830", "id": "ZDI-19-830", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-830/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8560", "zdi_id": "ZDI-19-830" }, { "cve": "CVE-2019-13544", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-829/advisory.json", "detail_path": "advisories/ZDI-19-829", "id": "ZDI-19-829", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-829/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8558", "zdi_id": "ZDI-19-829" }, { "cve": "CVE-2019-13536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-828/advisory.json", "detail_path": "advisories/ZDI-19-828", "id": "ZDI-19-828", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-828/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8563", "zdi_id": "ZDI-19-828" }, { "cve": "CVE-2019-13536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-827/advisory.json", "detail_path": "advisories/ZDI-19-827", "id": "ZDI-19-827", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-827/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8561", "zdi_id": "ZDI-19-827" }, { "cve": "CVE-2019-13536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-826/advisory.json", "detail_path": "advisories/ZDI-19-826", "id": "ZDI-19-826", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-826/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8559", "zdi_id": "ZDI-19-826" }, { "cve": "CVE-2019-13536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-825/advisory.json", "detail_path": "advisories/ZDI-19-825", "id": "ZDI-19-825", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-825/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8556", "zdi_id": "ZDI-19-825" }, { "cve": "CVE-2019-13540", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-824/advisory.json", "detail_path": "advisories/ZDI-19-824", "id": "ZDI-19-824", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-824/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8557", "zdi_id": "ZDI-19-824" }, { "cve": "CVE-2019-13540", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-823/advisory.json", "detail_path": "advisories/ZDI-19-823", "id": "ZDI-19-823", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-823/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8770", "zdi_id": "ZDI-19-823" }, { "cve": "CVE-2019-1283", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-822/advisory.json", "detail_path": "advisories/ZDI-19-822", "id": "ZDI-19-822", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Microsoft Windows gdi32 Icon Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-822/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8752", "zdi_id": "ZDI-19-822" }, { "cve": "CVE-2019-1283", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-821/advisory.json", "detail_path": "advisories/ZDI-19-821", "id": "ZDI-19-821", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-821/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8747", "zdi_id": "ZDI-19-821" }, { "cve": "CVE-2019-13520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-820/advisory.json", "detail_path": "advisories/ZDI-19-820", "id": "ZDI-19-820", "kind": "published", "published_date": "2019-09-11", "status": "published", "title": "Fuji Electric Alpha5 WPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-820/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8590", "zdi_id": "ZDI-19-820" }, { "cve": "CVE-2019-8692", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple MacOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-819/advisory.json", "detail_path": "advisories/ZDI-19-819", "id": "ZDI-19-819", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Apple macOS AMDRadeonX4000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-819/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-9066", "zdi_id": "ZDI-19-819" }, { "cve": "CVE-2019-8070", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-818/advisory.json", "detail_path": "advisories/ZDI-19-818", "id": "ZDI-19-818", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-818/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-9079", "zdi_id": "ZDI-19-818" }, { "cve": "CVE-2019-8069", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-817/advisory.json", "detail_path": "advisories/ZDI-19-817", "id": "ZDI-19-817", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-817/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8853", "zdi_id": "ZDI-19-817" }, { "cve": "CVE-2019-1306", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure DevOps Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of markdown files during...", "detail_json": "/data/advisories/ZDI-19-816/advisory.json", "detail_path": "advisories/ZDI-19-816", "id": "ZDI-19-816", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-816/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-9120", "zdi_id": "ZDI-19-816" }, { "cve": "CVE-2019-1297", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-815/advisory.json", "detail_path": "advisories/ZDI-19-815", "id": "ZDI-19-815", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Excel XLS File Label Record Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-815/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8811", "zdi_id": "ZDI-19-815" }, { "cve": "CVE-2019-1295", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the Business Data Conne...", "detail_json": "/data/advisories/ZDI-19-814/advisory.json", "detail_path": "advisories/ZDI-19-814", "id": "ZDI-19-814", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-814/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8204", "zdi_id": "ZDI-19-814" }, { "cve": "CVE-2019-1296", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the Business Data Conne...", "detail_json": "/data/advisories/ZDI-19-813/advisory.json", "detail_path": "advisories/ZDI-19-813", "id": "ZDI-19-813", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-813/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8161", "zdi_id": "ZDI-19-813" }, { "cve": "CVE-2019-1257", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. A crafted...", "detail_json": "/data/advisories/ZDI-19-812/advisory.json", "detail_path": "advisories/ZDI-19-812", "id": "ZDI-19-812", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-812/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8159", "zdi_id": "ZDI-19-812" }, { "cve": "CVE-2019-1252", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-811/advisory.json", "detail_path": "advisories/ZDI-19-811", "id": "ZDI-19-811", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-811/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8729", "zdi_id": "ZDI-19-811" }, { "cve": "CVE-2019-1248", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-810/advisory.json", "detail_path": "advisories/ZDI-19-810", "id": "ZDI-19-810", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-810/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8711", "zdi_id": "ZDI-19-810" }, { "cve": "CVE-2019-1246", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-809/advisory.json", "detail_path": "advisories/ZDI-19-809", "id": "ZDI-19-809", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-809/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8701", "zdi_id": "ZDI-19-809" }, { "cve": "CVE-2019-1251", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-808/advisory.json", "detail_path": "advisories/ZDI-19-808", "id": "ZDI-19-808", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows gdi32full Font Parsing Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-808/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8664", "zdi_id": "ZDI-19-808" }, { "cve": "CVE-2019-1241", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-807/advisory.json", "detail_path": "advisories/ZDI-19-807", "id": "ZDI-19-807", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-807/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8597", "zdi_id": "ZDI-19-807" }, { "cve": "CVE-2019-1249", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-806/advisory.json", "detail_path": "advisories/ZDI-19-806", "id": "ZDI-19-806", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-806/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8595", "zdi_id": "ZDI-19-806" }, { "cve": "CVE-2019-1242", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-805/advisory.json", "detail_path": "advisories/ZDI-19-805", "id": "ZDI-19-805", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-805/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8529", "zdi_id": "ZDI-19-805" }, { "cve": "CVE-2019-1243", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-804/advisory.json", "detail_path": "advisories/ZDI-19-804", "id": "ZDI-19-804", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-804/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8488", "zdi_id": "ZDI-19-804" }, { "cve": "CVE-2019-1253", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-19-803/advisory.json", "detail_path": "advisories/ZDI-19-803", "id": "ZDI-19-803", "kind": "published", "published_date": "2019-09-10", "status": "published", "title": "Microsoft Windows AppX Deployment Service Junction Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-803/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8602", "zdi_id": "ZDI-19-803" }, { "cve": "CVE-2019-13519", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-802/advisory.json", "detail_path": "advisories/ZDI-19-802", "id": "ZDI-19-802", "kind": "published", "published_date": "2019-09-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-802/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8175", "zdi_id": "ZDI-19-802" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-801/advisory.json", "detail_path": "advisories/ZDI-19-801", "id": "ZDI-19-801", "kind": "published", "published_date": "2019-09-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8062", "zdi_id": "ZDI-19-801" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-800/advisory.json", "detail_path": "advisories/ZDI-19-800", "id": "ZDI-19-800", "kind": "published", "published_date": "2019-09-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8174", "zdi_id": "ZDI-19-800" }, { "cve": "CVE-2019-13521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-799/advisory.json", "detail_path": "advisories/ZDI-19-799", "id": "ZDI-19-799", "kind": "published", "published_date": "2019-09-09", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-799/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8134", "zdi_id": "ZDI-19-799" }, { "cve": "CVE-2019-13520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-798/advisory.json", "detail_path": "advisories/ZDI-19-798", "id": "ZDI-19-798", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Fuji Electric Alpha5 SDP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-798/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8566", "zdi_id": "ZDI-19-798" }, { "cve": "CVE-2019-10996", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-797/advisory.json", "detail_path": "advisories/ZDI-19-797", "id": "ZDI-19-797", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-797/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8310", "zdi_id": "ZDI-19-797" }, { "cve": "CVE-2019-10978", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-796/advisory.json", "detail_path": "advisories/ZDI-19-796", "id": "ZDI-19-796", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-796/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8307", "zdi_id": "ZDI-19-796" }, { "cve": "CVE-2019-10978", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-795/advisory.json", "detail_path": "advisories/ZDI-19-795", "id": "ZDI-19-795", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-795/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8302", "zdi_id": "ZDI-19-795" }, { "cve": "CVE-2019-10978", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-794/advisory.json", "detail_path": "advisories/ZDI-19-794", "id": "ZDI-19-794", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-794/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8300", "zdi_id": "ZDI-19-794" }, { "cve": "CVE-2019-10978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-793/advisory.json", "detail_path": "advisories/ZDI-19-793", "id": "ZDI-19-793", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-793/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8301", "zdi_id": "ZDI-19-793" }, { "cve": "CVE-2019-10978", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-792/advisory.json", "detail_path": "advisories/ZDI-19-792", "id": "ZDI-19-792", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-792/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8305", "zdi_id": "ZDI-19-792" }, { "cve": "CVE-2019-10984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-791/advisory.json", "detail_path": "advisories/ZDI-19-791", "id": "ZDI-19-791", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-791/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8245", "zdi_id": "ZDI-19-791" }, { "cve": "CVE-2019-10978", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-790/advisory.json", "detail_path": "advisories/ZDI-19-790", "id": "ZDI-19-790", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-790/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-7650", "zdi_id": "ZDI-19-790" }, { "cve": "CVE-2019-10984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-789/advisory.json", "detail_path": "advisories/ZDI-19-789", "id": "ZDI-19-789", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-789/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-7586", "zdi_id": "ZDI-19-789" }, { "cve": "CVE-2019-10996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-788/advisory.json", "detail_path": "advisories/ZDI-19-788", "id": "ZDI-19-788", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-788/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-7645", "zdi_id": "ZDI-19-788" }, { "cve": "CVE-2019-10996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-787/advisory.json", "detail_path": "advisories/ZDI-19-787", "id": "ZDI-19-787", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD3 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-787/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8179", "zdi_id": "ZDI-19-787" }, { "cve": "CVE-2019-10984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-786/advisory.json", "detail_path": "advisories/ZDI-19-786", "id": "ZDI-19-786", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD3 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-786/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8168", "zdi_id": "ZDI-19-786" }, { "cve": "CVE-2019-10990", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTextStreamMemory class. The class co...", "detail_json": "/data/advisories/ZDI-19-785/advisory.json", "detail_path": "advisories/ZDI-19-785", "id": "ZDI-19-785", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson Hard-coded Cryptographic Key Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-785/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8188", "zdi_id": "ZDI-19-785" }, { "cve": "CVE-2019-10978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-784/advisory.json", "detail_path": "advisories/ZDI-19-784", "id": "ZDI-19-784", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD3 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-784/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-8167", "zdi_id": "ZDI-19-784" }, { "cve": "CVE-2019-10996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-783/advisory.json", "detail_path": "advisories/ZDI-19-783", "id": "ZDI-19-783", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "Red Lion Crimson CD31 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2024-07-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-783/", "vendor": "Red Lion", "vendor_url": null, "zdi_can": "ZDI-CAN-7653", "zdi_id": "ZDI-19-783" }, { "cve": "CVE-2019-9812", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-19-782/advisory.json", "detail_path": "advisories/ZDI-19-782", "id": "ZDI-19-782", "kind": "published", "published_date": "2019-09-05", "status": "published", "title": "(Pwn2Own) Mozilla Firefox sync Universal Cross-Site Scripting Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-782/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-8375", "zdi_id": "ZDI-19-782" }, { "cve": "CVE-2019-1283", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-781/advisory.json", "detail_path": "advisories/ZDI-19-781", "id": "ZDI-19-781", "kind": "published", "published_date": "2019-09-04", "status": "published", "title": "(0Day) Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-09-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-781/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8748", "zdi_id": "ZDI-19-781" }, { "cve": "CVE-2019-10565", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-19-780/advisory.json", "detail_path": "advisories/ZDI-19-780", "id": "ZDI-19-780", "kind": "published", "published_date": "2019-09-04", "status": "published", "title": "(0Day) Google Android v4l2 Double Free Privilege Escalation Vulnerability", "updated_date": "2020-03-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-780/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-8316", "zdi_id": "ZDI-19-780" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-779/advisory.json", "detail_path": "advisories/ZDI-19-779", "id": "ZDI-19-779", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript Folder.rename Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-779/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8521", "zdi_id": "ZDI-19-779" }, { "cve": "CVE-2019-7989", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to trigger a denial-of-service condition on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-778/advisory.json", "detail_path": "advisories/ZDI-19-778", "id": "ZDI-19-778", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript Folder.remove Insufficient UI Warning Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-778/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8519", "zdi_id": "ZDI-19-778" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-777/advisory.json", "detail_path": "advisories/ZDI-19-777", "id": "ZDI-19-777", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.copy Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-777/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8505", "zdi_id": "ZDI-19-777" }, { "cve": "CVE-2019-7989", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to trigger a denial-of-service condition on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-776/advisory.json", "detail_path": "advisories/ZDI-19-776", "id": "ZDI-19-776", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.remove Insufficient UI Warning Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-776/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8504", "zdi_id": "ZDI-19-776" }, { "cve": "CVE-2019-7989", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-775/advisory.json", "detail_path": "advisories/ZDI-19-775", "id": "ZDI-19-775", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.readch Insufficient UI Warning Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-775/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8503", "zdi_id": "ZDI-19-775" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-774/advisory.json", "detail_path": "advisories/ZDI-19-774", "id": "ZDI-19-774", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.rename Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-774/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8502", "zdi_id": "ZDI-19-774" }, { "cve": "CVE-2019-7989", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-773/advisory.json", "detail_path": "advisories/ZDI-19-773", "id": "ZDI-19-773", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.read Insufficient UI Warning Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-773/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8501", "zdi_id": "ZDI-19-773" }, { "cve": "CVE-2019-7989", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-772/advisory.json", "detail_path": "advisories/ZDI-19-772", "id": "ZDI-19-772", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.readln Insufficient UI Warning Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-772/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8500", "zdi_id": "ZDI-19-772" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-771/advisory.json", "detail_path": "advisories/ZDI-19-771", "id": "ZDI-19-771", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.writeln Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-771/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8499", "zdi_id": "ZDI-19-771" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-770/advisory.json", "detail_path": "advisories/ZDI-19-770", "id": "ZDI-19-770", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.write Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-770/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8498", "zdi_id": "ZDI-19-770" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-769/advisory.json", "detail_path": "advisories/ZDI-19-769", "id": "ZDI-19-769", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript File.execute Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-769/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8497", "zdi_id": "ZDI-19-769" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-768/advisory.json", "detail_path": "advisories/ZDI-19-768", "id": "ZDI-19-768", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript app.system Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-768/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8496", "zdi_id": "ZDI-19-768" }, { "cve": "CVE-2019-8681", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-767/advisory.json", "detail_path": "advisories/ZDI-19-767", "id": "ZDI-19-767", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Apple Safari InlineBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-767/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8438", "zdi_id": "ZDI-19-767" }, { "cve": "CVE-2019-8604", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-766/advisory.json", "detail_path": "advisories/ZDI-19-766", "id": "ZDI-19-766", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Apple macOS securityd Heap-based Buffer Overflow Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-766/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8360", "zdi_id": "ZDI-19-766" }, { "cve": "CVE-2019-8601", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-765/advisory.json", "detail_path": "advisories/ZDI-19-765", "id": "ZDI-19-765", "kind": "published", "published_date": "2019-08-27", "status": "published", "title": "Apple Safari Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-765/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8359", "zdi_id": "ZDI-19-765" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-764/advisory.json", "detail_path": "advisories/ZDI-19-764", "id": "ZDI-19-764", "kind": "published", "published_date": "2019-08-21", "status": "published", "title": "(0Day) WECON LeviStudioU ShortMessage_Module SMtext Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-764/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-8246", "zdi_id": "ZDI-19-764" }, { "cve": "CVE-2019-13520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-763/advisory.json", "detail_path": "advisories/ZDI-19-763", "id": "ZDI-19-763", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Fuji Electric Alpha5 SDP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-763/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8772", "zdi_id": "ZDI-19-763" }, { "cve": "CVE-2019-13520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-762/advisory.json", "detail_path": "advisories/ZDI-19-762", "id": "ZDI-19-762", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Fuji Electric Alpha5 SDP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-762/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8756", "zdi_id": "ZDI-19-762" }, { "cve": "CVE-2019-13520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-761/advisory.json", "detail_path": "advisories/ZDI-19-761", "id": "ZDI-19-761", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Fuji Electric Alpha5 PLD File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-761/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8568", "zdi_id": "ZDI-19-761" }, { "cve": "CVE-2019-8058", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-760/advisory.json", "detail_path": "advisories/ZDI-19-760", "id": "ZDI-19-760", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm fillColor Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-760/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8800", "zdi_id": "ZDI-19-760" }, { "cve": "CVE-2019-8057", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-759/advisory.json", "detail_path": "advisories/ZDI-19-759", "id": "ZDI-19-759", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm textSize Property Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-759/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8798", "zdi_id": "ZDI-19-759" }, { "cve": "CVE-2019-8056", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-758/advisory.json", "detail_path": "advisories/ZDI-19-758", "id": "ZDI-19-758", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm strokeColor Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-758/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8797", "zdi_id": "ZDI-19-758" }, { "cve": "CVE-2019-8059", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-757/advisory.json", "detail_path": "advisories/ZDI-19-757", "id": "ZDI-19-757", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm lineWidth Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-757/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8795", "zdi_id": "ZDI-19-757" }, { "cve": "CVE-2019-8053", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-756/advisory.json", "detail_path": "advisories/ZDI-19-756", "id": "ZDI-19-756", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm submitName Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-756/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8799", "zdi_id": "ZDI-19-756" }, { "cve": "CVE-2019-8054", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-755/advisory.json", "detail_path": "advisories/ZDI-19-755", "id": "ZDI-19-755", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm rect Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-755/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8796", "zdi_id": "ZDI-19-755" }, { "cve": "CVE-2019-8051", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-754/advisory.json", "detail_path": "advisories/ZDI-19-754", "id": "ZDI-19-754", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm userName Property Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-754/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8794", "zdi_id": "ZDI-19-754" }, { "cve": "CVE-2019-8052", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-753/advisory.json", "detail_path": "advisories/ZDI-19-753", "id": "ZDI-19-753", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-753/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8788", "zdi_id": "ZDI-19-753" }, { "cve": "CVE-2019-8040", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-752/advisory.json", "detail_path": "advisories/ZDI-19-752", "id": "ZDI-19-752", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-752/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8694", "zdi_id": "ZDI-19-752" }, { "cve": "CVE-2019-8039", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-751/advisory.json", "detail_path": "advisories/ZDI-19-751", "id": "ZDI-19-751", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-751/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8651", "zdi_id": "ZDI-19-751" }, { "cve": "CVE-2019-8038", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-750/advisory.json", "detail_path": "advisories/ZDI-19-750", "id": "ZDI-19-750", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Field Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-750/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8650", "zdi_id": "ZDI-19-750" }, { "cve": "CVE-2019-8037", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-749/advisory.json", "detail_path": "advisories/ZDI-19-749", "id": "ZDI-19-749", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-749/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8684", "zdi_id": "ZDI-19-749" }, { "cve": "CVE-2019-8035", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-748/advisory.json", "detail_path": "advisories/ZDI-19-748", "id": "ZDI-19-748", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Reader DC XFA aliasNode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-748/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8483", "zdi_id": "ZDI-19-748" }, { "cve": "CVE-2019-8033", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-747/advisory.json", "detail_path": "advisories/ZDI-19-747", "id": "ZDI-19-747", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm setFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-747/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8755", "zdi_id": "ZDI-19-747" }, { "cve": "CVE-2019-8034", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-746/advisory.json", "detail_path": "advisories/ZDI-19-746", "id": "ZDI-19-746", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Reader DC XFA ready Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-746/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8546", "zdi_id": "ZDI-19-746" }, { "cve": "CVE-2019-8027", "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-745/advisory.json", "detail_path": "advisories/ZDI-19-745", "id": "ZDI-19-745", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Reader DC Protected View Text Copy Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-745/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8763", "zdi_id": "ZDI-19-745" }, { "cve": "CVE-2019-8019", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-744/advisory.json", "detail_path": "advisories/ZDI-19-744", "id": "ZDI-19-744", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC PostScript executive Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-744/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8621", "zdi_id": "ZDI-19-744" }, { "cve": "CVE-2019-7994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-743/advisory.json", "detail_path": "advisories/ZDI-19-743", "id": "ZDI-19-743", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript load Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-743/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8699", "zdi_id": "ZDI-19-743" }, { "cve": "CVE-2019-7995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-742/advisory.json", "detail_path": "advisories/ZDI-19-742", "id": "ZDI-19-742", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript blend Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-742/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8697", "zdi_id": "ZDI-19-742" }, { "cve": "CVE-2019-7996", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-741/advisory.json", "detail_path": "advisories/ZDI-19-741", "id": "ZDI-19-741", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript load Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-741/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8571", "zdi_id": "ZDI-19-741" }, { "cve": "CVE-2019-7988", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-740/advisory.json", "detail_path": "advisories/ZDI-19-740", "id": "ZDI-19-740", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript callothersubr Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-740/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8698", "zdi_id": "ZDI-19-740" }, { "cve": "CVE-2019-7989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-739/advisory.json", "detail_path": "advisories/ZDI-19-739", "id": "ZDI-19-739", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop JSX File ExtendScript Folder.execute Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-739/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8522", "zdi_id": "ZDI-19-739" }, { "cve": "CVE-2019-7976", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-738/advisory.json", "detail_path": "advisories/ZDI-19-738", "id": "ZDI-19-738", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript drop Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-738/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8555", "zdi_id": "ZDI-19-738" }, { "cve": "CVE-2019-7977", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-737/advisory.json", "detail_path": "advisories/ZDI-19-737", "id": "ZDI-19-737", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript callothersubr Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-737/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8554", "zdi_id": "ZDI-19-737" }, { "cve": "CVE-2019-7978", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-736/advisory.json", "detail_path": "advisories/ZDI-19-736", "id": "ZDI-19-736", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript put Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-736/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8549", "zdi_id": "ZDI-19-736" }, { "cve": "CVE-2019-7979", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-735/advisory.json", "detail_path": "advisories/ZDI-19-735", "id": "ZDI-19-735", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript callothersubr Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-735/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8540", "zdi_id": "ZDI-19-735" }, { "cve": "CVE-2019-7980", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-734/advisory.json", "detail_path": "advisories/ZDI-19-734", "id": "ZDI-19-734", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript sbw Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-734/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8520", "zdi_id": "ZDI-19-734" }, { "cve": "CVE-2019-7981", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-733/advisory.json", "detail_path": "advisories/ZDI-19-733", "id": "ZDI-19-733", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript hsbw Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-733/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8516", "zdi_id": "ZDI-19-733" }, { "cve": "CVE-2019-7982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-732/advisory.json", "detail_path": "advisories/ZDI-19-732", "id": "ZDI-19-732", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript put Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-732/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8490", "zdi_id": "ZDI-19-732" }, { "cve": "CVE-2019-7983", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-731/advisory.json", "detail_path": "advisories/ZDI-19-731", "id": "ZDI-19-731", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript put Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-731/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8482", "zdi_id": "ZDI-19-731" }, { "cve": "CVE-2019-7984", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-730/advisory.json", "detail_path": "advisories/ZDI-19-730", "id": "ZDI-19-730", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript put Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-730/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8481", "zdi_id": "ZDI-19-730" }, { "cve": "CVE-2019-7985", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-729/advisory.json", "detail_path": "advisories/ZDI-19-729", "id": "ZDI-19-729", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript load Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-729/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8480", "zdi_id": "ZDI-19-729" }, { "cve": "CVE-2019-7986", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-19-728/advisory.json", "detail_path": "advisories/ZDI-19-728", "id": "ZDI-19-728", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript File Font Parsing Charstring store Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-728/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8479", "zdi_id": "ZDI-19-728" }, { "cve": "CVE-2019-7987", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-727/advisory.json", "detail_path": "advisories/ZDI-19-727", "id": "ZDI-19-727", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Photoshop PostScript File Font Parsing Charstring index Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-727/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8475", "zdi_id": "ZDI-19-727" }, { "cve": "CVE-2019-8013", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-726/advisory.json", "detail_path": "advisories/ZDI-19-726", "id": "ZDI-19-726", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-726/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8442", "zdi_id": "ZDI-19-726" }, { "cve": "CVE-2019-8014", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-725/advisory.json", "detail_path": "advisories/ZDI-19-725", "id": "ZDI-19-725", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm Bitmap File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-725/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8342", "zdi_id": "ZDI-19-725" }, { "cve": "CVE-2019-8008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-724/advisory.json", "detail_path": "advisories/ZDI-19-724", "id": "ZDI-19-724", "kind": "published", "published_date": "2019-08-19", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-724/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7863", "zdi_id": "ZDI-19-724" }, { "cve": "CVE-2019-0988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-723/advisory.json", "detail_path": "advisories/ZDI-19-723", "id": "ZDI-19-723", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Microsoft Windows jscript9 RegExp.input Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-723/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8609", "zdi_id": "ZDI-19-723" }, { "cve": "CVE-2019-13513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-722/advisory.json", "detail_path": "advisories/ZDI-19-722", "id": "ZDI-19-722", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-722/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8282", "zdi_id": "ZDI-19-722" }, { "cve": "CVE-2019-13513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-721/advisory.json", "detail_path": "advisories/ZDI-19-721", "id": "ZDI-19-721", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-721/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8254", "zdi_id": "ZDI-19-721" }, { "cve": "CVE-2019-13513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-720/advisory.json", "detail_path": "advisories/ZDI-19-720", "id": "ZDI-19-720", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-720/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8253", "zdi_id": "ZDI-19-720" }, { "cve": "CVE-2019-13513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-719/advisory.json", "detail_path": "advisories/ZDI-19-719", "id": "ZDI-19-719", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-719/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8252", "zdi_id": "ZDI-19-719" }, { "cve": "CVE-2019-13513", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-718/advisory.json", "detail_path": "advisories/ZDI-19-718", "id": "ZDI-19-718", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-718/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8251", "zdi_id": "ZDI-19-718" }, { "cve": "CVE-2019-13514", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-717/advisory.json", "detail_path": "advisories/ZDI-19-717", "id": "ZDI-19-717", "kind": "published", "published_date": "2019-08-16", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-717/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8250", "zdi_id": "ZDI-19-717" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-716/advisory.json", "detail_path": "advisories/ZDI-19-716", "id": "ZDI-19-716", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-716/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8313", "zdi_id": "ZDI-19-716" }, { "cve": "CVE-2019-1201", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-715/advisory.json", "detail_path": "advisories/ZDI-19-715", "id": "ZDI-19-715", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Word DOC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-715/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8599", "zdi_id": "ZDI-19-715" }, { "cve": "CVE-2019-1158", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-714/advisory.json", "detail_path": "advisories/ZDI-19-714", "id": "ZDI-19-714", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-714/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8353", "zdi_id": "ZDI-19-714" }, { "cve": "CVE-2019-1157", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affecred installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-713/advisory.json", "detail_path": "advisories/ZDI-19-713", "id": "ZDI-19-713", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-713/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8351", "zdi_id": "ZDI-19-713" }, { "cve": "CVE-2019-1156", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-712/advisory.json", "detail_path": "advisories/ZDI-19-712", "id": "ZDI-19-712", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-712/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8131", "zdi_id": "ZDI-19-712" }, { "cve": "CVE-2019-1155", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-711/advisory.json", "detail_path": "advisories/ZDI-19-711", "id": "ZDI-19-711", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-711/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8121", "zdi_id": "ZDI-19-711" }, { "cve": "CVE-2019-1187", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to produce a denial-of-service condition on affected installations of Microsoft Windows. Interaction with the XmlLite.dll library is required to exploit this vulnerability but attack vectors may vary depending on the...", "detail_json": "/data/advisories/ZDI-19-710/advisory.json", "detail_path": "advisories/ZDI-19-710", "id": "ZDI-19-710", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows XmlLite XML space Attribute Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-710/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8494", "zdi_id": "ZDI-19-710" }, { "cve": "CVE-2019-1169", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-709/advisory.json", "detail_path": "advisories/ZDI-19-709", "id": "ZDI-19-709", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows xxxMNDragOver Null Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-709/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8422", "zdi_id": "ZDI-19-709" }, { "cve": "CVE-2019-1145", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-708/advisory.json", "detail_path": "advisories/ZDI-19-708", "id": "ZDI-19-708", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-708/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7792", "zdi_id": "ZDI-19-708" }, { "cve": "CVE-2019-1144", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-707/advisory.json", "detail_path": "advisories/ZDI-19-707", "id": "ZDI-19-707", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-707/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7790", "zdi_id": "ZDI-19-707" }, { "cve": "CVE-2019-1184", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-706/advisory.json", "detail_path": "advisories/ZDI-19-706", "id": "ZDI-19-706", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows CoreShellCOMServerRegistrar Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-706/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7715", "zdi_id": "ZDI-19-706" }, { "cve": "CVE-2019-1148", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-705/advisory.json", "detail_path": "advisories/ZDI-19-705", "id": "ZDI-19-705", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-705/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7793", "zdi_id": "ZDI-19-705" }, { "cve": "CVE-2019-1143", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-704/advisory.json", "detail_path": "advisories/ZDI-19-704", "id": "ZDI-19-704", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-704/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7671", "zdi_id": "ZDI-19-704" }, { "cve": "CVE-2019-1146", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-703/advisory.json", "detail_path": "advisories/ZDI-19-703", "id": "ZDI-19-703", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-703/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8278", "zdi_id": "ZDI-19-703" }, { "cve": "CVE-2019-1147", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-702/advisory.json", "detail_path": "advisories/ZDI-19-702", "id": "ZDI-19-702", "kind": "published", "published_date": "2019-08-13", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-702/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8277", "zdi_id": "ZDI-19-702" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EZAutomation EZPLC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-701/advisory.json", "detail_path": "advisories/ZDI-19-701", "id": "ZDI-19-701", "kind": "published", "published_date": "2019-08-12", "status": "published", "title": "(0Day) EZAutomation EZPLC EZC File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-701/", "vendor": "EZAutomation", "vendor_url": null, "zdi_can": "ZDI-CAN-8028", "zdi_id": "ZDI-19-701" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EZAutomation EZTouch Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-700/advisory.json", "detail_path": "advisories/ZDI-19-700", "id": "ZDI-19-700", "kind": "published", "published_date": "2019-08-12", "status": "published", "title": "(0Day) EZAutomation EZTouch Editor EZP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-700/", "vendor": "EZAutomation", "vendor_url": null, "zdi_can": "ZDI-CAN-7890", "zdi_id": "ZDI-19-700" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-699/advisory.json", "detail_path": "advisories/ZDI-19-699", "id": "ZDI-19-699", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-699/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8096", "zdi_id": "ZDI-19-699" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-698/advisory.json", "detail_path": "advisories/ZDI-19-698", "id": "ZDI-19-698", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-698/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8060", "zdi_id": "ZDI-19-698" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-697/advisory.json", "detail_path": "advisories/ZDI-19-697", "id": "ZDI-19-697", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-697/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8017", "zdi_id": "ZDI-19-697" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-696/advisory.json", "detail_path": "advisories/ZDI-19-696", "id": "ZDI-19-696", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-696/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8015", "zdi_id": "ZDI-19-696" }, { "cve": "CVE-2019-13511", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-19-695/advisory.json", "detail_path": "advisories/ZDI-19-695", "id": "ZDI-19-695", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-695/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8014", "zdi_id": "ZDI-19-695" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-694/advisory.json", "detail_path": "advisories/ZDI-19-694", "id": "ZDI-19-694", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-694/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8013", "zdi_id": "ZDI-19-694" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-693/advisory.json", "detail_path": "advisories/ZDI-19-693", "id": "ZDI-19-693", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-693/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8016", "zdi_id": "ZDI-19-693" }, { "cve": "CVE-2019-13510", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-19-692/advisory.json", "detail_path": "advisories/ZDI-19-692", "id": "ZDI-19-692", "kind": "published", "published_date": "2019-08-08", "status": "published", "title": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-692/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8012", "zdi_id": "ZDI-19-692" }, { "cve": "CVE-2019-10961", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-691/advisory.json", "detail_path": "advisories/ZDI-19-691", "id": "ZDI-19-691", "kind": "published", "published_date": "2019-08-05", "status": "published", "title": "Advantech WebAccess HMI Designer MCR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-691/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7805", "zdi_id": "ZDI-19-691" }, { "cve": "CVE-2019-13512", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric FRENIC Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-19-690/advisory.json", "detail_path": "advisories/ZDI-19-690", "id": "ZDI-19-690", "kind": "published", "published_date": "2019-08-05", "status": "published", "title": "Fuji Electric FRENIC Loader FN1 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-690/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7921", "zdi_id": "ZDI-19-690" }, { "cve": "CVE-2019-10980", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-689/advisory.json", "detail_path": "advisories/ZDI-19-689", "id": "ZDI-19-689", "kind": "published", "published_date": "2019-08-05", "status": "published", "title": "LAquis SCADA LQS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-689/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-8200", "zdi_id": "ZDI-19-689" }, { "cve": "CVE-2019-10994", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-688/advisory.json", "detail_path": "advisories/ZDI-19-688", "id": "ZDI-19-688", "kind": "published", "published_date": "2019-08-05", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-688/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-8198", "zdi_id": "ZDI-19-688" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...", "detail_json": "/data/advisories/ZDI-19-687/advisory.json", "detail_path": "advisories/ZDI-19-687", "id": "ZDI-19-687", "kind": "published", "published_date": "2019-08-05", "status": "published", "title": "(0Day) SolarWinds Orion Network Performance Monitor ExecuteExternalProgram Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-687/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-8476", "zdi_id": "ZDI-19-687" }, { "cve": "CVE-2019-8692", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple MacOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-686/advisory.json", "detail_path": "advisories/ZDI-19-686", "id": "ZDI-19-686", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDAccelResource initialize Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-686/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8536", "zdi_id": "ZDI-19-686" }, { "cve": "CVE-2019-8697", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-19-685/advisory.json", "detail_path": "advisories/ZDI-19-685", "id": "ZDI-19-685", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS diskmanagementd Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-685/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8320", "zdi_id": "ZDI-19-685" }, { "cve": "CVE-2019-8681", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-684/advisory.json", "detail_path": "advisories/ZDI-19-684", "id": "ZDI-19-684", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple Safari InlineFlowBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-684/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8439", "zdi_id": "ZDI-19-684" }, { "cve": "CVE-2019-8658", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-683/advisory.json", "detail_path": "advisories/ZDI-19-683", "id": "ZDI-19-683", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple Safari operationPutByValOptimize Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-683/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8489", "zdi_id": "ZDI-19-683" }, { "cve": "CVE-2019-8691", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-682/advisory.json", "detail_path": "advisories/ZDI-19-682", "id": "ZDI-19-682", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDSIGLContext RsrcAndXorByteFlag Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-682/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8532", "zdi_id": "ZDI-19-682" }, { "cve": "CVE-2019-8644", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-681/advisory.json", "detail_path": "advisories/ZDI-19-681", "id": "ZDI-19-681", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple Safari CSSFontFace Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-681/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8627", "zdi_id": "ZDI-19-681" }, { "cve": "CVE-2019-8695", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-680/advisory.json", "detail_path": "advisories/ZDI-19-680", "id": "ZDI-19-680", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS Grapher Memory Corruption Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-680/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8530", "zdi_id": "ZDI-19-680" }, { "cve": "CVE-2019-8669", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-679/advisory.json", "detail_path": "advisories/ZDI-19-679", "id": "ZDI-19-679", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple Safari bind Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-679/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8542", "zdi_id": "ZDI-19-679" }, { "cve": "CVE-2019-8657", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-678/advisory.json", "detail_path": "advisories/ZDI-19-678", "id": "ZDI-19-678", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS parseSummaryInfo Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-678/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8582", "zdi_id": "ZDI-19-678" }, { "cve": "CVE-2019-8686", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-677/advisory.json", "detail_path": "advisories/ZDI-19-677", "id": "ZDI-19-677", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple Safari FloatingObjects Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-677/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7864", "zdi_id": "ZDI-19-677" }, { "cve": "CVE-2019-8582", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-676/advisory.json", "detail_path": "advisories/ZDI-19-676", "id": "ZDI-19-676", "kind": "published", "published_date": "2019-07-24", "status": "published", "title": "Apple macOS CoreText Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-676/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8291", "zdi_id": "ZDI-19-676" }, { "cve": "CVE-2019-10992", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-19-675/advisory.json", "detail_path": "advisories/ZDI-19-675", "id": "ZDI-19-675", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-675/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8648", "zdi_id": "ZDI-19-675" }, { "cve": "CVE-2019-10992", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-19-674/advisory.json", "detail_path": "advisories/ZDI-19-674", "id": "ZDI-19-674", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-674/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8634", "zdi_id": "ZDI-19-674" }, { "cve": "CVE-2019-10982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-19-673/advisory.json", "detail_path": "advisories/ZDI-19-673", "id": "ZDI-19-673", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-673/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8633", "zdi_id": "ZDI-19-673" }, { "cve": "CVE-2019-10982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-19-672/advisory.json", "detail_path": "advisories/ZDI-19-672", "id": "ZDI-19-672", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-672/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8629", "zdi_id": "ZDI-19-672" }, { "cve": "CVE-2019-6827", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-671/advisory.json", "detail_path": "advisories/ZDI-19-671", "id": "ZDI-19-671", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Schneider Electric IGSS MDB Database BaseUnits UnitIdx Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-671/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8284", "zdi_id": "ZDI-19-671" }, { "cve": null, "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-670/advisory.json", "detail_path": "advisories/ZDI-19-670", "id": "ZDI-19-670", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "(0Day) Microsoft Windows ole32 OleCreateFontIndirectExt Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-670/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7959", "zdi_id": "ZDI-19-670" }, { "cve": "CVE-2019-8592", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-669/advisory.json", "detail_path": "advisories/ZDI-19-669", "id": "ZDI-19-669", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Apple macOS AudioCodecs Memory Corruption Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-669/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8092", "zdi_id": "ZDI-19-669" }, { "cve": "CVE-2019-2859", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-19-668/advisory.json", "detail_path": "advisories/ZDI-19-668", "id": "ZDI-19-668", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox vusbUrbSubmitCtrl Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-668/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8572", "zdi_id": "ZDI-19-668" }, { "cve": "CVE-2019-2866", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-667/advisory.json", "detail_path": "advisories/ZDI-19-667", "id": "ZDI-19-667", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle VirtualBox WINED3DSIH_TEX Opcode Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-667/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8417", "zdi_id": "ZDI-19-667" }, { "cve": "CVE-2019-2867", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-666/advisory.json", "detail_path": "advisories/ZDI-19-666", "id": "ZDI-19-666", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle VirtualBox vertexshader_set_limits Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-666/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8410", "zdi_id": "ZDI-19-666" }, { "cve": "CVE-2019-2865", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-665/advisory.json", "detail_path": "advisories/ZDI-19-665", "id": "ZDI-19-665", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle VirtualBox vmsvga3dSetTransform Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-665/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8317", "zdi_id": "ZDI-19-665" }, { "cve": "CVE-2019-2864", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-19-664/advisory.json", "detail_path": "advisories/ZDI-19-664", "id": "ZDI-19-664", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle VirtualBox vmsvga3dSetRenderState Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-664/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8467", "zdi_id": "ZDI-19-664" }, { "cve": "CVE-2019-2827", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeploymentService, which listens on TCP port 7001...", "detail_json": "/data/advisories/ZDI-19-663/advisory.json", "detail_path": "advisories/ZDI-19-663", "id": "ZDI-19-663", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle WebLogic DeploymentService Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2019-07-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-663/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8666", "zdi_id": "ZDI-19-663" }, { "cve": "CVE-2019-2799", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Database. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-662/advisory.json", "detail_path": "advisories/ZDI-19-662", "id": "ZDI-19-662", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle Database ODBC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-662/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7226", "zdi_id": "ZDI-19-662" }, { "cve": "CVE-2019-2863", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerabil...", "detail_json": "/data/advisories/ZDI-19-661/advisory.json", "detail_path": "advisories/ZDI-19-661", "id": "ZDI-19-661", "kind": "published", "published_date": "2019-07-22", "status": "published", "title": "Oracle VirtualBox cr_unpackData Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-661/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7159", "zdi_id": "ZDI-19-661" }, { "cve": "CVE-2019-13322", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-660/advisory.json", "detail_path": "advisories/ZDI-19-660", "id": "ZDI-19-660", "kind": "published", "published_date": "2019-07-12", "status": "published", "title": "(Pwn2Own) Xiaomi Browser miui.share APK Download Remote Code Execution Vulnerability", "updated_date": "2020-02-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-660/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7483", "zdi_id": "ZDI-19-660" }, { "cve": "CVE-2019-13321", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw e...", "detail_json": "/data/advisories/ZDI-19-659/advisory.json", "detail_path": "advisories/ZDI-19-659", "id": "ZDI-19-659", "kind": "published", "published_date": "2019-07-12", "status": "published", "title": "(Pwn2Own) Xiaomi Browser Captive Portal WebView Authorization Bypass Vulnerability", "updated_date": "2020-02-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-659/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7467", "zdi_id": "ZDI-19-659" }, { "cve": "CVE-2019-6822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric ZelioSoft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-658/advisory.json", "detail_path": "advisories/ZDI-19-658", "id": "ZDI-19-658", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-658/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7895", "zdi_id": "ZDI-19-658" }, { "cve": "CVE-2019-9811", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-19-657/advisory.json", "detail_path": "advisories/ZDI-19-657", "id": "ZDI-19-657", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Mozilla Firefox Language Pack XUL Injection Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-657/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-8374", "zdi_id": "ZDI-19-657" }, { "cve": "CVE-2019-7963", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-656/advisory.json", "detail_path": "advisories/ZDI-19-656", "id": "ZDI-19-656", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Adobe Bridge CC SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-656/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7875", "zdi_id": "ZDI-19-656" }, { "cve": "CVE-2019-1112", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-655/advisory.json", "detail_path": "advisories/ZDI-19-655", "id": "ZDI-19-655", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Excel Filename Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-655/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8524", "zdi_id": "ZDI-19-655" }, { "cve": "CVE-2019-1093", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-654/advisory.json", "detail_path": "advisories/ZDI-19-654", "id": "ZDI-19-654", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows DirectWrite Integer Underflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-654/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8332", "zdi_id": "ZDI-19-654" }, { "cve": "CVE-2019-1093", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-653/advisory.json", "detail_path": "advisories/ZDI-19-653", "id": "ZDI-19-653", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-653/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8034", "zdi_id": "ZDI-19-653" }, { "cve": "CVE-2019-1094", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable instances of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-652/advisory.json", "detail_path": "advisories/ZDI-19-652", "id": "ZDI-19-652", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus ConvertToEMFPlus Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-652/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8197", "zdi_id": "ZDI-19-652" }, { "cve": "CVE-2019-1095", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-651/advisory.json", "detail_path": "advisories/ZDI-19-651", "id": "ZDI-19-651", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-651/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8190", "zdi_id": "ZDI-19-651" }, { "cve": "CVE-2019-1101", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-650/advisory.json", "detail_path": "advisories/ZDI-19-650", "id": "ZDI-19-650", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-650/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8202", "zdi_id": "ZDI-19-650" }, { "cve": "CVE-2019-1102", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-649/advisory.json", "detail_path": "advisories/ZDI-19-649", "id": "ZDI-19-649", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus EMF Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-649/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8112", "zdi_id": "ZDI-19-649" }, { "cve": "CVE-2019-1116", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-648/advisory.json", "detail_path": "advisories/ZDI-19-648", "id": "ZDI-19-648", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-648/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8058", "zdi_id": "ZDI-19-648" }, { "cve": "CVE-2019-1097", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-647/advisory.json", "detail_path": "advisories/ZDI-19-647", "id": "ZDI-19-647", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-647/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8055", "zdi_id": "ZDI-19-647" }, { "cve": "CVE-2019-1098", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-646/advisory.json", "detail_path": "advisories/ZDI-19-646", "id": "ZDI-19-646", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-646/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8050", "zdi_id": "ZDI-19-646" }, { "cve": "CVE-2019-1099", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-645/advisory.json", "detail_path": "advisories/ZDI-19-645", "id": "ZDI-19-645", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8037", "zdi_id": "ZDI-19-645" }, { "cve": "CVE-2019-1100", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-644/advisory.json", "detail_path": "advisories/ZDI-19-644", "id": "ZDI-19-644", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-644/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8036", "zdi_id": "ZDI-19-644" }, { "cve": "CVE-2019-1110", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-643/advisory.json", "detail_path": "advisories/ZDI-19-643", "id": "ZDI-19-643", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Office Excel Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-643/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7749", "zdi_id": "ZDI-19-643" }, { "cve": "CVE-2019-1111", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-642/advisory.json", "detail_path": "advisories/ZDI-19-642", "id": "ZDI-19-642", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Office Excel OLE Object Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-642/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7605", "zdi_id": "ZDI-19-642" }, { "cve": "CVE-2019-0948", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-641/advisory.json", "detail_path": "advisories/ZDI-19-641", "id": "ZDI-19-641", "kind": "published", "published_date": "2019-07-10", "status": "published", "title": "Microsoft Windows Event Viewer XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2019-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-641/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6191", "zdi_id": "ZDI-19-641" }, { "cve": "CVE-2019-9353", "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. The specific f...", "detail_json": "/data/advisories/ZDI-19-640/advisory.json", "detail_path": "advisories/ZDI-19-640", "id": "ZDI-19-640", "kind": "published", "published_date": "2019-07-08", "status": "published", "title": "Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-08-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-640/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-7860", "zdi_id": "ZDI-19-640" }, { "cve": "CVE-2019-0920", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-639/advisory.json", "detail_path": "advisories/ZDI-19-639", "id": "ZDI-19-639", "kind": "published", "published_date": "2019-07-08", "status": "published", "title": "Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7855", "zdi_id": "ZDI-19-639" }, { "cve": "CVE-2019-0920", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-638/advisory.json", "detail_path": "advisories/ZDI-19-638", "id": "ZDI-19-638", "kind": "published", "published_date": "2019-07-08", "status": "published", "title": "Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-638/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7854", "zdi_id": "ZDI-19-638" }, { "cve": "CVE-2019-13320", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-637/advisory.json", "detail_path": "advisories/ZDI-19-637", "id": "ZDI-19-637", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader AcroForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-637/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8814", "zdi_id": "ZDI-19-637" }, { "cve": "CVE-2019-13319", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-636/advisory.json", "detail_path": "advisories/ZDI-19-636", "id": "ZDI-19-636", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-636/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8669", "zdi_id": "ZDI-19-636" }, { "cve": "CVE-2019-13318", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-635/advisory.json", "detail_path": "advisories/ZDI-19-635", "id": "ZDI-19-635", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader Format String Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-635/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8544", "zdi_id": "ZDI-19-635" }, { "cve": "CVE-2019-13317", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-634/advisory.json", "detail_path": "advisories/ZDI-19-634", "id": "ZDI-19-634", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-634/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8759", "zdi_id": "ZDI-19-634" }, { "cve": "CVE-2019-13316", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-633/advisory.json", "detail_path": "advisories/ZDI-19-633", "id": "ZDI-19-633", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-633/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8757", "zdi_id": "ZDI-19-633" }, { "cve": "CVE-2019-13315", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-19-632/advisory.json", "detail_path": "advisories/ZDI-19-632", "id": "ZDI-19-632", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader Text removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-632/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8656", "zdi_id": "ZDI-19-632" }, { "cve": "CVE-2019-6776", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-631/advisory.json", "detail_path": "advisories/ZDI-19-631", "id": "ZDI-19-631", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit PhantomPDF addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-631/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8801", "zdi_id": "ZDI-19-631" }, { "cve": "CVE-2019-6775", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-630/advisory.json", "detail_path": "advisories/ZDI-19-630", "id": "ZDI-19-630", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-630/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8491", "zdi_id": "ZDI-19-630" }, { "cve": "CVE-2019-6774", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-629/advisory.json", "detail_path": "advisories/ZDI-19-629", "id": "ZDI-19-629", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Foxit Reader AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-629/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8295", "zdi_id": "ZDI-19-629" }, { "cve": "CVE-2019-7804", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-628/advisory.json", "detail_path": "advisories/ZDI-19-628", "id": "ZDI-19-628", "kind": "published", "published_date": "2019-07-05", "status": "published", "title": "Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-628/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8018", "zdi_id": "ZDI-19-628" }, { "cve": "CVE-2019-0920", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-627/advisory.json", "detail_path": "advisories/ZDI-19-627", "id": "ZDI-19-627", "kind": "published", "published_date": "2019-07-04", "status": "published", "title": "Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-627/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7853", "zdi_id": "ZDI-19-627" }, { "cve": "CVE-2019-0920", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-626/advisory.json", "detail_path": "advisories/ZDI-19-626", "id": "ZDI-19-626", "kind": "published", "published_date": "2019-07-04", "status": "published", "title": "Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-626/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7755", "zdi_id": "ZDI-19-626" }, { "cve": "CVE-2019-0920", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-625/advisory.json", "detail_path": "advisories/ZDI-19-625", "id": "ZDI-19-625", "kind": "published", "published_date": "2019-07-04", "status": "published", "title": "Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-625/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7754", "zdi_id": "ZDI-19-625" }, { "cve": "CVE-2019-0906", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-624/advisory.json", "detail_path": "advisories/ZDI-19-624", "id": "ZDI-19-624", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Microsoft Windows JET Database Engine Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-624/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7868", "zdi_id": "ZDI-19-624" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27F4 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-623/advisory.json", "detail_path": "advisories/ZDI-19-623", "id": "ZDI-19-623", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess viewsrv SQLGetData Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2024-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-623/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8119", "zdi_id": "ZDI-19-623" }, { "cve": "CVE-2019-10985", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-622/advisory.json", "detail_path": "advisories/ZDI-19-622", "id": "ZDI-19-622", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-622/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8194", "zdi_id": "ZDI-19-622" }, { "cve": "CVE-2019-10983", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within viewsrv.dll, which is accessed th...", "detail_json": "/data/advisories/ZDI-19-621/advisory.json", "detail_path": "advisories/ZDI-19-621", "id": "ZDI-19-621", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-621/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8193", "zdi_id": "ZDI-19-621" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwclient.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-620/advisory.json", "detail_path": "advisories/ZDI-19-620", "id": "ZDI-19-620", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Client bwclient Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-620/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8191", "zdi_id": "ZDI-19-620" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmail.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-19-619/advisory.json", "detail_path": "advisories/ZDI-19-619", "id": "ZDI-19-619", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node bwmail Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-619/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8189", "zdi_id": "ZDI-19-619" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E6 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-618/advisory.json", "detail_path": "advisories/ZDI-19-618", "id": "ZDI-19-618", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLNumParams Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-618/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8152", "zdi_id": "ZDI-19-618" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2780 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-617/advisory.json", "detail_path": "advisories/ZDI-19-617", "id": "ZDI-19-617", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv rewind Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-617/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8151", "zdi_id": "ZDI-19-617" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27DB IOCTL in...", "detail_json": "/data/advisories/ZDI-19-616/advisory.json", "detail_path": "advisories/ZDI-19-616", "id": "ZDI-19-616", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLFreeConnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-616/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8150", "zdi_id": "ZDI-19-616" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27D9 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-615/advisory.json", "detail_path": "advisories/ZDI-19-615", "id": "ZDI-19-615", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLFreeEnv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-615/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8148", "zdi_id": "ZDI-19-615" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27DD IOCTL in...", "detail_json": "/data/advisories/ZDI-19-614/advisory.json", "detail_path": "advisories/ZDI-19-614", "id": "ZDI-19-614", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLDisconnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-614/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8147", "zdi_id": "ZDI-19-614" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-613/advisory.json", "detail_path": "advisories/ZDI-19-613", "id": "ZDI-19-613", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv findClose Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-613/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8146", "zdi_id": "ZDI-19-613" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27EC IOCTL in...", "detail_json": "/data/advisories/ZDI-19-612/advisory.json", "detail_path": "advisories/ZDI-19-612", "id": "ZDI-19-612", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLParamData Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-612/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8145", "zdi_id": "ZDI-19-612" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E4 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-611/advisory.json", "detail_path": "advisories/ZDI-19-611", "id": "ZDI-19-611", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLExecDirect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-611/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8144", "zdi_id": "ZDI-19-611" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27F1 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-610/advisory.json", "detail_path": "advisories/ZDI-19-610", "id": "ZDI-19-610", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLFetch Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-610/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8143", "zdi_id": "ZDI-19-610" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27DE IOCTL in...", "detail_json": "/data/advisories/ZDI-19-609/advisory.json", "detail_path": "advisories/ZDI-19-609", "id": "ZDI-19-609", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLSetConnectOption Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-609/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8142", "zdi_id": "ZDI-19-609" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27EB IOCTL in...", "detail_json": "/data/advisories/ZDI-19-608/advisory.json", "detail_path": "advisories/ZDI-19-608", "id": "ZDI-19-608", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLCancel Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-608/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8141", "zdi_id": "ZDI-19-608" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277B IOCTL in...", "detail_json": "/data/advisories/ZDI-19-607/advisory.json", "detail_path": "advisories/ZDI-19-607", "id": "ZDI-19-607", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv fClose Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-607/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8140", "zdi_id": "ZDI-19-607" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277F IOCTL in...", "detail_json": "/data/advisories/ZDI-19-606/advisory.json", "detail_path": "advisories/ZDI-19-606", "id": "ZDI-19-606", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv ftell Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-606/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8139", "zdi_id": "ZDI-19-606" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27DC IOCTL in...", "detail_json": "/data/advisories/ZDI-19-605/advisory.json", "detail_path": "advisories/ZDI-19-605", "id": "ZDI-19-605", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLConnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-605/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8138", "zdi_id": "ZDI-19-605" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2781 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-604/advisory.json", "detail_path": "advisories/ZDI-19-604", "id": "ZDI-19-604", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv fileno Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-604/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8137", "zdi_id": "ZDI-19-604" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277D IOCTL in...", "detail_json": "/data/advisories/ZDI-19-603/advisory.json", "detail_path": "advisories/ZDI-19-603", "id": "ZDI-19-603", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv fWrite Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-603/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8136", "zdi_id": "ZDI-19-603" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E7 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-602/advisory.json", "detail_path": "advisories/ZDI-19-602", "id": "ZDI-19-602", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLNumResultCols Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-602/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8135", "zdi_id": "ZDI-19-602" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27DA IOCTL in...", "detail_json": "/data/advisories/ZDI-19-601/advisory.json", "detail_path": "advisories/ZDI-19-601", "id": "ZDI-19-601", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLAllocConnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-601/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8133", "zdi_id": "ZDI-19-601" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E8 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-600/advisory.json", "detail_path": "advisories/ZDI-19-600", "id": "ZDI-19-600", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLDescribeParam Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-600/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8130", "zdi_id": "ZDI-19-600" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E2 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-599/advisory.json", "detail_path": "advisories/ZDI-19-599", "id": "ZDI-19-599", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLFreeStmt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-599/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8129", "zdi_id": "ZDI-19-599" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E5 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-598/advisory.json", "detail_path": "advisories/ZDI-19-598", "id": "ZDI-19-598", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLPrepare Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-598/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8128", "zdi_id": "ZDI-19-598" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E9 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-597/advisory.json", "detail_path": "advisories/ZDI-19-597", "id": "ZDI-19-597", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLSetParam Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-597/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8127", "zdi_id": "ZDI-19-597" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E1 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-596/advisory.json", "detail_path": "advisories/ZDI-19-596", "id": "ZDI-19-596", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLAllocStmt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-596/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8126", "zdi_id": "ZDI-19-596" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27E3 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-595/advisory.json", "detail_path": "advisories/ZDI-19-595", "id": "ZDI-19-595", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLSetStmtAttr Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-595/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8118", "zdi_id": "ZDI-19-595" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwscrp.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-19-594/advisory.json", "detail_path": "advisories/ZDI-19-594", "id": "ZDI-19-594", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-594/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8117", "zdi_id": "ZDI-19-594" }, { "cve": "CVE-2019-10993", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27ea IOCTL in...", "detail_json": "/data/advisories/ZDI-19-593/advisory.json", "detail_path": "advisories/ZDI-19-593", "id": "ZDI-19-593", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node viewsrv SQLExecute Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-593/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8116", "zdi_id": "ZDI-19-593" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebv.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-592/advisory.json", "detail_path": "advisories/ZDI-19-592", "id": "ZDI-19-592", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-592/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7906", "zdi_id": "ZDI-19-592" }, { "cve": "CVE-2019-10989", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x113d1 IOCTL i...", "detail_json": "/data/advisories/ZDI-19-591/advisory.json", "detail_path": "advisories/ZDI-19-591", "id": "ZDI-19-591", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node BwPAlarm Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-591/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8068", "zdi_id": "ZDI-19-591" }, { "cve": "CVE-2019-10989", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11372 IOCTL i...", "detail_json": "/data/advisories/ZDI-19-590/advisory.json", "detail_path": "advisories/ZDI-19-590", "id": "ZDI-19-590", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node BwPAlarm CreateMonitoredItemEx Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-590/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8067", "zdi_id": "ZDI-19-590" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1138a IOCTL i...", "detail_json": "/data/advisories/ZDI-19-589/advisory.json", "detail_path": "advisories/ZDI-19-589", "id": "ZDI-19-589", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node BwPAlarm GetProjectIdByName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-589/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8064", "zdi_id": "ZDI-19-589" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x113cd IOCTL i...", "detail_json": "/data/advisories/ZDI-19-588/advisory.json", "detail_path": "advisories/ZDI-19-588", "id": "ZDI-19-588", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node BwPAlarm Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-588/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-8063", "zdi_id": "ZDI-19-588" }, { "cve": "CVE-2019-10987", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL in...", "detail_json": "/data/advisories/ZDI-19-587/advisory.json", "detail_path": "advisories/ZDI-19-587", "id": "ZDI-19-587", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node webvrpcs viewsrv Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-587/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7952", "zdi_id": "ZDI-19-587" }, { "cve": "CVE-2019-10991", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x271C IOCTL in...", "detail_json": "/data/advisories/ZDI-19-586/advisory.json", "detail_path": "advisories/ZDI-19-586", "id": "ZDI-19-586", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node webvrpcs viewsrv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-586/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7951", "zdi_id": "ZDI-19-586" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within makensis.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-19-585/advisory.json", "detail_path": "advisories/ZDI-19-585", "id": "ZDI-19-585", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-585/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7911", "zdi_id": "ZDI-19-585" }, { "cve": "CVE-2019-10987", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwdraw.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-19-584/advisory.json", "detail_path": "advisories/ZDI-19-584", "id": "ZDI-19-584", "kind": "published", "published_date": "2019-07-02", "status": "published", "title": "Advantech WebAccess Node bwdraw Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-584/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7438", "zdi_id": "ZDI-19-584" }, { "cve": null, "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to modify requests on affected installations of Alibaba Alipay. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-19-583/advisory.json", "detail_path": "advisories/ZDI-19-583", "id": "ZDI-19-583", "kind": "published", "published_date": "2019-06-27", "status": "published", "title": "(0Day) Alibaba Alipay URL Scheme Handling Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-583/", "vendor": "Alibaba", "vendor_url": null, "zdi_can": "ZDI-CAN-6995", "zdi_id": "ZDI-19-583" }, { "cve": "CVE-2019-10072", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Apache Tomcat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 requests. A cr...", "detail_json": "/data/advisories/ZDI-19-582/advisory.json", "detail_path": "advisories/ZDI-19-582", "id": "ZDI-19-582", "kind": "published", "published_date": "2019-06-21", "status": "published", "title": "Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-582/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-8630", "zdi_id": "ZDI-19-582" }, { "cve": "CVE-2017-8533", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-581/advisory.json", "detail_path": "advisories/ZDI-19-581", "id": "ZDI-19-581", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Microsoft Windows DirectWrite Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-581/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8331", "zdi_id": "ZDI-19-581" }, { "cve": "CVE-2019-1013", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-580/advisory.json", "detail_path": "advisories/ZDI-19-580", "id": "ZDI-19-580", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8038", "zdi_id": "ZDI-19-580" }, { "cve": "CVE-2019-12869", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-19-579/advisory.json", "detail_path": "advisories/ZDI-19-579", "id": "ZDI-19-579", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-579/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7781", "zdi_id": "ZDI-19-579" }, { "cve": "CVE-2019-12871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-578/advisory.json", "detail_path": "advisories/ZDI-19-578", "id": "ZDI-19-578", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-578/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7780", "zdi_id": "ZDI-19-578" }, { "cve": "CVE-2019-12871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-577/advisory.json", "detail_path": "advisories/ZDI-19-577", "id": "ZDI-19-577", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-577/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7786", "zdi_id": "ZDI-19-577" }, { "cve": "CVE-2019-12871", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-576/advisory.json", "detail_path": "advisories/ZDI-19-576", "id": "ZDI-19-576", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-576/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7785", "zdi_id": "ZDI-19-576" }, { "cve": "CVE-2019-12870", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-575/advisory.json", "detail_path": "advisories/ZDI-19-575", "id": "ZDI-19-575", "kind": "published", "published_date": "2019-06-20", "status": "published", "title": "Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-575/", "vendor": "Phoenix Contact", "vendor_url": null, "zdi_can": "ZDI-CAN-7784", "zdi_id": "ZDI-19-575" }, { "cve": "CVE-2019-12828", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Electronic Arts Origin. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the...", "detail_json": "/data/advisories/ZDI-19-574/advisory.json", "detail_path": "advisories/ZDI-19-574", "id": "ZDI-19-574", "kind": "published", "published_date": "2019-06-17", "status": "published", "title": "Electronic Arts Origin URI Handler Remote Command Execution Vulnerability", "updated_date": "2019-09-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-574/", "vendor": "Electronic Arts", "vendor_url": null, "zdi_can": "ZDI-CAN-8686", "zdi_id": "ZDI-19-574" }, { "cve": "CVE-2019-1013", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-573/advisory.json", "detail_path": "advisories/ZDI-19-573", "id": "ZDI-19-573", "kind": "published", "published_date": "2019-06-17", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-573/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8094", "zdi_id": "ZDI-19-573" }, { "cve": "CVE-2019-1035", "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-572/advisory.json", "detail_path": "advisories/ZDI-19-572", "id": "ZDI-19-572", "kind": "published", "published_date": "2019-06-14", "status": "published", "title": "Microsoft Word Table Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-572/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8531", "zdi_id": "ZDI-19-572" }, { "cve": "CVE-2019-1065", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-571/advisory.json", "detail_path": "advisories/ZDI-19-571", "id": "ZDI-19-571", "kind": "published", "published_date": "2019-06-14", "status": "published", "title": "Microsoft Windows DirectComposition PropertySet Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-571/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8371", "zdi_id": "ZDI-19-571" }, { "cve": "CVE-2019-6532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-570/advisory.json", "detail_path": "advisories/ZDI-19-570", "id": "ZDI-19-570", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Panasonic Control FPWIN PRO Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-7850", "zdi_id": "ZDI-19-570" }, { "cve": "CVE-2019-8519", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-569/advisory.json", "detail_path": "advisories/ZDI-19-569", "id": "ZDI-19-569", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDAccelResource Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-569/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8288", "zdi_id": "ZDI-19-569" }, { "cve": "CVE-2019-6532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-568/advisory.json", "detail_path": "advisories/ZDI-19-568", "id": "ZDI-19-568", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-7851", "zdi_id": "ZDI-19-568" }, { "cve": "CVE-2019-6530", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-567/advisory.json", "detail_path": "advisories/ZDI-19-567", "id": "ZDI-19-567", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Panasonic Control FPWIN PRO Project File Parsing sc_app Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-7852", "zdi_id": "ZDI-19-567" }, { "cve": "CVE-2019-6532", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-566/advisory.json", "detail_path": "advisories/ZDI-19-566", "id": "ZDI-19-566", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Panasonic Control FPWIN PRO Project File Parsing us_plcfg Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-7849", "zdi_id": "ZDI-19-566" }, { "cve": "CVE-2019-6530", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-565/advisory.json", "detail_path": "advisories/ZDI-19-565", "id": "ZDI-19-565", "kind": "published", "published_date": "2019-06-13", "status": "published", "title": "Panasonic Control FPWIN PRO Project File Parsing ctreestd Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-7848", "zdi_id": "ZDI-19-565" }, { "cve": "CVE-2019-7845", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-564/advisory.json", "detail_path": "advisories/ZDI-19-564", "id": "ZDI-19-564", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8453", "zdi_id": "ZDI-19-564" }, { "cve": "CVE-2019-1016", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-563/advisory.json", "detail_path": "advisories/ZDI-19-563", "id": "ZDI-19-563", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-563/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8045", "zdi_id": "ZDI-19-563" }, { "cve": "CVE-2019-1034", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-562/advisory.json", "detail_path": "advisories/ZDI-19-562", "id": "ZDI-19-562", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Word DOCX Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-562/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8340", "zdi_id": "ZDI-19-562" }, { "cve": "CVE-2019-1049", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-561/advisory.json", "detail_path": "advisories/ZDI-19-561", "id": "ZDI-19-561", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-561/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8056", "zdi_id": "ZDI-19-561" }, { "cve": "CVE-2019-1041", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-560/advisory.json", "detail_path": "advisories/ZDI-19-560", "id": "ZDI-19-560", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectComposition PropertySet Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-560/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8369", "zdi_id": "ZDI-19-560" }, { "cve": "CVE-2019-1046", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-559/advisory.json", "detail_path": "advisories/ZDI-19-559", "id": "ZDI-19-559", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-559/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8049", "zdi_id": "ZDI-19-559" }, { "cve": "CVE-2019-1015", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-558/advisory.json", "detail_path": "advisories/ZDI-19-558", "id": "ZDI-19-558", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-558/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8054", "zdi_id": "ZDI-19-558" }, { "cve": "CVE-2019-1012", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-557/advisory.json", "detail_path": "advisories/ZDI-19-557", "id": "ZDI-19-557", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-557/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8225", "zdi_id": "ZDI-19-557" }, { "cve": "CVE-2019-1046", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-556/advisory.json", "detail_path": "advisories/ZDI-19-556", "id": "ZDI-19-556", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-556/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8051", "zdi_id": "ZDI-19-556" }, { "cve": "CVE-2019-1010", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-555/advisory.json", "detail_path": "advisories/ZDI-19-555", "id": "ZDI-19-555", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus EMR_CREATEDIBPATTERNBRUSHPT Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-555/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8227", "zdi_id": "ZDI-19-555" }, { "cve": "CVE-2019-1050", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-554/advisory.json", "detail_path": "advisories/ZDI-19-554", "id": "ZDI-19-554", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-554/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8052", "zdi_id": "ZDI-19-554" }, { "cve": "CVE-2019-1011", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-553/advisory.json", "detail_path": "advisories/ZDI-19-553", "id": "ZDI-19-553", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-553/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8048", "zdi_id": "ZDI-19-553" }, { "cve": "CVE-2019-1048", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-552/advisory.json", "detail_path": "advisories/ZDI-19-552", "id": "ZDI-19-552", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-552/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8032", "zdi_id": "ZDI-19-552" }, { "cve": "CVE-2019-1009", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-551/advisory.json", "detail_path": "advisories/ZDI-19-551", "id": "ZDI-19-551", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-551/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8033", "zdi_id": "ZDI-19-551" }, { "cve": "CVE-2019-1049", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-550/advisory.json", "detail_path": "advisories/ZDI-19-550", "id": "ZDI-19-550", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-550/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8040", "zdi_id": "ZDI-19-550" }, { "cve": "CVE-2019-1011", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-549/advisory.json", "detail_path": "advisories/ZDI-19-549", "id": "ZDI-19-549", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-549/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8041", "zdi_id": "ZDI-19-549" }, { "cve": "CVE-2019-1047", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-548/advisory.json", "detail_path": "advisories/ZDI-19-548", "id": "ZDI-19-548", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-548/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8046", "zdi_id": "ZDI-19-548" }, { "cve": "CVE-2019-0977", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-547/advisory.json", "detail_path": "advisories/ZDI-19-547", "id": "ZDI-19-547", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-547/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8047", "zdi_id": "ZDI-19-547" }, { "cve": "CVE-2019-1016", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-546/advisory.json", "detail_path": "advisories/ZDI-19-546", "id": "ZDI-19-546", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-546/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8039", "zdi_id": "ZDI-19-546" }, { "cve": "CVE-2019-0968", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-545/advisory.json", "detail_path": "advisories/ZDI-19-545", "id": "ZDI-19-545", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows gdiplus Font Parsing Off-By-One Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-545/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8031", "zdi_id": "ZDI-19-545" }, { "cve": "CVE-2019-0908", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-544/advisory.json", "detail_path": "advisories/ZDI-19-544", "id": "ZDI-19-544", "kind": "published", "published_date": "2019-06-11", "status": "published", "title": "Microsoft Windows Jet Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-544/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7957", "zdi_id": "ZDI-19-544" }, { "cve": "CVE-2019-8635", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Apple MacOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-19-543/advisory.json", "detail_path": "advisories/ZDI-19-543", "id": "ZDI-19-543", "kind": "published", "published_date": "2019-06-07", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDSIGLContext Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-543/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8345", "zdi_id": "ZDI-19-543" }, { "cve": "CVE-2019-8585", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-542/advisory.json", "detail_path": "advisories/ZDI-19-542", "id": "ZDI-19-542", "kind": "published", "published_date": "2019-06-07", "status": "published", "title": "Apple macOS ACGetNewAU Memory Corruption Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-542/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8108", "zdi_id": "ZDI-19-542" }, { "cve": "CVE-2019-8606", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-19-541/advisory.json", "detail_path": "advisories/ZDI-19-541", "id": "ZDI-19-541", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple macOS kextutil Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-541/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8367", "zdi_id": "ZDI-19-541" }, { "cve": "CVE-2019-8603", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-540/advisory.json", "detail_path": "advisories/ZDI-19-540", "id": "ZDI-19-540", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari cfAttributedStringUnserialize Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-540/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8366", "zdi_id": "ZDI-19-540" }, { "cve": "CVE-2019-8635", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-19-539/advisory.json", "detail_path": "advisories/ZDI-19-539", "id": "ZDI-19-539", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple macOS AMDRadeonX4000_AMDSIGLContext discard_StretchTex2Tex Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-539/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8547", "zdi_id": "ZDI-19-539" }, { "cve": "CVE-2019-8616", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-19-538/advisory.json", "detail_path": "advisories/ZDI-19-538", "id": "ZDI-19-538", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple macOS IOAccelSharedUserClient2 Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-538/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8356", "zdi_id": "ZDI-19-538" }, { "cve": "CVE-2019-8610", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-537/advisory.json", "detail_path": "advisories/ZDI-19-537", "id": "ZDI-19-537", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari FontFace Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-537/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7970", "zdi_id": "ZDI-19-537" }, { "cve": "CVE-2019-8587", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-536/advisory.json", "detail_path": "advisories/ZDI-19-536", "id": "ZDI-19-536", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari HTMLFormElement Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-536/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8106", "zdi_id": "ZDI-19-536" }, { "cve": "CVE-2019-6237", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-535/advisory.json", "detail_path": "advisories/ZDI-19-535", "id": "ZDI-19-535", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari createRenderers Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-535/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-8004", "zdi_id": "ZDI-19-535" }, { "cve": "CVE-2019-8571", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-534/advisory.json", "detail_path": "advisories/ZDI-19-534", "id": "ZDI-19-534", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari WebDataListSuggestionPicker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-534/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7730", "zdi_id": "ZDI-19-534" }, { "cve": "CVE-2019-8608", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-533/advisory.json", "detail_path": "advisories/ZDI-19-533", "id": "ZDI-19-533", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari RenderBlockFlow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-533/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7643", "zdi_id": "ZDI-19-533" }, { "cve": "CVE-2019-8597", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-532/advisory.json", "detail_path": "advisories/ZDI-19-532", "id": "ZDI-19-532", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari RenderInline Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-532/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7731", "zdi_id": "ZDI-19-532" }, { "cve": "CVE-2019-8595", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-531/advisory.json", "detail_path": "advisories/ZDI-19-531", "id": "ZDI-19-531", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari ContextMenu Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-531/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7555", "zdi_id": "ZDI-19-531" }, { "cve": "CVE-2019-8584", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-530/advisory.json", "detail_path": "advisories/ZDI-19-530", "id": "ZDI-19-530", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari RootInlineBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-530/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7611", "zdi_id": "ZDI-19-530" }, { "cve": "CVE-2019-8615", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-529/advisory.json", "detail_path": "advisories/ZDI-19-529", "id": "ZDI-19-529", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Apple Safari BreakingContext Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-529/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7600", "zdi_id": "ZDI-19-529" }, { "cve": "CVE-2019-11956", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-528/advisory.json", "detail_path": "advisories/ZDI-19-528", "id": "ZDI-19-528", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center ByteMessageResource transformEntity Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-528/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6943", "zdi_id": "ZDI-19-528" }, { "cve": "CVE-2019-11985", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-527/advisory.json", "detail_path": "advisories/ZDI-19-527", "id": "ZDI-19-527", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center choosePerfView Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-527/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6906", "zdi_id": "ZDI-19-527" }, { "cve": "CVE-2019-11955", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-526/advisory.json", "detail_path": "advisories/ZDI-19-526", "id": "ZDI-19-526", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-526/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6888", "zdi_id": "ZDI-19-526" }, { "cve": "CVE-2019-11954", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-525/advisory.json", "detail_path": "advisories/ZDI-19-525", "id": "ZDI-19-525", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operationSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-525/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6887", "zdi_id": "ZDI-19-525" }, { "cve": "CVE-2019-11948", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-524/advisory.json", "detail_path": "advisories/ZDI-19-524", "id": "ZDI-19-524", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center ifViewSelectPage Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-524/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6878", "zdi_id": "ZDI-19-524" }, { "cve": "CVE-2019-11953", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-523/advisory.json", "detail_path": "advisories/ZDI-19-523", "id": "ZDI-19-523", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center smsRulesDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-523/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6877", "zdi_id": "ZDI-19-523" }, { "cve": "CVE-2019-11952", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-522/advisory.json", "detail_path": "advisories/ZDI-19-522", "id": "ZDI-19-522", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center faultTrapGroupSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-522/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6874", "zdi_id": "ZDI-19-522" }, { "cve": "CVE-2019-11951", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-521/advisory.json", "detail_path": "advisories/ZDI-19-521", "id": "ZDI-19-521", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center faultEventSelectFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-521/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6873", "zdi_id": "ZDI-19-521" }, { "cve": "CVE-2019-11950", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-520/advisory.json", "detail_path": "advisories/ZDI-19-520", "id": "ZDI-19-520", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center WebSocket Shape3DWebSocketServlet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-520/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6804", "zdi_id": "ZDI-19-520" }, { "cve": "CVE-2019-11949", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-519/advisory.json", "detail_path": "advisories/ZDI-19-519", "id": "ZDI-19-519", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-519/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6761", "zdi_id": "ZDI-19-519" }, { "cve": "CVE-2019-5370", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-518/advisory.json", "detail_path": "advisories/ZDI-19-518", "id": "ZDI-19-518", "kind": "published", "published_date": "2019-05-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-518/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6760", "zdi_id": "ZDI-19-518" }, { "cve": "CVE-2019-10975", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha7. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-517/advisory.json", "detail_path": "advisories/ZDI-19-517", "id": "ZDI-19-517", "kind": "published", "published_date": "2019-05-29", "status": "published", "title": "Fuji Electric Alpha7 PC Loader A7P File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-517/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-8030", "zdi_id": "ZDI-19-517" }, { "cve": "CVE-2019-5515", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-19-516/advisory.json", "detail_path": "advisories/ZDI-19-516", "id": "ZDI-19-516", "kind": "published", "published_date": "2019-05-29", "status": "published", "title": "VMware Workstation e1000 Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-516/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-7804", "zdi_id": "ZDI-19-516" }, { "cve": "CVE-2019-6744", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerability installations of Samsung Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists...", "detail_json": "/data/advisories/ZDI-19-515/advisory.json", "detail_path": "advisories/ZDI-19-515", "id": "ZDI-19-515", "kind": "published", "published_date": "2019-05-29", "status": "published", "title": "Samsung Knox Secure Folder Lock Screen Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-515/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-7381", "zdi_id": "ZDI-19-515" }, { "cve": "CVE-2019-7830", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-514/advisory.json", "detail_path": "advisories/ZDI-19-514", "id": "ZDI-19-514", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JavaScript Annotation Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-514/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8437", "zdi_id": "ZDI-19-514" }, { "cve": "CVE-2019-7827", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-513/advisory.json", "detail_path": "advisories/ZDI-19-513", "id": "ZDI-19-513", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC imageDistiller Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-513/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8421", "zdi_id": "ZDI-19-513" }, { "cve": "CVE-2019-7828", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-512/advisory.json", "detail_path": "advisories/ZDI-19-512", "id": "ZDI-19-512", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ASCII85Decode Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-512/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8419", "zdi_id": "ZDI-19-512" }, { "cve": "CVE-2019-7829", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-511/advisory.json", "detail_path": "advisories/ZDI-19-511", "id": "ZDI-19-511", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-511/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8411", "zdi_id": "ZDI-19-511" }, { "cve": "CVE-2019-7826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-510/advisory.json", "detail_path": "advisories/ZDI-19-510", "id": "ZDI-19-510", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA Template Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-510/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8348", "zdi_id": "ZDI-19-510" }, { "cve": "CVE-2019-7825", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-509/advisory.json", "detail_path": "advisories/ZDI-19-509", "id": "ZDI-19-509", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-509/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8266", "zdi_id": "ZDI-19-509" }, { "cve": "CVE-2019-7824", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-508/advisory.json", "detail_path": "advisories/ZDI-19-508", "id": "ZDI-19-508", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JOBOPTIONS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-508/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8104", "zdi_id": "ZDI-19-508" }, { "cve": "CVE-2019-7823", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-507/advisory.json", "detail_path": "advisories/ZDI-19-507", "id": "ZDI-19-507", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Reader DC EScript Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-507/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8341", "zdi_id": "ZDI-19-507" }, { "cve": "CVE-2019-7821", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-506/advisory.json", "detail_path": "advisories/ZDI-19-506", "id": "ZDI-19-506", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JPEG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-506/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8268", "zdi_id": "ZDI-19-506" }, { "cve": "CVE-2019-7822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-505/advisory.json", "detail_path": "advisories/ZDI-19-505", "id": "ZDI-19-505", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-505/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8265", "zdi_id": "ZDI-19-505" }, { "cve": "CVE-2019-7820", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-504/advisory.json", "detail_path": "advisories/ZDI-19-504", "id": "ZDI-19-504", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA Template Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-504/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8293", "zdi_id": "ZDI-19-504" }, { "cve": "CVE-2019-7818", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-503/advisory.json", "detail_path": "advisories/ZDI-19-503", "id": "ZDI-19-503", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-503/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8228", "zdi_id": "ZDI-19-503" }, { "cve": "CVE-2019-7817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-502/advisory.json", "detail_path": "advisories/ZDI-19-502", "id": "ZDI-19-502", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JavaScript Annotations Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-502/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7939", "zdi_id": "ZDI-19-502" }, { "cve": "CVE-2019-7814", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-501/advisory.json", "detail_path": "advisories/ZDI-19-501", "id": "ZDI-19-501", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-501/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7858", "zdi_id": "ZDI-19-501" }, { "cve": "CVE-2019-7809", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-500/advisory.json", "detail_path": "advisories/ZDI-19-500", "id": "ZDI-19-500", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Reader DC removeField Use-After-Free Information Disclosure Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-500/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8180", "zdi_id": "ZDI-19-500" }, { "cve": "CVE-2019-7810", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-499/advisory.json", "detail_path": "advisories/ZDI-19-499", "id": "ZDI-19-499", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-499/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8021", "zdi_id": "ZDI-19-499" }, { "cve": "CVE-2019-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-498/advisory.json", "detail_path": "advisories/ZDI-19-498", "id": "ZDI-19-498", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-498/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8279", "zdi_id": "ZDI-19-498" }, { "cve": "CVE-2019-7798", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-497/advisory.json", "detail_path": "advisories/ZDI-19-497", "id": "ZDI-19-497", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-497/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8203", "zdi_id": "ZDI-19-497" }, { "cve": "CVE-2019-7796", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-496/advisory.json", "detail_path": "advisories/ZDI-19-496", "id": "ZDI-19-496", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-496/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8125", "zdi_id": "ZDI-19-496" }, { "cve": "CVE-2019-7799", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-495/advisory.json", "detail_path": "advisories/ZDI-19-495", "id": "ZDI-19-495", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-495/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8084", "zdi_id": "ZDI-19-495" }, { "cve": "CVE-2019-7800", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-494/advisory.json", "detail_path": "advisories/ZDI-19-494", "id": "ZDI-19-494", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-494/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8081", "zdi_id": "ZDI-19-494" }, { "cve": "CVE-2019-7803", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-493/advisory.json", "detail_path": "advisories/ZDI-19-493", "id": "ZDI-19-493", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-493/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8019", "zdi_id": "ZDI-19-493" }, { "cve": "CVE-2019-7801", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-492/advisory.json", "detail_path": "advisories/ZDI-19-492", "id": "ZDI-19-492", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-492/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8002", "zdi_id": "ZDI-19-492" }, { "cve": "CVE-2019-7802", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-491/advisory.json", "detail_path": "advisories/ZDI-19-491", "id": "ZDI-19-491", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-491/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8000", "zdi_id": "ZDI-19-491" }, { "cve": "CVE-2019-7797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-490/advisory.json", "detail_path": "advisories/ZDI-19-490", "id": "ZDI-19-490", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA PDEContent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-490/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7787", "zdi_id": "ZDI-19-490" }, { "cve": "CVE-2019-7794", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-489/advisory.json", "detail_path": "advisories/ZDI-19-489", "id": "ZDI-19-489", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-489/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8224", "zdi_id": "ZDI-19-489" }, { "cve": "CVE-2019-7785", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-488/advisory.json", "detail_path": "advisories/ZDI-19-488", "id": "ZDI-19-488", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript colorimage Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-488/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7971", "zdi_id": "ZDI-19-488" }, { "cve": "CVE-2019-7786", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-487/advisory.json", "detail_path": "advisories/ZDI-19-487", "id": "ZDI-19-487", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-487/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7964", "zdi_id": "ZDI-19-487" }, { "cve": "CVE-2019-7787", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-486/advisory.json", "detail_path": "advisories/ZDI-19-486", "id": "ZDI-19-486", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-486/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7896", "zdi_id": "ZDI-19-486" }, { "cve": "CVE-2019-7145", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-485/advisory.json", "detail_path": "advisories/ZDI-19-485", "id": "ZDI-19-485", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-485/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7938", "zdi_id": "ZDI-19-485" }, { "cve": "CVE-2019-7760", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-484/advisory.json", "detail_path": "advisories/ZDI-19-484", "id": "ZDI-19-484", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm XFA removeInstance Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-484/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7917", "zdi_id": "ZDI-19-484" }, { "cve": "CVE-2019-7759", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-483/advisory.json", "detail_path": "advisories/ZDI-19-483", "id": "ZDI-19-483", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC AcroForm XFA Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-483/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7684", "zdi_id": "ZDI-19-483" }, { "cve": "CVE-2019-7758", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-482/advisory.json", "detail_path": "advisories/ZDI-19-482", "id": "ZDI-19-482", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-482/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7680", "zdi_id": "ZDI-19-482" }, { "cve": "CVE-2019-7144", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-481/advisory.json", "detail_path": "advisories/ZDI-19-481", "id": "ZDI-19-481", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-481/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7748", "zdi_id": "ZDI-19-481" }, { "cve": "CVE-2019-7143", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-480/advisory.json", "detail_path": "advisories/ZDI-19-480", "id": "ZDI-19-480", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-480/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7676", "zdi_id": "ZDI-19-480" }, { "cve": "CVE-2019-7140", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-479/advisory.json", "detail_path": "advisories/ZDI-19-479", "id": "ZDI-19-479", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-479/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7775", "zdi_id": "ZDI-19-479" }, { "cve": "CVE-2019-7141", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-478/advisory.json", "detail_path": "advisories/ZDI-19-478", "id": "ZDI-19-478", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-478/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7774", "zdi_id": "ZDI-19-478" }, { "cve": "CVE-2019-7842", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe MediaEncoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-477/advisory.json", "detail_path": "advisories/ZDI-19-477", "id": "ZDI-19-477", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe MediaEncoder CC TIF File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-477/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7779", "zdi_id": "ZDI-19-477" }, { "cve": "CVE-2019-7844", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe MediaEncoder CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-476/advisory.json", "detail_path": "advisories/ZDI-19-476", "id": "ZDI-19-476", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Adobe MediaEncoder CC PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-476/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7778", "zdi_id": "ZDI-19-476" }, { "cve": "CVE-2019-0953", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logic that implements automatic line break...", "detail_json": "/data/advisories/ZDI-19-475/advisory.json", "detail_path": "advisories/ZDI-19-475", "id": "ZDI-19-475", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Mail HTML Line Breaking Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-475/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8423", "zdi_id": "ZDI-19-475" }, { "cve": "CVE-2019-0890", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-474/advisory.json", "detail_path": "advisories/ZDI-19-474", "id": "ZDI-19-474", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-474/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8281", "zdi_id": "ZDI-19-474" }, { "cve": "CVE-2019-0885", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-473/advisory.json", "detail_path": "advisories/ZDI-19-473", "id": "ZDI-19-473", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows ole32 BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-473/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7969", "zdi_id": "ZDI-19-473" }, { "cve": "CVE-2019-0961", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-472/advisory.json", "detail_path": "advisories/ZDI-19-472", "id": "ZDI-19-472", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-472/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8173", "zdi_id": "ZDI-19-472" }, { "cve": "CVE-2019-0938", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-19-471/advisory.json", "detail_path": "advisories/ZDI-19-471", "id": "ZDI-19-471", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Edge DownloadOperation Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-471/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8377", "zdi_id": "ZDI-19-471" }, { "cve": "CVE-2019-0940", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-470/advisory.json", "detail_path": "advisories/ZDI-19-470", "id": "ZDI-19-470", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Edge CDXImageRenderTarget Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-470/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8376", "zdi_id": "ZDI-19-470" }, { "cve": "CVE-2019-0937", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-469/advisory.json", "detail_path": "advisories/ZDI-19-469", "id": "ZDI-19-469", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Chakra Exception Handling Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-469/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8370", "zdi_id": "ZDI-19-469" }, { "cve": "CVE-2019-0897", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-468/advisory.json", "detail_path": "advisories/ZDI-19-468", "id": "ZDI-19-468", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Jet Database Engine Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-468/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7932", "zdi_id": "ZDI-19-468" }, { "cve": "CVE-2019-0895", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-467/advisory.json", "detail_path": "advisories/ZDI-19-467", "id": "ZDI-19-467", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Jet Database Engine Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-467/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7869", "zdi_id": "ZDI-19-467" }, { "cve": "CVE-2019-0896", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-466/advisory.json", "detail_path": "advisories/ZDI-19-466", "id": "ZDI-19-466", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Jet Database Engine Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-466/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7867", "zdi_id": "ZDI-19-466" }, { "cve": "CVE-2019-0894", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-465/advisory.json", "detail_path": "advisories/ZDI-19-465", "id": "ZDI-19-465", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-465/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7866", "zdi_id": "ZDI-19-465" }, { "cve": "CVE-2019-0902", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-464/advisory.json", "detail_path": "advisories/ZDI-19-464", "id": "ZDI-19-464", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows JET Database Engine Buffer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-464/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7833", "zdi_id": "ZDI-19-464" }, { "cve": "CVE-2019-0891", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-463/advisory.json", "detail_path": "advisories/ZDI-19-463", "id": "ZDI-19-463", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-463/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7839", "zdi_id": "ZDI-19-463" }, { "cve": "CVE-2019-0758", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-462/advisory.json", "detail_path": "advisories/ZDI-19-462", "id": "ZDI-19-462", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-462/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7789", "zdi_id": "ZDI-19-462" }, { "cve": "CVE-2019-0903", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-461/advisory.json", "detail_path": "advisories/ZDI-19-461", "id": "ZDI-19-461", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Windows Font Subsetting Library Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-461/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7788", "zdi_id": "ZDI-19-461" }, { "cve": "CVE-2019-0882", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-19-460/advisory.json", "detail_path": "advisories/ZDI-19-460", "id": "ZDI-19-460", "kind": "published", "published_date": "2019-05-15", "status": "published", "title": "Microsoft Office PowerPoint gdiplus ConvertToEmfPlus Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-460/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7670", "zdi_id": "ZDI-19-460" }, { "cve": "CVE-2019-11946", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. An attacker must first obtain the ability to execute low-privileged code on the target system...", "detail_json": "/data/advisories/ZDI-19-459/advisory.json", "detail_path": "advisories/ZDI-19-459", "id": "ZDI-19-459", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center Standard ImcLoginMgrImpl Hard-coded Cryptographic Key Credentials Disclosure Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-459/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6932", "zdi_id": "ZDI-19-459" }, { "cve": "CVE-2019-11947", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-19-458/advisory.json", "detail_path": "advisories/ZDI-19-458", "id": "ZDI-19-458", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Use of Hard-coded Credentials Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-458/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7033", "zdi_id": "ZDI-19-458" }, { "cve": "CVE-2019-11944", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-19-457/advisory.json", "detail_path": "advisories/ZDI-19-457", "id": "ZDI-19-457", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center AMF3 Externalizable Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-457/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6807", "zdi_id": "ZDI-19-457" }, { "cve": "CVE-2019-11945", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Acc...", "detail_json": "/data/advisories/ZDI-19-456/advisory.json", "detail_path": "advisories/ZDI-19-456", "id": "ZDI-19-456", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-456/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6885", "zdi_id": "ZDI-19-456" }, { "cve": "CVE-2019-11942", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-455/advisory.json", "detail_path": "advisories/ZDI-19-455", "id": "ZDI-19-455", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-455/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6911", "zdi_id": "ZDI-19-455" }, { "cve": "CVE-2019-11943", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-454/advisory.json", "detail_path": "advisories/ZDI-19-454", "id": "ZDI-19-454", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-454/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6757", "zdi_id": "ZDI-19-454" }, { "cve": "CVE-2019-5370", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-453/advisory.json", "detail_path": "advisories/ZDI-19-453", "id": "ZDI-19-453", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-453/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6755", "zdi_id": "ZDI-19-453" }, { "cve": "CVE-2019-11941", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-452/advisory.json", "detail_path": "advisories/ZDI-19-452", "id": "ZDI-19-452", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-452/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6857", "zdi_id": "ZDI-19-452" }, { "cve": "CVE-2019-7127", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-451/advisory.json", "detail_path": "advisories/ZDI-19-451", "id": "ZDI-19-451", "kind": "published", "published_date": "2019-05-09", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-451/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8264", "zdi_id": "ZDI-19-451" }, { "cve": "CVE-2018-14810", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-450/advisory.json", "detail_path": "advisories/ZDI-19-450", "id": "ZDI-19-450", "kind": "published", "published_date": "2019-05-02", "status": "published", "title": "(0Day) Wecon PIStudio HSC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-450/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7641", "zdi_id": "ZDI-19-450" }, { "cve": "CVE-2018-14810", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-19-449/advisory.json", "detail_path": "advisories/ZDI-19-449", "id": "ZDI-19-449", "kind": "published", "published_date": "2019-05-02", "status": "published", "title": "(0Day) Wecon PIStudio HSC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-12-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-449/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7635", "zdi_id": "ZDI-19-449" }, { "cve": null, "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on executables compiled using vulnerable installations of Microsoft Visual Studio. Attack vectors will vary depending on the nature of the executable in question, but would include opening a specia...", "detail_json": "/data/advisories/ZDI-19-448/advisory.json", "detail_path": "advisories/ZDI-19-448", "id": "ZDI-19-448", "kind": "published", "published_date": "2019-04-30", "status": "published", "title": "(0Day) Microsoft Visual Studio asm Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-11-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-448/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7816", "zdi_id": "ZDI-19-448" }, { "cve": "CVE-2019-6773", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-447/advisory.json", "detail_path": "advisories/ZDI-19-447", "id": "ZDI-19-447", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm richValue Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8272", "zdi_id": "ZDI-19-447" }, { "cve": "CVE-2019-6772", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-446/advisory.json", "detail_path": "advisories/ZDI-19-446", "id": "ZDI-19-446", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm removeField Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8231", "zdi_id": "ZDI-19-446" }, { "cve": "CVE-2019-6771", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-445/advisory.json", "detail_path": "advisories/ZDI-19-445", "id": "ZDI-19-445", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm value Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8230", "zdi_id": "ZDI-19-445" }, { "cve": "CVE-2019-6770", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-444/advisory.json", "detail_path": "advisories/ZDI-19-444", "id": "ZDI-19-444", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm resetForm Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8229", "zdi_id": "ZDI-19-444" }, { "cve": "CVE-2019-6769", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-443/advisory.json", "detail_path": "advisories/ZDI-19-443", "id": "ZDI-19-443", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8165", "zdi_id": "ZDI-19-443" }, { "cve": "CVE-2019-6768", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-442/advisory.json", "detail_path": "advisories/ZDI-19-442", "id": "ZDI-19-442", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8164", "zdi_id": "ZDI-19-442" }, { "cve": "CVE-2019-6767", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-441/advisory.json", "detail_path": "advisories/ZDI-19-441", "id": "ZDI-19-441", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8163", "zdi_id": "ZDI-19-441" }, { "cve": "CVE-2019-6766", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-440/advisory.json", "detail_path": "advisories/ZDI-19-440", "id": "ZDI-19-440", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader AcroForm removeField Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8162", "zdi_id": "ZDI-19-440" }, { "cve": "CVE-2019-6765", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-439/advisory.json", "detail_path": "advisories/ZDI-19-439", "id": "ZDI-19-439", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-8170", "zdi_id": "ZDI-19-439" }, { "cve": "CVE-2019-6764", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-438/advisory.json", "detail_path": "advisories/ZDI-19-438", "id": "ZDI-19-438", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader XFA Template Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7972", "zdi_id": "ZDI-19-438" }, { "cve": "CVE-2019-6763", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-437/advisory.json", "detail_path": "advisories/ZDI-19-437", "id": "ZDI-19-437", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader FoxitReaderCtl ToggleFormsDesign Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7874", "zdi_id": "ZDI-19-437" }, { "cve": "CVE-2019-6762", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-436/advisory.json", "detail_path": "advisories/ZDI-19-436", "id": "ZDI-19-436", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit PhantomPDF blink_core HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7844", "zdi_id": "ZDI-19-436" }, { "cve": "CVE-2019-6761", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-435/advisory.json", "detail_path": "advisories/ZDI-19-435", "id": "ZDI-19-435", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader XFA CXFA_FFDocView Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7777", "zdi_id": "ZDI-19-435" }, { "cve": "CVE-2019-6760", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-434/advisory.json", "detail_path": "advisories/ZDI-19-434", "id": "ZDI-19-434", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader ConvertToPDF JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7694", "zdi_id": "ZDI-19-434" }, { "cve": "CVE-2019-6759", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-433/advisory.json", "detail_path": "advisories/ZDI-19-433", "id": "ZDI-19-433", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader ConvertToPDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7614", "zdi_id": "ZDI-19-433" }, { "cve": "CVE-2019-6758", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-432/advisory.json", "detail_path": "advisories/ZDI-19-432", "id": "ZDI-19-432", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader ConvertToPDF JPG File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7701", "zdi_id": "ZDI-19-432" }, { "cve": "CVE-2019-6757", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-431/advisory.json", "detail_path": "advisories/ZDI-19-431", "id": "ZDI-19-431", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader ConvertToPDF JPG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7696", "zdi_id": "ZDI-19-431" }, { "cve": "CVE-2019-6756", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-430/advisory.json", "detail_path": "advisories/ZDI-19-430", "id": "ZDI-19-430", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit PhantomPDF net HTML File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7769", "zdi_id": "ZDI-19-430" }, { "cve": "CVE-2019-6755", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-429/advisory.json", "detail_path": "advisories/ZDI-19-429", "id": "ZDI-19-429", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader ConvertToPDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7613", "zdi_id": "ZDI-19-429" }, { "cve": "CVE-2019-6754", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-428/advisory.json", "detail_path": "advisories/ZDI-19-428", "id": "ZDI-19-428", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader localFileStorage Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7407", "zdi_id": "ZDI-19-428" }, { "cve": "CVE-2019-6753", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-427/advisory.json", "detail_path": "advisories/ZDI-19-427", "id": "ZDI-19-427", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit Reader XFA Stuff Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7561", "zdi_id": "ZDI-19-427" }, { "cve": "CVE-2019-6752", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-426/advisory.json", "detail_path": "advisories/ZDI-19-426", "id": "ZDI-19-426", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7620", "zdi_id": "ZDI-19-426" }, { "cve": "CVE-2019-2722", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-19-425/advisory.json", "detail_path": "advisories/ZDI-19-425", "id": "ZDI-19-425", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox e1000 Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-425/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8363", "zdi_id": "ZDI-19-425" }, { "cve": "CVE-2019-2723", "cvss": 6.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-19-424/advisory.json", "detail_path": "advisories/ZDI-19-424", "id": "ZDI-19-424", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox e1000 Race Condition Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-424/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8362", "zdi_id": "ZDI-19-424" }, { "cve": "CVE-2019-2723", "cvss": 4.4, "cvss_vector": null, "description_snippet": "Workstation This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu...", "detail_json": "/data/advisories/ZDI-19-423/advisory.json", "detail_path": "advisories/ZDI-19-423", "id": "ZDI-19-423", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "(Pwn2Own) Oracle VirtualBox OHCI Integer Overflow Information Disclosure Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-423/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8361", "zdi_id": "ZDI-19-423" }, { "cve": "CVE-2019-8534", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-19-422/advisory.json", "detail_path": "advisories/ZDI-19-422", "id": "ZDI-19-422", "kind": "published", "published_date": "2019-04-29", "status": "published", "title": "Apple macOS apfs Volume Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-422/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7344", "zdi_id": "ZDI-19-422" }, { "cve": "CVE-2019-5518", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-19-421/advisory.json", "detail_path": "advisories/ZDI-19-421", "id": "ZDI-19-421", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "(Pwn2Own) VMware Workstation UHCI Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-421/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-8372", "zdi_id": "ZDI-19-421" }, { "cve": "CVE-2019-5519", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-19-420/advisory.json", "detail_path": "advisories/ZDI-19-420", "id": "ZDI-19-420", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "(Pwn2Own) VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-8364", "zdi_id": "ZDI-19-420" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-419/advisory.json", "detail_path": "advisories/ZDI-19-419", "id": "ZDI-19-419", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-419/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8061", "zdi_id": "ZDI-19-419" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-418/advisory.json", "detail_path": "advisories/ZDI-19-418", "id": "ZDI-19-418", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-418/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-8059", "zdi_id": "ZDI-19-418" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-417/advisory.json", "detail_path": "advisories/ZDI-19-417", "id": "ZDI-19-417", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7946", "zdi_id": "ZDI-19-417" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-416/advisory.json", "detail_path": "advisories/ZDI-19-416", "id": "ZDI-19-416", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-416/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7962", "zdi_id": "ZDI-19-416" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-415/advisory.json", "detail_path": "advisories/ZDI-19-415", "id": "ZDI-19-415", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-415/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-7961", "zdi_id": "ZDI-19-415" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-414/advisory.json", "detail_path": "advisories/ZDI-19-414", "id": "ZDI-19-414", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2024-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-414/", "vendor": "Delta Electronics", "vendor_url": null, "zdi_can": "ZDI-CAN-7960", "zdi_id": "ZDI-19-414" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-413/advisory.json", "detail_path": "advisories/ZDI-19-413", "id": "ZDI-19-413", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor wMessageLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-413/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7947", "zdi_id": "ZDI-19-413" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-412/advisory.json", "detail_path": "advisories/ZDI-19-412", "id": "ZDI-19-412", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing GCodePatternLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-412/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7945", "zdi_id": "ZDI-19-412" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-411/advisory.json", "detail_path": "advisories/ZDI-19-411", "id": "ZDI-19-411", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoftScreenEditor DPB File Parsing wMessageLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-411/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7827", "zdi_id": "ZDI-19-411" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-410/advisory.json", "detail_path": "advisories/ZDI-19-410", "id": "ZDI-19-410", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing PanelName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7823", "zdi_id": "ZDI-19-410" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-409/advisory.json", "detail_path": "advisories/ZDI-19-409", "id": "ZDI-19-409", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wTextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-409/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7815", "zdi_id": "ZDI-19-409" }, { "cve": "CVE-2019-10951", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-408/advisory.json", "detail_path": "advisories/ZDI-19-408", "id": "ZDI-19-408", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wLanguageNameLen Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-408/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7831", "zdi_id": "ZDI-19-408" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-407/advisory.json", "detail_path": "advisories/ZDI-19-407", "id": "ZDI-19-407", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing GCodePatternLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-407/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7826", "zdi_id": "ZDI-19-407" }, { "cve": "CVE-2019-10949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-406/advisory.json", "detail_path": "advisories/ZDI-19-406", "id": "ZDI-19-406", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing DescwTextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-406/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7814", "zdi_id": "ZDI-19-406" }, { "cve": "CVE-2019-10951", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-405/advisory.json", "detail_path": "advisories/ZDI-19-405", "id": "ZDI-19-405", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wTextLen Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-405/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7813", "zdi_id": "ZDI-19-405" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-404/advisory.json", "detail_path": "advisories/ZDI-19-404", "id": "ZDI-19-404", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7812", "zdi_id": "ZDI-19-404" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-403/advisory.json", "detail_path": "advisories/ZDI-19-403", "id": "ZDI-19-403", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7811", "zdi_id": "ZDI-19-403" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-402/advisory.json", "detail_path": "advisories/ZDI-19-402", "id": "ZDI-19-402", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wFontTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7810", "zdi_id": "ZDI-19-402" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-401/advisory.json", "detail_path": "advisories/ZDI-19-401", "id": "ZDI-19-401", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7809", "zdi_id": "ZDI-19-401" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-400/advisory.json", "detail_path": "advisories/ZDI-19-400", "id": "ZDI-19-400", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7808", "zdi_id": "ZDI-19-400" }, { "cve": "CVE-2019-10947", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-19-399/advisory.json", "detail_path": "advisories/ZDI-19-399", "id": "ZDI-19-399", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7807", "zdi_id": "ZDI-19-399" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-398/advisory.json", "detail_path": "advisories/ZDI-19-398", "id": "ZDI-19-398", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribdvARB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-398/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7999", "zdi_id": "ZDI-19-398" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-397/advisory.json", "detail_path": "advisories/ZDI-19-397", "id": "ZDI-19-397", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexParameteriv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-397/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7992", "zdi_id": "ZDI-19-397" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-396/advisory.json", "detail_path": "advisories/ZDI-19-396", "id": "ZDI-19-396", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexGeniv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-396/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7990", "zdi_id": "ZDI-19-396" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-395/advisory.json", "detail_path": "advisories/ZDI-19-395", "id": "ZDI-19-395", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMaterialfv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-395/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7986", "zdi_id": "ZDI-19-395" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-394/advisory.json", "detail_path": "advisories/ZDI-19-394", "id": "ZDI-19-394", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetLightfv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-394/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7985", "zdi_id": "ZDI-19-394" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-393/advisory.json", "detail_path": "advisories/ZDI-19-393", "id": "ZDI-19-393", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetCombinerOutputParameterivNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-393/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7980", "zdi_id": "ZDI-19-393" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-392/advisory.json", "detail_path": "advisories/ZDI-19-392", "id": "ZDI-19-392", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetFinalCombinerInputParameterivNV Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-392/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7893", "zdi_id": "ZDI-19-392" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-391/advisory.json", "detail_path": "advisories/ZDI-19-391", "id": "ZDI-19-391", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribdvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-391/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7997", "zdi_id": "ZDI-19-391" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-390/advisory.json", "detail_path": "advisories/ZDI-19-390", "id": "ZDI-19-390", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetCombinerOutputParameterfvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-390/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7978", "zdi_id": "ZDI-19-390" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-389/advisory.json", "detail_path": "advisories/ZDI-19-389", "id": "ZDI-19-389", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetCombinerStageParameterfvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-389/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7979", "zdi_id": "ZDI-19-389" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-388/advisory.json", "detail_path": "advisories/ZDI-19-388", "id": "ZDI-19-388", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexEnvfv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-388/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-8276", "zdi_id": "ZDI-19-388" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-387/advisory.json", "detail_path": "advisories/ZDI-19-387", "id": "ZDI-19-387", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetProgramParameterfvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-387/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7987", "zdi_id": "ZDI-19-387" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-386/advisory.json", "detail_path": "advisories/ZDI-19-386", "id": "ZDI-19-386", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetLightiv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-386/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7982", "zdi_id": "ZDI-19-386" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-385/advisory.json", "detail_path": "advisories/ZDI-19-385", "id": "ZDI-19-385", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMaterialiv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-385/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7984", "zdi_id": "ZDI-19-385" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-384/advisory.json", "detail_path": "advisories/ZDI-19-384", "id": "ZDI-19-384", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribivNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-384/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7994", "zdi_id": "ZDI-19-384" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-383/advisory.json", "detail_path": "advisories/ZDI-19-383", "id": "ZDI-19-383", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribfvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-383/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7996", "zdi_id": "ZDI-19-383" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-382/advisory.json", "detail_path": "advisories/ZDI-19-382", "id": "ZDI-19-382", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexParameterfv Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-382/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7991", "zdi_id": "ZDI-19-382" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-381/advisory.json", "detail_path": "advisories/ZDI-19-381", "id": "ZDI-19-381", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetProgramParameterdvNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-381/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7988", "zdi_id": "ZDI-19-381" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-380/advisory.json", "detail_path": "advisories/ZDI-19-380", "id": "ZDI-19-380", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribfvARB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-380/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7995", "zdi_id": "ZDI-19-380" }, { "cve": "CVE-2019-2574", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-379/advisory.json", "detail_path": "advisories/ZDI-19-379", "id": "ZDI-19-379", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetVertexAttribivARB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-379/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7993", "zdi_id": "ZDI-19-379" }, { "cve": "CVE-2019-2690", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-378/advisory.json", "detail_path": "advisories/ZDI-19-378", "id": "ZDI-19-378", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crUnpackExtendShaderSource Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-378/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7892", "zdi_id": "ZDI-19-378" }, { "cve": "CVE-2019-2657", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-377/advisory.json", "detail_path": "advisories/ZDI-19-377", "id": "ZDI-19-377", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox CRClientPointer Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-377/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7363", "zdi_id": "ZDI-19-377" }, { "cve": "CVE-2019-2656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-376/advisory.json", "detail_path": "advisories/ZDI-19-376", "id": "ZDI-19-376", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Oracle VirtualBox crStateCopyTexImage2D Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-376/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7364", "zdi_id": "ZDI-19-376" }, { "cve": "CVE-2019-6751", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-375/advisory.json", "detail_path": "advisories/ZDI-19-375", "id": "ZDI-19-375", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7632", "zdi_id": "ZDI-19-375" }, { "cve": "CVE-2019-6750", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-374/advisory.json", "detail_path": "advisories/ZDI-19-374", "id": "ZDI-19-374", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo EZI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7639", "zdi_id": "ZDI-19-374" }, { "cve": "CVE-2019-6749", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-373/advisory.json", "detail_path": "advisories/ZDI-19-373", "id": "ZDI-19-373", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo EZIX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7638", "zdi_id": "ZDI-19-373" }, { "cve": "CVE-2019-6748", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-372/advisory.json", "detail_path": "advisories/ZDI-19-372", "id": "ZDI-19-372", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo EZI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7637", "zdi_id": "ZDI-19-372" }, { "cve": "CVE-2019-6747", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-371/advisory.json", "detail_path": "advisories/ZDI-19-371", "id": "ZDI-19-371", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo EZI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7636", "zdi_id": "ZDI-19-371" }, { "cve": "CVE-2019-6746", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-370/advisory.json", "detail_path": "advisories/ZDI-19-370", "id": "ZDI-19-370", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "Foxit Studio Photo TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7634", "zdi_id": "ZDI-19-370" }, { "cve": "CVE-2019-5520", "cvss": 2.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-19-369/advisory.json", "detail_path": "advisories/ZDI-19-369", "id": "ZDI-19-369", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-369/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-7195", "zdi_id": "ZDI-19-369" }, { "cve": "CVE-2018-6064", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-19-368/advisory.json", "detail_path": "advisories/ZDI-19-368", "id": "ZDI-19-368", "kind": "published", "published_date": "2019-04-17", "status": "published", "title": "(Pwn2Own) Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7478", "zdi_id": "ZDI-19-368" }, { "cve": "CVE-2018-6065", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-367/advisory.json", "detail_path": "advisories/ZDI-19-367", "id": "ZDI-19-367", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "(Pwn2Own) Xiaomi Mi6 Browser CalculateInstanceSizeHelper Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7482", "zdi_id": "ZDI-19-367" }, { "cve": "CVE-2019-6743", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-366/advisory.json", "detail_path": "advisories/ZDI-19-366", "id": "ZDI-19-366", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "(Pwn2Own) Xiaomi Mi6 Browser WebAssembly.Instance Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7466", "zdi_id": "ZDI-19-366" }, { "cve": "CVE-2019-9813", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-365/advisory.json", "detail_path": "advisories/ZDI-19-365", "id": "ZDI-19-365", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "(Pwn2Own) Mozilla Firefox IonMonkey Optimizer Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-365/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-8373", "zdi_id": "ZDI-19-365" }, { "cve": "CVE-2019-9810", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-364/advisory.json", "detail_path": "advisories/ZDI-19-364", "id": "ZDI-19-364", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Array.slice Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-364/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-8368", "zdi_id": "ZDI-19-364" }, { "cve": "CVE-2019-0853", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-363/advisory.json", "detail_path": "advisories/ZDI-19-363", "id": "ZDI-19-363", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-363/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8330", "zdi_id": "ZDI-19-363" }, { "cve": "CVE-2019-0853", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-362/advisory.json", "detail_path": "advisories/ZDI-19-362", "id": "ZDI-19-362", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-362/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8329", "zdi_id": "ZDI-19-362" }, { "cve": "CVE-2019-0810", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-361/advisory.json", "detail_path": "advisories/ZDI-19-361", "id": "ZDI-19-361", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Chakra Object Reoptimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-361/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8155", "zdi_id": "ZDI-19-361" }, { "cve": "CVE-2019-0841", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-19-360/advisory.json", "detail_path": "advisories/ZDI-19-360", "id": "ZDI-19-360", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Windows AppX Deployment Service Hard Link Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7753", "zdi_id": "ZDI-19-360" }, { "cve": "CVE-2019-0752", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-359/advisory.json", "detail_path": "advisories/ZDI-19-359", "id": "ZDI-19-359", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Internet Explorer Property Put Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-11-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-359/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7757", "zdi_id": "ZDI-19-359" }, { "cve": "CVE-2019-0801", "cvss": 4.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create files in arbitrary locations on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-358/advisory.json", "detail_path": "advisories/ZDI-19-358", "id": "ZDI-19-358", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Microsoft Office Protocol Handler Directory Traversal File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-358/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7707", "zdi_id": "ZDI-19-358" }, { "cve": "CVE-2019-7108", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-357/advisory.json", "detail_path": "advisories/ZDI-19-357", "id": "ZDI-19-357", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Flash Player Filter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-357/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-8280", "zdi_id": "ZDI-19-357" }, { "cve": "CVE-2019-7138", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-356/advisory.json", "detail_path": "advisories/ZDI-19-356", "id": "ZDI-19-356", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC MOV File Parsing Our-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-356/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7886", "zdi_id": "ZDI-19-356" }, { "cve": "CVE-2019-7137", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-355/advisory.json", "detail_path": "advisories/ZDI-19-355", "id": "ZDI-19-355", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC PDF File Parsing Unexpected Sign Extension Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-355/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7766", "zdi_id": "ZDI-19-355" }, { "cve": "CVE-2019-7136", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-354/advisory.json", "detail_path": "advisories/ZDI-19-354", "id": "ZDI-19-354", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC PDF File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-354/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7765", "zdi_id": "ZDI-19-354" }, { "cve": "CVE-2019-7135", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-353/advisory.json", "detail_path": "advisories/ZDI-19-353", "id": "ZDI-19-353", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-353/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7743", "zdi_id": "ZDI-19-353" }, { "cve": "CVE-2019-7127", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-352/advisory.json", "detail_path": "advisories/ZDI-19-352", "id": "ZDI-19-352", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Acrobat Pro DC PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-352/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7965", "zdi_id": "ZDI-19-352" }, { "cve": "CVE-2019-7134", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-351/advisory.json", "detail_path": "advisories/ZDI-19-351", "id": "ZDI-19-351", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-351/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7585", "zdi_id": "ZDI-19-351" }, { "cve": "CVE-2019-7111", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-350/advisory.json", "detail_path": "advisories/ZDI-19-350", "id": "ZDI-19-350", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Acrobat Pro DC JOBOPTIONS CalCMYKProfile Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-350/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7747", "zdi_id": "ZDI-19-350" }, { "cve": "CVE-2019-7109", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-349/advisory.json", "detail_path": "advisories/ZDI-19-349", "id": "ZDI-19-349", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-349/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7746", "zdi_id": "ZDI-19-349" }, { "cve": "CVE-2019-7110", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-348/advisory.json", "detail_path": "advisories/ZDI-19-348", "id": "ZDI-19-348", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-348/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7745", "zdi_id": "ZDI-19-348" }, { "cve": "CVE-2019-7133", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-19-347/advisory.json", "detail_path": "advisories/ZDI-19-347", "id": "ZDI-19-347", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC AdobePSL TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-347/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7767", "zdi_id": "ZDI-19-347" }, { "cve": "CVE-2019-7132", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-346/advisory.json", "detail_path": "advisories/ZDI-19-346", "id": "ZDI-19-346", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC AdobePSL TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-346/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7763", "zdi_id": "ZDI-19-346" }, { "cve": "CVE-2019-7130", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-345/advisory.json", "detail_path": "advisories/ZDI-19-345", "id": "ZDI-19-345", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "Adobe Bridge CC PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-345/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7596", "zdi_id": "ZDI-19-345" }, { "cve": "CVE-2019-6556", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-344/advisory.json", "detail_path": "advisories/ZDI-19-344", "id": "ZDI-19-344", "kind": "published", "published_date": "2019-04-15", "status": "published", "title": "OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-344/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6609", "zdi_id": "ZDI-19-344" }, { "cve": "CVE-2019-5389", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-343/advisory.json", "detail_path": "advisories/ZDI-19-343", "id": "ZDI-19-343", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-343/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7017", "zdi_id": "ZDI-19-343" }, { "cve": "CVE-2019-5388", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-342/advisory.json", "detail_path": "advisories/ZDI-19-342", "id": "ZDI-19-342", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-342/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7016", "zdi_id": "ZDI-19-342" }, { "cve": "CVE-2019-5387", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-341/advisory.json", "detail_path": "advisories/ZDI-19-341", "id": "ZDI-19-341", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center navigationTo Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-341/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6754", "zdi_id": "ZDI-19-341" }, { "cve": "CVE-2019-5380", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-340/advisory.json", "detail_path": "advisories/ZDI-19-340", "id": "ZDI-19-340", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-340/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6756", "zdi_id": "ZDI-19-340" }, { "cve": "CVE-2019-5381", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-339/advisory.json", "detail_path": "advisories/ZDI-19-339", "id": "ZDI-19-339", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultStatChooseFaultType Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-339/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6875", "zdi_id": "ZDI-19-339" }, { "cve": "CVE-2019-5382", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-338/advisory.json", "detail_path": "advisories/ZDI-19-338", "id": "ZDI-19-338", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultFlashEventSelectFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-338/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6876", "zdi_id": "ZDI-19-338" }, { "cve": "CVE-2019-5383", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-337/advisory.json", "detail_path": "advisories/ZDI-19-337", "id": "ZDI-19-337", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center wmiConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-337/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6880", "zdi_id": "ZDI-19-337" }, { "cve": "CVE-2019-5384", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-336/advisory.json", "detail_path": "advisories/ZDI-19-336", "id": "ZDI-19-336", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-336/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6886", "zdi_id": "ZDI-19-336" }, { "cve": "CVE-2019-5385", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-335/advisory.json", "detail_path": "advisories/ZDI-19-335", "id": "ZDI-19-335", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-335/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6889", "zdi_id": "ZDI-19-335" }, { "cve": "CVE-2019-5386", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-334/advisory.json", "detail_path": "advisories/ZDI-19-334", "id": "ZDI-19-334", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center viewBatchTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-334/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6908", "zdi_id": "ZDI-19-334" }, { "cve": "CVE-2019-0774", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-333/advisory.json", "detail_path": "advisories/ZDI-19-333", "id": "ZDI-19-333", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-333/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-8205", "zdi_id": "ZDI-19-333" }, { "cve": "CVE-2019-0667", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-332/advisory.json", "detail_path": "advisories/ZDI-19-332", "id": "ZDI-19-332", "kind": "published", "published_date": "2019-04-04", "status": "published", "title": "Microsoft Windows VBScript Array Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-332/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7817", "zdi_id": "ZDI-19-332" }, { "cve": "CVE-2019-6554", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within UninstallWA.exe, which is...", "detail_json": "/data/advisories/ZDI-19-331/advisory.json", "detail_path": "advisories/ZDI-19-331", "id": "ZDI-19-331", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node UninstallWA Improper Access Control Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-331/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7908", "zdi_id": "ZDI-19-331" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within a scanf call in upandpr.exe, which is...", "detail_json": "/data/advisories/ZDI-19-330/advisory.json", "detail_path": "advisories/ZDI-19-330", "id": "ZDI-19-330", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client upandpr scanf Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-330/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7930", "zdi_id": "ZDI-19-330" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within a sprintf call in upandpr.exe, which...", "detail_json": "/data/advisories/ZDI-19-329/advisory.json", "detail_path": "advisories/ZDI-19-329", "id": "ZDI-19-329", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client upandpr sprintf Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-329/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7924", "zdi_id": "ZDI-19-329" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwthinfl.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-328/advisory.json", "detail_path": "advisories/ZDI-19-328", "id": "ZDI-19-328", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-328/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7882", "zdi_id": "ZDI-19-328" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwOpcImg.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-327/advisory.json", "detail_path": "advisories/ZDI-19-327", "id": "ZDI-19-327", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node BwOpcImg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-327/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7881", "zdi_id": "ZDI-19-327" }, { "cve": "CVE-2019-6552", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunmie.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-326/advisory.json", "detail_path": "advisories/ZDI-19-326", "id": "ZDI-19-326", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwrunmie Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-326/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7928", "zdi_id": "ZDI-19-326" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed throu...", "detail_json": "/data/advisories/ZDI-19-325/advisory.json", "detail_path": "advisories/ZDI-19-325", "id": "ZDI-19-325", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-325/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7927", "zdi_id": "ZDI-19-325" }, { "cve": "CVE-2019-6552", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunmie.exe, which is accessed throu...", "detail_json": "/data/advisories/ZDI-19-324/advisory.json", "detail_path": "advisories/ZDI-19-324", "id": "ZDI-19-324", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client bwrunmie Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-324/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7926", "zdi_id": "ZDI-19-324" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound.exe, which is accessed throug...", "detail_json": "/data/advisories/ZDI-19-323/advisory.json", "detail_path": "advisories/ZDI-19-323", "id": "ZDI-19-323", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client bwsound Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-323/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7925", "zdi_id": "ZDI-19-323" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwNodeIP.exe, which is accessed throu...", "detail_json": "/data/advisories/ZDI-19-322/advisory.json", "detail_path": "advisories/ZDI-19-322", "id": "ZDI-19-322", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client BwNodeIP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-322/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7914", "zdi_id": "ZDI-19-322" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwthinfl.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-321/advisory.json", "detail_path": "advisories/ZDI-19-321", "id": "ZDI-19-321", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-321/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7920", "zdi_id": "ZDI-19-321" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmakdir.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-320/advisory.json", "detail_path": "advisories/ZDI-19-320", "id": "ZDI-19-320", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwmakdir Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-320/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7913", "zdi_id": "ZDI-19-320" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwSyncDb.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-319/advisory.json", "detail_path": "advisories/ZDI-19-319", "id": "ZDI-19-319", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node BWSyncDb Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-319/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7912", "zdi_id": "ZDI-19-319" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwSyncLg.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-318/advisory.json", "detail_path": "advisories/ZDI-19-318", "id": "ZDI-19-318", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node BwSyncLg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-318/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7910", "zdi_id": "ZDI-19-318" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebd.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-317/advisory.json", "detail_path": "advisories/ZDI-19-317", "id": "ZDI-19-317", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client bwwebd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-317/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7905", "zdi_id": "ZDI-19-317" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwprtscr.exe, which is accessed throu...", "detail_json": "/data/advisories/ZDI-19-316/advisory.json", "detail_path": "advisories/ZDI-19-316", "id": "ZDI-19-316", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client bwprtscr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-316/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7904", "zdi_id": "ZDI-19-316" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwclrptw.exe, which is accessed throu...", "detail_json": "/data/advisories/ZDI-19-315/advisory.json", "detail_path": "advisories/ZDI-19-315", "id": "ZDI-19-315", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Client BwCLRptw Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-315/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7903", "zdi_id": "ZDI-19-315" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunrpt.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-314/advisory.json", "detail_path": "advisories/ZDI-19-314", "id": "ZDI-19-314", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwrunrpt Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-314/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7902", "zdi_id": "ZDI-19-314" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwFreRPT.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-313/advisory.json", "detail_path": "advisories/ZDI-19-313", "id": "ZDI-19-313", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node BwFreRPT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-313/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7901", "zdi_id": "ZDI-19-313" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwstmps.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-312/advisory.json", "detail_path": "advisories/ZDI-19-312", "id": "ZDI-19-312", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwstmps Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-312/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7900", "zdi_id": "ZDI-19-312" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwstwww.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-311/advisory.json", "detail_path": "advisories/ZDI-19-311", "id": "ZDI-19-311", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node bwstwww Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-311/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7899", "zdi_id": "ZDI-19-311" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwRPswd.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-310/advisory.json", "detail_path": "advisories/ZDI-19-310", "id": "ZDI-19-310", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node BwRPswd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-310/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7898", "zdi_id": "ZDI-19-310" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within giffconv.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-309/advisory.json", "detail_path": "advisories/ZDI-19-309", "id": "ZDI-19-309", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node giffconv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-309/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7885", "zdi_id": "ZDI-19-309" }, { "cve": "CVE-2019-6550", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within jpegconv.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-308/advisory.json", "detail_path": "advisories/ZDI-19-308", "id": "ZDI-19-308", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Advantech WebAccess Node jpegconv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-308/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7884", "zdi_id": "ZDI-19-308" }, { "cve": "CVE-2019-6536", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-307/advisory.json", "detail_path": "advisories/ZDI-19-307", "id": "ZDI-19-307", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "LAquis SCADA ELS Users.name Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-7374", "zdi_id": "ZDI-19-307" }, { "cve": "CVE-2019-5515", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-19-306/advisory.json", "detail_path": "advisories/ZDI-19-306", "id": "ZDI-19-306", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "VMware Workstation e1000 Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-306/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-7450", "zdi_id": "ZDI-19-306" }, { "cve": "CVE-2018-18815", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows the decryption of the passwords on vulnerable installations of Jaspersoft JasperReports Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within encryption of user passwords in the Diagnos...", "detail_json": "/data/advisories/ZDI-19-305/advisory.json", "detail_path": "advisories/ZDI-19-305", "id": "ZDI-19-305", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Jaspersoft JasperReports Server DiagnosticDataCipherer Hard-coded Cryptographic Key Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/", "vendor": "Jaspersoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7654", "zdi_id": "ZDI-19-305" }, { "cve": "CVE-2019-7131", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-304/advisory.json", "detail_path": "advisories/ZDI-19-304", "id": "ZDI-19-304", "kind": "published", "published_date": "2019-04-02", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-304/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7458", "zdi_id": "ZDI-19-304" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-303/advisory.json", "detail_path": "advisories/ZDI-19-303", "id": "ZDI-19-303", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center mediaForAction Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-303/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6881", "zdi_id": "ZDI-19-303" }, { "cve": "CVE-2019-5378", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-302/advisory.json", "detail_path": "advisories/ZDI-19-302", "id": "ZDI-19-302", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center userSelectPagingContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-302/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6869", "zdi_id": "ZDI-19-302" }, { "cve": "CVE-2019-5377", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-301/advisory.json", "detail_path": "advisories/ZDI-19-301", "id": "ZDI-19-301", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-301/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6862", "zdi_id": "ZDI-19-301" }, { "cve": "CVE-2019-5376", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-300/advisory.json", "detail_path": "advisories/ZDI-19-300", "id": "ZDI-19-300", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Java Reflection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-300/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6914", "zdi_id": "ZDI-19-300" }, { "cve": "CVE-2019-5375", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-299/advisory.json", "detail_path": "advisories/ZDI-19-299", "id": "ZDI-19-299", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-299/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6855", "zdi_id": "ZDI-19-299" }, { "cve": "CVE-2019-5379", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-298/advisory.json", "detail_path": "advisories/ZDI-19-298", "id": "ZDI-19-298", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deploySelectSoftware Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-298/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6858", "zdi_id": "ZDI-19-298" }, { "cve": "CVE-2019-5374", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-297/advisory.json", "detail_path": "advisories/ZDI-19-297", "id": "ZDI-19-297", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operatorGroupTreeSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-297/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6854", "zdi_id": "ZDI-19-297" }, { "cve": "CVE-2019-5373", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-296/advisory.json", "detail_path": "advisories/ZDI-19-296", "id": "ZDI-19-296", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center customTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-296/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6864", "zdi_id": "ZDI-19-296" }, { "cve": "CVE-2019-5372", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-295/advisory.json", "detail_path": "advisories/ZDI-19-295", "id": "ZDI-19-295", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectRules Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-295/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6884", "zdi_id": "ZDI-19-295" }, { "cve": "CVE-2019-5371", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-294/advisory.json", "detail_path": "advisories/ZDI-19-294", "id": "ZDI-19-294", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center addDeviceToView Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-294/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6910", "zdi_id": "ZDI-19-294" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within tv_enua.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-293/advisory.json", "detail_path": "advisories/ZDI-19-293", "id": "ZDI-19-293", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-293/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7909", "zdi_id": "ZDI-19-293" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within spchapi.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-292/advisory.json", "detail_path": "advisories/ZDI-19-292", "id": "ZDI-19-292", "kind": "published", "published_date": "2019-03-28", "status": "published", "title": "Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-292/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7907", "zdi_id": "ZDI-19-292" }, { "cve": "CVE-2019-6341", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Drupal. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-19-291/advisory.json", "detail_path": "advisories/ZDI-19-291", "id": "ZDI-19-291", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Drupal File file_create_filename Persistent Cross-Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-291/", "vendor": "Drupal", "vendor_url": null, "zdi_can": "ZDI-CAN-7246", "zdi_id": "ZDI-19-291" }, { "cve": "CVE-2019-8529", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-19-290/advisory.json", "detail_path": "advisories/ZDI-19-290", "id": "ZDI-19-290", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Apple macOS SCSITaskUserClient Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-290/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7889", "zdi_id": "ZDI-19-290" }, { "cve": "CVE-2019-8519", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-289/advisory.json", "detail_path": "advisories/ZDI-19-289", "id": "ZDI-19-289", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Apple macOS AMDRadeonX4000 Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-289/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7604", "zdi_id": "ZDI-19-289" }, { "cve": "CVE-2019-8524", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-288/advisory.json", "detail_path": "advisories/ZDI-19-288", "id": "ZDI-19-288", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Apple Safari GraphicsContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-288/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7865", "zdi_id": "ZDI-19-288" }, { "cve": "CVE-2019-8517", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-287/advisory.json", "detail_path": "advisories/ZDI-19-287", "id": "ZDI-19-287", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Apple macOS StreamFlatFont Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-287/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7442", "zdi_id": "ZDI-19-287" }, { "cve": "CVE-2019-0784", "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Interaction with a library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specif...", "detail_json": "/data/advisories/ZDI-19-286/advisory.json", "detail_path": "advisories/ZDI-19-286", "id": "ZDI-19-286", "kind": "published", "published_date": "2019-03-26", "status": "published", "title": "Microsoft Windows ADODB Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-286/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7756", "zdi_id": "ZDI-19-286" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-19-285/advisory.json", "detail_path": "advisories/ZDI-19-285", "id": "ZDI-19-285", "kind": "published", "published_date": "2019-03-15", "status": "published", "title": "(0Day) (Pwn2Own) Xiaomi Mi6 Browser market.install apkPath Command Injection Remote Code Execution Vulnerability", "updated_date": "2020-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-285/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7484", "zdi_id": "ZDI-19-285" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The speci...", "detail_json": "/data/advisories/ZDI-19-284/advisory.json", "detail_path": "advisories/ZDI-19-284", "id": "ZDI-19-284", "kind": "published", "published_date": "2019-03-15", "status": "published", "title": "(0Day) (Pwn2Own) Xiaomi Mi6 Browser Redirect Improper Authorization Remote Code Execution Vulnerability", "updated_date": "2020-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-284/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7468", "zdi_id": "ZDI-19-284" }, { "cve": null, "cvss": 8.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The speci...", "detail_json": "/data/advisories/ZDI-19-283/advisory.json", "detail_path": "advisories/ZDI-19-283", "id": "ZDI-19-283", "kind": "published", "published_date": "2019-03-15", "status": "published", "title": "(0Day) (Pwn2Own) Xiaomi Mi6 Browser downloadAndInstallApk Improper Authorization Remote Code Execution Vulnerability", "updated_date": "2020-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-283/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7469", "zdi_id": "ZDI-19-283" }, { "cve": null, "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-19-282/advisory.json", "detail_path": "advisories/ZDI-19-282", "id": "ZDI-19-282", "kind": "published", "published_date": "2019-03-15", "status": "published", "title": "(0Day) (Pwn2Own) Google Android Contacts Incorrect Permission Assignment Privilege Escalation Vulnerability", "updated_date": "2020-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-282/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-7471", "zdi_id": "ZDI-19-282" }, { "cve": null, "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-281/advisory.json", "detail_path": "advisories/ZDI-19-281", "id": "ZDI-19-281", "kind": "published", "published_date": "2019-03-15", "status": "published", "title": "(0Day) (Pwn2Own) Xiaomi Mi6 Captive Portal Whitelist Bypass Remote Code Execution Vulnerability", "updated_date": "2020-01-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-281/", "vendor": "Xiaomi", "vendor_url": null, "zdi_can": "ZDI-CAN-7470", "zdi_id": "ZDI-19-281" }, { "cve": "CVE-2019-0746", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-280/advisory.json", "detail_path": "advisories/ZDI-19-280", "id": "ZDI-19-280", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Chakra lastIndexOf Integer Underflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-280/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7919", "zdi_id": "ZDI-19-280" }, { "cve": "CVE-2019-0774", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-279/advisory.json", "detail_path": "advisories/ZDI-19-279", "id": "ZDI-19-279", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Windows SetEnhMetaFileBits Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-279/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7551", "zdi_id": "ZDI-19-279" }, { "cve": "CVE-2019-0617", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-278/advisory.json", "detail_path": "advisories/ZDI-19-278", "id": "ZDI-19-278", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-278/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7336", "zdi_id": "ZDI-19-278" }, { "cve": "CVE-2019-0665", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-277/advisory.json", "detail_path": "advisories/ZDI-19-277", "id": "ZDI-19-277", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Internet Explorer Attr nodeValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2019-11-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-277/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7739", "zdi_id": "ZDI-19-277" }, { "cve": "CVE-2019-0603", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within WDSTFTP during TFTP read requests. The issue r...", "detail_json": "/data/advisories/ZDI-19-276/advisory.json", "detail_path": "advisories/ZDI-19-276", "id": "ZDI-19-276", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Windows Deployment Services TFTP Server Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-276/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7597", "zdi_id": "ZDI-19-276" }, { "cve": "CVE-2019-0665", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-275/advisory.json", "detail_path": "advisories/ZDI-19-275", "id": "ZDI-19-275", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Internet Explorer event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-275/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7691", "zdi_id": "ZDI-19-275" }, { "cve": "CVE-2019-0665", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-274/advisory.json", "detail_path": "advisories/ZDI-19-274", "id": "ZDI-19-274", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Internet Explorer CustomEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-274/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7690", "zdi_id": "ZDI-19-274" }, { "cve": "CVE-2019-0614", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-273/advisory.json", "detail_path": "advisories/ZDI-19-273", "id": "ZDI-19-273", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Windows gdiplus DoGdiCommentMultiFormats EMR_COMMENT_MULTIFORMATS Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-273/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7371", "zdi_id": "ZDI-19-273" }, { "cve": "CVE-2019-0726", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows network-adjacent attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP Client service. A crafted D...", "detail_json": "/data/advisories/ZDI-19-272/advisory.json", "detail_path": "advisories/ZDI-19-272", "id": "ZDI-19-272", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Microsoft Windows DHCP Client Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2019-04-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-272/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7822", "zdi_id": "ZDI-19-272" }, { "cve": "CVE-2019-11961", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-271/advisory.json", "detail_path": "advisories/ZDI-19-271", "id": "ZDI-19-271", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center templateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-271/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6866", "zdi_id": "ZDI-19-271" }, { "cve": "CVE-2019-5368", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-270/advisory.json", "detail_path": "advisories/ZDI-19-270", "id": "ZDI-19-270", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-270/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6867", "zdi_id": "ZDI-19-270" }, { "cve": "CVE-2019-11962", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-269/advisory.json", "detail_path": "advisories/ZDI-19-269", "id": "ZDI-19-269", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center selectUserGroup Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-269/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6863", "zdi_id": "ZDI-19-269" }, { "cve": "CVE-2019-11963", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-268/advisory.json", "detail_path": "advisories/ZDI-19-268", "id": "ZDI-19-268", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-268/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6859", "zdi_id": "ZDI-19-268" }, { "cve": "CVE-2019-11964", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-267/advisory.json", "detail_path": "advisories/ZDI-19-267", "id": "ZDI-19-267", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectDeviceSeries Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-267/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6853", "zdi_id": "ZDI-19-267" }, { "cve": "CVE-2019-11965", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-266/advisory.json", "detail_path": "advisories/ZDI-19-266", "id": "ZDI-19-266", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deviceThresholdConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-266/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6852", "zdi_id": "ZDI-19-266" }, { "cve": "CVE-2019-5367", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the con...", "detail_json": "/data/advisories/ZDI-19-265/advisory.json", "detail_path": "advisories/ZDI-19-265", "id": "ZDI-19-265", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center MyFaces Static Key ViewState Use of Default Credentials Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-265/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6806", "zdi_id": "ZDI-19-265" }, { "cve": "CVE-2019-5370", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-264/advisory.json", "detail_path": "advisories/ZDI-19-264", "id": "ZDI-19-264", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-264/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6759", "zdi_id": "ZDI-19-264" }, { "cve": "CVE-2019-11960", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-263/advisory.json", "detail_path": "advisories/ZDI-19-263", "id": "ZDI-19-263", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-263/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6870", "zdi_id": "ZDI-19-263" }, { "cve": "CVE-2019-5369", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-262/advisory.json", "detail_path": "advisories/ZDI-19-262", "id": "ZDI-19-262", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center tvxlanLegend Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-262/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6871", "zdi_id": "ZDI-19-262" }, { "cve": "CVE-2019-11959", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-261/advisory.json", "detail_path": "advisories/ZDI-19-261", "id": "ZDI-19-261", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center thirdPartyPerfSelectTask Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-261/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6879", "zdi_id": "ZDI-19-261" }, { "cve": "CVE-2019-11958", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-260/advisory.json", "detail_path": "advisories/ZDI-19-260", "id": "ZDI-19-260", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operatorGroupSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-260/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6883", "zdi_id": "ZDI-19-260" }, { "cve": "CVE-2019-11966", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism...", "detail_json": "/data/advisories/ZDI-19-259/advisory.json", "detail_path": "advisories/ZDI-19-259", "id": "ZDI-19-259", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_contentOnly Cleartext Storage of Sensitive Information Privilege Escalation Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-259/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6753", "zdi_id": "ZDI-19-259" }, { "cve": "CVE-2019-7094", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-258/advisory.json", "detail_path": "advisories/ZDI-19-258", "id": "ZDI-19-258", "kind": "published", "published_date": "2019-03-12", "status": "published", "title": "Adobe Photoshop GIF Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-258/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7584", "zdi_id": "ZDI-19-258" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-19-257/advisory.json", "detail_path": "advisories/ZDI-19-257", "id": "ZDI-19-257", "kind": "published", "published_date": "2019-03-07", "status": "published", "title": "(0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-257/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7411", "zdi_id": "ZDI-19-257" }, { "cve": "CVE-2018-18815", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Jaspersoft JasperReports Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the doGet method of the Reso...", "detail_json": "/data/advisories/ZDI-19-256/advisory.json", "detail_path": "advisories/ZDI-19-256", "id": "ZDI-19-256", "kind": "published", "published_date": "2019-03-06", "status": "published", "title": "Jaspersoft JasperReports Server ResourceForwardingServlet URI Improper Access Control Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-256/", "vendor": "Jaspersoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7655", "zdi_id": "ZDI-19-256" }, { "cve": "CVE-2019-6742", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update...", "detail_json": "/data/advisories/ZDI-19-255/advisory.json", "detail_path": "advisories/ZDI-19-255", "id": "ZDI-19-255", "kind": "published", "published_date": "2019-03-05", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S9 GameServiceReceiver Unsafe Updates Validation Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-7477", "zdi_id": "ZDI-19-255" }, { "cve": "CVE-2019-6741", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9. User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-19-254/advisory.json", "detail_path": "advisories/ZDI-19-254", "id": "ZDI-19-254", "kind": "published", "published_date": "2019-03-05", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S9 Untrusted Site Redirection Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-7476", "zdi_id": "ZDI-19-254" }, { "cve": "CVE-2019-6740", "cvss": 9.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-253/advisory.json", "detail_path": "advisories/ZDI-19-253", "id": "ZDI-19-253", "kind": "published", "published_date": "2019-03-05", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S9 ASN.1 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-7472", "zdi_id": "ZDI-19-253" }, { "cve": "CVE-2019-9197", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-252/advisory.json", "detail_path": "advisories/ZDI-19-252", "id": "ZDI-19-252", "kind": "published", "published_date": "2019-03-05", "status": "published", "title": "Unity com.unity3d.kharma Protocol Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-252/", "vendor": "Unity Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-7242", "zdi_id": "ZDI-19-252" }, { "cve": "CVE-2019-5357", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-251/advisory.json", "detail_path": "advisories/ZDI-19-251", "id": "ZDI-19-251", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center FileUploadServlet Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-251/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7050", "zdi_id": "ZDI-19-251" }, { "cve": "CVE-2019-5356", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-250/advisory.json", "detail_path": "advisories/ZDI-19-250", "id": "ZDI-19-250", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center CommonUtils unzip Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-250/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7049", "zdi_id": "ZDI-19-250" }, { "cve": "CVE-2019-5350", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-249/advisory.json", "detail_path": "advisories/ZDI-19-249", "id": "ZDI-19-249", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-249/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7036", "zdi_id": "ZDI-19-249" }, { "cve": "CVE-2019-5349", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-248/advisory.json", "detail_path": "advisories/ZDI-19-248", "id": "ZDI-19-248", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-248/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7035", "zdi_id": "ZDI-19-248" }, { "cve": "CVE-2019-5362", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-247/advisory.json", "detail_path": "advisories/ZDI-19-247", "id": "ZDI-19-247", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-247/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7034", "zdi_id": "ZDI-19-247" }, { "cve": "CVE-2019-5352", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-246/advisory.json", "detail_path": "advisories/ZDI-19-246", "id": "ZDI-19-246", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT perfAddFormServer getAddFormBean Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-246/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7018", "zdi_id": "ZDI-19-246" }, { "cve": "CVE-2019-5354", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-245/advisory.json", "detail_path": "advisories/ZDI-19-245", "id": "ZDI-19-245", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT perfInsListServer getInsListBean Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-245/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7011", "zdi_id": "ZDI-19-245" }, { "cve": "CVE-2019-5351", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-244/advisory.json", "detail_path": "advisories/ZDI-19-244", "id": "ZDI-19-244", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice saveSelectedInterfaces Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-244/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7010", "zdi_id": "ZDI-19-244" }, { "cve": "CVE-2019-5348", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-243/advisory.json", "detail_path": "advisories/ZDI-19-243", "id": "ZDI-19-243", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice queryCustomCondition Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-243/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7009", "zdi_id": "ZDI-19-243" }, { "cve": "CVE-2019-5363", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-242/advisory.json", "detail_path": "advisories/ZDI-19-242", "id": "ZDI-19-242", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice saveSelectedDevices Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-242/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7008", "zdi_id": "ZDI-19-242" }, { "cve": "CVE-2019-11986", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-241/advisory.json", "detail_path": "advisories/ZDI-19-241", "id": "ZDI-19-241", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT perfSelItemServer getSelItemBean Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-241/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-7007", "zdi_id": "ZDI-19-241" }, { "cve": "CVE-2019-5358", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-240/advisory.json", "detail_path": "advisories/ZDI-19-240", "id": "ZDI-19-240", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center viewTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-240/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6907", "zdi_id": "ZDI-19-240" }, { "cve": "CVE-2019-5364", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-239/advisory.json", "detail_path": "advisories/ZDI-19-239", "id": "ZDI-19-239", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-239/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6868", "zdi_id": "ZDI-19-239" }, { "cve": "CVE-2019-5365", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-238/advisory.json", "detail_path": "advisories/ZDI-19-238", "id": "ZDI-19-238", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center deviceSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-238/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6860", "zdi_id": "ZDI-19-238" }, { "cve": "CVE-2019-5366", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-237/advisory.json", "detail_path": "advisories/ZDI-19-237", "id": "ZDI-19-237", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center guiDataDetail Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-237/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6882", "zdi_id": "ZDI-19-237" }, { "cve": "CVE-2019-5359", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-236/advisory.json", "detail_path": "advisories/ZDI-19-236", "id": "ZDI-19-236", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-236/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6872", "zdi_id": "ZDI-19-236" }, { "cve": "CVE-2019-5360", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-235/advisory.json", "detail_path": "advisories/ZDI-19-235", "id": "ZDI-19-235", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center perfAddorModDeviceMonitor Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-235/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6865", "zdi_id": "ZDI-19-235" }, { "cve": "CVE-2019-5361", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-234/advisory.json", "detail_path": "advisories/ZDI-19-234", "id": "ZDI-19-234", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultParasSet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-234/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6909", "zdi_id": "ZDI-19-234" }, { "cve": "CVE-2019-5353", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-233/advisory.json", "detail_path": "advisories/ZDI-19-233", "id": "ZDI-19-233", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center reportpage index Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-233/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6962", "zdi_id": "ZDI-19-233" }, { "cve": null, "cvss": 4.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to modify requests on vulnerable installations of Tencent WeChat. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-232/advisory.json", "detail_path": "advisories/ZDI-19-232", "id": "ZDI-19-232", "kind": "published", "published_date": "2019-02-28", "status": "published", "title": "Tencent WeChat URL Scheme Handling Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-232/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-6996", "zdi_id": "ZDI-19-232" }, { "cve": "CVE-2019-0598", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-231/advisory.json", "detail_path": "advisories/ZDI-19-231", "id": "ZDI-19-231", "kind": "published", "published_date": "2019-02-28", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-231/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7838", "zdi_id": "ZDI-19-231" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within tv_enua.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-230/advisory.json", "detail_path": "advisories/ZDI-19-230", "id": "ZDI-19-230", "kind": "published", "published_date": "2019-02-28", "status": "published", "title": "(0Day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-230/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7879", "zdi_id": "ZDI-19-230" }, { "cve": null, "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within spchapi.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-19-229/advisory.json", "detail_path": "advisories/ZDI-19-229", "id": "ZDI-19-229", "kind": "published", "published_date": "2019-02-28", "status": "published", "title": "(0Day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-229/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7878", "zdi_id": "ZDI-19-229" }, { "cve": null, "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-228/advisory.json", "detail_path": "advisories/ZDI-19-228", "id": "ZDI-19-228", "kind": "published", "published_date": "2019-02-28", "status": "published", "title": "(0Day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-228/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7877", "zdi_id": "ZDI-19-228" }, { "cve": "CVE-2019-6555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-227/advisory.json", "detail_path": "advisories/ZDI-19-227", "id": "ZDI-19-227", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-227/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7615", "zdi_id": "ZDI-19-227" }, { "cve": "CVE-2019-6555", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-226/advisory.json", "detail_path": "advisories/ZDI-19-226", "id": "ZDI-19-226", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-226/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7616", "zdi_id": "ZDI-19-226" }, { "cve": "CVE-2019-6547", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-19-225/advisory.json", "detail_path": "advisories/ZDI-19-225", "id": "ZDI-19-225", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-225/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-7772", "zdi_id": "ZDI-19-225" }, { "cve": "CVE-2019-0672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Access Database Engine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-224/advisory.json", "detail_path": "advisories/ZDI-19-224", "id": "ZDI-19-224", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Microsoft Access Database Engine ACECORE Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-224/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7385", "zdi_id": "ZDI-19-224" }, { "cve": "CVE-2019-6739", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Anti-Malware. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue wit...", "detail_json": "/data/advisories/ZDI-19-223/advisory.json", "detail_path": "advisories/ZDI-19-223", "id": "ZDI-19-223", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Malwarebytes Anti-Malware URI Handler Remote Command Execution Vulnerability", "updated_date": "2024-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/", "vendor": "Malwarebytes", "vendor_url": null, "zdi_can": "ZDI-CAN-7162", "zdi_id": "ZDI-19-223" }, { "cve": "CVE-2019-0595", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-222/advisory.json", "detail_path": "advisories/ZDI-19-222", "id": "ZDI-19-222", "kind": "published", "published_date": "2019-02-20", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-222/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7313", "zdi_id": "ZDI-19-222" }, { "cve": "CVE-2019-0581", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-221/advisory.json", "detail_path": "advisories/ZDI-19-221", "id": "ZDI-19-221", "kind": "published", "published_date": "2019-02-14", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-221/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7269", "zdi_id": "ZDI-19-221" }, { "cve": "CVE-2019-0596", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-220/advisory.json", "detail_path": "advisories/ZDI-19-220", "id": "ZDI-19-220", "kind": "published", "published_date": "2019-02-14", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-220/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7312", "zdi_id": "ZDI-19-220" }, { "cve": "CVE-2019-7090", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-219/advisory.json", "detail_path": "advisories/ZDI-19-219", "id": "ZDI-19-219", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Flash Player ActionScript Vector Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-219/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7432", "zdi_id": "ZDI-19-219" }, { "cve": "CVE-2019-7079", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-218/advisory.json", "detail_path": "advisories/ZDI-19-218", "id": "ZDI-19-218", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-218/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7437", "zdi_id": "ZDI-19-218" }, { "cve": "CVE-2019-7078", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-217/advisory.json", "detail_path": "advisories/ZDI-19-217", "id": "ZDI-19-217", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-217/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7642", "zdi_id": "ZDI-19-217" }, { "cve": "CVE-2019-7077", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-216/advisory.json", "detail_path": "advisories/ZDI-19-216", "id": "ZDI-19-216", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-216/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7663", "zdi_id": "ZDI-19-216" }, { "cve": "CVE-2019-7072", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-215/advisory.json", "detail_path": "advisories/ZDI-19-215", "id": "ZDI-19-215", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-215/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7710", "zdi_id": "ZDI-19-215" }, { "cve": "CVE-2019-7073", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-214/advisory.json", "detail_path": "advisories/ZDI-19-214", "id": "ZDI-19-214", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-214/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7709", "zdi_id": "ZDI-19-214" }, { "cve": "CVE-2019-7074", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-213/advisory.json", "detail_path": "advisories/ZDI-19-213", "id": "ZDI-19-213", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-213/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7713", "zdi_id": "ZDI-19-213" }, { "cve": "CVE-2019-7075", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-212/advisory.json", "detail_path": "advisories/ZDI-19-212", "id": "ZDI-19-212", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC PostScript File Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-212/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7712", "zdi_id": "ZDI-19-212" }, { "cve": "CVE-2019-7071", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-211/advisory.json", "detail_path": "advisories/ZDI-19-211", "id": "ZDI-19-211", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-211/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7711", "zdi_id": "ZDI-19-211" }, { "cve": "CVE-2019-7070", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-210/advisory.json", "detail_path": "advisories/ZDI-19-210", "id": "ZDI-19-210", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Distiller PostScript File Parsing grestore Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-210/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7629", "zdi_id": "ZDI-19-210" }, { "cve": "CVE-2019-7069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-209/advisory.json", "detail_path": "advisories/ZDI-19-209", "id": "ZDI-19-209", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC Distiller PostScript File Parsing grestore Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-209/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7621", "zdi_id": "ZDI-19-209" }, { "cve": "CVE-2019-7049", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-208/advisory.json", "detail_path": "advisories/ZDI-19-208", "id": "ZDI-19-208", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-208/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7535", "zdi_id": "ZDI-19-208" }, { "cve": "CVE-2019-7048", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-207/advisory.json", "detail_path": "advisories/ZDI-19-207", "id": "ZDI-19-207", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Reader DC PDEContent Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-207/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7220", "zdi_id": "ZDI-19-207" }, { "cve": "CVE-2019-7045", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-206/advisory.json", "detail_path": "advisories/ZDI-19-206", "id": "ZDI-19-206", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC Onix32 ReadBTreeT::FindKeyInLeafPage Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-206/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7402", "zdi_id": "ZDI-19-206" }, { "cve": "CVE-2019-7044", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-205/advisory.json", "detail_path": "advisories/ZDI-19-205", "id": "ZDI-19-205", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC _t_PDDoc Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-205/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7319", "zdi_id": "ZDI-19-205" }, { "cve": "CVE-2019-7043", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-204/advisory.json", "detail_path": "advisories/ZDI-19-204", "id": "ZDI-19-204", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-204/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7365", "zdi_id": "ZDI-19-204" }, { "cve": "CVE-2019-7042", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-203/advisory.json", "detail_path": "advisories/ZDI-19-203", "id": "ZDI-19-203", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-203/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7366", "zdi_id": "ZDI-19-203" }, { "cve": "CVE-2019-7041", "cvss": 2.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-202/advisory.json", "detail_path": "advisories/ZDI-19-202", "id": "ZDI-19-202", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Adobe Reader DC Name Squatting JavaScript Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-202/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7334", "zdi_id": "ZDI-19-202" }, { "cve": "CVE-2019-0619", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-201/advisory.json", "detail_path": "advisories/ZDI-19-201", "id": "ZDI-19-201", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows gdiplus DoStretchBlt Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-201/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7689", "zdi_id": "ZDI-19-201" }, { "cve": "CVE-2019-0618", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-200/advisory.json", "detail_path": "advisories/ZDI-19-200", "id": "ZDI-19-200", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows gdi32full CreateDIBitmap Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-200/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7625", "zdi_id": "ZDI-19-200" }, { "cve": "CVE-2019-0674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Access Database Engine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-199/advisory.json", "detail_path": "advisories/ZDI-19-199", "id": "ZDI-19-199", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-199/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7528", "zdi_id": "ZDI-19-199" }, { "cve": "CVE-2019-0674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Access Database Engine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-198/advisory.json", "detail_path": "advisories/ZDI-19-198", "id": "ZDI-19-198", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-198/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7404", "zdi_id": "ZDI-19-198" }, { "cve": "CVE-2019-0673", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Access Database Engine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-197/advisory.json", "detail_path": "advisories/ZDI-19-197", "id": "ZDI-19-197", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-197/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7405", "zdi_id": "ZDI-19-197" }, { "cve": "CVE-2019-0615", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-196/advisory.json", "detail_path": "advisories/ZDI-19-196", "id": "ZDI-19-196", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows EMF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-196/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7560", "zdi_id": "ZDI-19-196" }, { "cve": "CVE-2019-0619", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-195/advisory.json", "detail_path": "advisories/ZDI-19-195", "id": "ZDI-19-195", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows CreateDIBitmap Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-195/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7575", "zdi_id": "ZDI-19-195" }, { "cve": "CVE-2019-0618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-194/advisory.json", "detail_path": "advisories/ZDI-19-194", "id": "ZDI-19-194", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows gdiplus DoRotatedStretchBlt Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7525", "zdi_id": "ZDI-19-194" }, { "cve": "CVE-2019-0625", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-193/advisory.json", "detail_path": "advisories/ZDI-19-193", "id": "ZDI-19-193", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-193/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7335", "zdi_id": "ZDI-19-193" }, { "cve": "CVE-2019-0671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Access Database Engine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-192/advisory.json", "detail_path": "advisories/ZDI-19-192", "id": "ZDI-19-192", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Access Database Engine ACEEXCL Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-192/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7396", "zdi_id": "ZDI-19-192" }, { "cve": "CVE-2019-0616", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-191/advisory.json", "detail_path": "advisories/ZDI-19-191", "id": "ZDI-19-191", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows gdiplus DoExtTextOut Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-191/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7412", "zdi_id": "ZDI-19-191" }, { "cve": "CVE-2019-0602", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-190/advisory.json", "detail_path": "advisories/ZDI-19-190", "id": "ZDI-19-190", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows gdiplus bHandleExtCreateFont Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-190/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7415", "zdi_id": "ZDI-19-190" }, { "cve": "CVE-2019-0601", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-189/advisory.json", "detail_path": "advisories/ZDI-19-189", "id": "ZDI-19-189", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft HID Driver Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-189/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7380", "zdi_id": "ZDI-19-189" }, { "cve": "CVE-2019-0600", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-19-188/advisory.json", "detail_path": "advisories/ZDI-19-188", "id": "ZDI-19-188", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft HID Driver Numeric Truncation Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-188/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7379", "zdi_id": "ZDI-19-188" }, { "cve": "CVE-2019-0615", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-187/advisory.json", "detail_path": "advisories/ZDI-19-187", "id": "ZDI-19-187", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows EMF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-187/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7337", "zdi_id": "ZDI-19-187" }, { "cve": "CVE-2019-0599", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-186/advisory.json", "detail_path": "advisories/ZDI-19-186", "id": "ZDI-19-186", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-186/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7315", "zdi_id": "ZDI-19-186" }, { "cve": "CVE-2019-0597", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-185/advisory.json", "detail_path": "advisories/ZDI-19-185", "id": "ZDI-19-185", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7321", "zdi_id": "ZDI-19-185" }, { "cve": "CVE-2019-0598", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-184/advisory.json", "detail_path": "advisories/ZDI-19-184", "id": "ZDI-19-184", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7323", "zdi_id": "ZDI-19-184" }, { "cve": "CVE-2019-0596", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-183/advisory.json", "detail_path": "advisories/ZDI-19-183", "id": "ZDI-19-183", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7318", "zdi_id": "ZDI-19-183" }, { "cve": "CVE-2019-0595", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-182/advisory.json", "detail_path": "advisories/ZDI-19-182", "id": "ZDI-19-182", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7317", "zdi_id": "ZDI-19-182" }, { "cve": "CVE-2019-0604", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the EntityInstanceIdEncoder class. The issue re...", "detail_json": "/data/advisories/ZDI-19-181/advisory.json", "detail_path": "advisories/ZDI-19-181", "id": "ZDI-19-181", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft SharePoint EntityInstanceIdEncoder Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2019-12-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7262", "zdi_id": "ZDI-19-181" }, { "cve": "CVE-2019-0594", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service Applicat...", "detail_json": "/data/advisories/ZDI-19-180/advisory.json", "detail_path": "advisories/ZDI-19-180", "id": "ZDI-19-180", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft SharePoint BDC Import Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7261", "zdi_id": "ZDI-19-180" }, { "cve": "CVE-2019-0593", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to produce abnormal program execution on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-19-179/advisory.json", "detail_path": "advisories/ZDI-19-179", "id": "ZDI-19-179", "kind": "published", "published_date": "2019-02-12", "status": "published", "title": "Microsoft Chakra JavaScript Loop Type Confusion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7153", "zdi_id": "ZDI-19-179" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-19-178/advisory.json", "detail_path": "advisories/ZDI-19-178", "id": "ZDI-19-178", "kind": "published", "published_date": "2019-02-11", "status": "published", "title": "Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-03-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-178/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6495", "zdi_id": "ZDI-19-178" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-19-177/advisory.json", "detail_path": "advisories/ZDI-19-177", "id": "ZDI-19-177", "kind": "published", "published_date": "2019-02-11", "status": "published", "title": "Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-03-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-177/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6496", "zdi_id": "ZDI-19-177" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-176/advisory.json", "detail_path": "advisories/ZDI-19-176", "id": "ZDI-19-176", "kind": "published", "published_date": "2019-02-08", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-176/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6698", "zdi_id": "ZDI-19-176" }, { "cve": "CVE-2018-19019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-175/advisory.json", "detail_path": "advisories/ZDI-19-175", "id": "ZDI-19-175", "kind": "published", "published_date": "2019-02-08", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-175/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6686", "zdi_id": "ZDI-19-175" }, { "cve": "CVE-2018-19018", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-174/advisory.json", "detail_path": "advisories/ZDI-19-174", "id": "ZDI-19-174", "kind": "published", "published_date": "2019-02-08", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-174/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6717", "zdi_id": "ZDI-19-174" }, { "cve": "CVE-2018-19020", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-19-173/advisory.json", "detail_path": "advisories/ZDI-19-173", "id": "ZDI-19-173", "kind": "published", "published_date": "2019-02-08", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-173/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-7464", "zdi_id": "ZDI-19-173" }, { "cve": "CVE-2019-5346", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-172/advisory.json", "detail_path": "advisories/ZDI-19-172", "id": "ZDI-19-172", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultInfo_content Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-172/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6764", "zdi_id": "ZDI-19-172" }, { "cve": "CVE-2019-5344", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-171/advisory.json", "detail_path": "advisories/ZDI-19-171", "id": "ZDI-19-171", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center faultDevParasSet Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-171/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6763", "zdi_id": "ZDI-19-171" }, { "cve": "CVE-2019-5345", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-170/advisory.json", "detail_path": "advisories/ZDI-19-170", "id": "ZDI-19-170", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center eventInfo_content Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-170/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6762", "zdi_id": "ZDI-19-170" }, { "cve": "CVE-2019-5347", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UrlAcc...", "detail_json": "/data/advisories/ZDI-19-169/advisory.json", "detail_path": "advisories/ZDI-19-169", "id": "ZDI-19-169", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-169/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6769", "zdi_id": "ZDI-19-169" }, { "cve": "CVE-2019-5343", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-168/advisory.json", "detail_path": "advisories/ZDI-19-168", "id": "ZDI-19-168", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-168/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6861", "zdi_id": "ZDI-19-168" }, { "cve": "CVE-2019-5342", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-167/advisory.json", "detail_path": "advisories/ZDI-19-167", "id": "ZDI-19-167", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center legend Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-167/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6768", "zdi_id": "ZDI-19-167" }, { "cve": "CVE-2019-5341", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-166/advisory.json", "detail_path": "advisories/ZDI-19-166", "id": "ZDI-19-166", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-166/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6767", "zdi_id": "ZDI-19-166" }, { "cve": "CVE-2019-5340", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-165/advisory.json", "detail_path": "advisories/ZDI-19-165", "id": "ZDI-19-165", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center actionSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-165/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6766", "zdi_id": "ZDI-19-165" }, { "cve": "CVE-2019-5339", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-164/advisory.json", "detail_path": "advisories/ZDI-19-164", "id": "ZDI-19-164", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center devGroupSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-164/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6765", "zdi_id": "ZDI-19-164" }, { "cve": "CVE-2019-5338", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-19-163/advisory.json", "detail_path": "advisories/ZDI-19-163", "id": "ZDI-19-163", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-163/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6758", "zdi_id": "ZDI-19-163" }, { "cve": "CVE-2018-7124", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-19-162/advisory.json", "detail_path": "advisories/ZDI-19-162", "id": "ZDI-19-162", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-162/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6856", "zdi_id": "ZDI-19-162" }, { "cve": "CVE-2018-7125", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Pri...", "detail_json": "/data/advisories/ZDI-19-161/advisory.json", "detail_path": "advisories/ZDI-19-161", "id": "ZDI-19-161", "kind": "published", "published_date": "2019-02-05", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center PrimeFaces Expression Language Injection Remote Code Execution Vulnerability", "updated_date": "2021-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-161/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6805", "zdi_id": "ZDI-19-161" }, { "cve": "CVE-2019-1639", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-19-160/advisory.json", "detail_path": "advisories/ZDI-19-160", "id": "ZDI-19-160", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-160/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-7045", "zdi_id": "ZDI-19-160" }, { "cve": "CVE-2019-6738", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-159/advisory.json", "detail_path": "advisories/ZDI-19-159", "id": "ZDI-19-159", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "Bitdefender SafePay launch Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-7250", "zdi_id": "ZDI-19-159" }, { "cve": "CVE-2019-6737", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-158/advisory.json", "detail_path": "advisories/ZDI-19-158", "id": "ZDI-19-158", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-7247", "zdi_id": "ZDI-19-158" }, { "cve": "CVE-2019-6736", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-157/advisory.json", "detail_path": "advisories/ZDI-19-157", "id": "ZDI-19-157", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-7234", "zdi_id": "ZDI-19-157" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-156/advisory.json", "detail_path": "advisories/ZDI-19-156", "id": "ZDI-19-156", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter InstallmentSet InstallmentTrigAddOpen Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-156/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7030", "zdi_id": "ZDI-19-156" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-155/advisory.json", "detail_path": "advisories/ZDI-19-155", "id": "ZDI-19-155", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter ComSet CheckBit Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-155/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7029", "zdi_id": "ZDI-19-155" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-154/advisory.json", "detail_path": "advisories/ZDI-19-154", "id": "ZDI-19-154", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter ComSet NETIPaddr Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-154/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7028", "zdi_id": "ZDI-19-154" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-153/advisory.json", "detail_path": "advisories/ZDI-19-153", "id": "ZDI-19-153", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter ComSet BaudRate Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-153/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7027", "zdi_id": "ZDI-19-153" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-152/advisory.json", "detail_path": "advisories/ZDI-19-152", "id": "ZDI-19-152", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter InstallmentSet InstallmentTrigAddClose Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-152/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7026", "zdi_id": "ZDI-19-152" }, { "cve": "CVE-2019-6537", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-151/advisory.json", "detail_path": "advisories/ZDI-19-151", "id": "ZDI-19-151", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU SysParameter ComSet DataLength Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-151/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-7025", "zdi_id": "ZDI-19-151" }, { "cve": "CVE-2019-6539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-150/advisory.json", "detail_path": "advisories/ZDI-19-150", "id": "ZDI-19-150", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU addresslib PLC Type Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-150/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-6811", "zdi_id": "ZDI-19-150" }, { "cve": "CVE-2019-6539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-149/advisory.json", "detail_path": "advisories/ZDI-19-149", "id": "ZDI-19-149", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU screendata Desc FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-149/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-6516", "zdi_id": "ZDI-19-149" }, { "cve": "CVE-2019-6541", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-148/advisory.json", "detail_path": "advisories/ZDI-19-148", "id": "ZDI-19-148", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU fontlib Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-148/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-6649", "zdi_id": "ZDI-19-148" }, { "cve": "CVE-2019-6539", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-147/advisory.json", "detail_path": "advisories/ZDI-19-147", "id": "ZDI-19-147", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU addresslib PLC Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-147/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-6554", "zdi_id": "ZDI-19-147" }, { "cve": "CVE-2019-6539", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-146/advisory.json", "detail_path": "advisories/ZDI-19-146", "id": "ZDI-19-146", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU screendata LaIndexID/TextContent Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-146/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6493", "zdi_id": "ZDI-19-146" }, { "cve": "CVE-2019-6537", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-145/advisory.json", "detail_path": "advisories/ZDI-19-145", "id": "ZDI-19-145", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU DataLogTool Edit Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-145/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6347", "zdi_id": "ZDI-19-145" }, { "cve": "CVE-2019-6537", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-144/advisory.json", "detail_path": "advisories/ZDI-19-144", "id": "ZDI-19-144", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-144/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6346", "zdi_id": "ZDI-19-144" }, { "cve": "CVE-2019-6537", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-143/advisory.json", "detail_path": "advisories/ZDI-19-143", "id": "ZDI-19-143", "kind": "published", "published_date": "2019-01-29", "status": "published", "title": "(0Day) Wecon LeviStudioU DataLogTool History Curve Set Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-143/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6345", "zdi_id": "ZDI-19-143" }, { "cve": "CVE-2019-6727", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-142/advisory.json", "detail_path": "advisories/ZDI-19-142", "id": "ZDI-19-142", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader XFA removeInstance Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-142/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7601", "zdi_id": "ZDI-19-142" }, { "cve": "CVE-2019-6735", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-141/advisory.json", "detail_path": "advisories/ZDI-19-141", "id": "ZDI-19-141", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-141/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7355", "zdi_id": "ZDI-19-141" }, { "cve": "CVE-2019-6734", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-140/advisory.json", "detail_path": "advisories/ZDI-19-140", "id": "ZDI-19-140", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit PhantomPDF setInterval Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-140/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7452", "zdi_id": "ZDI-19-140" }, { "cve": "CVE-2019-6733", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-139/advisory.json", "detail_path": "advisories/ZDI-19-139", "id": "ZDI-19-139", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit PhantomPDF PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-139/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7576", "zdi_id": "ZDI-19-139" }, { "cve": "CVE-2019-6732", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-138/advisory.json", "detail_path": "advisories/ZDI-19-138", "id": "ZDI-19-138", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit PhantomPDF AFParseDateEx Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-138/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7453", "zdi_id": "ZDI-19-138" }, { "cve": "CVE-2019-6731", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-19-137/advisory.json", "detail_path": "advisories/ZDI-19-137", "id": "ZDI-19-137", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-137/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7369", "zdi_id": "ZDI-19-137" }, { "cve": "CVE-2019-6730", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-136/advisory.json", "detail_path": "advisories/ZDI-19-136", "id": "ZDI-19-136", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader popUpMenu Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-136/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7368", "zdi_id": "ZDI-19-136" }, { "cve": "CVE-2019-6729", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-135/advisory.json", "detail_path": "advisories/ZDI-19-135", "id": "ZDI-19-135", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-135/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7423", "zdi_id": "ZDI-19-135" }, { "cve": "CVE-2019-6728", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-19-134/advisory.json", "detail_path": "advisories/ZDI-19-134", "id": "ZDI-19-134", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-134/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7353", "zdi_id": "ZDI-19-134" }, { "cve": "CVE-2019-6727", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-133/advisory.json", "detail_path": "advisories/ZDI-19-133", "id": "ZDI-19-133", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader XFA remerge Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-133/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7347", "zdi_id": "ZDI-19-133" }, { "cve": "CVE-2019-5005", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-132/advisory.json", "detail_path": "advisories/ZDI-19-132", "id": "ZDI-19-132", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Foxit Reader ConvertToPDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2020-05-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-132/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7593", "zdi_id": "ZDI-19-132" }, { "cve": "CVE-2019-6216", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-131/advisory.json", "detail_path": "advisories/ZDI-19-131", "id": "ZDI-19-131", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "(Pwn2Own) Apple Safari Global RegExp JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-131/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7479", "zdi_id": "ZDI-19-131" }, { "cve": "CVE-2019-6339", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Drupal. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of Phar archives. The issue results from the lac...", "detail_json": "/data/advisories/ZDI-19-130/advisory.json", "detail_path": "advisories/ZDI-19-130", "id": "ZDI-19-130", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Drupal Phar File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-130/", "vendor": "Drupal", "vendor_url": null, "zdi_can": "ZDI-CAN-7232", "zdi_id": "ZDI-19-130" }, { "cve": "CVE-2019-1636", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webex Cisco Spark. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the wa...", "detail_json": "/data/advisories/ZDI-19-129/advisory.json", "detail_path": "advisories/ZDI-19-129", "id": "ZDI-19-129", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Cisco Webex Teams Cisco Spark URI Handler Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-129/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-7160", "zdi_id": "ZDI-19-129" }, { "cve": "CVE-2019-1638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-19-128/advisory.json", "detail_path": "advisories/ZDI-19-128", "id": "ZDI-19-128", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-128/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-7043", "zdi_id": "ZDI-19-128" }, { "cve": "CVE-2019-6211", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-127/advisory.json", "detail_path": "advisories/ZDI-19-127", "id": "ZDI-19-127", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Apple Safari RTCPeerConnection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-127/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7481", "zdi_id": "ZDI-19-127" }, { "cve": "CVE-2019-6202", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-126/advisory.json", "detail_path": "advisories/ZDI-19-126", "id": "ZDI-19-126", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "(Pwn2Own) Apple iOS mediaserverd cypc Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-126/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7480", "zdi_id": "ZDI-19-126" }, { "cve": "CVE-2019-6221", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-19-125/advisory.json", "detail_path": "advisories/ZDI-19-125", "id": "ZDI-19-125", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "(Pwn2Own) Apple iOS mediaserverd crte Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-125/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7474", "zdi_id": "ZDI-19-125" }, { "cve": "CVE-2019-6217", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-124/advisory.json", "detail_path": "advisories/ZDI-19-124", "id": "ZDI-19-124", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "(Pwn2Own) Apple Safari RegExp JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-06-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-124/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7473", "zdi_id": "ZDI-19-124" }, { "cve": "CVE-2019-6234", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-123/advisory.json", "detail_path": "advisories/ZDI-19-123", "id": "ZDI-19-123", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Apple Safari CSSFontFace Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-123/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7204", "zdi_id": "ZDI-19-123" }, { "cve": "CVE-2019-6233", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-19-122/advisory.json", "detail_path": "advisories/ZDI-19-122", "id": "ZDI-19-122", "kind": "published", "published_date": "2019-01-25", "status": "published", "title": "Apple Safari RenderBlockFlow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-122/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7205", "zdi_id": "ZDI-19-122" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-121/advisory.json", "detail_path": "advisories/ZDI-19-121", "id": "ZDI-19-121", "kind": "published", "published_date": "2019-01-22", "status": "published", "title": "(0Day) Microsoft Windows contact File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-121/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7591", "zdi_id": "ZDI-19-121" }, { "cve": "CVE-2018-19027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-120/advisory.json", "detail_path": "advisories/ZDI-19-120", "id": "ZDI-19-120", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-120/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6587", "zdi_id": "ZDI-19-120" }, { "cve": "CVE-2018-19019", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-119/advisory.json", "detail_path": "advisories/ZDI-19-119", "id": "ZDI-19-119", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing CStringData Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-119/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6715", "zdi_id": "ZDI-19-119" }, { "cve": "CVE-2018-19017", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-118/advisory.json", "detail_path": "advisories/ZDI-19-118", "id": "ZDI-19-118", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-118/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6719", "zdi_id": "ZDI-19-118" }, { "cve": "CVE-2018-19017", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-117/advisory.json", "detail_path": "advisories/ZDI-19-117", "id": "ZDI-19-117", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor scs File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-117/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6694", "zdi_id": "ZDI-19-117" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-116/advisory.json", "detail_path": "advisories/ZDI-19-116", "id": "ZDI-19-116", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-116/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6695", "zdi_id": "ZDI-19-116" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-115/advisory.json", "detail_path": "advisories/ZDI-19-115", "id": "ZDI-19-115", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-115/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6689", "zdi_id": "ZDI-19-115" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-114/advisory.json", "detail_path": "advisories/ZDI-19-114", "id": "ZDI-19-114", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-114/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6688", "zdi_id": "ZDI-19-114" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-113/advisory.json", "detail_path": "advisories/ZDI-19-113", "id": "ZDI-19-113", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-113/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6696", "zdi_id": "ZDI-19-113" }, { "cve": "CVE-2018-19017", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-112/advisory.json", "detail_path": "advisories/ZDI-19-112", "id": "ZDI-19-112", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-112/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6693", "zdi_id": "ZDI-19-112" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-111/advisory.json", "detail_path": "advisories/ZDI-19-111", "id": "ZDI-19-111", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing MoveFile Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-111/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6643", "zdi_id": "ZDI-19-111" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-110/advisory.json", "detail_path": "advisories/ZDI-19-110", "id": "ZDI-19-110", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing CopyFile Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-110/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6644", "zdi_id": "ZDI-19-110" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-109/advisory.json", "detail_path": "advisories/ZDI-19-109", "id": "ZDI-19-109", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing ExecuteJScriptFile Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-109/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6641", "zdi_id": "ZDI-19-109" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-108/advisory.json", "detail_path": "advisories/ZDI-19-108", "id": "ZDI-19-108", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing ExecuteVBScriptFile Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-108/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6642", "zdi_id": "ZDI-19-108" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-107/advisory.json", "detail_path": "advisories/ZDI-19-107", "id": "ZDI-19-107", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing ViewReport Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-107/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6638", "zdi_id": "ZDI-19-107" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-106/advisory.json", "detail_path": "advisories/ZDI-19-106", "id": "ZDI-19-106", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing GenerateReport API File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-106/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6636", "zdi_id": "ZDI-19-106" }, { "cve": "CVE-2018-19013", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-105/advisory.json", "detail_path": "advisories/ZDI-19-105", "id": "ZDI-19-105", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing DeleteFile Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-105/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6646", "zdi_id": "ZDI-19-105" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-104/advisory.json", "detail_path": "advisories/ZDI-19-104", "id": "ZDI-19-104", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing EditFile API Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-104/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6637", "zdi_id": "ZDI-19-104" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-103/advisory.json", "detail_path": "advisories/ZDI-19-103", "id": "ZDI-19-103", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing WriteMessage Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-103/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6639", "zdi_id": "ZDI-19-103" }, { "cve": "CVE-2018-19013", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-102/advisory.json", "detail_path": "advisories/ZDI-19-102", "id": "ZDI-19-102", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing UploadPLCProgram API Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-102/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6662", "zdi_id": "ZDI-19-102" }, { "cve": "CVE-2018-19015", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-101/advisory.json", "detail_path": "advisories/ZDI-19-101", "id": "ZDI-19-101", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing RunApplication API Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-101/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6647", "zdi_id": "ZDI-19-101" }, { "cve": "CVE-2018-19011", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-19-100/advisory.json", "detail_path": "advisories/ZDI-19-100", "id": "ZDI-19-100", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "OMRON CX-Supervisor sr3 Code Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-100/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6645", "zdi_id": "ZDI-19-100" }, { "cve": "CVE-2018-19004", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-099/advisory.json", "detail_path": "advisories/ZDI-19-099", "id": "ZDI-19-099", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-099/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-7114", "zdi_id": "ZDI-19-099" }, { "cve": "CVE-2018-19004", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-098/advisory.json", "detail_path": "advisories/ZDI-19-098", "id": "ZDI-19-098", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-098/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-7113", "zdi_id": "ZDI-19-098" }, { "cve": "CVE-2018-19002", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-097/advisory.json", "detail_path": "advisories/ZDI-19-097", "id": "ZDI-19-097", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LQS File Parsing Improper Control of Generation of Code Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-097/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-7110", "zdi_id": "ZDI-19-097" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-096/advisory.json", "detail_path": "advisories/ZDI-19-096", "id": "ZDI-19-096", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report File BlockWrite Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-096/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6681", "zdi_id": "ZDI-19-096" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-095/advisory.json", "detail_path": "advisories/ZDI-19-095", "id": "ZDI-19-095", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report File Open Path Traversal Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-095/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6680", "zdi_id": "ZDI-19-095" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-094/advisory.json", "detail_path": "advisories/ZDI-19-094", "id": "ZDI-19-094", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report TextFile Read Directory Traversal Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-094/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6679", "zdi_id": "ZDI-19-094" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-093/advisory.json", "detail_path": "advisories/ZDI-19-093", "id": "ZDI-19-093", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report File Open Path Traversal Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-093/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6678", "zdi_id": "ZDI-19-093" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-092/advisory.json", "detail_path": "advisories/ZDI-19-092", "id": "ZDI-19-092", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Ini WriteNumber Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-092/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6629", "zdi_id": "ZDI-19-092" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-091/advisory.json", "detail_path": "advisories/ZDI-19-091", "id": "ZDI-19-091", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report AddComboFile Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-091/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6628", "zdi_id": "ZDI-19-091" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-090/advisory.json", "detail_path": "advisories/ZDI-19-090", "id": "ZDI-19-090", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report TextFile Append Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-090/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6627", "zdi_id": "ZDI-19-090" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-089/advisory.json", "detail_path": "advisories/ZDI-19-089", "id": "ZDI-19-089", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryReadLong Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-089/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6626", "zdi_id": "ZDI-19-089" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-088/advisory.json", "detail_path": "advisories/ZDI-19-088", "id": "ZDI-19-088", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryReadByte Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-088/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6625", "zdi_id": "ZDI-19-088" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-087/advisory.json", "detail_path": "advisories/ZDI-19-087", "id": "ZDI-19-087", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryReadDouble Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-087/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6624", "zdi_id": "ZDI-19-087" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-086/advisory.json", "detail_path": "advisories/ZDI-19-086", "id": "ZDI-19-086", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryReadWord Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-086/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6623", "zdi_id": "ZDI-19-086" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-085/advisory.json", "detail_path": "advisories/ZDI-19-085", "id": "ZDI-19-085", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory ReAlloc Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-085/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6622", "zdi_id": "ZDI-19-085" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-084/advisory.json", "detail_path": "advisories/ZDI-19-084", "id": "ZDI-19-084", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory Byte Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-084/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6621", "zdi_id": "ZDI-19-084" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-083/advisory.json", "detail_path": "advisories/ZDI-19-083", "id": "ZDI-19-083", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryWriteWord Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-083/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6620", "zdi_id": "ZDI-19-083" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-082/advisory.json", "detail_path": "advisories/ZDI-19-082", "id": "ZDI-19-082", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryWriteLong Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-082/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6578", "zdi_id": "ZDI-19-082" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-081/advisory.json", "detail_path": "advisories/ZDI-19-081", "id": "ZDI-19-081", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryWriteDouble Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-081/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6577", "zdi_id": "ZDI-19-081" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-080/advisory.json", "detail_path": "advisories/ZDI-19-080", "id": "ZDI-19-080", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report File Write Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-080/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6576", "zdi_id": "ZDI-19-080" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-079/advisory.json", "detail_path": "advisories/ZDI-19-079", "id": "ZDI-19-079", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report MemoryWriteByte Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-079/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6575", "zdi_id": "ZDI-19-079" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-078/advisory.json", "detail_path": "advisories/ZDI-19-078", "id": "ZDI-19-078", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Ini WriteString Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-078/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6574", "zdi_id": "ZDI-19-078" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-077/advisory.json", "detail_path": "advisories/ZDI-19-077", "id": "ZDI-19-077", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory Integer Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-077/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6573", "zdi_id": "ZDI-19-077" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-076/advisory.json", "detail_path": "advisories/ZDI-19-076", "id": "ZDI-19-076", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory Double Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-076/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6572", "zdi_id": "ZDI-19-076" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-075/advisory.json", "detail_path": "advisories/ZDI-19-075", "id": "ZDI-19-075", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory Free Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-075/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6571", "zdi_id": "ZDI-19-075" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-074/advisory.json", "detail_path": "advisories/ZDI-19-074", "id": "ZDI-19-074", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA lgx Report Memory Long Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-074/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6570", "zdi_id": "ZDI-19-074" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-073/advisory.json", "detail_path": "advisories/ZDI-19-073", "id": "ZDI-19-073", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory Word Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-073/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6569", "zdi_id": "ZDI-19-073" }, { "cve": "CVE-2018-18988", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-19-072/advisory.json", "detail_path": "advisories/ZDI-19-072", "id": "ZDI-19-072", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Memory PChar Untrusted Pointer Dereference Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-072/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6568", "zdi_id": "ZDI-19-072" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-071/advisory.json", "detail_path": "advisories/ZDI-19-071", "id": "ZDI-19-071", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Edit Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-071/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6492", "zdi_id": "ZDI-19-071" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-070/advisory.json", "detail_path": "advisories/ZDI-19-070", "id": "ZDI-19-070", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report TextFile Write Arbitrary File Creation Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-070/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6579", "zdi_id": "ZDI-19-070" }, { "cve": "CVE-2018-18988", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-069/advisory.json", "detail_path": "advisories/ZDI-19-069", "id": "ZDI-19-069", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report ShellExecute Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-069/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6491", "zdi_id": "ZDI-19-069" }, { "cve": "CVE-2018-19000", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of URIs by the product's web...", "detail_json": "/data/advisories/ZDI-19-068/advisory.json", "detail_path": "advisories/ZDI-19-068", "id": "ZDI-19-068", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server URI Parsing Authentication Bypass Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-068/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-7074", "zdi_id": "ZDI-19-068" }, { "cve": "CVE-2018-18998", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the pro...", "detail_json": "/data/advisories/ZDI-19-067/advisory.json", "detail_path": "advisories/ZDI-19-067", "id": "ZDI-19-067", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-067/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6677", "zdi_id": "ZDI-19-067" }, { "cve": "CVE-2018-18996", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.l...", "detail_json": "/data/advisories/ZDI-19-066/advisory.json", "detail_path": "advisories/ZDI-19-066", "id": "ZDI-19-066", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server relatorionome NOME Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-066/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6676", "zdi_id": "ZDI-19-066" }, { "cve": "CVE-2018-18996", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.l...", "detail_json": "/data/advisories/ZDI-19-065/advisory.json", "detail_path": "advisories/ZDI-19-065", "id": "ZDI-19-065", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server relatorionome TAG Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-065/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6675", "zdi_id": "ZDI-19-065" }, { "cve": "CVE-2018-18996", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.l...", "detail_json": "/data/advisories/ZDI-19-064/advisory.json", "detail_path": "advisories/ZDI-19-064", "id": "ZDI-19-064", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server relatorionome TITULO Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-064/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6674", "zdi_id": "ZDI-19-064" }, { "cve": "CVE-2018-18992", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to acompanhamentot...", "detail_json": "/data/advisories/ZDI-19-063/advisory.json", "detail_path": "advisories/ZDI-19-063", "id": "ZDI-19-063", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server acompanhamentotela TAGALTERE Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-063/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6673", "zdi_id": "ZDI-19-063" }, { "cve": "CVE-2018-18992", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to acompanhamentot...", "detail_json": "/data/advisories/ZDI-19-062/advisory.json", "detail_path": "advisories/ZDI-19-062", "id": "ZDI-19-062", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-062/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6672", "zdi_id": "ZDI-19-062" }, { "cve": "CVE-2018-18992", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorioindivi...", "detail_json": "/data/advisories/ZDI-19-061/advisory.json", "detail_path": "advisories/ZDI-19-061", "id": "ZDI-19-061", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server relatorioindividual TITULO Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-061/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6671", "zdi_id": "ZDI-19-061" }, { "cve": "CVE-2018-18994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files....", "detail_json": "/data/advisories/ZDI-19-060/advisory.json", "detail_path": "advisories/ZDI-19-060", "id": "ZDI-19-060", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-060/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6670", "zdi_id": "ZDI-19-060" }, { "cve": "CVE-2018-18992", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorioindivi...", "detail_json": "/data/advisories/ZDI-19-059/advisory.json", "detail_path": "advisories/ZDI-19-059", "id": "ZDI-19-059", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server relatorioindividual TAG Command Injection Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-059/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6668", "zdi_id": "ZDI-19-059" }, { "cve": "CVE-2018-18990", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requested URLs....", "detail_json": "/data/advisories/ZDI-19-058/advisory.json", "detail_path": "advisories/ZDI-19-058", "id": "ZDI-19-058", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA Web Server Directory Traversal Information Disclosure Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-058/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6667", "zdi_id": "ZDI-19-058" }, { "cve": "CVE-2018-18986", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-057/advisory.json", "detail_path": "advisories/ZDI-19-057", "id": "ZDI-19-057", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LGX Report Format File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-057/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6490", "zdi_id": "ZDI-19-057" }, { "cve": "CVE-2018-19029", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-056/advisory.json", "detail_path": "advisories/ZDI-19-056", "id": "ZDI-19-056", "kind": "published", "published_date": "2019-01-19", "status": "published", "title": "LAquis SCADA LQS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2019-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-056/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6452", "zdi_id": "ZDI-19-056" }, { "cve": "CVE-2019-2526", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-055/advisory.json", "detail_path": "advisories/ZDI-19-055", "id": "ZDI-19-055", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetActiveUniform Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-055/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7210", "zdi_id": "ZDI-19-055" }, { "cve": "CVE-2019-0585", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-19-054/advisory.json", "detail_path": "advisories/ZDI-19-054", "id": "ZDI-19-054", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Microsoft Office Word wwlib Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-054/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6838", "zdi_id": "ZDI-19-054" }, { "cve": "CVE-2019-2451", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-053/advisory.json", "detail_path": "advisories/ZDI-19-053", "id": "ZDI-19-053", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapiv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-053/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7448", "zdi_id": "ZDI-19-053" }, { "cve": "CVE-2019-2554", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-052/advisory.json", "detail_path": "advisories/ZDI-19-052", "id": "ZDI-19-052", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapfv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-052/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7447", "zdi_id": "ZDI-19-052" }, { "cve": "CVE-2019-2555", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-051/advisory.json", "detail_path": "advisories/ZDI-19-051", "id": "ZDI-19-051", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapiv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-051/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7446", "zdi_id": "ZDI-19-051" }, { "cve": "CVE-2019-2450", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-050/advisory.json", "detail_path": "advisories/ZDI-19-050", "id": "ZDI-19-050", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapfv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-050/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7445", "zdi_id": "ZDI-19-050" }, { "cve": "CVE-2019-2548", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-049/advisory.json", "detail_path": "advisories/ZDI-19-049", "id": "ZDI-19-049", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchReadPixels Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-049/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7383", "zdi_id": "ZDI-19-049" }, { "cve": "CVE-2019-2448", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-048/advisory.json", "detail_path": "advisories/ZDI-19-048", "id": "ZDI-19-048", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crUnpackExtendGetUniformLocation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-048/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6964", "zdi_id": "ZDI-19-048" }, { "cve": "CVE-2019-2525", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-047/advisory.json", "detail_path": "advisories/ZDI-19-047", "id": "ZDI-19-047", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crUnpackExtendGetAttribLocation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-047/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6963", "zdi_id": "ZDI-19-047" }, { "cve": "CVE-2019-2446", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-046/advisory.json", "detail_path": "advisories/ZDI-19-046", "id": "ZDI-19-046", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox svcGetBuffer Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2021-06-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-046/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6904", "zdi_id": "ZDI-19-046" }, { "cve": "CVE-2019-2525", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-045/advisory.json", "detail_path": "advisories/ZDI-19-045", "id": "ZDI-19-045", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crUnpackExtendGetAttribLocation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-045/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7330", "zdi_id": "ZDI-19-045" }, { "cve": "CVE-2019-2524", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-044/advisory.json", "detail_path": "advisories/ZDI-19-044", "id": "ZDI-19-044", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetActiveAttrib Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-044/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7209", "zdi_id": "ZDI-19-044" }, { "cve": "CVE-2019-2523", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-043/advisory.json", "detail_path": "advisories/ZDI-19-043", "id": "ZDI-19-043", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crStateDeleteQueriesARB Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-043/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6986", "zdi_id": "ZDI-19-043" }, { "cve": "CVE-2019-2520", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-042/advisory.json", "detail_path": "advisories/ZDI-19-042", "id": "ZDI-19-042", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crStateDeleteRenderbuffersEXT Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-042/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6985", "zdi_id": "ZDI-19-042" }, { "cve": "CVE-2019-2522", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-041/advisory.json", "detail_path": "advisories/ZDI-19-041", "id": "ZDI-19-041", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crStateDeleteFramebuffersEXT Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-041/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6983", "zdi_id": "ZDI-19-041" }, { "cve": "CVE-2019-2521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-040/advisory.json", "detail_path": "advisories/ZDI-19-040", "id": "ZDI-19-040", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crStateDeleteBuffersARB Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-040/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6980", "zdi_id": "ZDI-19-040" }, { "cve": "CVE-2018-3147", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-19-039/advisory.json", "detail_path": "advisories/ZDI-19-039", "id": "ZDI-19-039", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle Outside In vsxl5 GelFrame Record Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-039/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7592", "zdi_id": "ZDI-19-039" }, { "cve": "CVE-2019-2500", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-19-038/advisory.json", "detail_path": "advisories/ZDI-19-038", "id": "ZDI-19-038", "kind": "published", "published_date": "2019-01-17", "status": "published", "title": "Oracle VirtualBox crServerMuralVisibleRegion Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-038/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7328", "zdi_id": "ZDI-19-038" }, { "cve": "CVE-2019-2501", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-037/advisory.json", "detail_path": "advisories/ZDI-19-037", "id": "ZDI-19-037", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapdv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-037/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7327", "zdi_id": "ZDI-19-037" }, { "cve": "CVE-2019-2504", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-036/advisory.json", "detail_path": "advisories/ZDI-19-036", "id": "ZDI-19-036", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexEnvfv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-036/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7200", "zdi_id": "ZDI-19-036" }, { "cve": "CVE-2019-2505", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-035/advisory.json", "detail_path": "advisories/ZDI-19-035", "id": "ZDI-19-035", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetMapdv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-035/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7199", "zdi_id": "ZDI-19-035" }, { "cve": "CVE-2019-2506", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-19-034/advisory.json", "detail_path": "advisories/ZDI-19-034", "id": "ZDI-19-034", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetTexEnviv Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-034/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7198", "zdi_id": "ZDI-19-034" }, { "cve": "CVE-2019-2449", "cvss": 5.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-19-033/advisory.json", "detail_path": "advisories/ZDI-19-033", "id": "ZDI-19-033", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Oracle Java jnlp Protocol Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-033/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7151", "zdi_id": "ZDI-19-033" }, { "cve": "CVE-2018-7836", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-19-032/advisory.json", "detail_path": "advisories/ZDI-19-032", "id": "ZDI-19-032", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Schneider Electric IIoT Monitor UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-032/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7120", "zdi_id": "ZDI-19-032" }, { "cve": "CVE-2018-7839", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows the decryption of the administrator password on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within encryption of the administrato...", "detail_json": "/data/advisories/ZDI-19-031/advisory.json", "detail_path": "advisories/ZDI-19-031", "id": "ZDI-19-031", "kind": "published", "published_date": "2019-01-16", "status": "published", "title": "Schneider Electric IIoT Monitor Hard-coded Cryptographic Key Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-031/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7119", "zdi_id": "ZDI-19-031" }, { "cve": "CVE-2018-7836", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the upload met...", "detail_json": "/data/advisories/ZDI-19-030/advisory.json", "detail_path": "advisories/ZDI-19-030", "id": "ZDI-19-030", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor SettingMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-030/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7136", "zdi_id": "ZDI-19-030" }, { "cve": "CVE-2018-7836", "cvss": 9.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the upload met...", "detail_json": "/data/advisories/ZDI-19-029/advisory.json", "detail_path": "advisories/ZDI-19-029", "id": "ZDI-19-029", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor DeviceMapMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-029/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7135", "zdi_id": "ZDI-19-029" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the addRule method of the Ru...", "detail_json": "/data/advisories/ZDI-19-028/advisory.json", "detail_path": "advisories/ZDI-19-028", "id": "ZDI-19-028", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor RuleMgmt addRule XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-028/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7133", "zdi_id": "ZDI-19-028" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the getEvtPeriod method of t...", "detail_json": "/data/advisories/ZDI-19-027/advisory.json", "detail_path": "advisories/ZDI-19-027", "id": "ZDI-19-027", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor EventMgmt getEvtPeriod XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-027/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7127", "zdi_id": "ZDI-19-027" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the addEvent method of the E...", "detail_json": "/data/advisories/ZDI-19-026/advisory.json", "detail_path": "advisories/ZDI-19-026", "id": "ZDI-19-026", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor EventMgmt addEvent XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-026/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7126", "zdi_id": "ZDI-19-026" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Logout method of the Acc...", "detail_json": "/data/advisories/ZDI-19-025/advisory.json", "detail_path": "advisories/ZDI-19-025", "id": "ZDI-19-025", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor AccountMgmt Logout XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-025/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7125", "zdi_id": "ZDI-19-025" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the forgotPwd method of the...", "detail_json": "/data/advisories/ZDI-19-024/advisory.json", "detail_path": "advisories/ZDI-19-024", "id": "ZDI-19-024", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor AccountMgmt forgotPwd XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-024/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7124", "zdi_id": "ZDI-19-024" }, { "cve": "CVE-2018-7837", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Login method of the Acco...", "detail_json": "/data/advisories/ZDI-19-023/advisory.json", "detail_path": "advisories/ZDI-19-023", "id": "ZDI-19-023", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor AccountMgmt Login XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-023/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7123", "zdi_id": "ZDI-19-023" }, { "cve": "CVE-2018-7836", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-19-022/advisory.json", "detail_path": "advisories/ZDI-19-022", "id": "ZDI-19-022", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor RecoveryMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-022/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7122", "zdi_id": "ZDI-19-022" }, { "cve": "CVE-2018-7836", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-19-021/advisory.json", "detail_path": "advisories/ZDI-19-021", "id": "ZDI-19-021", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor ProtectionMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-021/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7121", "zdi_id": "ZDI-19-021" }, { "cve": "CVE-2018-7835", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within downloadCSV.jsp servlet....", "detail_json": "/data/advisories/ZDI-19-020/advisory.json", "detail_path": "advisories/ZDI-19-020", "id": "ZDI-19-020", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "Schneider Electric IIoT Monitor downloadCSV Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-020/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7118", "zdi_id": "ZDI-19-020" }, { "cve": "CVE-2018-19027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-019/advisory.json", "detail_path": "advisories/ZDI-19-019", "id": "ZDI-19-019", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-019/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6585", "zdi_id": "ZDI-19-019" }, { "cve": "CVE-2018-19027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-018/advisory.json", "detail_path": "advisories/ZDI-19-018", "id": "ZDI-19-018", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-018/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6566", "zdi_id": "ZDI-19-018" }, { "cve": "CVE-2018-19027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-017/advisory.json", "detail_path": "advisories/ZDI-19-017", "id": "ZDI-19-017", "kind": "published", "published_date": "2019-01-14", "status": "published", "title": "OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-017/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6565", "zdi_id": "ZDI-19-017" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-016/advisory.json", "detail_path": "advisories/ZDI-19-016", "id": "ZDI-19-016", "kind": "published", "published_date": "2019-01-10", "status": "published", "title": "Microsoft Visual Studio wpa Protocol XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7251", "zdi_id": "ZDI-19-016" }, { "cve": "CVE-2019-0546", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on executables compiled using vulnerable installations of Microsoft Visual Studio. Attack vectors will vary depending on the nature of the executable in question. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-19-015/advisory.json", "detail_path": "advisories/ZDI-19-015", "id": "ZDI-19-015", "kind": "published", "published_date": "2019-01-10", "status": "published", "title": "Microsoft Visual Studio asm Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-015/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7370", "zdi_id": "ZDI-19-015" }, { "cve": "CVE-2019-0537", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-19-014/advisory.json", "detail_path": "advisories/ZDI-19-014", "id": "ZDI-19-014", "kind": "published", "published_date": "2019-01-10", "status": "published", "title": "Microsoft Visual Studio vscontent XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7240", "zdi_id": "ZDI-19-014" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-013/advisory.json", "detail_path": "advisories/ZDI-19-013", "id": "ZDI-19-013", "kind": "published", "published_date": "2019-01-10", "status": "published", "title": "(0Day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2019-05-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6920", "zdi_id": "ZDI-19-013" }, { "cve": "CVE-2019-0577", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-012/advisory.json", "detail_path": "advisories/ZDI-19-012", "id": "ZDI-19-012", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7316", "zdi_id": "ZDI-19-012" }, { "cve": "CVE-2019-0575", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-011/advisory.json", "detail_path": "advisories/ZDI-19-011", "id": "ZDI-19-011", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-011/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7386", "zdi_id": "ZDI-19-011" }, { "cve": "CVE-2019-0584", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-010/advisory.json", "detail_path": "advisories/ZDI-19-010", "id": "ZDI-19-010", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-010/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7268", "zdi_id": "ZDI-19-010" }, { "cve": "CVE-2019-0583", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-009/advisory.json", "detail_path": "advisories/ZDI-19-009", "id": "ZDI-19-009", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-009/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7293", "zdi_id": "ZDI-19-009" }, { "cve": "CVE-2019-0582", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-008/advisory.json", "detail_path": "advisories/ZDI-19-008", "id": "ZDI-19-008", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-008/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7267", "zdi_id": "ZDI-19-008" }, { "cve": "CVE-2019-0581", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-007/advisory.json", "detail_path": "advisories/ZDI-19-007", "id": "ZDI-19-007", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7295", "zdi_id": "ZDI-19-007" }, { "cve": "CVE-2019-0580", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-19-006/advisory.json", "detail_path": "advisories/ZDI-19-006", "id": "ZDI-19-006", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-006/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7271", "zdi_id": "ZDI-19-006" }, { "cve": "CVE-2018-7817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ZelioSoft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-005/advisory.json", "detail_path": "advisories/ZDI-19-005", "id": "ZDI-19-005", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Schneider Electric ZelioSoft2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-005/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7099", "zdi_id": "ZDI-19-005" }, { "cve": "CVE-2018-7817", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ZelioSoft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-19-004/advisory.json", "detail_path": "advisories/ZDI-19-004", "id": "ZDI-19-004", "kind": "published", "published_date": "2019-01-09", "status": "published", "title": "Schneider Electric ZelioSoft2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-004/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-7100", "zdi_id": "ZDI-19-004" }, { "cve": "CVE-2018-19023", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Hetronic equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists with the communication between the transmitter and receiver...", "detail_json": "/data/advisories/ZDI-19-003/advisory.json", "detail_path": "advisories/ZDI-19-003", "id": "ZDI-19-003", "kind": "published", "published_date": "2019-01-04", "status": "published", "title": "Hetronic Nova-M Replay Attack Vulnerability", "updated_date": "2019-01-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-003/", "vendor": "Hetronic", "vendor_url": null, "zdi_can": "ZDI-CAN-6182", "zdi_id": "ZDI-19-003" }, { "cve": "CVE-2018-16018", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-19-002/advisory.json", "detail_path": "advisories/ZDI-19-002", "id": "ZDI-19-002", "kind": "published", "published_date": "2019-01-04", "status": "published", "title": "Adobe Acrobat Reader DC JavaScript Read-Only Variables Arbitrary Overwrite Restrictions Bypass Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-002/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7229", "zdi_id": "ZDI-19-002" }, { "cve": "CVE-2018-16011", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-19-001/advisory.json", "detail_path": "advisories/ZDI-19-001", "id": "ZDI-19-001", "kind": "published", "published_date": "2019-01-04", "status": "published", "title": "Adobe Acrobat Pro DC Preflight setDefaultLibrary Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2020-08-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-001/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6656", "zdi_id": "ZDI-19-001" }, { "cve": "CVE-2018-14319", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-18-1450/advisory.json", "detail_path": "advisories/ZDI-18-1450", "id": "ZDI-18-1450", "kind": "published", "published_date": "2019-03-04", "status": "published", "title": "(Pwn2Own) Samsung Galaxy S8 Shannon Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-03-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1450/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5785", "zdi_id": "ZDI-18-1450" }, { "cve": "CVE-2018-3293", "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-1449/advisory.json", "detail_path": "advisories/ZDI-18-1449", "id": "ZDI-18-1449", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "Oracle VirtualBox crUnpackMap2d Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1449/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7228", "zdi_id": "ZDI-18-1449" }, { "cve": "CVE-2018-3293", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1448/advisory.json", "detail_path": "advisories/ZDI-18-1448", "id": "ZDI-18-1448", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "Oracle VirtualBox crUnpackMap1d Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1448/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7227", "zdi_id": "ZDI-18-1448" }, { "cve": "CVE-2018-3293", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1447/advisory.json", "detail_path": "advisories/ZDI-18-1447", "id": "ZDI-18-1447", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "Oracle VirtualBox crServerReturnValue Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1447/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7164", "zdi_id": "ZDI-18-1447" }, { "cve": "CVE-2018-17909", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1446/advisory.json", "detail_path": "advisories/ZDI-18-1446", "id": "ZDI-18-1446", "kind": "published", "published_date": "2019-01-24", "status": "published", "title": "OMRON CX-Supervisor sr3 File Parsing Script API HWND Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1446/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6657", "zdi_id": "ZDI-18-1446" }, { "cve": "CVE-2018-19728", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1445/advisory.json", "detail_path": "advisories/ZDI-18-1445", "id": "ZDI-18-1445", "kind": "published", "published_date": "2019-01-22", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1445/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7534", "zdi_id": "ZDI-18-1445" }, { "cve": "CVE-2018-19005", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1444/advisory.json", "detail_path": "advisories/ZDI-18-1444", "id": "ZDI-18-1444", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1444/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6433", "zdi_id": "ZDI-18-1444" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1443/advisory.json", "detail_path": "advisories/ZDI-18-1443", "id": "ZDI-18-1443", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1443/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6432", "zdi_id": "ZDI-18-1443" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1442/advisory.json", "detail_path": "advisories/ZDI-18-1442", "id": "ZDI-18-1442", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1442/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6431", "zdi_id": "ZDI-18-1442" }, { "cve": "CVE-2018-19005", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-1441/advisory.json", "detail_path": "advisories/ZDI-18-1441", "id": "ZDI-18-1441", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1441/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6430", "zdi_id": "ZDI-18-1441" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1440/advisory.json", "detail_path": "advisories/ZDI-18-1440", "id": "ZDI-18-1440", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1440/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6413", "zdi_id": "ZDI-18-1440" }, { "cve": "CVE-2018-19005", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1439/advisory.json", "detail_path": "advisories/ZDI-18-1439", "id": "ZDI-18-1439", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1439/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6412", "zdi_id": "ZDI-18-1439" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1438/advisory.json", "detail_path": "advisories/ZDI-18-1438", "id": "ZDI-18-1438", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1438/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6411", "zdi_id": "ZDI-18-1438" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1437/advisory.json", "detail_path": "advisories/ZDI-18-1437", "id": "ZDI-18-1437", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1437/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6410", "zdi_id": "ZDI-18-1437" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1436/advisory.json", "detail_path": "advisories/ZDI-18-1436", "id": "ZDI-18-1436", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1436/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6409", "zdi_id": "ZDI-18-1436" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1435/advisory.json", "detail_path": "advisories/ZDI-18-1435", "id": "ZDI-18-1435", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1435/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6408", "zdi_id": "ZDI-18-1435" }, { "cve": "CVE-2018-19005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1434/advisory.json", "detail_path": "advisories/ZDI-18-1434", "id": "ZDI-18-1434", "kind": "published", "published_date": "2019-01-02", "status": "published", "title": "Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2019-01-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1434/", "vendor": "Horner Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6407", "zdi_id": "ZDI-18-1434" }, { "cve": "CVE-2018-8617", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1433/advisory.json", "detail_path": "advisories/ZDI-18-1433", "id": "ZDI-18-1433", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1433/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7603", "zdi_id": "ZDI-18-1433" }, { "cve": "CVE-2018-8617", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1432/advisory.json", "detail_path": "advisories/ZDI-18-1432", "id": "ZDI-18-1432", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1432/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7623", "zdi_id": "ZDI-18-1432" }, { "cve": "CVE-2018-8617", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1431/advisory.json", "detail_path": "advisories/ZDI-18-1431", "id": "ZDI-18-1431", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1431/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7622", "zdi_id": "ZDI-18-1431" }, { "cve": "CVE-2018-8595", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1430/advisory.json", "detail_path": "advisories/ZDI-18-1430", "id": "ZDI-18-1430", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Microsoft Windows gdiplus GdipGetWinMetaFileBitsEx Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1430/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7427", "zdi_id": "ZDI-18-1430" }, { "cve": "CVE-2018-8596", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1429/advisory.json", "detail_path": "advisories/ZDI-18-1429", "id": "ZDI-18-1429", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Microsoft Windows gdiplus bParseWin32Metafile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1429/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7382", "zdi_id": "ZDI-18-1429" }, { "cve": "CVE-2018-19721", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1428/advisory.json", "detail_path": "advisories/ZDI-18-1428", "id": "ZDI-18-1428", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1428/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6721", "zdi_id": "ZDI-18-1428" }, { "cve": "CVE-2018-19723", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1427/advisory.json", "detail_path": "advisories/ZDI-18-1427", "id": "ZDI-18-1427", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Adobe Acrobat Pro DC U3D TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1427/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6590", "zdi_id": "ZDI-18-1427" }, { "cve": "CVE-2018-5035", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1426/advisory.json", "detail_path": "advisories/ZDI-18-1426", "id": "ZDI-18-1426", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EmfPlusDrawImagePoints Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1426/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6600", "zdi_id": "ZDI-18-1426" }, { "cve": "CVE-2018-5067", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1425/advisory.json", "detail_path": "advisories/ZDI-18-1425", "id": "ZDI-18-1425", "kind": "published", "published_date": "2018-12-19", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-12-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1425/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6589", "zdi_id": "ZDI-18-1425" }, { "cve": "CVE-2018-8597", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-1424/advisory.json", "detail_path": "advisories/ZDI-18-1424", "id": "ZDI-18-1424", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Microsoft Office Excel XLS File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1424/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6918", "zdi_id": "ZDI-18-1424" }, { "cve": "CVE-2018-12778", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1423/advisory.json", "detail_path": "advisories/ZDI-18-1423", "id": "ZDI-18-1423", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1423/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6741", "zdi_id": "ZDI-18-1423" }, { "cve": "CVE-2018-16014", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1422/advisory.json", "detail_path": "advisories/ZDI-18-1422", "id": "ZDI-18-1422", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1422/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6726", "zdi_id": "ZDI-18-1422" }, { "cve": "CVE-2018-12845", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1421/advisory.json", "detail_path": "advisories/ZDI-18-1421", "id": "ZDI-18-1421", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1421/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6720", "zdi_id": "ZDI-18-1421" }, { "cve": "CVE-2018-16018", "cvss": 2.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1420/advisory.json", "detail_path": "advisories/ZDI-18-1420", "id": "ZDI-18-1420", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC JavaScript ANSendForFormDistribution JavaScript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1420/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7297", "zdi_id": "ZDI-18-1420" }, { "cve": "CVE-2018-16018", "cvss": 2.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1419/advisory.json", "detail_path": "advisories/ZDI-18-1419", "id": "ZDI-18-1419", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC JavaScript CBSharedReviewCompleteAutomation JavaScript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1419/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7298", "zdi_id": "ZDI-18-1419" }, { "cve": "CVE-2018-16018", "cvss": 2.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1418/advisory.json", "detail_path": "advisories/ZDI-18-1418", "id": "ZDI-18-1418", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC JavaScript ANSendForSharedReview JavaScript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1418/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7272", "zdi_id": "ZDI-18-1418" }, { "cve": "CVE-2018-16018", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1417/advisory.json", "detail_path": "advisories/ZDI-18-1417", "id": "ZDI-18-1417", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC JavaScript AnnotsString Object Arbitrary Overwrite Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7230", "zdi_id": "ZDI-18-1417" }, { "cve": "CVE-2018-16008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1416/advisory.json", "detail_path": "advisories/ZDI-18-1416", "id": "ZDI-18-1416", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6947", "zdi_id": "ZDI-18-1416" }, { "cve": "CVE-2018-16026", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1415/advisory.json", "detail_path": "advisories/ZDI-18-1415", "id": "ZDI-18-1415", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1415/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6948", "zdi_id": "ZDI-18-1415" }, { "cve": "CVE-2018-16008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1414/advisory.json", "detail_path": "advisories/ZDI-18-1414", "id": "ZDI-18-1414", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1414/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6772", "zdi_id": "ZDI-18-1414" }, { "cve": "CVE-2018-16007", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1413/advisory.json", "detail_path": "advisories/ZDI-18-1413", "id": "ZDI-18-1413", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC Onix GetRecordRM Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1413/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7038", "zdi_id": "ZDI-18-1413" }, { "cve": "CVE-2018-16009", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1412/advisory.json", "detail_path": "advisories/ZDI-18-1412", "id": "ZDI-18-1412", "kind": "published", "published_date": "2018-12-17", "status": "published", "title": "Adobe Reader DC Onix NextKey Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1412/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7005", "zdi_id": "ZDI-18-1412" }, { "cve": "CVE-2018-7813", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric GUIcon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1411/advisory.json", "detail_path": "advisories/ZDI-18-1411", "id": "ZDI-18-1411", "kind": "published", "published_date": "2018-12-14", "status": "published", "title": "Schneider Electric GUIcon GD1 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1411/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6959", "zdi_id": "ZDI-18-1411" }, { "cve": "CVE-2018-7815", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric GUIcon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1410/advisory.json", "detail_path": "advisories/ZDI-18-1410", "id": "ZDI-18-1410", "kind": "published", "published_date": "2018-12-14", "status": "published", "title": "Schneider Electric GUIcon GD1 File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1410/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6965", "zdi_id": "ZDI-18-1410" }, { "cve": "CVE-2018-7814", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric GUIcon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1409/advisory.json", "detail_path": "advisories/ZDI-18-1409", "id": "ZDI-18-1409", "kind": "published", "published_date": "2018-12-14", "status": "published", "title": "Schneider Electric GUIcon GD1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1409/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6960", "zdi_id": "ZDI-18-1409" }, { "cve": "CVE-2018-8643", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows JScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1408/advisory.json", "detail_path": "advisories/ZDI-18-1408", "id": "ZDI-18-1408", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Windows JScript Array concat Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1408/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7156", "zdi_id": "ZDI-18-1408" }, { "cve": "CVE-2018-8618", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1407/advisory.json", "detail_path": "advisories/ZDI-18-1407", "id": "ZDI-18-1407", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Chakra JavaScript Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1407/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7552", "zdi_id": "ZDI-18-1407" }, { "cve": "CVE-2018-8628", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1406/advisory.json", "detail_path": "advisories/ZDI-18-1406", "id": "ZDI-18-1406", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Office PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1406/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6745", "zdi_id": "ZDI-18-1406" }, { "cve": "CVE-2018-8598", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-1405/advisory.json", "detail_path": "advisories/ZDI-18-1405", "id": "ZDI-18-1405", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Office Excel XLS File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1405/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6901", "zdi_id": "ZDI-18-1405" }, { "cve": "CVE-2018-8596", "cvss": 3.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1404/advisory.json", "detail_path": "advisories/ZDI-18-1404", "id": "ZDI-18-1404", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Windows gd132full PlayEnhMetaFile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1404/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6515", "zdi_id": "ZDI-18-1404" }, { "cve": "CVE-2018-8595", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-1403/advisory.json", "detail_path": "advisories/ZDI-18-1403", "id": "ZDI-18-1403", "kind": "published", "published_date": "2018-12-13", "status": "published", "title": "Microsoft Excel gdiplus EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1403/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7256", "zdi_id": "ZDI-18-1403" }, { "cve": "CVE-2018-16024", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1402/advisory.json", "detail_path": "advisories/ZDI-18-1402", "id": "ZDI-18-1402", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1402/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6946", "zdi_id": "ZDI-18-1402" }, { "cve": "CVE-2018-19719", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-1401/advisory.json", "detail_path": "advisories/ZDI-18-1401", "id": "ZDI-18-1401", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC Onix32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1401/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7296", "zdi_id": "ZDI-18-1401" }, { "cve": "CVE-2018-19720", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1400/advisory.json", "detail_path": "advisories/ZDI-18-1400", "id": "ZDI-18-1400", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC Onix32 Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1400/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7311", "zdi_id": "ZDI-18-1400" }, { "cve": "CVE-2018-16023", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1399/advisory.json", "detail_path": "advisories/ZDI-18-1399", "id": "ZDI-18-1399", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1399/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6743", "zdi_id": "ZDI-18-1399" }, { "cve": "CVE-2018-19714", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1398/advisory.json", "detail_path": "advisories/ZDI-18-1398", "id": "ZDI-18-1398", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1398/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7354", "zdi_id": "ZDI-18-1398" }, { "cve": "CVE-2018-19711", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1397/advisory.json", "detail_path": "advisories/ZDI-18-1397", "id": "ZDI-18-1397", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1397/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7239", "zdi_id": "ZDI-18-1397" }, { "cve": "CVE-2018-19712", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1396/advisory.json", "detail_path": "advisories/ZDI-18-1396", "id": "ZDI-18-1396", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1396/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7238", "zdi_id": "ZDI-18-1396" }, { "cve": "CVE-2018-19713", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1395/advisory.json", "detail_path": "advisories/ZDI-18-1395", "id": "ZDI-18-1395", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1395/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7197", "zdi_id": "ZDI-18-1395" }, { "cve": "CVE-2018-16025", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1394/advisory.json", "detail_path": "advisories/ZDI-18-1394", "id": "ZDI-18-1394", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC WebLink borderWidth Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1394/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6751", "zdi_id": "ZDI-18-1394" }, { "cve": "CVE-2018-16027", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1393/advisory.json", "detail_path": "advisories/ZDI-18-1393", "id": "ZDI-18-1393", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC WebLink borderColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1393/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6750", "zdi_id": "ZDI-18-1393" }, { "cve": "CVE-2018-16028", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1392/advisory.json", "detail_path": "advisories/ZDI-18-1392", "id": "ZDI-18-1392", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1392/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7148", "zdi_id": "ZDI-18-1392" }, { "cve": "CVE-2018-16029", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1391/advisory.json", "detail_path": "advisories/ZDI-18-1391", "id": "ZDI-18-1391", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC WebLink highlightMode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1391/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6752", "zdi_id": "ZDI-18-1391" }, { "cve": "CVE-2018-16030", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1390/advisory.json", "detail_path": "advisories/ZDI-18-1390", "id": "ZDI-18-1390", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1390/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7165", "zdi_id": "ZDI-18-1390" }, { "cve": "CVE-2018-16010", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-1389/advisory.json", "detail_path": "advisories/ZDI-18-1389", "id": "ZDI-18-1389", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC Onix Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1389/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7020", "zdi_id": "ZDI-18-1389" }, { "cve": "CVE-2018-16005", "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-1388/advisory.json", "detail_path": "advisories/ZDI-18-1388", "id": "ZDI-18-1388", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC Onix ReadKey Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1388/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7006", "zdi_id": "ZDI-18-1388" }, { "cve": "CVE-2018-16004", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1387/advisory.json", "detail_path": "advisories/ZDI-18-1387", "id": "ZDI-18-1387", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC Onix IndexManagerT GetRecordInfo Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1387/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6922", "zdi_id": "ZDI-18-1387" }, { "cve": "CVE-2018-16003", "cvss": 8.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1386/advisory.json", "detail_path": "advisories/ZDI-18-1386", "id": "ZDI-18-1386", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Reader DC AFLayoutInfo Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1386/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6655", "zdi_id": "ZDI-18-1386" }, { "cve": "CVE-2018-16008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1385/advisory.json", "detail_path": "advisories/ZDI-18-1385", "id": "ZDI-18-1385", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1385/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6774", "zdi_id": "ZDI-18-1385" }, { "cve": "CVE-2018-16012", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1384/advisory.json", "detail_path": "advisories/ZDI-18-1384", "id": "ZDI-18-1384", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1384/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6744", "zdi_id": "ZDI-18-1384" }, { "cve": "CVE-2018-16002", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1383/advisory.json", "detail_path": "advisories/ZDI-18-1383", "id": "ZDI-18-1383", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1383/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7147", "zdi_id": "ZDI-18-1383" }, { "cve": "CVE-2018-16001", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1382/advisory.json", "detail_path": "advisories/ZDI-18-1382", "id": "ZDI-18-1382", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-12-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1382/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7146", "zdi_id": "ZDI-18-1382" }, { "cve": "CVE-2018-15997", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1381/advisory.json", "detail_path": "advisories/ZDI-18-1381", "id": "ZDI-18-1381", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1381/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6551", "zdi_id": "ZDI-18-1381" }, { "cve": "CVE-2018-15992", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1380/advisory.json", "detail_path": "advisories/ZDI-18-1380", "id": "ZDI-18-1380", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1380/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6552", "zdi_id": "ZDI-18-1380" }, { "cve": "CVE-2018-15994", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1379/advisory.json", "detail_path": "advisories/ZDI-18-1379", "id": "ZDI-18-1379", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1379/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6584", "zdi_id": "ZDI-18-1379" }, { "cve": "CVE-2018-15993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1378/advisory.json", "detail_path": "advisories/ZDI-18-1378", "id": "ZDI-18-1378", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1378/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6583", "zdi_id": "ZDI-18-1378" }, { "cve": "CVE-2018-15991", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1377/advisory.json", "detail_path": "advisories/ZDI-18-1377", "id": "ZDI-18-1377", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1377/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6510", "zdi_id": "ZDI-18-1377" }, { "cve": "CVE-2018-15996", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1376/advisory.json", "detail_path": "advisories/ZDI-18-1376", "id": "ZDI-18-1376", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1376/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6707", "zdi_id": "ZDI-18-1376" }, { "cve": "CVE-2018-15995", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1375/advisory.json", "detail_path": "advisories/ZDI-18-1375", "id": "ZDI-18-1375", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1375/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6631", "zdi_id": "ZDI-18-1375" }, { "cve": "CVE-2018-15985", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1374/advisory.json", "detail_path": "advisories/ZDI-18-1374", "id": "ZDI-18-1374", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1374/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-7039", "zdi_id": "ZDI-18-1374" }, { "cve": "CVE-2018-16043", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1373/advisory.json", "detail_path": "advisories/ZDI-18-1373", "id": "ZDI-18-1373", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat DC Onix ReadBTreeT::NextKey Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1373/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6919", "zdi_id": "ZDI-18-1373" }, { "cve": "CVE-2018-16044", "cvss": 4.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass Javascript API restrictions on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-1372/advisory.json", "detail_path": "advisories/ZDI-18-1372", "id": "ZDI-18-1372", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC search Javascript Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1372/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6903", "zdi_id": "ZDI-18-1372" }, { "cve": "CVE-2018-16045", "cvss": 5.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1371/advisory.json", "detail_path": "advisories/ZDI-18-1371", "id": "ZDI-18-1371", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC Onix ReadBTreeT::FindKeyInInteriorPage Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1371/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6897", "zdi_id": "ZDI-18-1371" }, { "cve": "CVE-2018-16046", "cvss": 5.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1370/advisory.json", "detail_path": "advisories/ZDI-18-1370", "id": "ZDI-18-1370", "kind": "published", "published_date": "2018-12-12", "status": "published", "title": "Adobe Acrobat Pro DC Onix FileClassT Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1370/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6900", "zdi_id": "ZDI-18-1370" }, { "cve": "CVE-2018-11763", "cvss": 5.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 headers....", "detail_json": "/data/advisories/ZDI-18-1369/advisory.json", "detail_path": "advisories/ZDI-18-1369", "id": "ZDI-18-1369", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "Apache2 mod_http2 header Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1369/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-7168", "zdi_id": "ZDI-18-1369" }, { "cve": "CVE-2018-18993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the par...", "detail_json": "/data/advisories/ZDI-18-1368/advisory.json", "detail_path": "advisories/ZDI-18-1368", "id": "ZDI-18-1368", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "OMRON CX-One CXP File Parsing Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1368/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6610", "zdi_id": "ZDI-18-1368" }, { "cve": "CVE-2018-18989", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1367/advisory.json", "detail_path": "advisories/ZDI-18-1367", "id": "ZDI-18-1367", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1367/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6608", "zdi_id": "ZDI-18-1367" }, { "cve": "CVE-2018-18993", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Position. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-1366/advisory.json", "detail_path": "advisories/ZDI-18-1366", "id": "ZDI-18-1366", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "OMRON CX-One CX-Position NCI File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1366/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6603", "zdi_id": "ZDI-18-1366" }, { "cve": "CVE-2018-4435", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1365/advisory.json", "detail_path": "advisories/ZDI-18-1365", "id": "ZDI-18-1365", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "Apple macOS shm Uninitialized Data Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1365/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7299", "zdi_id": "ZDI-18-1365" }, { "cve": "CVE-2018-4462", "cvss": 5.5, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1364/advisory.json", "detail_path": "advisories/ZDI-18-1364", "id": "ZDI-18-1364", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "Apple macOS AMDFramebuffer Integer Overflow Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1364/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7302", "zdi_id": "ZDI-18-1364" }, { "cve": "CVE-2018-4447", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1363/advisory.json", "detail_path": "advisories/ZDI-18-1363", "id": "ZDI-18-1363", "kind": "published", "published_date": "2018-12-10", "status": "published", "title": "Apple macOS watchevent Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1363/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7310", "zdi_id": "ZDI-18-1363" }, { "cve": "CVE-2018-19025", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Juuko equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of communication between the transmitter...", "detail_json": "/data/advisories/ZDI-18-1362/advisory.json", "detail_path": "advisories/ZDI-18-1362", "id": "ZDI-18-1362", "kind": "published", "published_date": "2022-08-22", "status": "published", "title": "Juuko DATA Packet Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1362/", "vendor": "Juuko", "vendor_url": null, "zdi_can": "ZDI-CAN-6462", "zdi_id": "ZDI-18-1362" }, { "cve": "CVE-2018-18987", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1361/advisory.json", "detail_path": "advisories/ZDI-18-1361", "id": "ZDI-18-1361", "kind": "published", "published_date": "2018-11-26", "status": "published", "title": "(0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-11-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1361/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-6428", "zdi_id": "ZDI-18-1361" }, { "cve": "CVE-2018-18983", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1360/advisory.json", "detail_path": "advisories/ZDI-18-1360", "id": "ZDI-18-1360", "kind": "published", "published_date": "2018-11-26", "status": "published", "title": "(0Day) INVT Electric VT-Designer File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-11-29", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1360/", "vendor": "INVT", "vendor_url": null, "zdi_can": "ZDI-CAN-6414", "zdi_id": "ZDI-18-1360" }, { "cve": "CVE-2018-17707", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visual Studio with tools for Unreal Engine development installed. User interaction is required to exploit this vulnerability in that the target must...", "detail_json": "/data/advisories/ZDI-18-1359/advisory.json", "detail_path": "advisories/ZDI-18-1359", "id": "ZDI-18-1359", "kind": "published", "published_date": "2018-11-23", "status": "published", "title": "Epic Games Launcher Protocol Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1359/", "vendor": "Epic Games", "vendor_url": null, "zdi_can": "ZDI-CAN-7241", "zdi_id": "ZDI-18-1359" }, { "cve": "CVE-2018-12835", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1358/advisory.json", "detail_path": "advisories/ZDI-18-1358", "id": "ZDI-18-1358", "kind": "published", "published_date": "2018-11-22", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1358/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6740", "zdi_id": "ZDI-18-1358" }, { "cve": "CVE-2018-8553", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-1357/advisory.json", "detail_path": "advisories/ZDI-18-1357", "id": "ZDI-18-1357", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "Microsoft Windows NtGdiExtTextOutW Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2023-06-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1357/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6991", "zdi_id": "ZDI-18-1357" }, { "cve": "CVE-2018-8573", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1356/advisory.json", "detail_path": "advisories/ZDI-18-1356", "id": "ZDI-18-1356", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "Microsoft Word doc File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1356/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6706", "zdi_id": "ZDI-18-1356" }, { "cve": "CVE-2018-8581", "cvss": 8.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to impersonate arbitrary users on vulnerable installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the use of NTLM authentication in Exc...", "detail_json": "/data/advisories/ZDI-18-1355/advisory.json", "detail_path": "advisories/ZDI-18-1355", "id": "ZDI-18-1355", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "Microsoft Exchange Server NTLM Reflection EWS User Impersonation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1355/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6548", "zdi_id": "ZDI-18-1355" }, { "cve": "CVE-2018-7521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1354/advisory.json", "detail_path": "advisories/ZDI-18-1354", "id": "ZDI-18-1354", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1354/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6711", "zdi_id": "ZDI-18-1354" }, { "cve": "CVE-2018-7521", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1353/advisory.json", "detail_path": "advisories/ZDI-18-1353", "id": "ZDI-18-1353", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "OMRON CX-Supervisor scs File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1353/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6691", "zdi_id": "ZDI-18-1353" }, { "cve": "CVE-2018-7521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1352/advisory.json", "detail_path": "advisories/ZDI-18-1352", "id": "ZDI-18-1352", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1352/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6687", "zdi_id": "ZDI-18-1352" }, { "cve": "CVE-2018-7521", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1351/advisory.json", "detail_path": "advisories/ZDI-18-1351", "id": "ZDI-18-1351", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1351/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6663", "zdi_id": "ZDI-18-1351" }, { "cve": "CVE-2018-8588", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1350/advisory.json", "detail_path": "advisories/ZDI-18-1350", "id": "ZDI-18-1350", "kind": "published", "published_date": "2018-11-20", "status": "published", "title": "Microsoft Edge Chakra Engine Type Confusion Remote Code Execution Vulnerability", "updated_date": "2019-02-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1350/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-7409", "zdi_id": "ZDI-18-1350" }, { "cve": "CVE-2018-8544", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1349/advisory.json", "detail_path": "advisories/ZDI-18-1349", "id": "ZDI-18-1349", "kind": "published", "published_date": "2018-11-21", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Scripting.Dictionary Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1349/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6749", "zdi_id": "ZDI-18-1349" }, { "cve": "CVE-2018-15980", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-1348/advisory.json", "detail_path": "advisories/ZDI-18-1348", "id": "ZDI-18-1348", "kind": "published", "published_date": "2018-11-20", "status": "published", "title": "Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1348/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6567", "zdi_id": "ZDI-18-1348" }, { "cve": "CVE-2018-12835", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1347/advisory.json", "detail_path": "advisories/ZDI-18-1347", "id": "ZDI-18-1347", "kind": "published", "published_date": "2018-11-20", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1347/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6580", "zdi_id": "ZDI-18-1347" }, { "cve": "CVE-2018-4425", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-18-1346/advisory.json", "detail_path": "advisories/ZDI-18-1346", "id": "ZDI-18-1346", "kind": "published", "published_date": "2018-11-20", "status": "published", "title": "Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability", "updated_date": "2018-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1346/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6417", "zdi_id": "ZDI-18-1346" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1345/advisory.json", "detail_path": "advisories/ZDI-18-1345", "id": "ZDI-18-1345", "kind": "published", "published_date": "2018-11-20", "status": "published", "title": "Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-11-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1345/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6406", "zdi_id": "ZDI-18-1345" }, { "cve": "CVE-2018-4203", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-1344/advisory.json", "detail_path": "advisories/ZDI-18-1344", "id": "ZDI-18-1344", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "Apple macOS usymptomsd Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1344/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6350", "zdi_id": "ZDI-18-1344" }, { "cve": "CVE-2018-4351", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1343/advisory.json", "detail_path": "advisories/ZDI-18-1343", "id": "ZDI-18-1343", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "Apple macOS IntelFBClientControl doAtribute Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1343/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6146", "zdi_id": "ZDI-18-1343" }, { "cve": "CVE-2018-4126", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1342/advisory.json", "detail_path": "advisories/ZDI-18-1342", "id": "ZDI-18-1342", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1342/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6138", "zdi_id": "ZDI-18-1342" }, { "cve": "CVE-2018-4126", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1341/advisory.json", "detail_path": "advisories/ZDI-18-1341", "id": "ZDI-18-1341", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1341/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6137", "zdi_id": "ZDI-18-1341" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-1340/advisory.json", "detail_path": "advisories/ZDI-18-1340", "id": "ZDI-18-1340", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "(Pwn2Own) Apple macOS Dock Service DSSetDesktopForDisplayAndSpace Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1340/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5827", "zdi_id": "ZDI-18-1340" }, { "cve": "CVE-2018-4237", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1339/advisory.json", "detail_path": "advisories/ZDI-18-1339", "id": "ZDI-18-1339", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "(Pwn2Own) Apple macOS task_set_special_port Port Overwrite Privilege Escalation Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1339/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5821", "zdi_id": "ZDI-18-1339" }, { "cve": "CVE-2018-4404", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1338/advisory.json", "detail_path": "advisories/ZDI-18-1338", "id": "ZDI-18-1338", "kind": "published", "published_date": "2018-11-05", "status": "published", "title": "(Pwn2Own) Apple macOS launchd Improper Access Check Privilege Escalation Vulnerability", "updated_date": "2018-11-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1338/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5820", "zdi_id": "ZDI-18-1338" }, { "cve": "CVE-2018-17614", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets...", "detail_json": "/data/advisories/ZDI-18-1337/advisory.json", "detail_path": "advisories/ZDI-18-1337", "id": "ZDI-18-1337", "kind": "published", "published_date": "2018-11-02", "status": "published", "title": "Losant Arduino MQTT Client Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-11-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1337/", "vendor": "Losant", "vendor_url": null, "zdi_can": "ZDI-CAN-6436", "zdi_id": "ZDI-18-1337" }, { "cve": null, "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Juuko equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists with the communication between the transmitter and receiver pai...", "detail_json": "/data/advisories/ZDI-18-1336/advisory.json", "detail_path": "advisories/ZDI-18-1336", "id": "ZDI-18-1336", "kind": "published", "published_date": "2018-11-02", "status": "published", "title": "(0Day) Juuko JK-800 Replay Attack Vulnerability", "updated_date": "2018-11-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1336/", "vendor": "Juuko", "vendor_url": null, "zdi_can": "ZDI-CAN-6184", "zdi_id": "ZDI-18-1336" }, { "cve": "CVE-2018-4375", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1335/advisory.json", "detail_path": "advisories/ZDI-18-1335", "id": "ZDI-18-1335", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Apple Safari FrameLoader Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1335/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-7134", "zdi_id": "ZDI-18-1335" }, { "cve": "CVE-2018-4413", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1334/advisory.json", "detail_path": "advisories/ZDI-18-1334", "id": "ZDI-18-1334", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Apple macOS sysctl_procargsx Uninitialized Buffer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1334/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6839", "zdi_id": "ZDI-18-1334" }, { "cve": "CVE-2018-4422", "cvss": 7.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1333/advisory.json", "detail_path": "advisories/ZDI-18-1333", "id": "ZDI-18-1333", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Apple macOS IOFramebufferUserClient Race Condition Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1333/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6834", "zdi_id": "ZDI-18-1333" }, { "cve": "CVE-2018-4376", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1332/advisory.json", "detail_path": "advisories/ZDI-18-1332", "id": "ZDI-18-1332", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Apple Safari RenderCounter Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1332/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6497", "zdi_id": "ZDI-18-1332" }, { "cve": "CVE-2018-17908", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1331/advisory.json", "detail_path": "advisories/ZDI-18-1331", "id": "ZDI-18-1331", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Advantech WebAccess Client Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1331/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7167", "zdi_id": "ZDI-18-1331" }, { "cve": "CVE-2018-17910", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1330/advisory.json", "detail_path": "advisories/ZDI-18-1330", "id": "ZDI-18-1330", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1330/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7166", "zdi_id": "ZDI-18-1330" }, { "cve": "CVE-2018-17908", "cvss": 8.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1329/advisory.json", "detail_path": "advisories/ZDI-18-1329", "id": "ZDI-18-1329", "kind": "published", "published_date": "2018-10-31", "status": "published", "title": "Advantech WebAccess Node Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1329/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-7154", "zdi_id": "ZDI-18-1329" }, { "cve": "CVE-2018-4326", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1328/advisory.json", "detail_path": "advisories/ZDI-18-1328", "id": "ZDI-18-1328", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS mDNSOffloadUserClient Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1328/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6821", "zdi_id": "ZDI-18-1328" }, { "cve": "CVE-2018-4411", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1327/advisory.json", "detail_path": "advisories/ZDI-18-1327", "id": "ZDI-18-1327", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS libATSServer Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1327/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6360", "zdi_id": "ZDI-18-1327" }, { "cve": "CVE-2018-4425", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1326/advisory.json", "detail_path": "advisories/ZDI-18-1326", "id": "ZDI-18-1326", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1326/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6378", "zdi_id": "ZDI-18-1326" }, { "cve": "CVE-2018-4425", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1325/advisory.json", "detail_path": "advisories/ZDI-18-1325", "id": "ZDI-18-1325", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1325/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6363", "zdi_id": "ZDI-18-1325" }, { "cve": "CVE-2018-4410", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1324/advisory.json", "detail_path": "advisories/ZDI-18-1324", "id": "ZDI-18-1324", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS AppleGraphicsDevicePolicy Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1324/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6488", "zdi_id": "ZDI-18-1324" }, { "cve": "CVE-2018-4373", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1323/advisory.json", "detail_path": "advisories/ZDI-18-1323", "id": "ZDI-18-1323", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple Safari WebCrypto Race Condition Remote Code Execution Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1323/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6388", "zdi_id": "ZDI-18-1323" }, { "cve": "CVE-2018-4417", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1322/advisory.json", "detail_path": "advisories/ZDI-18-1322", "id": "ZDI-18-1322", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS AppleGPUWrangler Logging Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1322/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6149", "zdi_id": "ZDI-18-1322" }, { "cve": "CVE-2018-4233", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1321/advisory.json", "detail_path": "advisories/ZDI-18-1321", "id": "ZDI-18-1321", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "(Pwn2Own) Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1321/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5819", "zdi_id": "ZDI-18-1321" }, { "cve": "CVE-2018-4193", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1320/advisory.json", "detail_path": "advisories/ZDI-18-1320", "id": "ZDI-18-1320", "kind": "published", "published_date": "2018-10-30", "status": "published", "title": "Apple macOS WindowServer XRegisterForKey Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-10-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1320/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5813", "zdi_id": "ZDI-18-1320" }, { "cve": "CVE-2018-14828", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-18-1319/advisory.json", "detail_path": "advisories/ZDI-18-1319", "id": "ZDI-18-1319", "kind": "published", "published_date": "2018-10-25", "status": "published", "title": "Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1319/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6828", "zdi_id": "ZDI-18-1319" }, { "cve": "CVE-2018-17923", "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers with physical access to modify firmware on vulnerable installations of Saga Radio equipment. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-1318/advisory.json", "detail_path": "advisories/ZDI-18-1318", "id": "ZDI-18-1318", "kind": "published", "published_date": "2018-10-25", "status": "published", "title": "Saga Radio SAGA1-L8B Firmware Upgrade Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1318/", "vendor": "SAGA", "vendor_url": null, "zdi_can": "ZDI-CAN-6542", "zdi_id": "ZDI-18-1318" }, { "cve": "CVE-2018-17921", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of communication between the transmi...", "detail_json": "/data/advisories/ZDI-18-1317/advisory.json", "detail_path": "advisories/ZDI-18-1317", "id": "ZDI-18-1317", "kind": "published", "published_date": "2018-10-25", "status": "published", "title": "Saga Radio SAGA1-L8B Remote Controller Forced-Pairing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1317/", "vendor": "SAGA", "vendor_url": null, "zdi_can": "ZDI-CAN-6526", "zdi_id": "ZDI-18-1317" }, { "cve": "CVE-2018-17903", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists with the communication between the transmitter and receive...", "detail_json": "/data/advisories/ZDI-18-1316/advisory.json", "detail_path": "advisories/ZDI-18-1316", "id": "ZDI-18-1316", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Saga Radio SAGA1-L8B Replay Attack and Command Forgery Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1316/", "vendor": "Saga Radio", "vendor_url": null, "zdi_can": "ZDI-CAN-6186", "zdi_id": "ZDI-18-1316" }, { "cve": "CVE-2018-17935", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists with the communication between the transmitter and receiver...", "detail_json": "/data/advisories/ZDI-18-1315/advisory.json", "detail_path": "advisories/ZDI-18-1315", "id": "ZDI-18-1315", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Telecrane F25 Replay Attack Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1315/", "vendor": "Telecrane", "vendor_url": null, "zdi_can": "ZDI-CAN-6188", "zdi_id": "ZDI-18-1315" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwnodeip.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1314/advisory.json", "detail_path": "advisories/ZDI-18-1314", "id": "ZDI-18-1314", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwnodeip Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1314/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6302", "zdi_id": "ZDI-18-1314" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebd.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-1313/advisory.json", "detail_path": "advisories/ZDI-18-1313", "id": "ZDI-18-1313", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwwebd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1313/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6301", "zdi_id": "ZDI-18-1313" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebv.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-1312/advisory.json", "detail_path": "advisories/ZDI-18-1312", "id": "ZDI-18-1312", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1312/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6300", "zdi_id": "ZDI-18-1312" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunmie.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1311/advisory.json", "detail_path": "advisories/ZDI-18-1311", "id": "ZDI-18-1311", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwrunmie Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1311/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6299", "zdi_id": "ZDI-18-1311" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1310/advisory.json", "detail_path": "advisories/ZDI-18-1310", "id": "ZDI-18-1310", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1310/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6298", "zdi_id": "ZDI-18-1310" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1309/advisory.json", "detail_path": "advisories/ZDI-18-1309", "id": "ZDI-18-1309", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwsound Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1309/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6297", "zdi_id": "ZDI-18-1309" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwprtscr.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1308/advisory.json", "detail_path": "advisories/ZDI-18-1308", "id": "ZDI-18-1308", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwprtscr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1308/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6296", "zdi_id": "ZDI-18-1308" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwclient.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1307/advisory.json", "detail_path": "advisories/ZDI-18-1307", "id": "ZDI-18-1307", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwclient Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1307/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6295", "zdi_id": "ZDI-18-1307" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwCLRptw.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1306/advisory.json", "detail_path": "advisories/ZDI-18-1306", "id": "ZDI-18-1306", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwclrptw Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1306/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6294", "zdi_id": "ZDI-18-1306" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within upandpr.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1305/advisory.json", "detail_path": "advisories/ZDI-18-1305", "id": "ZDI-18-1305", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client upandpr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1305/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6293", "zdi_id": "ZDI-18-1305" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebv.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-1304/advisory.json", "detail_path": "advisories/ZDI-18-1304", "id": "ZDI-18-1304", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1304/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6292", "zdi_id": "ZDI-18-1304" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwdraw.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-1303/advisory.json", "detail_path": "advisories/ZDI-18-1303", "id": "ZDI-18-1303", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Node bwdraw Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1303/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6290", "zdi_id": "ZDI-18-1303" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmakdir.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-1302/advisory.json", "detail_path": "advisories/ZDI-18-1302", "id": "ZDI-18-1302", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Node bwmakdir Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1302/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6289", "zdi_id": "ZDI-18-1302" }, { "cve": "CVE-2018-14806", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2711 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-1301/advisory.json", "detail_path": "advisories/ZDI-18-1301", "id": "ZDI-18-1301", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess webvrpcs Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1301/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6288", "zdi_id": "ZDI-18-1301" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x138bd IOCTL...", "detail_json": "/data/advisories/ZDI-18-1300/advisory.json", "detail_path": "advisories/ZDI-18-1300", "id": "ZDI-18-1300", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Node webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1300/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6287", "zdi_id": "ZDI-18-1300" }, { "cve": "CVE-2018-14820", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL...", "detail_json": "/data/advisories/ZDI-18-1299/advisory.json", "detail_path": "advisories/ZDI-18-1299", "id": "ZDI-18-1299", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Node drawsrv Arbitrary File Deletion Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1299/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6286", "zdi_id": "ZDI-18-1299" }, { "cve": "CVE-2018-14816", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within screnc.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-1298/advisory.json", "detail_path": "advisories/ZDI-18-1298", "id": "ZDI-18-1298", "kind": "published", "published_date": "2018-10-24", "status": "published", "title": "Advantech WebAccess Node screnc Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1298/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-6285", "zdi_id": "ZDI-18-1298" }, { "cve": "CVE-2018-18329", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Anti-Virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1297/advisory.json", "detail_path": "advisories/ZDI-18-1297", "id": "ZDI-18-1297", "kind": "published", "published_date": "2018-10-19", "status": "published", "title": "Trend Micro Anti-Virus KERedirect Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-10-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6372", "zdi_id": "ZDI-18-1297" }, { "cve": "CVE-2018-18328", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Anti-Virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1296/advisory.json", "detail_path": "advisories/ZDI-18-1296", "id": "ZDI-18-1296", "kind": "published", "published_date": "2018-10-19", "status": "published", "title": "Trend Micro Anti-Virus KERedirect Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-10-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6371", "zdi_id": "ZDI-18-1296" }, { "cve": "CVE-2018-18327", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Anti-Virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1295/advisory.json", "detail_path": "advisories/ZDI-18-1295", "id": "ZDI-18-1295", "kind": "published", "published_date": "2018-10-19", "status": "published", "title": "Trend Micro Anti-Virus KERedirect Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-10-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6370", "zdi_id": "ZDI-18-1295" }, { "cve": "CVE-2018-15367", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Anti-Virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1294/advisory.json", "detail_path": "advisories/ZDI-18-1294", "id": "ZDI-18-1294", "kind": "published", "published_date": "2018-10-19", "status": "published", "title": "Trend Micro Anti-Virus ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-10-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6369", "zdi_id": "ZDI-18-1294" }, { "cve": "CVE-2018-15366", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Anti-Virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1293/advisory.json", "detail_path": "advisories/ZDI-18-1293", "id": "ZDI-18-1293", "kind": "published", "published_date": "2018-10-19", "status": "published", "title": "Trend Micro Anti-Virus UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2018-10-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6368", "zdi_id": "ZDI-18-1293" }, { "cve": "CVE-2018-3293", "cvss": 8.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1292/advisory.json", "detail_path": "advisories/ZDI-18-1292", "id": "ZDI-18-1292", "kind": "published", "published_date": "2018-10-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchReadPixels Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1292/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7329", "zdi_id": "ZDI-18-1292" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1291/advisory.json", "detail_path": "advisories/ZDI-18-1291", "id": "ZDI-18-1291", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Apple macOS getsockopt Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1291/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6203", "zdi_id": "ZDI-18-1291" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1290/advisory.json", "detail_path": "advisories/ZDI-18-1290", "id": "ZDI-18-1290", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Microsoft Visual Studio Code URL Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1290/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5567", "zdi_id": "ZDI-18-1290" }, { "cve": "CVE-2018-17913", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1289/advisory.json", "detail_path": "advisories/ZDI-18-1289", "id": "ZDI-18-1289", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON Industrial Automation CX-Supervisor CSNewDataSets Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1289/", "vendor": "Omron", "vendor_url": null, "zdi_can": "ZDI-CAN-6612", "zdi_id": "ZDI-18-1289" }, { "cve": "CVE-2018-17907", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1288/advisory.json", "detail_path": "advisories/ZDI-18-1288", "id": "ZDI-18-1288", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1288/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6404", "zdi_id": "ZDI-18-1288" }, { "cve": "CVE-2018-17905", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The is...", "detail_json": "/data/advisories/ZDI-18-1287/advisory.json", "detail_path": "advisories/ZDI-18-1287", "id": "ZDI-18-1287", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1287/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6401", "zdi_id": "ZDI-18-1287" }, { "cve": "CVE-2018-17913", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1286/advisory.json", "detail_path": "advisories/ZDI-18-1286", "id": "ZDI-18-1286", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1286/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6418", "zdi_id": "ZDI-18-1286" }, { "cve": "CVE-2018-17907", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1285/advisory.json", "detail_path": "advisories/ZDI-18-1285", "id": "ZDI-18-1285", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor PAG Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1285/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6419", "zdi_id": "ZDI-18-1285" }, { "cve": "CVE-2018-17909", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1284/advisory.json", "detail_path": "advisories/ZDI-18-1284", "id": "ZDI-18-1284", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1284/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6402", "zdi_id": "ZDI-18-1284" }, { "cve": "CVE-2018-17909", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1283/advisory.json", "detail_path": "advisories/ZDI-18-1283", "id": "ZDI-18-1283", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1283/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6403", "zdi_id": "ZDI-18-1283" }, { "cve": "CVE-2018-17909", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1282/advisory.json", "detail_path": "advisories/ZDI-18-1282", "id": "ZDI-18-1282", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor PAG File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1282/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6581", "zdi_id": "ZDI-18-1282" }, { "cve": "CVE-2018-17909", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1281/advisory.json", "detail_path": "advisories/ZDI-18-1281", "id": "ZDI-18-1281", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1281/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6582", "zdi_id": "ZDI-18-1281" }, { "cve": "CVE-2018-17907", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1280/advisory.json", "detail_path": "advisories/ZDI-18-1280", "id": "ZDI-18-1280", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1280/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6427", "zdi_id": "ZDI-18-1280" }, { "cve": "CVE-2018-17909", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1279/advisory.json", "detail_path": "advisories/ZDI-18-1279", "id": "ZDI-18-1279", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1279/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-6446", "zdi_id": "ZDI-18-1279" }, { "cve": "CVE-2018-3297", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1278/advisory.json", "detail_path": "advisories/ZDI-18-1278", "id": "ZDI-18-1278", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenRenderbuffersEXT Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1278/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6837", "zdi_id": "ZDI-18-1278" }, { "cve": "CVE-2018-3296", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1277/advisory.json", "detail_path": "advisories/ZDI-18-1277", "id": "ZDI-18-1277", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenFramebuffersEXT Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1277/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6836", "zdi_id": "ZDI-18-1277" }, { "cve": "CVE-2018-2909", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1276/advisory.json", "detail_path": "advisories/ZDI-18-1276", "id": "ZDI-18-1276", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenBuffersARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1276/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6835", "zdi_id": "ZDI-18-1276" }, { "cve": "CVE-2018-3298", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1275/advisory.json", "detail_path": "advisories/ZDI-18-1275", "id": "ZDI-18-1275", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenTextures Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1275/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6665", "zdi_id": "ZDI-18-1275" }, { "cve": "CVE-2018-3287", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1274/advisory.json", "detail_path": "advisories/ZDI-18-1274", "id": "ZDI-18-1274", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenProgramsNV Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1274/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6664", "zdi_id": "ZDI-18-1274" }, { "cve": "CVE-2018-3147", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1273/advisory.json", "detail_path": "advisories/ZDI-18-1273", "id": "ZDI-18-1273", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle Outside In vsxl5 GelFrame Record Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1273/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-7075", "zdi_id": "ZDI-18-1273" }, { "cve": "CVE-2018-3289", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1272/advisory.json", "detail_path": "advisories/ZDI-18-1272", "id": "ZDI-18-1272", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchAreTexturesResident Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1272/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6633", "zdi_id": "ZDI-18-1272" }, { "cve": "CVE-2018-3288", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1271/advisory.json", "detail_path": "advisories/ZDI-18-1271", "id": "ZDI-18-1271", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchAreProgramsResidentNV Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1271/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6632", "zdi_id": "ZDI-18-1271" }, { "cve": "CVE-2018-3291", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1270/advisory.json", "detail_path": "advisories/ZDI-18-1270", "id": "ZDI-18-1270", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenQueriesARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1270/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6598", "zdi_id": "ZDI-18-1270" }, { "cve": "CVE-2018-3292", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1269/advisory.json", "detail_path": "advisories/ZDI-18-1269", "id": "ZDI-18-1269", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenProgramsARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1269/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6599", "zdi_id": "ZDI-18-1269" }, { "cve": "CVE-2018-3298", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1268/advisory.json", "detail_path": "advisories/ZDI-18-1268", "id": "ZDI-18-1268", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenTextures Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1268/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6597", "zdi_id": "ZDI-18-1268" }, { "cve": "CVE-2018-2909", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1267/advisory.json", "detail_path": "advisories/ZDI-18-1267", "id": "ZDI-18-1267", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenBuffersARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1267/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6596", "zdi_id": "ZDI-18-1267" }, { "cve": "CVE-2018-3297", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1266/advisory.json", "detail_path": "advisories/ZDI-18-1266", "id": "ZDI-18-1266", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenRenderbuffersEXT Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1266/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6595", "zdi_id": "ZDI-18-1266" }, { "cve": "CVE-2018-3296", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1265/advisory.json", "detail_path": "advisories/ZDI-18-1265", "id": "ZDI-18-1265", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchGenFramebuffersEXT Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1265/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6594", "zdi_id": "ZDI-18-1265" }, { "cve": "CVE-2018-3290", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1264/advisory.json", "detail_path": "advisories/ZDI-18-1264", "id": "ZDI-18-1264", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle VirtualBox crServerDispatchPrioritizeTextures Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1264/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6593", "zdi_id": "ZDI-18-1264" }, { "cve": "CVE-2018-3211", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Oracle Java. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1263/advisory.json", "detail_path": "advisories/ZDI-18-1263", "id": "ZDI-18-1263", "kind": "published", "published_date": "2018-10-17", "status": "published", "title": "Oracle Java Usage Tracker usagetracker.properties Privilege Escalation Vulnerability", "updated_date": "2018-10-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1263/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6366", "zdi_id": "ZDI-18-1263" }, { "cve": "CVE-2018-17901", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1262/advisory.json", "detail_path": "advisories/ZDI-18-1262", "id": "ZDI-18-1262", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1262/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6630", "zdi_id": "ZDI-18-1262" }, { "cve": "CVE-2018-17901", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1261/advisory.json", "detail_path": "advisories/ZDI-18-1261", "id": "ZDI-18-1261", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Patamar Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1261/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6602", "zdi_id": "ZDI-18-1261" }, { "cve": "CVE-2018-17895", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-18-1260/advisory.json", "detail_path": "advisories/ZDI-18-1260", "id": "ZDI-18-1260", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA lqs File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1260/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6451", "zdi_id": "ZDI-18-1260" }, { "cve": "CVE-2018-17911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1259/advisory.json", "detail_path": "advisories/ZDI-18-1259", "id": "ZDI-18-1259", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Laquis SCADA editorldriver Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1259/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-6546", "zdi_id": "ZDI-18-1259" }, { "cve": "CVE-2018-17911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1258/advisory.json", "detail_path": "advisories/ZDI-18-1258", "id": "ZDI-18-1258", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Laquis SCADA vrel Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1258/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-6545", "zdi_id": "ZDI-18-1258" }, { "cve": "CVE-2018-17911", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1257/advisory.json", "detail_path": "advisories/ZDI-18-1257", "id": "ZDI-18-1257", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Laquis SCADA aq Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1257/", "vendor": "LAquis", "vendor_url": null, "zdi_can": "ZDI-CAN-6544", "zdi_id": "ZDI-18-1257" }, { "cve": "CVE-2018-17895", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-18-1256/advisory.json", "detail_path": "advisories/ZDI-18-1256", "id": "ZDI-18-1256", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA lqs File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1256/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6450", "zdi_id": "ZDI-18-1256" }, { "cve": "CVE-2018-17895", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-18-1255/advisory.json", "detail_path": "advisories/ZDI-18-1255", "id": "ZDI-18-1255", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1255/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6447", "zdi_id": "ZDI-18-1255" }, { "cve": "CVE-2018-17901", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1254/advisory.json", "detail_path": "advisories/ZDI-18-1254", "id": "ZDI-18-1254", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1254/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6377", "zdi_id": "ZDI-18-1254" }, { "cve": "CVE-2018-17895", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1253/advisory.json", "detail_path": "advisories/ZDI-18-1253", "id": "ZDI-18-1253", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1253/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6374", "zdi_id": "ZDI-18-1253" }, { "cve": "CVE-2018-17899", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1252/advisory.json", "detail_path": "advisories/ZDI-18-1252", "id": "ZDI-18-1252", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1252/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6373", "zdi_id": "ZDI-18-1252" }, { "cve": "CVE-2018-17895", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-18-1251/advisory.json", "detail_path": "advisories/ZDI-18-1251", "id": "ZDI-18-1251", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1251/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6319", "zdi_id": "ZDI-18-1251" }, { "cve": "CVE-2018-17897", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1250/advisory.json", "detail_path": "advisories/ZDI-18-1250", "id": "ZDI-18-1250", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1250/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6281", "zdi_id": "ZDI-18-1250" }, { "cve": "CVE-2018-17897", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1249/advisory.json", "detail_path": "advisories/ZDI-18-1249", "id": "ZDI-18-1249", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1249/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6280", "zdi_id": "ZDI-18-1249" }, { "cve": "CVE-2018-17897", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1248/advisory.json", "detail_path": "advisories/ZDI-18-1248", "id": "ZDI-18-1248", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1248/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6279", "zdi_id": "ZDI-18-1248" }, { "cve": "CVE-2018-17895", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1247/advisory.json", "detail_path": "advisories/ZDI-18-1247", "id": "ZDI-18-1247", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1247/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6278", "zdi_id": "ZDI-18-1247" }, { "cve": "CVE-2018-17893", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1246/advisory.json", "detail_path": "advisories/ZDI-18-1246", "id": "ZDI-18-1246", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "LAquis SCADA LQS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1246/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-6277", "zdi_id": "ZDI-18-1246" }, { "cve": "CVE-2018-17927", "cvss": 7.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1245/advisory.json", "detail_path": "advisories/ZDI-18-1245", "id": "ZDI-18-1245", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1245/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6461", "zdi_id": "ZDI-18-1245" }, { "cve": "CVE-2018-17929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1244/advisory.json", "detail_path": "advisories/ZDI-18-1244", "id": "ZDI-18-1244", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Delta Industrial Automation TPEditor MRC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1244/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6460", "zdi_id": "ZDI-18-1244" }, { "cve": "CVE-2018-17929", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1243/advisory.json", "detail_path": "advisories/ZDI-18-1243", "id": "ZDI-18-1243", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "Delta Industrial Automation TPEditor MRC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1243/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6459", "zdi_id": "ZDI-18-1243" }, { "cve": "CVE-2018-6974", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-18-1242/advisory.json", "detail_path": "advisories/ZDI-18-1242", "id": "ZDI-18-1242", "kind": "published", "published_date": "2018-10-16", "status": "published", "title": "VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1242/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-6365", "zdi_id": "ZDI-18-1242" }, { "cve": "CVE-2018-17929", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1241/advisory.json", "detail_path": "advisories/ZDI-18-1241", "id": "ZDI-18-1241", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1241/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6445", "zdi_id": "ZDI-18-1241" }, { "cve": "CVE-2018-17929", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1240/advisory.json", "detail_path": "advisories/ZDI-18-1240", "id": "ZDI-18-1240", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1240/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6444", "zdi_id": "ZDI-18-1240" }, { "cve": "CVE-2018-17927", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1239/advisory.json", "detail_path": "advisories/ZDI-18-1239", "id": "ZDI-18-1239", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor CC3260MT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1239/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6443", "zdi_id": "ZDI-18-1239" }, { "cve": "CVE-2018-17929", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1238/advisory.json", "detail_path": "advisories/ZDI-18-1238", "id": "ZDI-18-1238", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1238/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6442", "zdi_id": "ZDI-18-1238" }, { "cve": "CVE-2018-17927", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1237/advisory.json", "detail_path": "advisories/ZDI-18-1237", "id": "ZDI-18-1237", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1237/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6449", "zdi_id": "ZDI-18-1237" }, { "cve": "CVE-2018-17929", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1236/advisory.json", "detail_path": "advisories/ZDI-18-1236", "id": "ZDI-18-1236", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1236/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6448", "zdi_id": "ZDI-18-1236" }, { "cve": "CVE-2018-17927", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1235/advisory.json", "detail_path": "advisories/ZDI-18-1235", "id": "ZDI-18-1235", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Delta Industrial Automation TPEditor cc3260mt Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1235/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6246", "zdi_id": "ZDI-18-1235" }, { "cve": "CVE-2018-3055", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-1234/advisory.json", "detail_path": "advisories/ZDI-18-1234", "id": "ZDI-18-1234", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Oracle VirtualBox crUnpackExtendAreProgramsResidentNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1234/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6592", "zdi_id": "ZDI-18-1234" }, { "cve": "CVE-2018-3055", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-1233/advisory.json", "detail_path": "advisories/ZDI-18-1233", "id": "ZDI-18-1233", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Oracle VirtualBox crUnpackExtendAreTexturesResident Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1233/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6591", "zdi_id": "ZDI-18-1233" }, { "cve": "CVE-2018-3086", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1232/advisory.json", "detail_path": "advisories/ZDI-18-1232", "id": "ZDI-18-1232", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetAttachedShaders Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1232/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6635", "zdi_id": "ZDI-18-1232" }, { "cve": "CVE-2018-3086", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-1231/advisory.json", "detail_path": "advisories/ZDI-18-1231", "id": "ZDI-18-1231", "kind": "published", "published_date": "2018-10-15", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetAttachedObjectsARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-10-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1231/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6634", "zdi_id": "ZDI-18-1231" }, { "cve": "CVE-2018-17628", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1230/advisory.json", "detail_path": "advisories/ZDI-18-1230", "id": "ZDI-18-1230", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA setInterval Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1230/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6458", "zdi_id": "ZDI-18-1230" }, { "cve": "CVE-2018-17643", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1229/advisory.json", "detail_path": "advisories/ZDI-18-1229", "id": "ZDI-18-1229", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField editValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1229/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6480", "zdi_id": "ZDI-18-1229" }, { "cve": "CVE-2018-17651", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1228/advisory.json", "detail_path": "advisories/ZDI-18-1228", "id": "ZDI-18-1228", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField getItemState Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1228/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6501", "zdi_id": "ZDI-18-1228" }, { "cve": "CVE-2018-15946", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1227/advisory.json", "detail_path": "advisories/ZDI-18-1227", "id": "ZDI-18-1227", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Adobe Acrobat ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1227/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6770", "zdi_id": "ZDI-18-1227" }, { "cve": "CVE-2018-17658", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1226/advisory.json", "detail_path": "advisories/ZDI-18-1226", "id": "ZDI-18-1226", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host response Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1226/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6509", "zdi_id": "ZDI-18-1226" }, { "cve": "CVE-2018-17642", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1225/advisory.json", "detail_path": "advisories/ZDI-18-1225", "id": "ZDI-18-1225", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField colSpan Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1225/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6479", "zdi_id": "ZDI-18-1225" }, { "cve": "CVE-2018-17694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1224/advisory.json", "detail_path": "advisories/ZDI-18-1224", "id": "ZDI-18-1224", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF display Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1224/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7138", "zdi_id": "ZDI-18-1224" }, { "cve": "CVE-2018-17696", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1223/advisory.json", "detail_path": "advisories/ZDI-18-1223", "id": "ZDI-18-1223", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Collab dataObjects Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7169", "zdi_id": "ZDI-18-1223" }, { "cve": "CVE-2018-17652", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1222/advisory.json", "detail_path": "advisories/ZDI-18-1222", "id": "ZDI-18-1222", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField mandatory Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1222/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6502", "zdi_id": "ZDI-18-1222" }, { "cve": "CVE-2018-17641", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1221/advisory.json", "detail_path": "advisories/ZDI-18-1221", "id": "ZDI-18-1221", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField deleteItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1221/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6478", "zdi_id": "ZDI-18-1221" }, { "cve": "CVE-2018-17653", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1220/advisory.json", "detail_path": "advisories/ZDI-18-1220", "id": "ZDI-18-1220", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField resolveNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1220/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6503", "zdi_id": "ZDI-18-1220" }, { "cve": "CVE-2018-17698", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1219/advisory.json", "detail_path": "advisories/ZDI-18-1219", "id": "ZDI-18-1219", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF richValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7067", "zdi_id": "ZDI-18-1219" }, { "cve": "CVE-2018-17627", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1218/advisory.json", "detail_path": "advisories/ZDI-18-1218", "id": "ZDI-18-1218", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA mouseUp Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1218/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6455", "zdi_id": "ZDI-18-1218" }, { "cve": "CVE-2018-17640", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1217/advisory.json", "detail_path": "advisories/ZDI-18-1217", "id": "ZDI-18-1217", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA Form count Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1217/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6477", "zdi_id": "ZDI-18-1217" }, { "cve": "CVE-2018-17654", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1216/advisory.json", "detail_path": "advisories/ZDI-18-1216", "id": "ZDI-18-1216", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA Form Model insertInstance Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1216/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6504", "zdi_id": "ZDI-18-1216" }, { "cve": "CVE-2018-17697", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1215/advisory.json", "detail_path": "advisories/ZDI-18-1215", "id": "ZDI-18-1215", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Collab templates Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1215/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7170", "zdi_id": "ZDI-18-1215" }, { "cve": "CVE-2018-17684", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1214/advisory.json", "detail_path": "advisories/ZDI-18-1214", "id": "ZDI-18-1214", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA isPropertySpecified Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1214/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6470", "zdi_id": "ZDI-18-1214" }, { "cve": "CVE-2018-17699", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1213/advisory.json", "detail_path": "advisories/ZDI-18-1213", "id": "ZDI-18-1213", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7073", "zdi_id": "ZDI-18-1213" }, { "cve": "CVE-2018-17639", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1212/advisory.json", "detail_path": "advisories/ZDI-18-1212", "id": "ZDI-18-1212", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA setElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1212/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6475", "zdi_id": "ZDI-18-1212" }, { "cve": "CVE-2018-17655", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1211/advisory.json", "detail_path": "advisories/ZDI-18-1211", "id": "ZDI-18-1211", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA Form Model moveInstance Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1211/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6505", "zdi_id": "ZDI-18-1211" }, { "cve": "CVE-2018-17656", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1210/advisory.json", "detail_path": "advisories/ZDI-18-1210", "id": "ZDI-18-1210", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField getDisplayItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1210/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6506", "zdi_id": "ZDI-18-1210" }, { "cve": "CVE-2018-17636", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1209/advisory.json", "detail_path": "advisories/ZDI-18-1209", "id": "ZDI-18-1209", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA aliasNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1209/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6472", "zdi_id": "ZDI-18-1209" }, { "cve": "CVE-2018-17704", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1208/advisory.json", "detail_path": "advisories/ZDI-18-1208", "id": "ZDI-18-1208", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader textColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1208/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7254", "zdi_id": "ZDI-18-1208" }, { "cve": "CVE-2018-17632", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1207/advisory.json", "detail_path": "advisories/ZDI-18-1207", "id": "ZDI-18-1207", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA resolveNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1207/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6700", "zdi_id": "ZDI-18-1207" }, { "cve": "CVE-2018-17659", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1206/advisory.json", "detail_path": "advisories/ZDI-18-1206", "id": "ZDI-18-1206", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host title Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1206/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6511", "zdi_id": "ZDI-18-1206" }, { "cve": "CVE-2018-17689", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1205/advisory.json", "detail_path": "advisories/ZDI-18-1205", "id": "ZDI-18-1205", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF fillColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1205/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7070", "zdi_id": "ZDI-18-1205" }, { "cve": "CVE-2018-17685", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1204/advisory.json", "detail_path": "advisories/ZDI-18-1204", "id": "ZDI-18-1204", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader openPlayer Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1204/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6819", "zdi_id": "ZDI-18-1204" }, { "cve": "CVE-2018-17657", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1203/advisory.json", "detail_path": "advisories/ZDI-18-1203", "id": "ZDI-18-1203", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host gotoURL Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1203/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6507", "zdi_id": "ZDI-18-1203" }, { "cve": "CVE-2018-17633", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1202/advisory.json", "detail_path": "advisories/ZDI-18-1202", "id": "ZDI-18-1202", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Annotation subject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1202/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6498", "zdi_id": "ZDI-18-1202" }, { "cve": "CVE-2018-17650", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1201/advisory.json", "detail_path": "advisories/ZDI-18-1201", "id": "ZDI-18-1201", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField resolveNodes Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1201/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6487", "zdi_id": "ZDI-18-1201" }, { "cve": "CVE-2018-17634", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1200/advisory.json", "detail_path": "advisories/ZDI-18-1200", "id": "ZDI-18-1200", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Annotation attachIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1200/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6499", "zdi_id": "ZDI-18-1200" }, { "cve": "CVE-2018-17695", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1199/advisory.json", "detail_path": "advisories/ZDI-18-1199", "id": "ZDI-18-1199", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF username Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1199/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7145", "zdi_id": "ZDI-18-1199" }, { "cve": "CVE-2018-17705", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1198/advisory.json", "detail_path": "advisories/ZDI-18-1198", "id": "ZDI-18-1198", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader display Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1198/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7255", "zdi_id": "ZDI-18-1198" }, { "cve": "CVE-2018-17644", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1197/advisory.json", "detail_path": "advisories/ZDI-18-1197", "id": "ZDI-18-1197", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField addItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1197/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6481", "zdi_id": "ZDI-18-1197" }, { "cve": "CVE-2018-17681", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1196/advisory.json", "detail_path": "advisories/ZDI-18-1196", "id": "ZDI-18-1196", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader getPageBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1196/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7141", "zdi_id": "ZDI-18-1196" }, { "cve": "CVE-2018-17631", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1195/advisory.json", "detail_path": "advisories/ZDI-18-1195", "id": "ZDI-18-1195", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA removeInstance Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1195/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6500", "zdi_id": "ZDI-18-1195" }, { "cve": "CVE-2018-17675", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1194/advisory.json", "detail_path": "advisories/ZDI-18-1194", "id": "ZDI-18-1194", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader removeDataObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1194/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6848", "zdi_id": "ZDI-18-1194" }, { "cve": "CVE-2018-17660", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1193/advisory.json", "detail_path": "advisories/ZDI-18-1193", "id": "ZDI-18-1193", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host resetData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1193/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6512", "zdi_id": "ZDI-18-1193" }, { "cve": "CVE-2018-17673", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1192/advisory.json", "detail_path": "advisories/ZDI-18-1192", "id": "ZDI-18-1192", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Annotations highlight Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1192/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6820", "zdi_id": "ZDI-18-1192" }, { "cve": "CVE-2018-17638", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1191/advisory.json", "detail_path": "advisories/ZDI-18-1191", "id": "ZDI-18-1191", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA getAttribute Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1191/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6474", "zdi_id": "ZDI-18-1191" }, { "cve": "CVE-2018-17661", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1190/advisory.json", "detail_path": "advisories/ZDI-18-1190", "id": "ZDI-18-1190", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host messageBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1190/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6513", "zdi_id": "ZDI-18-1190" }, { "cve": "CVE-2018-17680", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1189/advisory.json", "detail_path": "advisories/ZDI-18-1189", "id": "ZDI-18-1189", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Field style Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1189/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6915", "zdi_id": "ZDI-18-1189" }, { "cve": "CVE-2018-17662", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1188/advisory.json", "detail_path": "advisories/ZDI-18-1188", "id": "ZDI-18-1188", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host beep Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1188/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6514", "zdi_id": "ZDI-18-1188" }, { "cve": "CVE-2018-15947", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1187/advisory.json", "detail_path": "advisories/ZDI-18-1187", "id": "ZDI-18-1187", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Adobe Acrobat ImageConversion EMF EMR_STRETCHBLT Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1187/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6789", "zdi_id": "ZDI-18-1187" }, { "cve": "CVE-2018-15948", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1186/advisory.json", "detail_path": "advisories/ZDI-18-1186", "id": "ZDI-18-1186", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Adobe Acrobat ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1186/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6896", "zdi_id": "ZDI-18-1186" }, { "cve": "CVE-2018-17686", "cvss": 2.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1185/advisory.json", "detail_path": "advisories/ZDI-18-1185", "id": "ZDI-18-1185", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader ConvertToPDF BMP File Parsing Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1185/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6844", "zdi_id": "ZDI-18-1185" }, { "cve": "CVE-2018-17663", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1184/advisory.json", "detail_path": "advisories/ZDI-18-1184", "id": "ZDI-18-1184", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host importData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1184/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6517", "zdi_id": "ZDI-18-1184" }, { "cve": "CVE-2018-17702", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1183/advisory.json", "detail_path": "advisories/ZDI-18-1183", "id": "ZDI-18-1183", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader richValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1183/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7252", "zdi_id": "ZDI-18-1183" }, { "cve": "CVE-2018-17693", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1182/advisory.json", "detail_path": "advisories/ZDI-18-1182", "id": "ZDI-18-1182", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1182/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7130", "zdi_id": "ZDI-18-1182" }, { "cve": "CVE-2018-17626", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1181/advisory.json", "detail_path": "advisories/ZDI-18-1181", "id": "ZDI-18-1181", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader TextBox Validate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1181/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6439", "zdi_id": "ZDI-18-1181" }, { "cve": "CVE-2018-17679", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1180/advisory.json", "detail_path": "advisories/ZDI-18-1180", "id": "ZDI-18-1180", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1180/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6890", "zdi_id": "ZDI-18-1180" }, { "cve": "CVE-2018-17664", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1179/advisory.json", "detail_path": "advisories/ZDI-18-1179", "id": "ZDI-18-1179", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA isCompatibleNS Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1179/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6518", "zdi_id": "ZDI-18-1179" }, { "cve": "CVE-2018-17665", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1178/advisory.json", "detail_path": "advisories/ZDI-18-1178", "id": "ZDI-18-1178", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host currentPage Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1178/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6519", "zdi_id": "ZDI-18-1178" }, { "cve": "CVE-2018-17635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1177/advisory.json", "detail_path": "advisories/ZDI-18-1177", "id": "ZDI-18-1177", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA desc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6471", "zdi_id": "ZDI-18-1177" }, { "cve": "CVE-2018-17692", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1176/advisory.json", "detail_path": "advisories/ZDI-18-1176", "id": "ZDI-18-1176", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1176/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7129", "zdi_id": "ZDI-18-1176" }, { "cve": "CVE-2018-17637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1175/advisory.json", "detail_path": "advisories/ZDI-18-1175", "id": "ZDI-18-1175", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA loadXML Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1175/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6473", "zdi_id": "ZDI-18-1175" }, { "cve": "CVE-2018-17666", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1174/advisory.json", "detail_path": "advisories/ZDI-18-1174", "id": "ZDI-18-1174", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host exportData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6520", "zdi_id": "ZDI-18-1174" }, { "cve": "CVE-2018-15949", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1173/advisory.json", "detail_path": "advisories/ZDI-18-1173", "id": "ZDI-18-1173", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Adobe Acrobat ImageConversion EMF EMR_STRETCHBLT BI_BITFIELDS Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1173/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6793", "zdi_id": "ZDI-18-1173" }, { "cve": "CVE-2018-17678", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1172/advisory.json", "detail_path": "advisories/ZDI-18-1172", "id": "ZDI-18-1172", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader gotoNamedDest Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1172/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6851", "zdi_id": "ZDI-18-1172" }, { "cve": "CVE-2018-17667", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1171/advisory.json", "detail_path": "advisories/ZDI-18-1171", "id": "ZDI-18-1171", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA host print Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1171/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6521", "zdi_id": "ZDI-18-1171" }, { "cve": "CVE-2018-15950", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1170/advisory.json", "detail_path": "advisories/ZDI-18-1170", "id": "ZDI-18-1170", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Adobe Acrobat ImageConversion EMF EMR_ALPHABLEND Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1170/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6999", "zdi_id": "ZDI-18-1170" }, { "cve": "CVE-2018-17687", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1169/advisory.json", "detail_path": "advisories/ZDI-18-1169", "id": "ZDI-18-1169", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF exportValues Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1169/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7068", "zdi_id": "ZDI-18-1169" }, { "cve": "CVE-2018-17668", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1168/advisory.json", "detail_path": "advisories/ZDI-18-1168", "id": "ZDI-18-1168", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA xfdf removeAttribute Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1168/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6522", "zdi_id": "ZDI-18-1168" }, { "cve": "CVE-2018-17691", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1167/advisory.json", "detail_path": "advisories/ZDI-18-1167", "id": "ZDI-18-1167", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1167/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7128", "zdi_id": "ZDI-18-1167" }, { "cve": "CVE-2018-17669", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1166/advisory.json", "detail_path": "advisories/ZDI-18-1166", "id": "ZDI-18-1166", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA localeSet name Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1166/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6523", "zdi_id": "ZDI-18-1166" }, { "cve": "CVE-2018-17674", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1165/advisory.json", "detail_path": "advisories/ZDI-18-1165", "id": "ZDI-18-1165", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Annotations name Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6845", "zdi_id": "ZDI-18-1165" }, { "cve": "CVE-2018-17677", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1164/advisory.json", "detail_path": "advisories/ZDI-18-1164", "id": "ZDI-18-1164", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader mailDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1164/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6850", "zdi_id": "ZDI-18-1164" }, { "cve": "CVE-2018-17670", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1163/advisory.json", "detail_path": "advisories/ZDI-18-1163", "id": "ZDI-18-1163", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA xmpmeta content Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1163/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6524", "zdi_id": "ZDI-18-1163" }, { "cve": "CVE-2018-17703", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1162/advisory.json", "detail_path": "advisories/ZDI-18-1162", "id": "ZDI-18-1162", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader defaultStyle Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1162/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7253", "zdi_id": "ZDI-18-1162" }, { "cve": "CVE-2018-17690", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1161/advisory.json", "detail_path": "advisories/ZDI-18-1161", "id": "ZDI-18-1161", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF rect Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1161/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7103", "zdi_id": "ZDI-18-1161" }, { "cve": "CVE-2018-17629", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1160/advisory.json", "detail_path": "advisories/ZDI-18-1160", "id": "ZDI-18-1160", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader templates Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1160/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6614", "zdi_id": "ZDI-18-1160" }, { "cve": "CVE-2018-17672", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1159/advisory.json", "detail_path": "advisories/ZDI-18-1159", "id": "ZDI-18-1159", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1159/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6817", "zdi_id": "ZDI-18-1159" }, { "cve": "CVE-2018-17630", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1158/advisory.json", "detail_path": "advisories/ZDI-18-1158", "id": "ZDI-18-1158", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader openPlayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6616", "zdi_id": "ZDI-18-1158" }, { "cve": "CVE-2018-17683", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1157/advisory.json", "detail_path": "advisories/ZDI-18-1157", "id": "ZDI-18-1157", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Doc createIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1157/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7163", "zdi_id": "ZDI-18-1157" }, { "cve": "CVE-2018-17646", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1156/advisory.json", "detail_path": "advisories/ZDI-18-1156", "id": "ZDI-18-1156", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField fillColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1156/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6483", "zdi_id": "ZDI-18-1156" }, { "cve": "CVE-2018-17688", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1155/advisory.json", "detail_path": "advisories/ZDI-18-1155", "id": "ZDI-18-1155", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF setItems Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1155/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7069", "zdi_id": "ZDI-18-1155" }, { "cve": "CVE-2018-17647", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1154/advisory.json", "detail_path": "advisories/ZDI-18-1154", "id": "ZDI-18-1154", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField boundItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1154/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6484", "zdi_id": "ZDI-18-1154" }, { "cve": "CVE-2018-17676", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1153/advisory.json", "detail_path": "advisories/ZDI-18-1153", "id": "ZDI-18-1153", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1153/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6849", "zdi_id": "ZDI-18-1153" }, { "cve": "CVE-2018-17645", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1152/advisory.json", "detail_path": "advisories/ZDI-18-1152", "id": "ZDI-18-1152", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField vAlign Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1152/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6482", "zdi_id": "ZDI-18-1152" }, { "cve": "CVE-2018-17682", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1151/advisory.json", "detail_path": "advisories/ZDI-18-1151", "id": "ZDI-18-1151", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader Annotation delay Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1151/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7157", "zdi_id": "ZDI-18-1151" }, { "cve": "CVE-2018-17671", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1150/advisory.json", "detail_path": "advisories/ZDI-18-1150", "id": "ZDI-18-1150", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA Lower Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1150/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6617", "zdi_id": "ZDI-18-1150" }, { "cve": "CVE-2018-17648", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1149/advisory.json", "detail_path": "advisories/ZDI-18-1149", "id": "ZDI-18-1149", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField rotate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1149/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6485", "zdi_id": "ZDI-18-1149" }, { "cve": "CVE-2018-17649", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1148/advisory.json", "detail_path": "advisories/ZDI-18-1148", "id": "ZDI-18-1148", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit Reader XFA TimeField setAttribute Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1148/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6486", "zdi_id": "ZDI-18-1148" }, { "cve": "CVE-2018-17701", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1147/advisory.json", "detail_path": "advisories/ZDI-18-1147", "id": "ZDI-18-1147", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1147/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7132", "zdi_id": "ZDI-18-1147" }, { "cve": "CVE-2018-17700", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1146/advisory.json", "detail_path": "advisories/ZDI-18-1146", "id": "ZDI-18-1146", "kind": "published", "published_date": "2018-10-11", "status": "published", "title": "Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1146/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-7131", "zdi_id": "ZDI-18-1146" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1145/advisory.json", "detail_path": "advisories/ZDI-18-1145", "id": "ZDI-18-1145", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1145/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6494", "zdi_id": "ZDI-18-1145" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-1144/advisory.json", "detail_path": "advisories/ZDI-18-1144", "id": "ZDI-18-1144", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco Webex Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1144/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6314", "zdi_id": "ZDI-18-1144" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1143/advisory.json", "detail_path": "advisories/ZDI-18-1143", "id": "ZDI-18-1143", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1143/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6248", "zdi_id": "ZDI-18-1143" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1142/advisory.json", "detail_path": "advisories/ZDI-18-1142", "id": "ZDI-18-1142", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco WebEx Network Recording Player ATAS32 ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1142/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6209", "zdi_id": "ZDI-18-1142" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1141/advisory.json", "detail_path": "advisories/ZDI-18-1141", "id": "ZDI-18-1141", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Out-of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1141/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6145", "zdi_id": "ZDI-18-1141" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1140/advisory.json", "detail_path": "advisories/ZDI-18-1140", "id": "ZDI-18-1140", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Cisco WebEx Network Recording Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1140/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5960", "zdi_id": "ZDI-18-1140" }, { "cve": "CVE-2018-14800", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-1139/advisory.json", "detail_path": "advisories/ZDI-18-1139", "id": "ZDI-18-1139", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Delta Industrial Automation ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1139/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6367", "zdi_id": "ZDI-18-1139" }, { "cve": "CVE-2018-8460", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1138/advisory.json", "detail_path": "advisories/ZDI-18-1138", "id": "ZDI-18-1138", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Internet Explorer CSS Style Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1138/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6611", "zdi_id": "ZDI-18-1138" }, { "cve": "CVE-2018-8460", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1137/advisory.json", "detail_path": "advisories/ZDI-18-1137", "id": "ZDI-18-1137", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Internet Explorer CSS Style Double Free Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1137/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6555", "zdi_id": "ZDI-18-1137" }, { "cve": "CVE-2018-8495", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page and perform a UI action. There ar...", "detail_json": "/data/advisories/ZDI-18-1136/advisory.json", "detail_path": "advisories/ZDI-18-1136", "id": "ZDI-18-1136", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Edge Hazardous URI Insufficient UI Warning Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1136/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6489", "zdi_id": "ZDI-18-1136" }, { "cve": "CVE-2018-8333", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-1135/advisory.json", "detail_path": "advisories/ZDI-18-1135", "id": "ZDI-18-1135", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Windows SMB2 Out-Of-Bounds Access Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1135/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6415", "zdi_id": "ZDI-18-1135" }, { "cve": "CVE-2018-8491", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-1134/advisory.json", "detail_path": "advisories/ZDI-18-1134", "id": "ZDI-18-1134", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Internet Explorer WebCrypto importKey Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1134/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6405", "zdi_id": "ZDI-18-1134" }, { "cve": "CVE-2018-8533", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-18-1133/advisory.json", "detail_path": "advisories/ZDI-18-1133", "id": "ZDI-18-1133", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft SQL Server Management Studio regsrvr File XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1133/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6375", "zdi_id": "ZDI-18-1133" }, { "cve": "CVE-2018-8532", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-18-1132/advisory.json", "detail_path": "advisories/ZDI-18-1132", "id": "ZDI-18-1132", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft SQL Server Management Studio xmla File XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1132/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6357", "zdi_id": "ZDI-18-1132" }, { "cve": "CVE-2018-8527", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-18-1131/advisory.json", "detail_path": "advisories/ZDI-18-1131", "id": "ZDI-18-1131", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft SQL Server Management Studio xel File XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1131/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6337", "zdi_id": "ZDI-18-1131" }, { "cve": "CVE-2018-8420", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1130/advisory.json", "detail_path": "advisories/ZDI-18-1130", "id": "ZDI-18-1130", "kind": "published", "published_date": "2018-10-10", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate MSXML6 Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1130/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6343", "zdi_id": "ZDI-18-1130" }, { "cve": "CVE-2018-15413", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-1129/advisory.json", "detail_path": "advisories/ZDI-18-1129", "id": "ZDI-18-1129", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1129/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6801", "zdi_id": "ZDI-18-1129" }, { "cve": "CVE-2018-15417", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-1128/advisory.json", "detail_path": "advisories/ZDI-18-1128", "id": "ZDI-18-1128", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1128/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6798", "zdi_id": "ZDI-18-1128" }, { "cve": "CVE-2018-15415", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1127/advisory.json", "detail_path": "advisories/ZDI-18-1127", "id": "ZDI-18-1127", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1127/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6356", "zdi_id": "ZDI-18-1127" }, { "cve": "CVE-2018-15411", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1126/advisory.json", "detail_path": "advisories/ZDI-18-1126", "id": "ZDI-18-1126", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Recorder And Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1126/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6400", "zdi_id": "ZDI-18-1126" }, { "cve": "CVE-2018-15420", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1125/advisory.json", "detail_path": "advisories/ZDI-18-1125", "id": "ZDI-18-1125", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco Webex Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1125/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6315", "zdi_id": "ZDI-18-1125" }, { "cve": "CVE-2018-15412", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1124/advisory.json", "detail_path": "advisories/ZDI-18-1124", "id": "ZDI-18-1124", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco Webex Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1124/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6316", "zdi_id": "ZDI-18-1124" }, { "cve": "CVE-2018-15416", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1123/advisory.json", "detail_path": "advisories/ZDI-18-1123", "id": "ZDI-18-1123", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco Webex Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1123/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6317", "zdi_id": "ZDI-18-1123" }, { "cve": "CVE-2018-15408", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1122/advisory.json", "detail_path": "advisories/ZDI-18-1122", "id": "ZDI-18-1122", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco Webex Recorder and Player ATAS32 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1122/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6318", "zdi_id": "ZDI-18-1122" }, { "cve": "CVE-2018-15418", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1121/advisory.json", "detail_path": "advisories/ZDI-18-1121", "id": "ZDI-18-1121", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Network Recording Player PROVIDER ARF File Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1121/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6313", "zdi_id": "ZDI-18-1121" }, { "cve": "CVE-2018-15410", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1120/advisory.json", "detail_path": "advisories/ZDI-18-1120", "id": "ZDI-18-1120", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Network Recording Player PROVIDER ARF File Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1120/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6312", "zdi_id": "ZDI-18-1120" }, { "cve": "CVE-2018-15409", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1119/advisory.json", "detail_path": "advisories/ZDI-18-1119", "id": "ZDI-18-1119", "kind": "published", "published_date": "2018-10-08", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD ARF File Heap-based Buffer Overflow Vulnerability", "updated_date": "2018-10-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1119/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6311", "zdi_id": "ZDI-18-1119" }, { "cve": "CVE-2018-12879", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1118/advisory.json", "detail_path": "advisories/ZDI-18-1118", "id": "ZDI-18-1118", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1118/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6842", "zdi_id": "ZDI-18-1118" }, { "cve": "CVE-2018-12877", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1117/advisory.json", "detail_path": "advisories/ZDI-18-1117", "id": "ZDI-18-1117", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1117/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6682", "zdi_id": "ZDI-18-1117" }, { "cve": "CVE-2018-12876", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1116/advisory.json", "detail_path": "advisories/ZDI-18-1116", "id": "ZDI-18-1116", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-10-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1116/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6812", "zdi_id": "ZDI-18-1116" }, { "cve": "CVE-2018-12868", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1115/advisory.json", "detail_path": "advisories/ZDI-18-1115", "id": "ZDI-18-1115", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1115/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6669", "zdi_id": "ZDI-18-1115" }, { "cve": "CVE-2018-12855", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1114/advisory.json", "detail_path": "advisories/ZDI-18-1114", "id": "ZDI-18-1114", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1114/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6604", "zdi_id": "ZDI-18-1114" }, { "cve": "CVE-2018-12856", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1113/advisory.json", "detail_path": "advisories/ZDI-18-1113", "id": "ZDI-18-1113", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1113/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6605", "zdi_id": "ZDI-18-1113" }, { "cve": "CVE-2018-12858", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1112/advisory.json", "detail_path": "advisories/ZDI-18-1112", "id": "ZDI-18-1112", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC XFA Template Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1112/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6527", "zdi_id": "ZDI-18-1112" }, { "cve": "CVE-2018-12851", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1111/advisory.json", "detail_path": "advisories/ZDI-18-1111", "id": "ZDI-18-1111", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat Pro DC EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1111/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6601", "zdi_id": "ZDI-18-1111" }, { "cve": "CVE-2018-12842", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1110/advisory.json", "detail_path": "advisories/ZDI-18-1110", "id": "ZDI-18-1110", "kind": "published", "published_date": "2018-10-03", "status": "published", "title": "Adobe Acrobat ImageConversion EMF EmfPlusDrawDriverstring Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-10-03", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6426", "zdi_id": "ZDI-18-1110" }, { "cve": "CVE-2018-14818", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-1109/advisory.json", "detail_path": "advisories/ZDI-18-1109", "id": "ZDI-18-1109", "kind": "published", "published_date": "2018-10-02", "status": "published", "title": "(0Day) Wecon PIStudio basedll TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2021-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1109/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6253", "zdi_id": "ZDI-18-1109" }, { "cve": "CVE-2018-14814", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1108/advisory.json", "detail_path": "advisories/ZDI-18-1108", "id": "ZDI-18-1108", "kind": "published", "published_date": "2018-10-02", "status": "published", "title": "(0Day) Wecon PIStudio cximageu Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2021-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1108/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6245", "zdi_id": "ZDI-18-1108" }, { "cve": "CVE-2018-14810", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-1107/advisory.json", "detail_path": "advisories/ZDI-18-1107", "id": "ZDI-18-1107", "kind": "published", "published_date": "2018-10-02", "status": "published", "title": "(0Day) Wecon PIStudio screendata HSC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2021-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1107/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6244", "zdi_id": "ZDI-18-1107" }, { "cve": "CVE-2018-17889", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1106/advisory.json", "detail_path": "advisories/ZDI-18-1106", "id": "ZDI-18-1106", "kind": "published", "published_date": "2018-10-02", "status": "published", "title": "(0Day) Wecon PIStudio xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2021-12-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1106/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6162", "zdi_id": "ZDI-18-1106" }, { "cve": "CVE-2018-17624", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1105/advisory.json", "detail_path": "advisories/ZDI-18-1105", "id": "ZDI-18-1105", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader OCG setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1105/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6435", "zdi_id": "ZDI-18-1105" }, { "cve": "CVE-2018-17623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1104/advisory.json", "detail_path": "advisories/ZDI-18-1104", "id": "ZDI-18-1104", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1104/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6434", "zdi_id": "ZDI-18-1104" }, { "cve": "CVE-2018-17622", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1103/advisory.json", "detail_path": "advisories/ZDI-18-1103", "id": "ZDI-18-1103", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader Barcode Calculate Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1103/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6354", "zdi_id": "ZDI-18-1103" }, { "cve": "CVE-2018-17621", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1102/advisory.json", "detail_path": "advisories/ZDI-18-1102", "id": "ZDI-18-1102", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader TextBox Format Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1102/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6355", "zdi_id": "ZDI-18-1102" }, { "cve": "CVE-2018-17620", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1101/advisory.json", "detail_path": "advisories/ZDI-18-1101", "id": "ZDI-18-1101", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader TextBox Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1101/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6353", "zdi_id": "ZDI-18-1101" }, { "cve": "CVE-2018-17619", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1100/advisory.json", "detail_path": "advisories/ZDI-18-1100", "id": "ZDI-18-1100", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader TextBox Validate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1100/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6352", "zdi_id": "ZDI-18-1100" }, { "cve": "CVE-2018-17618", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1099/advisory.json", "detail_path": "advisories/ZDI-18-1099", "id": "ZDI-18-1099", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader ListBox Selection Change Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1099/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6336", "zdi_id": "ZDI-18-1099" }, { "cve": "CVE-2018-17617", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1098/advisory.json", "detail_path": "advisories/ZDI-18-1098", "id": "ZDI-18-1098", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader CheckBox onFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1098/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6335", "zdi_id": "ZDI-18-1098" }, { "cve": "CVE-2018-17616", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1097/advisory.json", "detail_path": "advisories/ZDI-18-1097", "id": "ZDI-18-1097", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader CheckBox onBlur Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1097/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6334", "zdi_id": "ZDI-18-1097" }, { "cve": "CVE-2018-17615", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1096/advisory.json", "detail_path": "advisories/ZDI-18-1096", "id": "ZDI-18-1096", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader CheckBox Mouse Exit Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1096/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6333", "zdi_id": "ZDI-18-1096" }, { "cve": "CVE-2018-17706", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1095/advisory.json", "detail_path": "advisories/ZDI-18-1095", "id": "ZDI-18-1095", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit PhantomPDF fxhtml2pdf HTML Conversion Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1095/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6230", "zdi_id": "ZDI-18-1095" }, { "cve": "CVE-2018-17625", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1094/advisory.json", "detail_path": "advisories/ZDI-18-1094", "id": "ZDI-18-1094", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6438", "zdi_id": "ZDI-18-1094" }, { "cve": "CVE-2018-14824", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-18-1093/advisory.json", "detail_path": "advisories/ZDI-18-1093", "id": "ZDI-18-1093", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "Delta Industrial Automation PMSoft rtl60 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1093/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6322", "zdi_id": "ZDI-18-1093" }, { "cve": "CVE-2018-4990", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1092/advisory.json", "detail_path": "advisories/ZDI-18-1092", "id": "ZDI-18-1092", "kind": "published", "published_date": "2018-09-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5986", "zdi_id": "ZDI-18-1092" }, { "cve": "CVE-2018-10614", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1091/advisory.json", "detail_path": "advisories/ZDI-18-1091", "id": "ZDI-18-1091", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Wecon LeviStudioU xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1091/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6251", "zdi_id": "ZDI-18-1091" }, { "cve": "CVE-2018-10610", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1090/advisory.json", "detail_path": "advisories/ZDI-18-1090", "id": "ZDI-18-1090", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Wecon LeviStudioU cximageu TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1090/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6243", "zdi_id": "ZDI-18-1090" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1089/advisory.json", "detail_path": "advisories/ZDI-18-1089", "id": "ZDI-18-1089", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Wecon LeviStudioU cximageu TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1089/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6242", "zdi_id": "ZDI-18-1089" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Alpha Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1088/advisory.json", "detail_path": "advisories/ZDI-18-1088", "id": "ZDI-18-1088", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Smart Loader C5V File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1088/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6241", "zdi_id": "ZDI-18-1088" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-18-1087/advisory.json", "detail_path": "advisories/ZDI-18-1087", "id": "ZDI-18-1087", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Fuji Electric Alpha5 Smart Loader A5P File Parsing Buffer Overflow Information Disclosure Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1087/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6240", "zdi_id": "ZDI-18-1087" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Frenic Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1086/advisory.json", "detail_path": "advisories/ZDI-18-1086", "id": "ZDI-18-1086", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Fuji Electric Frenic Loader FNC File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1086/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6239", "zdi_id": "ZDI-18-1086" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Frenic Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-1085/advisory.json", "detail_path": "advisories/ZDI-18-1085", "id": "ZDI-18-1085", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Fuji Electric Frenic Loader FNC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1085/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6238", "zdi_id": "ZDI-18-1085" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Frenic Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1084/advisory.json", "detail_path": "advisories/ZDI-18-1084", "id": "ZDI-18-1084", "kind": "published", "published_date": "2018-09-26", "status": "published", "title": "(0Day) Fuji Electric FrenicLoader FNC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1084/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6224", "zdi_id": "ZDI-18-1084" }, { "cve": "CVE-2018-4358", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1083/advisory.json", "detail_path": "advisories/ZDI-18-1083", "id": "ZDI-18-1083", "kind": "published", "published_date": "2018-09-24", "status": "published", "title": "Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability", "updated_date": "2018-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1083/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6666", "zdi_id": "ZDI-18-1083" }, { "cve": "CVE-2018-4309", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file and exe...", "detail_json": "/data/advisories/ZDI-18-1082/advisory.json", "detail_path": "advisories/ZDI-18-1082", "id": "ZDI-18-1082", "kind": "published", "published_date": "2018-09-24", "status": "published", "title": "Apple Safari Subframe Same-Origin Policy Bypass Vulnerability", "updated_date": "2018-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1082/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6416", "zdi_id": "ZDI-18-1082" }, { "cve": "CVE-2018-4299", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-1081/advisory.json", "detail_path": "advisories/ZDI-18-1081", "id": "ZDI-18-1081", "kind": "published", "published_date": "2018-09-24", "status": "published", "title": "Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability", "updated_date": "2018-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1081/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6361", "zdi_id": "ZDI-18-1081" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EDIDMUX command of the CTP...", "detail_json": "/data/advisories/ZDI-18-1080/advisory.json", "detail_path": "advisories/ZDI-18-1080", "id": "ZDI-18-1080", "kind": "published", "published_date": "2018-09-24", "status": "published", "title": "Crestron Multiple Products CTP Console EDIDMUX Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1080/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6274", "zdi_id": "ZDI-18-1080" }, { "cve": "CVE-2018-15422", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1079/advisory.json", "detail_path": "advisories/ZDI-18-1079", "id": "ZDI-18-1079", "kind": "published", "published_date": "2018-09-21", "status": "published", "title": "Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1079/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6205", "zdi_id": "ZDI-18-1079" }, { "cve": "CVE-2018-15421", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1078/advisory.json", "detail_path": "advisories/ZDI-18-1078", "id": "ZDI-18-1078", "kind": "published", "published_date": "2018-09-21", "status": "published", "title": "Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1078/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6254", "zdi_id": "ZDI-18-1078" }, { "cve": "CVE-2018-14318", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-18-1077/advisory.json", "detail_path": "advisories/ZDI-18-1077", "id": "ZDI-18-1077", "kind": "published", "published_date": "2018-09-21", "status": "published", "title": "(Pwn2own) Samsung Galaxy S8 Shannon GPRS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1077/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5368", "zdi_id": "ZDI-18-1077" }, { "cve": "CVE-2018-15414", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-1076/advisory.json", "detail_path": "advisories/ZDI-18-1076", "id": "ZDI-18-1076", "kind": "published", "published_date": "2018-09-21", "status": "published", "title": "Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1076/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6206", "zdi_id": "ZDI-18-1076" }, { "cve": "CVE-2018-8423", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1075/advisory.json", "detail_path": "advisories/ZDI-18-1075", "id": "ZDI-18-1075", "kind": "published", "published_date": "2018-09-20", "status": "published", "title": "(0Day) Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-10-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6135", "zdi_id": "ZDI-18-1075" }, { "cve": "CVE-2018-12778", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1074/advisory.json", "detail_path": "advisories/ZDI-18-1074", "id": "ZDI-18-1074", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1074/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5781", "zdi_id": "ZDI-18-1074" }, { "cve": "CVE-2018-12775", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-1073/advisory.json", "detail_path": "advisories/ZDI-18-1073", "id": "ZDI-18-1073", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1073/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5747", "zdi_id": "ZDI-18-1073" }, { "cve": "CVE-2018-0994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra as well as Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...", "detail_json": "/data/advisories/ZDI-18-1072/advisory.json", "detail_path": "advisories/ZDI-18-1072", "id": "ZDI-18-1072", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Microsoft Chakra Array.splice Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1072/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6082", "zdi_id": "ZDI-18-1072" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-1071/advisory.json", "detail_path": "advisories/ZDI-18-1071", "id": "ZDI-18-1071", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1071/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6359", "zdi_id": "ZDI-18-1071" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-1070/advisory.json", "detail_path": "advisories/ZDI-18-1070", "id": "ZDI-18-1070", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File UserVARComment wFont Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1070/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6358", "zdi_id": "ZDI-18-1070" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1069/advisory.json", "detail_path": "advisories/ZDI-18-1069", "id": "ZDI-18-1069", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Apple macOS Dock Service DSSetPreferences Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1069/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6127", "zdi_id": "ZDI-18-1069" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1068/advisory.json", "detail_path": "advisories/ZDI-18-1068", "id": "ZDI-18-1068", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Apple macOS Dock Service DSCopyPreferences Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1068/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6126", "zdi_id": "ZDI-18-1068" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-1067/advisory.json", "detail_path": "advisories/ZDI-18-1067", "id": "ZDI-18-1067", "kind": "published", "published_date": "2018-09-19", "status": "published", "title": "Apple macOS Dock Service DSSetProcessRecents Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-09-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1067/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6125", "zdi_id": "ZDI-18-1067" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Quest KACE Systems Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the access control of the down...", "detail_json": "/data/advisories/ZDI-18-1066/advisory.json", "detail_path": "advisories/ZDI-18-1066", "id": "ZDI-18-1066", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "(0Day) Quest KACE Systems Management download_file Improper Access Control Information Disclosure Vulnerability", "updated_date": "2018-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1066/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-6112", "zdi_id": "ZDI-18-1066" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest KACE Systems Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ID and FMT paramet...", "detail_json": "/data/advisories/ZDI-18-1065/advisory.json", "detail_path": "advisories/ZDI-18-1065", "id": "ZDI-18-1065", "kind": "published", "published_date": "2018-09-18", "status": "published", "title": "(0Day) Quest KACE Systems Management run_report Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1065/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-6111", "zdi_id": "ZDI-18-1065" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Quest KACE Systems Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ID paramet...", "detail_json": "/data/advisories/ZDI-18-1064/advisory.json", "detail_path": "advisories/ZDI-18-1064", "id": "ZDI-18-1064", "kind": "published", "published_date": "2018-09-28", "status": "published", "title": "(0Day) Quest KACE Systems Management run_cross_report ID SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1064/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-6097", "zdi_id": "ZDI-18-1064" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Quest KACE Systems Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the PLATFORM_L...", "detail_json": "/data/advisories/ZDI-18-1063/advisory.json", "detail_path": "advisories/ZDI-18-1063", "id": "ZDI-18-1063", "kind": "published", "published_date": "2018-09-18", "status": "published", "title": "(0Day) Quest KACE Systems Management replshare farray SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-10-01", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1063/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-6095", "zdi_id": "ZDI-18-1063" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Quest KACE Systems Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ID par...", "detail_json": "/data/advisories/ZDI-18-1062/advisory.json", "detail_path": "advisories/ZDI-18-1062", "id": "ZDI-18-1062", "kind": "published", "published_date": "2018-09-18", "status": "published", "title": "Quest KACE Systems Management run_report SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-09-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1062/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-6075", "zdi_id": "ZDI-18-1062" }, { "cve": "CVE-2018-12795", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-1061/advisory.json", "detail_path": "advisories/ZDI-18-1061", "id": "ZDI-18-1061", "kind": "published", "published_date": "2018-09-18", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1061/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6309", "zdi_id": "ZDI-18-1061" }, { "cve": "CVE-2018-6973", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-18-1060/advisory.json", "detail_path": "advisories/ZDI-18-1060", "id": "ZDI-18-1060", "kind": "published", "published_date": "2018-09-17", "status": "published", "title": "VMware Workstation e1000 Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1060/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-6364", "zdi_id": "ZDI-18-1060" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1059/advisory.json", "detail_path": "advisories/ZDI-18-1059", "id": "ZDI-18-1059", "kind": "published", "published_date": "2018-09-17", "status": "published", "title": "(0Day) Wecon PLC Editor prg_ldview DevCmt Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1059/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6252", "zdi_id": "ZDI-18-1059" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1058/advisory.json", "detail_path": "advisories/ZDI-18-1058", "id": "ZDI-18-1058", "kind": "published", "published_date": "2018-09-17", "status": "published", "title": "(0Day) Wecon PLC Editor plcdatacenter projectVersion Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1058/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6094", "zdi_id": "ZDI-18-1058" }, { "cve": "CVE-2018-4338", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-1057/advisory.json", "detail_path": "advisories/ZDI-18-1057", "id": "ZDI-18-1057", "kind": "published", "published_date": "2018-09-17", "status": "published", "title": "Apple macOS AirPort BrcmNIC Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1057/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6150", "zdi_id": "ZDI-18-1057" }, { "cve": "CVE-2018-8429", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-1056/advisory.json", "detail_path": "advisories/ZDI-18-1056", "id": "ZDI-18-1056", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Excel XLS File Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1056/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6389", "zdi_id": "ZDI-18-1056" }, { "cve": "CVE-2018-8420", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1055/advisory.json", "detail_path": "advisories/ZDI-18-1055", "id": "ZDI-18-1055", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate MSXML3 Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1055/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6342", "zdi_id": "ZDI-18-1055" }, { "cve": "CVE-2018-8336", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-1054/advisory.json", "detail_path": "advisories/ZDI-18-1054", "id": "ZDI-18-1054", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Windows SMB Client Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1054/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6283", "zdi_id": "ZDI-18-1054" }, { "cve": "CVE-2018-8424", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-1053/advisory.json", "detail_path": "advisories/ZDI-18-1053", "id": "ZDI-18-1053", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Internet Explorer EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1053/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6344", "zdi_id": "ZDI-18-1053" }, { "cve": "CVE-2018-8393", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1052/advisory.json", "detail_path": "advisories/ZDI-18-1052", "id": "ZDI-18-1052", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1052/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6258", "zdi_id": "ZDI-18-1052" }, { "cve": "CVE-2018-8461", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1051/advisory.json", "detail_path": "advisories/ZDI-18-1051", "id": "ZDI-18-1051", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Internet Explorer MSCTF CInputContextAdapter Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1051/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6263", "zdi_id": "ZDI-18-1051" }, { "cve": "CVE-2018-8392", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1050/advisory.json", "detail_path": "advisories/ZDI-18-1050", "id": "ZDI-18-1050", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Windows Excel Database Driver Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1050/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6256", "zdi_id": "ZDI-18-1050" }, { "cve": "CVE-2018-8392", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-1049/advisory.json", "detail_path": "advisories/ZDI-18-1049", "id": "ZDI-18-1049", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Windows Excel Database Driver FORMULA Record Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1049/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6255", "zdi_id": "ZDI-18-1049" }, { "cve": "CVE-2018-8447", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1048/advisory.json", "detail_path": "advisories/ZDI-18-1048", "id": "ZDI-18-1048", "kind": "published", "published_date": "2018-09-14", "status": "published", "title": "Microsoft Internet Explorer Table Row NULL Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6262", "zdi_id": "ZDI-18-1048" }, { "cve": "CVE-2018-8367", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-1047/advisory.json", "detail_path": "advisories/ZDI-18-1047", "id": "ZDI-18-1047", "kind": "published", "published_date": "2018-09-13", "status": "published", "title": "Microsoft Chakra JavaScript Array Literal Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6607", "zdi_id": "ZDI-18-1047" }, { "cve": "CVE-2018-14320", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1046/advisory.json", "detail_path": "advisories/ZDI-18-1046", "id": "ZDI-18-1046", "kind": "published", "published_date": "2018-09-13", "status": "published", "title": "(0Day) PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability", "updated_date": "2018-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1046/", "vendor": "PoDoFo", "vendor_url": null, "zdi_can": "ZDI-CAN-5673", "zdi_id": "ZDI-18-1046" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1045/advisory.json", "detail_path": "advisories/ZDI-18-1045", "id": "ZDI-18-1045", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1045/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5965", "zdi_id": "ZDI-18-1045" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1044/advisory.json", "detail_path": "advisories/ZDI-18-1044", "id": "ZDI-18-1044", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NMVC ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1044/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6249", "zdi_id": "ZDI-18-1044" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1043/advisory.json", "detail_path": "advisories/ZDI-18-1043", "id": "ZDI-18-1043", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1043/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-6210", "zdi_id": "ZDI-18-1043" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1042/advisory.json", "detail_path": "advisories/ZDI-18-1042", "id": "ZDI-18-1042", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NBRPFW Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1042/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5963", "zdi_id": "ZDI-18-1042" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1041/advisory.json", "detail_path": "advisories/ZDI-18-1041", "id": "ZDI-18-1041", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NBRPFW Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1041/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5962", "zdi_id": "ZDI-18-1041" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1040/advisory.json", "detail_path": "advisories/ZDI-18-1040", "id": "ZDI-18-1040", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NBRPD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1040/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5961", "zdi_id": "ZDI-18-1040" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1039/advisory.json", "detail_path": "advisories/ZDI-18-1039", "id": "ZDI-18-1039", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1039/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5958", "zdi_id": "ZDI-18-1039" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1038/advisory.json", "detail_path": "advisories/ZDI-18-1038", "id": "ZDI-18-1038", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NMVC Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1038/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5966", "zdi_id": "ZDI-18-1038" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1037/advisory.json", "detail_path": "advisories/ZDI-18-1037", "id": "ZDI-18-1037", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1037/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5964", "zdi_id": "ZDI-18-1037" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1036/advisory.json", "detail_path": "advisories/ZDI-18-1036", "id": "ZDI-18-1036", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1036/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5959", "zdi_id": "ZDI-18-1036" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1035/advisory.json", "detail_path": "advisories/ZDI-18-1035", "id": "ZDI-18-1035", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1035/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5657", "zdi_id": "ZDI-18-1035" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1034/advisory.json", "detail_path": "advisories/ZDI-18-1034", "id": "ZDI-18-1034", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1034/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5603", "zdi_id": "ZDI-18-1034" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1033/advisory.json", "detail_path": "advisories/ZDI-18-1033", "id": "ZDI-18-1033", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1033/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5602", "zdi_id": "ZDI-18-1033" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1032/advisory.json", "detail_path": "advisories/ZDI-18-1032", "id": "ZDI-18-1032", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1032/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5719", "zdi_id": "ZDI-18-1032" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-18-1031/advisory.json", "detail_path": "advisories/ZDI-18-1031", "id": "ZDI-18-1031", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1031/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5718", "zdi_id": "ZDI-18-1031" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1030/advisory.json", "detail_path": "advisories/ZDI-18-1030", "id": "ZDI-18-1030", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAUDIO Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1030/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5717", "zdi_id": "ZDI-18-1030" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1029/advisory.json", "detail_path": "advisories/ZDI-18-1029", "id": "ZDI-18-1029", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1029/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5715", "zdi_id": "ZDI-18-1029" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1028/advisory.json", "detail_path": "advisories/ZDI-18-1028", "id": "ZDI-18-1028", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1028/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5713", "zdi_id": "ZDI-18-1028" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1027/advisory.json", "detail_path": "advisories/ZDI-18-1027", "id": "ZDI-18-1027", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1027/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5712", "zdi_id": "ZDI-18-1027" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1026/advisory.json", "detail_path": "advisories/ZDI-18-1026", "id": "ZDI-18-1026", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATDL2006 Decompression Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1026/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5716", "zdi_id": "ZDI-18-1026" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1025/advisory.json", "detail_path": "advisories/ZDI-18-1025", "id": "ZDI-18-1025", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1025/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5714", "zdi_id": "ZDI-18-1025" }, { "cve": null, "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-1024/advisory.json", "detail_path": "advisories/ZDI-18-1024", "id": "ZDI-18-1024", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1024/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5727", "zdi_id": "ZDI-18-1024" }, { "cve": "CVE-2018-10637", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-18-1023/advisory.json", "detail_path": "advisories/ZDI-18-1023", "id": "ZDI-18-1023", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server Lite File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1023/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-6376", "zdi_id": "ZDI-18-1023" }, { "cve": "CVE-2018-14811", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1022/advisory.json", "detail_path": "advisories/ZDI-18-1022", "id": "ZDI-18-1022", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1022/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5888", "zdi_id": "ZDI-18-1022" }, { "cve": "CVE-2018-14811", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1021/advisory.json", "detail_path": "advisories/ZDI-18-1021", "id": "ZDI-18-1021", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1021/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5887", "zdi_id": "ZDI-18-1021" }, { "cve": "CVE-2018-14811", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1020/advisory.json", "detail_path": "advisories/ZDI-18-1020", "id": "ZDI-18-1020", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1020/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5886", "zdi_id": "ZDI-18-1020" }, { "cve": "CVE-2018-14809", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1019/advisory.json", "detail_path": "advisories/ZDI-18-1019", "id": "ZDI-18-1019", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1019/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5885", "zdi_id": "ZDI-18-1019" }, { "cve": "CVE-2018-14819", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1018/advisory.json", "detail_path": "advisories/ZDI-18-1018", "id": "ZDI-18-1018", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1018/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5884", "zdi_id": "ZDI-18-1018" }, { "cve": "CVE-2018-14813", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1017/advisory.json", "detail_path": "advisories/ZDI-18-1017", "id": "ZDI-18-1017", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Integer Underflow Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1017/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5883", "zdi_id": "ZDI-18-1017" }, { "cve": "CVE-2018-14815", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1016/advisory.json", "detail_path": "advisories/ZDI-18-1016", "id": "ZDI-18-1016", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1016/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5882", "zdi_id": "ZDI-18-1016" }, { "cve": "CVE-2018-14815", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1015/advisory.json", "detail_path": "advisories/ZDI-18-1015", "id": "ZDI-18-1015", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Type Confusion Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1015/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5881", "zdi_id": "ZDI-18-1015" }, { "cve": "CVE-2018-14811", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1014/advisory.json", "detail_path": "advisories/ZDI-18-1014", "id": "ZDI-18-1014", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1014/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5880", "zdi_id": "ZDI-18-1014" }, { "cve": "CVE-2018-14813", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1013/advisory.json", "detail_path": "advisories/ZDI-18-1013", "id": "ZDI-18-1013", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing CArchive Read Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1013/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5879", "zdi_id": "ZDI-18-1013" }, { "cve": "CVE-2018-14823", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1012/advisory.json", "detail_path": "advisories/ZDI-18-1012", "id": "ZDI-18-1012", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1012/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5889", "zdi_id": "ZDI-18-1012" }, { "cve": "CVE-2018-14811", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1011/advisory.json", "detail_path": "advisories/ZDI-18-1011", "id": "ZDI-18-1011", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1011/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5878", "zdi_id": "ZDI-18-1011" }, { "cve": "CVE-2018-14809", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-1010/advisory.json", "detail_path": "advisories/ZDI-18-1010", "id": "ZDI-18-1010", "kind": "published", "published_date": "2018-09-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing CObArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1010/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5877", "zdi_id": "ZDI-18-1010" }, { "cve": "CVE-2018-5007", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-1009/advisory.json", "detail_path": "advisories/ZDI-18-1009", "id": "ZDI-18-1009", "kind": "published", "published_date": "2018-09-11", "status": "published", "title": "Adobe Flash NetConnection Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1009/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6130", "zdi_id": "ZDI-18-1009" }, { "cve": "CVE-2018-12771", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-1008/advisory.json", "detail_path": "advisories/ZDI-18-1008", "id": "ZDI-18-1008", "kind": "published", "published_date": "2018-09-11", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-09-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1008/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5746", "zdi_id": "ZDI-18-1008" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-18-1007/advisory.json", "detail_path": "advisories/ZDI-18-1007", "id": "ZDI-18-1007", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10005 Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1007/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6139", "zdi_id": "ZDI-18-1007" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-18-1006/advisory.json", "detail_path": "advisories/ZDI-18-1006", "id": "ZDI-18-1006", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10005 Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1006/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6074", "zdi_id": "ZDI-18-1006" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-18-1005/advisory.json", "detail_path": "advisories/ZDI-18-1005", "id": "ZDI-18-1005", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10006 Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1005/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6073", "zdi_id": "ZDI-18-1005" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-18-1004/advisory.json", "detail_path": "advisories/ZDI-18-1004", "id": "ZDI-18-1004", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10013 Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1004/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6072", "zdi_id": "ZDI-18-1004" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center.Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbma...", "detail_json": "/data/advisories/ZDI-18-1003/advisory.json", "detail_path": "advisories/ZDI-18-1003", "id": "ZDI-18-1003", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10010 Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1003/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6071", "zdi_id": "ZDI-18-1003" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-18-1002/advisory.json", "detail_path": "advisories/ZDI-18-1002", "id": "ZDI-18-1002", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10004 Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1002/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6070", "zdi_id": "ZDI-18-1002" }, { "cve": "CVE-2018-7114", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dec...", "detail_json": "/data/advisories/ZDI-18-1001/advisory.json", "detail_path": "advisories/ZDI-18-1001", "id": "ZDI-18-1001", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman decryptMsgAes Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-11-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1001/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6108", "zdi_id": "ZDI-18-1001" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-18-1000/advisory.json", "detail_path": "advisories/ZDI-18-1000", "id": "ZDI-18-1000", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center imcwlandm Username Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1000/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5748", "zdi_id": "ZDI-18-1000" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pro...", "detail_json": "/data/advisories/ZDI-18-999/advisory.json", "detail_path": "advisories/ZDI-18-999", "id": "ZDI-18-999", "kind": "published", "published_date": "2018-09-07", "status": "published", "title": "(0Day) Hewlett Packard Enterprise Intelligent Management Center imcwlandm strUserName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-999/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5672", "zdi_id": "ZDI-18-999" }, { "cve": "CVE-2018-0422", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Cisco WebEx Network Recording Player. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-18-998/advisory.json", "detail_path": "advisories/ZDI-18-998", "id": "ZDI-18-998", "kind": "published", "published_date": "2018-09-06", "status": "published", "title": "(0Day) Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2018-09-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-998/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5623", "zdi_id": "ZDI-18-998" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-997/advisory.json", "detail_path": "advisories/ZDI-18-997", "id": "ZDI-18-997", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU SNMP_Configuration DataList General Elements Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-997/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6067", "zdi_id": "ZDI-18-997" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-996/advisory.json", "detail_path": "advisories/ZDI-18-996", "id": "ZDI-18-996", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU hmi_bmplib_dll Image Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-996/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6066", "zdi_id": "ZDI-18-996" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-995/advisory.json", "detail_path": "advisories/ZDI-18-995", "id": "ZDI-18-995", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU hmi_bmplib_dll G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-995/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6065", "zdi_id": "ZDI-18-995" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-994/advisory.json", "detail_path": "advisories/ZDI-18-994", "id": "ZDI-18-994", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU hmi_bmplib_dll MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-994/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6064", "zdi_id": "ZDI-18-994" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-993/advisory.json", "detail_path": "advisories/ZDI-18-993", "id": "ZDI-18-993", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU hmi_bmplib_dll G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-993/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6063", "zdi_id": "ZDI-18-993" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-992/advisory.json", "detail_path": "advisories/ZDI-18-992", "id": "ZDI-18-992", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU screendata IndirectAddrR Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-992/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6062", "zdi_id": "ZDI-18-992" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-991/advisory.json", "detail_path": "advisories/ZDI-18-991", "id": "ZDI-18-991", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog XYSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-991/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6056", "zdi_id": "ZDI-18-991" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-990/advisory.json", "detail_path": "advisories/ZDI-18-990", "id": "ZDI-18-990", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU screendata Key ASCIIKey Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-990/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6055", "zdi_id": "ZDI-18-990" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-989/advisory.json", "detail_path": "advisories/ZDI-18-989", "id": "ZDI-18-989", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-989/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-6054", "zdi_id": "ZDI-18-989" }, { "cve": "CVE-2018-10598", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-18-988/advisory.json", "detail_path": "advisories/ZDI-18-988", "id": "ZDI-18-988", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB Macro Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-988/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6304", "zdi_id": "ZDI-18-988" }, { "cve": "CVE-2018-10598", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-18-987/advisory.json", "detail_path": "advisories/ZDI-18-987", "id": "ZDI-18-987", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File MarcoAlarm wMessageLen Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-987/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6303", "zdi_id": "ZDI-18-987" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-986/advisory.json", "detail_path": "advisories/ZDI-18-986", "id": "ZDI-18-986", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Version Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-986/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6276", "zdi_id": "ZDI-18-986" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-985/advisory.json", "detail_path": "advisories/ZDI-18-985", "id": "ZDI-18-985", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wFontText Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-985/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6275", "zdi_id": "ZDI-18-985" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-984/advisory.json", "detail_path": "advisories/ZDI-18-984", "id": "ZDI-18-984", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wText Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-984/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6273", "zdi_id": "ZDI-18-984" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-983/advisory.json", "detail_path": "advisories/ZDI-18-983", "id": "ZDI-18-983", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-983/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6272", "zdi_id": "ZDI-18-983" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-982/advisory.json", "detail_path": "advisories/ZDI-18-982", "id": "ZDI-18-982", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File UserAlarm wMessage Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-982/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6271", "zdi_id": "ZDI-18-982" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-981/advisory.json", "detail_path": "advisories/ZDI-18-981", "id": "ZDI-18-981", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wMessage1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-981/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6270", "zdi_id": "ZDI-18-981" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-980/advisory.json", "detail_path": "advisories/ZDI-18-980", "id": "ZDI-18-980", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File TextBank wText Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-980/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6269", "zdi_id": "ZDI-18-980" }, { "cve": "CVE-2018-10636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-18-979/advisory.json", "detail_path": "advisories/ZDI-18-979", "id": "ZDI-18-979", "kind": "published", "published_date": "2018-09-05", "status": "published", "title": "Delta Industrial Automation CNCSoft ScreenEditor DPB File SystemAlarm wMessage Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-09-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-979/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6310", "zdi_id": "ZDI-18-979" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-978/advisory.json", "detail_path": "advisories/ZDI-18-978", "id": "ZDI-18-978", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Recorder and Player ATDL2006 Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-978/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5972", "zdi_id": "ZDI-18-978" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-977/advisory.json", "detail_path": "advisories/ZDI-18-977", "id": "ZDI-18-977", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-977/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5724", "zdi_id": "ZDI-18-977" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-976/advisory.json", "detail_path": "advisories/ZDI-18-976", "id": "ZDI-18-976", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-976/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5722", "zdi_id": "ZDI-18-976" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-975/advisory.json", "detail_path": "advisories/ZDI-18-975", "id": "ZDI-18-975", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-975/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5721", "zdi_id": "ZDI-18-975" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-974/advisory.json", "detail_path": "advisories/ZDI-18-974", "id": "ZDI-18-974", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-974/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5723", "zdi_id": "ZDI-18-974" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-973/advisory.json", "detail_path": "advisories/ZDI-18-973", "id": "ZDI-18-973", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-973/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5720", "zdi_id": "ZDI-18-973" }, { "cve": "CVE-2018-0379", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-972/advisory.json", "detail_path": "advisories/ZDI-18-972", "id": "ZDI-18-972", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player ATPACK Decompression Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-972/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5705", "zdi_id": "ZDI-18-972" }, { "cve": "CVE-2018-0379", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-971/advisory.json", "detail_path": "advisories/ZDI-18-971", "id": "ZDI-18-971", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player ATJPEG60 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-971/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5704", "zdi_id": "ZDI-18-971" }, { "cve": "CVE-2018-0379", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-970/advisory.json", "detail_path": "advisories/ZDI-18-970", "id": "ZDI-18-970", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player ATPDMOD Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-970/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5703", "zdi_id": "ZDI-18-970" }, { "cve": "CVE-2018-0379", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-969/advisory.json", "detail_path": "advisories/ZDI-18-969", "id": "ZDI-18-969", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-969/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5601", "zdi_id": "ZDI-18-969" }, { "cve": "CVE-2018-0379", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-968/advisory.json", "detail_path": "advisories/ZDI-18-968", "id": "ZDI-18-968", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-968/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5600", "zdi_id": "ZDI-18-968" }, { "cve": "CVE-2018-0379", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-967/advisory.json", "detail_path": "advisories/ZDI-18-967", "id": "ZDI-18-967", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Heap-based Buffer Overflow Vulnerability", "updated_date": "2018-08-31", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-967/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5593", "zdi_id": "ZDI-18-967" }, { "cve": "CVE-2018-7102", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imc...", "detail_json": "/data/advisories/ZDI-18-966/advisory.json", "detail_path": "advisories/ZDI-18-966", "id": "ZDI-18-966", "kind": "published", "published_date": "2018-08-31", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center imciccdm createFabricAutoCfgFile Directory Traversal Arbitrary File Write Vulnerability", "updated_date": "2023-01-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-966/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6109", "zdi_id": "ZDI-18-966" }, { "cve": "CVE-2018-10902", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-18-965/advisory.json", "detail_path": "advisories/ZDI-18-965", "id": "ZDI-18-965", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Linux Kernel MIDI Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-965/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-6201", "zdi_id": "ZDI-18-965" }, { "cve": "CVE-2018-15364", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-18-964/advisory.json", "detail_path": "advisories/ZDI-18-964", "id": "ZDI-18-964", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Trend Micro OfficeScan Named Pipe Request Processing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-964/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6104", "zdi_id": "ZDI-18-964" }, { "cve": "CVE-2018-15363", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-963/advisory.json", "detail_path": "advisories/ZDI-18-963", "id": "ZDI-18-963", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-963/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6105", "zdi_id": "ZDI-18-963" }, { "cve": "CVE-2018-10514", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-962/advisory.json", "detail_path": "advisories/ZDI-18-962", "id": "ZDI-18-962", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-962/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6103", "zdi_id": "ZDI-18-962" }, { "cve": "CVE-2018-10513", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-961/advisory.json", "detail_path": "advisories/ZDI-18-961", "id": "ZDI-18-961", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-961/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-6102", "zdi_id": "ZDI-18-961" }, { "cve": "CVE-2018-5044", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-960/advisory.json", "detail_path": "advisories/ZDI-18-960", "id": "ZDI-18-960", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Adobe Acrobat Pro DC U3D TIFF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-09-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-960/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5995", "zdi_id": "ZDI-18-960" }, { "cve": "CVE-2018-5015", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-959/advisory.json", "detail_path": "advisories/ZDI-18-959", "id": "ZDI-18-959", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS idRangeOffset Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-959/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5739", "zdi_id": "ZDI-18-959" }, { "cve": "CVE-2018-12799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-958/advisory.json", "detail_path": "advisories/ZDI-18-958", "id": "ZDI-18-958", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Adobe Acrobat Pro DC Catalog Index Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-958/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5989", "zdi_id": "ZDI-18-958" }, { "cve": "CVE-2018-12824", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-957/advisory.json", "detail_path": "advisories/ZDI-18-957", "id": "ZDI-18-957", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Adobe Flash MP3 Parsing COMM Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-957/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5615", "zdi_id": "ZDI-18-957" }, { "cve": "CVE-2018-8394", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-956/advisory.json", "detail_path": "advisories/ZDI-18-956", "id": "ZDI-18-956", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Microsoft Windows EMF File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-956/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6588", "zdi_id": "ZDI-18-956" }, { "cve": "CVE-2018-7092", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TFT...", "detail_json": "/data/advisories/ZDI-18-955/advisory.json", "detail_path": "advisories/ZDI-18-955", "id": "ZDI-18-955", "kind": "published", "published_date": "2018-08-30", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center TFTP deleteBaseCfgfile Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": "2018-08-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-955/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-6110", "zdi_id": "ZDI-18-955" }, { "cve": "CVE-2018-0994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra as well as Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...", "detail_json": "/data/advisories/ZDI-18-954/advisory.json", "detail_path": "advisories/ZDI-18-954", "id": "ZDI-18-954", "kind": "published", "published_date": "2018-08-22", "status": "published", "title": "Microsoft Chakra Array.reverse Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-08-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-954/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6076", "zdi_id": "ZDI-18-954" }, { "cve": "CVE-2018-8373", "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-953/advisory.json", "detail_path": "advisories/ZDI-18-953", "id": "ZDI-18-953", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-953/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6776", "zdi_id": "ZDI-18-953" }, { "cve": "CVE-2018-8316", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-952/advisory.json", "detail_path": "advisories/ZDI-18-952", "id": "ZDI-18-952", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Office Word Preview Unsafe Hyperlink Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-952/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6284", "zdi_id": "ZDI-18-952" }, { "cve": "CVE-2018-8401", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-951/advisory.json", "detail_path": "advisories/ZDI-18-951", "id": "ZDI-18-951", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows BasicRender Driver Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-951/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6141", "zdi_id": "ZDI-18-951" }, { "cve": "CVE-2018-8400", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-18-950/advisory.json", "detail_path": "advisories/ZDI-18-950", "id": "ZDI-18-950", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows dxgkrnl Driver D3DKMTRender Method Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-950/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6120", "zdi_id": "ZDI-18-950" }, { "cve": "CVE-2018-8401", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-949/advisory.json", "detail_path": "advisories/ZDI-18-949", "id": "ZDI-18-949", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows D3DKMTSubmitCommand BasicRender Driver Out-of-bounds Memory Access Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-949/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6148", "zdi_id": "ZDI-18-949" }, { "cve": "CVE-2018-0953", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-948/advisory.json", "detail_path": "advisories/ZDI-18-948", "id": "ZDI-18-948", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Chakra Floating Point Array Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-948/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6154", "zdi_id": "ZDI-18-948" }, { "cve": "CVE-2018-8406", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-947/advisory.json", "detail_path": "advisories/ZDI-18-947", "id": "ZDI-18-947", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows Dxgkrnl Type Confusion Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-947/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6119", "zdi_id": "ZDI-18-947" }, { "cve": "CVE-2018-8405", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-946/advisory.json", "detail_path": "advisories/ZDI-18-946", "id": "ZDI-18-946", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows Dxgkrnl Type Confusion Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-946/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6118", "zdi_id": "ZDI-18-946" }, { "cve": "CVE-2018-8404", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-945/advisory.json", "detail_path": "advisories/ZDI-18-945", "id": "ZDI-18-945", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows NtGdiClearBitmapAttributes Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-945/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6117", "zdi_id": "ZDI-18-945" }, { "cve": "CVE-2018-8302", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the conversion of voicemails to text. Due to impr...", "detail_json": "/data/advisories/ZDI-18-944/advisory.json", "detail_path": "advisories/ZDI-18-944", "id": "ZDI-18-944", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Exchange Server Voicemail Transcription Improper Access Control Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-944/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6106", "zdi_id": "ZDI-18-944" }, { "cve": "CVE-2018-8344", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-943/advisory.json", "detail_path": "advisories/ZDI-18-943", "id": "ZDI-18-943", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows Font Subsetting Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-943/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6181", "zdi_id": "ZDI-18-943" }, { "cve": "CVE-2018-8345", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-942/advisory.json", "detail_path": "advisories/ZDI-18-942", "id": "ZDI-18-942", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows LNK File Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-942/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6193", "zdi_id": "ZDI-18-942" }, { "cve": "CVE-2018-8371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-941/advisory.json", "detail_path": "advisories/ZDI-18-941", "id": "ZDI-18-941", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Use After Free Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-941/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6200", "zdi_id": "ZDI-18-941" }, { "cve": "CVE-2018-8346", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-940/advisory.json", "detail_path": "advisories/ZDI-18-940", "id": "ZDI-18-940", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Microsoft Windows LNK File Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-940/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6194", "zdi_id": "ZDI-18-940" }, { "cve": "CVE-2018-14317", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-939/advisory.json", "detail_path": "advisories/ZDI-18-939", "id": "ZDI-18-939", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Foxit Reader PDF File Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-939/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6683", "zdi_id": "ZDI-18-939" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MOVE command of the CTP co...", "detail_json": "/data/advisories/ZDI-18-938/advisory.json", "detail_path": "advisories/ZDI-18-938", "id": "ZDI-18-938", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console MOVEFILE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-938/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6189", "zdi_id": "ZDI-18-938" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ISDIR command of the CTP c...", "detail_json": "/data/advisories/ZDI-18-937/advisory.json", "detail_path": "advisories/ZDI-18-937", "id": "ZDI-18-937", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console ISDIR Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-937/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6178", "zdi_id": "ZDI-18-937" }, { "cve": "CVE-2018-5553", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PING command of the CTP co...", "detail_json": "/data/advisories/ZDI-18-936/advisory.json", "detail_path": "advisories/ZDI-18-936", "id": "ZDI-18-936", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console PING Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-936/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6177", "zdi_id": "ZDI-18-936" }, { "cve": "CVE-2018-11228", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the UPDATEPASSWORD command of the...", "detail_json": "/data/advisories/ZDI-18-935/advisory.json", "detail_path": "advisories/ZDI-18-935", "id": "ZDI-18-935", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console UPDATEPASSWORD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-935/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6176", "zdi_id": "ZDI-18-935" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FGETFILE command of the CT...", "detail_json": "/data/advisories/ZDI-18-934/advisory.json", "detail_path": "advisories/ZDI-18-934", "id": "ZDI-18-934", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console FGETFILE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-934/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6175", "zdi_id": "ZDI-18-934" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DELETE command of the CTP...", "detail_json": "/data/advisories/ZDI-18-933/advisory.json", "detail_path": "advisories/ZDI-18-933", "id": "ZDI-18-933", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console DELETE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-933/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6174", "zdi_id": "ZDI-18-933" }, { "cve": "CVE-2018-10630", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute execute arbitrary code on vulnerable installations of Crestron products. Authentication is not required to exploit this vulnerability. The specific flaw exists due to authentication being disabled by defau...", "detail_json": "/data/advisories/ZDI-18-932/advisory.json", "detail_path": "advisories/ZDI-18-932", "id": "ZDI-18-932", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console Incorrect Default Permissions Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-932/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6173", "zdi_id": "ZDI-18-932" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFIWEPPASSWORD command of...", "detail_json": "/data/advisories/ZDI-18-931/advisory.json", "detail_path": "advisories/ZDI-18-931", "id": "ZDI-18-931", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console WIFIWEPPASSWORD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-931/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6172", "zdi_id": "ZDI-18-931" }, { "cve": "CVE-2018-11229", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the engineer built-i...", "detail_json": "/data/advisories/ZDI-18-930/advisory.json", "detail_path": "advisories/ZDI-18-930", "id": "ZDI-18-930", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console LAUNCH Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-930/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6171", "zdi_id": "ZDI-18-930" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FPUTFILE command of the CT...", "detail_json": "/data/advisories/ZDI-18-929/advisory.json", "detail_path": "advisories/ZDI-18-929", "id": "ZDI-18-929", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console FPUTFILE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-929/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6170", "zdi_id": "ZDI-18-929" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFIPSKPASSWORD command of...", "detail_json": "/data/advisories/ZDI-18-928/advisory.json", "detail_path": "advisories/ZDI-18-928", "id": "ZDI-18-928", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console WIFIPSKPASSWORD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-928/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6169", "zdi_id": "ZDI-18-928" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UDIR command of the CTP co...", "detail_json": "/data/advisories/ZDI-18-927/advisory.json", "detail_path": "advisories/ZDI-18-927", "id": "ZDI-18-927", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console UDIR Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-927/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6168", "zdi_id": "ZDI-18-927" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTARTSERVICE command of...", "detail_json": "/data/advisories/ZDI-18-926/advisory.json", "detail_path": "advisories/ZDI-18-926", "id": "ZDI-18-926", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console RESTARTSERVICE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-926/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6167", "zdi_id": "ZDI-18-926" }, { "cve": "CVE-2018-11228", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the ADDUSER command of the CTP con...", "detail_json": "/data/advisories/ZDI-18-925/advisory.json", "detail_path": "advisories/ZDI-18-925", "id": "ZDI-18-925", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console ADDUSER Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-925/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6166", "zdi_id": "ZDI-18-925" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MAKEDIR command of the CTP...", "detail_json": "/data/advisories/ZDI-18-924/advisory.json", "detail_path": "advisories/ZDI-18-924", "id": "ZDI-18-924", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console MAKEDIR Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-924/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6165", "zdi_id": "ZDI-18-924" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ROUTEADD command of the CT...", "detail_json": "/data/advisories/ZDI-18-923/advisory.json", "detail_path": "advisories/ZDI-18-923", "id": "ZDI-18-923", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console ROUTEADD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-923/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6164", "zdi_id": "ZDI-18-923" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ROUTEDELETE command of the...", "detail_json": "/data/advisories/ZDI-18-922/advisory.json", "detail_path": "advisories/ZDI-18-922", "id": "ZDI-18-922", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console ROUTEDELETE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-922/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6163", "zdi_id": "ZDI-18-922" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CD command of the CTP cons...", "detail_json": "/data/advisories/ZDI-18-921/advisory.json", "detail_path": "advisories/ZDI-18-921", "id": "ZDI-18-921", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console CD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-921/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6161", "zdi_id": "ZDI-18-921" }, { "cve": "CVE-2018-13341", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on affected installations of all Crestron products. Authentication is required to exploit this vulnerability. The specific flaw exists within the two built-in accounts on all Crestron devices....", "detail_json": "/data/advisories/ZDI-18-920/advisory.json", "detail_path": "advisories/ZDI-18-920", "id": "ZDI-18-920", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console Privilege Escalation Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-920/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6160", "zdi_id": "ZDI-18-920" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the COPYFILE command of the CT...", "detail_json": "/data/advisories/ZDI-18-919/advisory.json", "detail_path": "advisories/ZDI-18-919", "id": "ZDI-18-919", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console COPYFILE Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-919/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6159", "zdi_id": "ZDI-18-919" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFISSID command of the CT...", "detail_json": "/data/advisories/ZDI-18-918/advisory.json", "detail_path": "advisories/ZDI-18-918", "id": "ZDI-18-918", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console WIFISSID Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-918/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6158", "zdi_id": "ZDI-18-918" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REMOVEDIR command of the C...", "detail_json": "/data/advisories/ZDI-18-917/advisory.json", "detail_path": "advisories/ZDI-18-917", "id": "ZDI-18-917", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console REMOVEDIR Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-917/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6157", "zdi_id": "ZDI-18-917" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DIR command of the CTP con...", "detail_json": "/data/advisories/ZDI-18-916/advisory.json", "detail_path": "advisories/ZDI-18-916", "id": "ZDI-18-916", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console DIR Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-916/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6156", "zdi_id": "ZDI-18-916" }, { "cve": "CVE-2018-11228", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFIWEPHEXPASSWORD command...", "detail_json": "/data/advisories/ZDI-18-915/advisory.json", "detail_path": "advisories/ZDI-18-915", "id": "ZDI-18-915", "kind": "published", "published_date": "2018-08-14", "status": "published", "title": "Crestron Multiple Products CTP Console WIFIWEPHEXPASSWORD Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-08-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-915/", "vendor": "Crestron", "vendor_url": null, "zdi_can": "ZDI-CAN-6155", "zdi_id": "ZDI-18-915" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-914/advisory.json", "detail_path": "advisories/ZDI-18-914", "id": "ZDI-18-914", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder ModBus Beckhoff ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-914/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6053", "zdi_id": "ZDI-18-914" }, { "cve": "CVE-2018-7686", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-18-913/advisory.json", "detail_path": "advisories/ZDI-18-913", "id": "ZDI-18-913", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-913/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-6207", "zdi_id": "ZDI-18-913" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-912/advisory.json", "detail_path": "advisories/ZDI-18-912", "id": "ZDI-18-912", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder YAMAHA_VIP_robot_Pre Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-912/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6423", "zdi_id": "ZDI-18-912" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-911/advisory.json", "detail_path": "advisories/ZDI-18-911", "id": "ZDI-18-911", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder SIMATIC_S5_3964R_Pre UserSettings Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-911/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6424", "zdi_id": "ZDI-18-911" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-910/advisory.json", "detail_path": "advisories/ZDI-18-910", "id": "ZDI-18-910", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder Yaskawa_FSP_Pre StationsList Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-910/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6422", "zdi_id": "ZDI-18-910" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-909/advisory.json", "detail_path": "advisories/ZDI-18-909", "id": "ZDI-18-909", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder KEB_COMBIVERT_Pre UserSettings Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-909/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6421", "zdi_id": "ZDI-18-909" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-908/advisory.json", "detail_path": "advisories/ZDI-18-908", "id": "ZDI-18-908", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BEYaskawaSMC IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-908/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6420", "zdi_id": "ZDI-18-908" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-907/advisory.json", "detail_path": "advisories/ZDI-18-907", "id": "ZDI-18-907", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder bemodbus ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-907/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6349", "zdi_id": "ZDI-18-907" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-906/advisory.json", "detail_path": "advisories/ZDI-18-906", "id": "ZDI-18-906", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder bemodbus Nodes Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-906/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6348", "zdi_id": "ZDI-18-906" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-905/advisory.json", "detail_path": "advisories/ZDI-18-905", "id": "ZDI-18-905", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder bemodbus TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-905/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6226", "zdi_id": "ZDI-18-905" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-904/advisory.json", "detail_path": "advisories/ZDI-18-904", "id": "ZDI-18-904", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder beSaia_Ethernet IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-904/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6229", "zdi_id": "ZDI-18-904" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-903/advisory.json", "detail_path": "advisories/ZDI-18-903", "id": "ZDI-18-903", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder bes7mpidirect ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-903/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6228", "zdi_id": "ZDI-18-903" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-902/advisory.json", "detail_path": "advisories/ZDI-18-902", "id": "ZDI-18-902", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder beOMRON TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-902/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6227", "zdi_id": "ZDI-18-902" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-901/advisory.json", "detail_path": "advisories/ZDI-18-901", "id": "ZDI-18-901", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder UserSettings Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-901/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6225", "zdi_id": "ZDI-18-901" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-900/advisory.json", "detail_path": "advisories/ZDI-18-900", "id": "ZDI-18-900", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder Allen Bradley MicroLogix TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerabilities", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-900/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6140", "zdi_id": "ZDI-18-900" }, { "cve": "CVE-2018-10616", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-899/advisory.json", "detail_path": "advisories/ZDI-18-899", "id": "ZDI-18-899", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeModBus CommandLineOptions Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-899/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6190", "zdi_id": "ZDI-18-899" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-898/advisory.json", "detail_path": "advisories/ZDI-18-898", "id": "ZDI-18-898", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder Animatics_SmartMotor UserSettings Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-898/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6144", "zdi_id": "ZDI-18-898" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-897/advisory.json", "detail_path": "advisories/ZDI-18-897", "id": "ZDI-18-897", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder beFesto IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-897/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6143", "zdi_id": "ZDI-18-897" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-896/advisory.json", "detail_path": "advisories/ZDI-18-896", "id": "ZDI-18-896", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BEControlLogix IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-896/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6142", "zdi_id": "ZDI-18-896" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-895/advisory.json", "detail_path": "advisories/ZDI-18-895", "id": "ZDI-18-895", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder SIMATIC_TI500 UserSettings Format String Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-895/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6136", "zdi_id": "ZDI-18-895" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-894/advisory.json", "detail_path": "advisories/ZDI-18-894", "id": "ZDI-18-894", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeECOM IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-894/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6099", "zdi_id": "ZDI-18-894" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-893/advisory.json", "detail_path": "advisories/ZDI-18-893", "id": "ZDI-18-893", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder beDVT IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-893/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6098", "zdi_id": "ZDI-18-893" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-892/advisory.json", "detail_path": "advisories/ZDI-18-892", "id": "ZDI-18-892", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeMMS IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-892/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6096", "zdi_id": "ZDI-18-892" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-891/advisory.json", "detail_path": "advisories/ZDI-18-891", "id": "ZDI-18-891", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeomronFins FINSIPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-891/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6087", "zdi_id": "ZDI-18-891" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-890/advisory.json", "detail_path": "advisories/ZDI-18-890", "id": "ZDI-18-890", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder bebhoffadseth AmsNetId Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-890/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6086", "zdi_id": "ZDI-18-890" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-889/advisory.json", "detail_path": "advisories/ZDI-18-889", "id": "ZDI-18-889", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BEMBSlave MapIO Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-889/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6085", "zdi_id": "ZDI-18-889" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-888/advisory.json", "detail_path": "advisories/ZDI-18-888", "id": "ZDI-18-888", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder beabethsc IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-888/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6084", "zdi_id": "ZDI-18-888" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-887/advisory.json", "detail_path": "advisories/ZDI-18-887", "id": "ZDI-18-887", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeModBus TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-887/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6083", "zdi_id": "ZDI-18-887" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-886/advisory.json", "detail_path": "advisories/ZDI-18-886", "id": "ZDI-18-886", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BeMod_BeckHoff Node1 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-886/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6061", "zdi_id": "ZDI-18-886" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-885/advisory.json", "detail_path": "advisories/ZDI-18-885", "id": "ZDI-18-885", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder BEMBSlave ComErrorIO Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-885/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6052", "zdi_id": "ZDI-18-885" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-884/advisory.json", "detail_path": "advisories/ZDI-18-884", "id": "ZDI-18-884", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder ModBus AC500 UserSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-884/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-6051", "zdi_id": "ZDI-18-884" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-883/advisory.json", "detail_path": "advisories/ZDI-18-883", "id": "ZDI-18-883", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder Becomli CommandLineOptions Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-883/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-5976", "zdi_id": "ZDI-18-883" }, { "cve": "CVE-2018-10616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-882/advisory.json", "detail_path": "advisories/ZDI-18-882", "id": "ZDI-18-882", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "ABB Panel Builder Begalil IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-882/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-5786", "zdi_id": "ZDI-18-882" }, { "cve": "CVE-2018-6970", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of VMware Horizon Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-18-881/advisory.json", "detail_path": "advisories/ZDI-18-881", "id": "ZDI-18-881", "kind": "published", "published_date": "2018-08-10", "status": "published", "title": "VMWare Horizon Client wswc_sharedMem_shared Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-08-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-881/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-5797", "zdi_id": "ZDI-18-881" }, { "cve": null, "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to force a reboot on vulnerable installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-880/advisory.json", "detail_path": "advisories/ZDI-18-880", "id": "ZDI-18-880", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Google Android UserCallActivity Null Pointer Dereference Denial of Service Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-880/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-5360", "zdi_id": "ZDI-18-880" }, { "cve": "CVE-2018-7931", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Huawei App Market. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-879/advisory.json", "detail_path": "advisories/ZDI-18-879", "id": "ZDI-18-879", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Huawei App Market Whitelist Bypass Privilege Escalation Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-879/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5347", "zdi_id": "ZDI-18-879" }, { "cve": "CVE-2017-15309", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to create arbitrary files on vulnerable installations of Huawei Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-18-878/advisory.json", "detail_path": "advisories/ZDI-18-878", "id": "ZDI-18-878", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Huawei Reader FileName Directory Traversal Privilege Escalation Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-878/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5349", "zdi_id": "ZDI-18-878" }, { "cve": "CVE-2017-17226", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of TripAdvisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-877/advisory.json", "detail_path": "advisories/ZDI-18-877", "id": "ZDI-18-877", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "TripAdvisor Browsable Intent Arbitrary URL Loading Privilege Escalation Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-877/", "vendor": "TripAdvisor", "vendor_url": null, "zdi_can": "ZDI-CAN-5335", "zdi_id": "ZDI-18-877" }, { "cve": "CVE-2017-15308", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Huawei Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-18-876/advisory.json", "detail_path": "advisories/ZDI-18-876", "id": "ZDI-18-876", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Huawei Reader Insecure Plugin Loading Privilege Escalation Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-876/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5351", "zdi_id": "ZDI-18-876" }, { "cve": "CVE-2018-7932", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei App Market. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-18-875/advisory.json", "detail_path": "advisories/ZDI-18-875", "id": "ZDI-18-875", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Huawei App Market JavaScript Bridge Privilege Escalation Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-875/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5348", "zdi_id": "ZDI-18-875" }, { "cve": "CVE-2017-15309", "cvss": 3.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on vulnerable installations of Huawei Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-18-874/advisory.json", "detail_path": "advisories/ZDI-18-874", "id": "ZDI-18-874", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(Pwn2Own) Huawei Reader onChapPack Directory Traversal File Deletion Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-874/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5350", "zdi_id": "ZDI-18-874" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-873/advisory.json", "detail_path": "advisories/ZDI-18-873", "id": "ZDI-18-873", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU General WordAddr Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-873/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5981", "zdi_id": "ZDI-18-873" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-872/advisory.json", "detail_path": "advisories/ZDI-18-872", "id": "ZDI-18-872", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU Datalogtool file.creation-data Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-872/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5980", "zdi_id": "ZDI-18-872" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-871/advisory.json", "detail_path": "advisories/ZDI-18-871", "id": "ZDI-18-871", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU pvgengine MonSecondAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-871/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5971", "zdi_id": "ZDI-18-871" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-870/advisory.json", "detail_path": "advisories/ZDI-18-870", "id": "ZDI-18-870", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU Partdialog General Element Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-870/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5970", "zdi_id": "ZDI-18-870" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-869/advisory.json", "detail_path": "advisories/ZDI-18-869", "id": "ZDI-18-869", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU PartInfo WriteAddr Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-869/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5969", "zdi_id": "ZDI-18-869" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-868/advisory.json", "detail_path": "advisories/ZDI-18-868", "id": "ZDI-18-868", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr11 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-868/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5947", "zdi_id": "ZDI-18-868" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-867/advisory.json", "detail_path": "advisories/ZDI-18-867", "id": "ZDI-18-867", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU PartInfo PartName Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-867/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5956", "zdi_id": "ZDI-18-867" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-866/advisory.json", "detail_path": "advisories/ZDI-18-866", "id": "ZDI-18-866", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU figure FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-866/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5955", "zdi_id": "ZDI-18-866" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-865/advisory.json", "detail_path": "advisories/ZDI-18-865", "id": "ZDI-18-865", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog XYSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-865/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5953", "zdi_id": "ZDI-18-865" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-864/advisory.json", "detail_path": "advisories/ZDI-18-864", "id": "ZDI-18-864", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog WordAlarmSet WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-864/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5951", "zdi_id": "ZDI-18-864" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-863/advisory.json", "detail_path": "advisories/ZDI-18-863", "id": "ZDI-18-863", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr8 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-863/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5949", "zdi_id": "ZDI-18-863" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-862/advisory.json", "detail_path": "advisories/ZDI-18-862", "id": "ZDI-18-862", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-862/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5945", "zdi_id": "ZDI-18-862" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-861/advisory.json", "detail_path": "advisories/ZDI-18-861", "id": "ZDI-18-861", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-861/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5942", "zdi_id": "ZDI-18-861" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-860/advisory.json", "detail_path": "advisories/ZDI-18-860", "id": "ZDI-18-860", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-860/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5941", "zdi_id": "ZDI-18-860" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-859/advisory.json", "detail_path": "advisories/ZDI-18-859", "id": "ZDI-18-859", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-859/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5940", "zdi_id": "ZDI-18-859" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-858/advisory.json", "detail_path": "advisories/ZDI-18-858", "id": "ZDI-18-858", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU addressLib WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-858/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5939", "zdi_id": "ZDI-18-858" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-857/advisory.json", "detail_path": "advisories/ZDI-18-857", "id": "ZDI-18-857", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet TriggAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-857/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5938", "zdi_id": "ZDI-18-857" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-856/advisory.json", "detail_path": "advisories/ZDI-18-856", "id": "ZDI-18-856", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr12 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-856/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5937", "zdi_id": "ZDI-18-856" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-855/advisory.json", "detail_path": "advisories/ZDI-18-855", "id": "ZDI-18-855", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-855/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5936", "zdi_id": "ZDI-18-855" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-854/advisory.json", "detail_path": "advisories/ZDI-18-854", "id": "ZDI-18-854", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-854/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5935", "zdi_id": "ZDI-18-854" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-853/advisory.json", "detail_path": "advisories/ZDI-18-853", "id": "ZDI-18-853", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr7 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-853/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5934", "zdi_id": "ZDI-18-853" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-852/advisory.json", "detail_path": "advisories/ZDI-18-852", "id": "ZDI-18-852", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr6 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-852/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5933", "zdi_id": "ZDI-18-852" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-851/advisory.json", "detail_path": "advisories/ZDI-18-851", "id": "ZDI-18-851", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DiscSet WordAddr5 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-851/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5932", "zdi_id": "ZDI-18-851" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-850/advisory.json", "detail_path": "advisories/ZDI-18-850", "id": "ZDI-18-850", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog WordAlarmSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-850/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5931", "zdi_id": "ZDI-18-850" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-849/advisory.json", "detail_path": "advisories/ZDI-18-849", "id": "ZDI-18-849", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog MultiLink bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-849/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5930", "zdi_id": "ZDI-18-849" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-848/advisory.json", "detail_path": "advisories/ZDI-18-848", "id": "ZDI-18-848", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog MultiLink WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-848/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5929", "zdi_id": "ZDI-18-848" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-847/advisory.json", "detail_path": "advisories/ZDI-18-847", "id": "ZDI-18-847", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog WebSet bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-847/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5928", "zdi_id": "ZDI-18-847" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-846/advisory.json", "detail_path": "advisories/ZDI-18-846", "id": "ZDI-18-846", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog WebSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-846/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5927", "zdi_id": "ZDI-18-846" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-845/advisory.json", "detail_path": "advisories/ZDI-18-845", "id": "ZDI-18-845", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog XYSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-845/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5926", "zdi_id": "ZDI-18-845" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-844/advisory.json", "detail_path": "advisories/ZDI-18-844", "id": "ZDI-18-844", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog XYSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-844/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5925", "zdi_id": "ZDI-18-844" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-843/advisory.json", "detail_path": "advisories/ZDI-18-843", "id": "ZDI-18-843", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog XYSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-843/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5924", "zdi_id": "ZDI-18-843" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-842/advisory.json", "detail_path": "advisories/ZDI-18-842", "id": "ZDI-18-842", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-842/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5923", "zdi_id": "ZDI-18-842" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-841/advisory.json", "detail_path": "advisories/ZDI-18-841", "id": "ZDI-18-841", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-841/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5922", "zdi_id": "ZDI-18-841" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-840/advisory.json", "detail_path": "advisories/ZDI-18-840", "id": "ZDI-18-840", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-840/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5921", "zdi_id": "ZDI-18-840" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-839/advisory.json", "detail_path": "advisories/ZDI-18-839", "id": "ZDI-18-839", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-839/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5920", "zdi_id": "ZDI-18-839" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-838/advisory.json", "detail_path": "advisories/ZDI-18-838", "id": "ZDI-18-838", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-838/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5919", "zdi_id": "ZDI-18-838" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-837/advisory.json", "detail_path": "advisories/ZDI-18-837", "id": "ZDI-18-837", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-837/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5918", "zdi_id": "ZDI-18-837" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-836/advisory.json", "detail_path": "advisories/ZDI-18-836", "id": "ZDI-18-836", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-836/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5917", "zdi_id": "ZDI-18-836" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-835/advisory.json", "detail_path": "advisories/ZDI-18-835", "id": "ZDI-18-835", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-835/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5916", "zdi_id": "ZDI-18-835" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-834/advisory.json", "detail_path": "advisories/ZDI-18-834", "id": "ZDI-18-834", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-834/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5915", "zdi_id": "ZDI-18-834" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-833/advisory.json", "detail_path": "advisories/ZDI-18-833", "id": "ZDI-18-833", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-833/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5914", "zdi_id": "ZDI-18-833" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-832/advisory.json", "detail_path": "advisories/ZDI-18-832", "id": "ZDI-18-832", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog TrendSet Trigger3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-832/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5913", "zdi_id": "ZDI-18-832" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-831/advisory.json", "detail_path": "advisories/ZDI-18-831", "id": "ZDI-18-831", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog DataLogSet TriggAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-831/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5912", "zdi_id": "ZDI-18-831" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-830/advisory.json", "detail_path": "advisories/ZDI-18-830", "id": "ZDI-18-830", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog EventSet WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-830/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5911", "zdi_id": "ZDI-18-830" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-829/advisory.json", "detail_path": "advisories/ZDI-18-829", "id": "ZDI-18-829", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog Alarm WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-829/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5910", "zdi_id": "ZDI-18-829" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-828/advisory.json", "detail_path": "advisories/ZDI-18-828", "id": "ZDI-18-828", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog EventSet WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-828/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5909", "zdi_id": "ZDI-18-828" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-827/advisory.json", "detail_path": "advisories/ZDI-18-827", "id": "ZDI-18-827", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog EventSet WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-827/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5908", "zdi_id": "ZDI-18-827" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-826/advisory.json", "detail_path": "advisories/ZDI-18-826", "id": "ZDI-18-826", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog Alarm WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-826/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5907", "zdi_id": "ZDI-18-826" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-825/advisory.json", "detail_path": "advisories/ZDI-18-825", "id": "ZDI-18-825", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog WordAlarmSet WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-825/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5906", "zdi_id": "ZDI-18-825" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-824/advisory.json", "detail_path": "advisories/ZDI-18-824", "id": "ZDI-18-824", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU usermanage GroupList ID Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-824/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5905", "zdi_id": "ZDI-18-824" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-823/advisory.json", "detail_path": "advisories/ZDI-18-823", "id": "ZDI-18-823", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU usermanage GroupList Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-823/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5904", "zdi_id": "ZDI-18-823" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-822/advisory.json", "detail_path": "advisories/ZDI-18-822", "id": "ZDI-18-822", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU usermanage GroupList Description Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-822/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5903", "zdi_id": "ZDI-18-822" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-821/advisory.json", "detail_path": "advisories/ZDI-18-821", "id": "ZDI-18-821", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU usermanage GroupList UserIdSet Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-821/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5902", "zdi_id": "ZDI-18-821" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-820/advisory.json", "detail_path": "advisories/ZDI-18-820", "id": "ZDI-18-820", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU ttsui TTSSet SText Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-820/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5901", "zdi_id": "ZDI-18-820" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-819/advisory.json", "detail_path": "advisories/ZDI-18-819", "id": "ZDI-18-819", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU ttsui TTSSet TrigBitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-819/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5900", "zdi_id": "ZDI-18-819" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-818/advisory.json", "detail_path": "advisories/ZDI-18-818", "id": "ZDI-18-818", "kind": "published", "published_date": "2018-08-02", "status": "published", "title": "(0Day) Wecon LeviStudioU ttsui TTSSet Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-818/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5899", "zdi_id": "ZDI-18-818" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-817/advisory.json", "detail_path": "advisories/ZDI-18-817", "id": "ZDI-18-817", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU ttsui TTSSet Addr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-817/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5898", "zdi_id": "ZDI-18-817" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-816/advisory.json", "detail_path": "advisories/ZDI-18-816", "id": "ZDI-18-816", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper ScrnFile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-816/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5876", "zdi_id": "ZDI-18-816" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-815/advisory.json", "detail_path": "advisories/ZDI-18-815", "id": "ZDI-18-815", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper ScrnName Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-815/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5875", "zdi_id": "ZDI-18-815" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-814/advisory.json", "detail_path": "advisories/ZDI-18-814", "id": "ZDI-18-814", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addresslib Port Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-814/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5874", "zdi_id": "ZDI-18-814" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-813/advisory.json", "detail_path": "advisories/ZDI-18-813", "id": "ZDI-18-813", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping PLCAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-813/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5869", "zdi_id": "ZDI-18-813" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-812/advisory.json", "detail_path": "advisories/ZDI-18-812", "id": "ZDI-18-812", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU scriptedit bitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-812/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5866", "zdi_id": "ZDI-18-812" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-811/advisory.json", "detail_path": "advisories/ZDI-18-811", "id": "ZDI-18-811", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU scriptedit ParamName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-811/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5865", "zdi_id": "ZDI-18-811" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-810/advisory.json", "detail_path": "advisories/ZDI-18-810", "id": "ZDI-18-810", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU scriptedit FuncName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-810/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5864", "zdi_id": "ZDI-18-810" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-809/advisory.json", "detail_path": "advisories/ZDI-18-809", "id": "ZDI-18-809", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addresslib Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-809/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5863", "zdi_id": "ZDI-18-809" }, { "cve": "CVE-2018-10606", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-808/advisory.json", "detail_path": "advisories/ZDI-18-808", "id": "ZDI-18-808", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU stringlib Content Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-808/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5862", "zdi_id": "ZDI-18-808" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-807/advisory.json", "detail_path": "advisories/ZDI-18-807", "id": "ZDI-18-807", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-807/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5872", "zdi_id": "ZDI-18-807" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-806/advisory.json", "detail_path": "advisories/ZDI-18-806", "id": "ZDI-18-806", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping DigitCount Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-806/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5871", "zdi_id": "ZDI-18-806" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-805/advisory.json", "detail_path": "advisories/ZDI-18-805", "id": "ZDI-18-805", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping DstAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-805/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5870", "zdi_id": "ZDI-18-805" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-804/advisory.json", "detail_path": "advisories/ZDI-18-804", "id": "ZDI-18-804", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping PLCAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-804/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5868", "zdi_id": "ZDI-18-804" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-803/advisory.json", "detail_path": "advisories/ZDI-18-803", "id": "ZDI-18-803", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU addrmapping ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-803/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5867", "zdi_id": "ZDI-18-803" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-802/advisory.json", "detail_path": "advisories/ZDI-18-802", "id": "ZDI-18-802", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper Type Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-802/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5806", "zdi_id": "ZDI-18-802" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-801/advisory.json", "detail_path": "advisories/ZDI-18-801", "id": "ZDI-18-801", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper Style Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-801/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5805", "zdi_id": "ZDI-18-801" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-800/advisory.json", "detail_path": "advisories/ZDI-18-800", "id": "ZDI-18-800", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper ScrIdWordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-800/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5804", "zdi_id": "ZDI-18-800" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-799/advisory.json", "detail_path": "advisories/ZDI-18-799", "id": "ZDI-18-799", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper PowerEnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-799/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5803", "zdi_id": "ZDI-18-799" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-798/advisory.json", "detail_path": "advisories/ZDI-18-798", "id": "ZDI-18-798", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper HMINAME Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-798/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5802", "zdi_id": "ZDI-18-798" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-797/advisory.json", "detail_path": "advisories/ZDI-18-797", "id": "ZDI-18-797", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper EnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-797/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5801", "zdi_id": "ZDI-18-797" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-796/advisory.json", "detail_path": "advisories/ZDI-18-796", "id": "ZDI-18-796", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU stringlib Desc Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-796/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5800", "zdi_id": "ZDI-18-796" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-795/advisory.json", "detail_path": "advisories/ZDI-18-795", "id": "ZDI-18-795", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper CurScrIdAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-795/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5799", "zdi_id": "ZDI-18-795" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-794/advisory.json", "detail_path": "advisories/ZDI-18-794", "id": "ZDI-18-794", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU screenhelper BgOnOffBitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-794/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5798", "zdi_id": "ZDI-18-794" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-793/advisory.json", "detail_path": "advisories/ZDI-18-793", "id": "ZDI-18-793", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog bitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-793/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5796", "zdi_id": "ZDI-18-793" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-792/advisory.json", "detail_path": "advisories/ZDI-18-792", "id": "ZDI-18-792", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog PointPos Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-792/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5795", "zdi_id": "ZDI-18-792" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-791/advisory.json", "detail_path": "advisories/ZDI-18-791", "id": "ZDI-18-791", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU aetlog PointPos Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-791/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5794", "zdi_id": "ZDI-18-791" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-790/advisory.json", "detail_path": "advisories/ZDI-18-790", "id": "ZDI-18-790", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UserManage PassWord Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-790/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5793", "zdi_id": "ZDI-18-790" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-789/advisory.json", "detail_path": "advisories/ZDI-18-789", "id": "ZDI-18-789", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UserManage Name Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-789/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5792", "zdi_id": "ZDI-18-789" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-788/advisory.json", "detail_path": "advisories/ZDI-18-788", "id": "ZDI-18-788", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UserManage ID Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-788/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5791", "zdi_id": "ZDI-18-788" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-787/advisory.json", "detail_path": "advisories/ZDI-18-787", "id": "ZDI-18-787", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UserManage GroupIdSet Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-787/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5790", "zdi_id": "ZDI-18-787" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-786/advisory.json", "detail_path": "advisories/ZDI-18-786", "id": "ZDI-18-786", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UserManage Description Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-786/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5789", "zdi_id": "ZDI-18-786" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-785/advisory.json", "detail_path": "advisories/ZDI-18-785", "id": "ZDI-18-785", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU UMP ProjectVer Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-785/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5788", "zdi_id": "ZDI-18-785" }, { "cve": "CVE-2018-10602", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-784/advisory.json", "detail_path": "advisories/ZDI-18-784", "id": "ZDI-18-784", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(0Day) Wecon LeviStudioU hmi_bmplib_dll G_PictureVer Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-08-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-784/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5787", "zdi_id": "ZDI-18-784" }, { "cve": "CVE-2018-2860", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-18-783/advisory.json", "detail_path": "advisories/ZDI-18-783", "id": "ZDI-18-783", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-783/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5818", "zdi_id": "ZDI-18-783" }, { "cve": "CVE-2018-2860", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-782/advisory.json", "detail_path": "advisories/ZDI-18-782", "id": "ZDI-18-782", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-782/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5817", "zdi_id": "ZDI-18-782" }, { "cve": "CVE-2018-4199", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-781/advisory.json", "detail_path": "advisories/ZDI-18-781", "id": "ZDI-18-781", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "(Pwn2Own) Apple Safari SVG Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-12-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-781/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5828", "zdi_id": "ZDI-18-781" }, { "cve": "CVE-2018-4204", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-780/advisory.json", "detail_path": "advisories/ZDI-18-780", "id": "ZDI-18-780", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "Apple Safari Array splice Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-780/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5812", "zdi_id": "ZDI-18-780" }, { "cve": "CVE-2018-6972", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-18-779/advisory.json", "detail_path": "advisories/ZDI-18-779", "id": "ZDI-18-779", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "VMware Workstation SetGuestInfo Null Pointer Dereference Denial of Service Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-779/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-6079", "zdi_id": "ZDI-18-779" }, { "cve": "CVE-2018-7074", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-18-778/advisory.json", "detail_path": "advisories/ZDI-18-778", "id": "ZDI-18-778", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center tftpserver getFileData Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-778/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5749", "zdi_id": "ZDI-18-778" }, { "cve": "CVE-2017-8990", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...", "detail_json": "/data/advisories/ZDI-18-777/advisory.json", "detail_path": "advisories/ZDI-18-777", "id": "ZDI-18-777", "kind": "published", "published_date": "2018-07-26", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center imcwlandm strMac Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-777/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5671", "zdi_id": "ZDI-18-777" }, { "cve": "CVE-2018-14316", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-776/advisory.json", "detail_path": "advisories/ZDI-18-776", "id": "ZDI-18-776", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-776/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6351", "zdi_id": "ZDI-18-776" }, { "cve": "CVE-2018-14315", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-775/advisory.json", "detail_path": "advisories/ZDI-18-775", "id": "ZDI-18-775", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Annotations opacity Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-775/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6328", "zdi_id": "ZDI-18-775" }, { "cve": "CVE-2018-14314", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-774/advisory.json", "detail_path": "advisories/ZDI-18-774", "id": "ZDI-18-774", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Annotations name Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-774/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6327", "zdi_id": "ZDI-18-774" }, { "cve": "CVE-2018-14313", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-773/advisory.json", "detail_path": "advisories/ZDI-18-773", "id": "ZDI-18-773", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing ColorSpace Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-773/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6362", "zdi_id": "ZDI-18-773" }, { "cve": "CVE-2018-14312", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-772/advisory.json", "detail_path": "advisories/ZDI-18-772", "id": "ZDI-18-772", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportAsFDF Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-772/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6332", "zdi_id": "ZDI-18-772" }, { "cve": "CVE-2018-14311", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-771/advisory.json", "detail_path": "advisories/ZDI-18-771", "id": "ZDI-18-771", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader XFA Event Handling Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-771/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6331", "zdi_id": "ZDI-18-771" }, { "cve": "CVE-2018-14310", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-770/advisory.json", "detail_path": "advisories/ZDI-18-770", "id": "ZDI-18-770", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Event Handling Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-770/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6330", "zdi_id": "ZDI-18-770" }, { "cve": "CVE-2018-14309", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-769/advisory.json", "detail_path": "advisories/ZDI-18-769", "id": "ZDI-18-769", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Field object signatureSetSeedValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-769/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6329", "zdi_id": "ZDI-18-769" }, { "cve": "CVE-2018-14308", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-768/advisory.json", "detail_path": "advisories/ZDI-18-768", "id": "ZDI-18-768", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Field valueAsString Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-768/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6326", "zdi_id": "ZDI-18-768" }, { "cve": "CVE-2018-14307", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-767/advisory.json", "detail_path": "advisories/ZDI-18-767", "id": "ZDI-18-767", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Link borderWidth Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-767/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6267", "zdi_id": "ZDI-18-767" }, { "cve": "CVE-2018-14306", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-766/advisory.json", "detail_path": "advisories/ZDI-18-766", "id": "ZDI-18-766", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Button buttonSetIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-766/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6266", "zdi_id": "ZDI-18-766" }, { "cve": "CVE-2018-14305", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-765/advisory.json", "detail_path": "advisories/ZDI-18-765", "id": "ZDI-18-765", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PolyLine Annotation addAdLayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-765/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6265", "zdi_id": "ZDI-18-765" }, { "cve": "CVE-2018-14304", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-764/advisory.json", "detail_path": "advisories/ZDI-18-764", "id": "ZDI-18-764", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Text Annotation noteIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-764/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6220", "zdi_id": "ZDI-18-764" }, { "cve": "CVE-2018-14303", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-763/advisory.json", "detail_path": "advisories/ZDI-18-763", "id": "ZDI-18-763", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader StrikeOut Annotation contents Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-763/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6219", "zdi_id": "ZDI-18-763" }, { "cve": "CVE-2018-14302", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-762/advisory.json", "detail_path": "advisories/ZDI-18-762", "id": "ZDI-18-762", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Square Annotation name Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-762/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6218", "zdi_id": "ZDI-18-762" }, { "cve": "CVE-2018-14301", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-761/advisory.json", "detail_path": "advisories/ZDI-18-761", "id": "ZDI-18-761", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Sound Annotation soundIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-761/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6217", "zdi_id": "ZDI-18-761" }, { "cve": "CVE-2018-14300", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-760/advisory.json", "detail_path": "advisories/ZDI-18-760", "id": "ZDI-18-760", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Polygon Annotation borderEffectIntensity Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-760/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6216", "zdi_id": "ZDI-18-760" }, { "cve": "CVE-2018-14299", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-759/advisory.json", "detail_path": "advisories/ZDI-18-759", "id": "ZDI-18-759", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Line Annotation leaderExtend Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-759/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6215", "zdi_id": "ZDI-18-759" }, { "cve": "CVE-2018-14298", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-758/advisory.json", "detail_path": "advisories/ZDI-18-758", "id": "ZDI-18-758", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Ink Annotations subject Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-758/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6214", "zdi_id": "ZDI-18-758" }, { "cve": "CVE-2018-14297", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-757/advisory.json", "detail_path": "advisories/ZDI-18-757", "id": "ZDI-18-757", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader FreeText Annotation width Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-757/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6213", "zdi_id": "ZDI-18-757" }, { "cve": "CVE-2018-14296", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-756/advisory.json", "detail_path": "advisories/ZDI-18-756", "id": "ZDI-18-756", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader Circle Annotation borderEffectStyle Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-756/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6212", "zdi_id": "ZDI-18-756" }, { "cve": "CVE-2018-14295", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-755/advisory.json", "detail_path": "advisories/ZDI-18-755", "id": "ZDI-18-755", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit PhantomPDF PDF Parsing Shading Pattern Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-755/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6223", "zdi_id": "ZDI-18-755" }, { "cve": "CVE-2018-14294", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-754/advisory.json", "detail_path": "advisories/ZDI-18-754", "id": "ZDI-18-754", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader FileAttachment attachIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-754/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6211", "zdi_id": "ZDI-18-754" }, { "cve": "CVE-2018-14293", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-753/advisory.json", "detail_path": "advisories/ZDI-18-753", "id": "ZDI-18-753", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-753/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6233", "zdi_id": "ZDI-18-753" }, { "cve": "CVE-2018-14292", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-752/advisory.json", "detail_path": "advisories/ZDI-18-752", "id": "ZDI-18-752", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing createTemplate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-752/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6232", "zdi_id": "ZDI-18-752" }, { "cve": "CVE-2018-14291", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-751/advisory.json", "detail_path": "advisories/ZDI-18-751", "id": "ZDI-18-751", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing addAnnot Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-751/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6231", "zdi_id": "ZDI-18-751" }, { "cve": "CVE-2018-14290", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-750/advisory.json", "detail_path": "advisories/ZDI-18-750", "id": "ZDI-18-750", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-750/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6222", "zdi_id": "ZDI-18-750" }, { "cve": "CVE-2018-14289", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-749/advisory.json", "detail_path": "advisories/ZDI-18-749", "id": "ZDI-18-749", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-749/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6221", "zdi_id": "ZDI-18-749" }, { "cve": "CVE-2018-14288", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-748/advisory.json", "detail_path": "advisories/ZDI-18-748", "id": "ZDI-18-748", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader setFocus Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-748/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5642", "zdi_id": "ZDI-18-748" }, { "cve": "CVE-2018-14287", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-747/advisory.json", "detail_path": "advisories/ZDI-18-747", "id": "ZDI-18-747", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader instanceManager nodes append Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-747/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5641", "zdi_id": "ZDI-18-747" }, { "cve": "CVE-2018-14286", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-746/advisory.json", "detail_path": "advisories/ZDI-18-746", "id": "ZDI-18-746", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader mailDoc Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-746/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5770", "zdi_id": "ZDI-18-746" }, { "cve": "CVE-2018-14285", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-745/advisory.json", "detail_path": "advisories/ZDI-18-745", "id": "ZDI-18-745", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader XFA oneOfChild Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-745/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5774", "zdi_id": "ZDI-18-745" }, { "cve": "CVE-2018-14284", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-744/advisory.json", "detail_path": "advisories/ZDI-18-744", "id": "ZDI-18-744", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader newDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-744/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5773", "zdi_id": "ZDI-18-744" }, { "cve": "CVE-2018-14283", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-743/advisory.json", "detail_path": "advisories/ZDI-18-743", "id": "ZDI-18-743", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader highlightMode Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-743/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5771", "zdi_id": "ZDI-18-743" }, { "cve": "CVE-2018-14282", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-742/advisory.json", "detail_path": "advisories/ZDI-18-742", "id": "ZDI-18-742", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader FlateDecode stream Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-742/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5763", "zdi_id": "ZDI-18-742" }, { "cve": "CVE-2018-14281", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-741/advisory.json", "detail_path": "advisories/ZDI-18-741", "id": "ZDI-18-741", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportData Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-741/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5757", "zdi_id": "ZDI-18-741" }, { "cve": "CVE-2018-14280", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-740/advisory.json", "detail_path": "advisories/ZDI-18-740", "id": "ZDI-18-740", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportAsFDF Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-740/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5619", "zdi_id": "ZDI-18-740" }, { "cve": "CVE-2018-14279", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-739/advisory.json", "detail_path": "advisories/ZDI-18-739", "id": "ZDI-18-739", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader resetForm Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-739/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6060", "zdi_id": "ZDI-18-739" }, { "cve": "CVE-2018-14278", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-738/advisory.json", "detail_path": "advisories/ZDI-18-738", "id": "ZDI-18-738", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getPageNumWords Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-738/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6058", "zdi_id": "ZDI-18-738" }, { "cve": "CVE-2018-14277", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-737/advisory.json", "detail_path": "advisories/ZDI-18-737", "id": "ZDI-18-737", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader mailDoc Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-737/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6059", "zdi_id": "ZDI-18-737" }, { "cve": "CVE-2018-14276", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-736/advisory.json", "detail_path": "advisories/ZDI-18-736", "id": "ZDI-18-736", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader submitForm Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-736/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6039", "zdi_id": "ZDI-18-736" }, { "cve": "CVE-2018-14275", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-735/advisory.json", "detail_path": "advisories/ZDI-18-735", "id": "ZDI-18-735", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader spawnPageFromTemplate Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-735/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6038", "zdi_id": "ZDI-18-735" }, { "cve": "CVE-2018-14274", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-734/advisory.json", "detail_path": "advisories/ZDI-18-734", "id": "ZDI-18-734", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader scroll Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-734/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6037", "zdi_id": "ZDI-18-734" }, { "cve": "CVE-2018-14273", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-733/advisory.json", "detail_path": "advisories/ZDI-18-733", "id": "ZDI-18-733", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader removeTemplate Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-733/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6036", "zdi_id": "ZDI-18-733" }, { "cve": "CVE-2018-14272", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-732/advisory.json", "detail_path": "advisories/ZDI-18-732", "id": "ZDI-18-732", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader removeIcon Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-732/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6035", "zdi_id": "ZDI-18-732" }, { "cve": "CVE-2018-14271", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-731/advisory.json", "detail_path": "advisories/ZDI-18-731", "id": "ZDI-18-731", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader removeField Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-731/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6034", "zdi_id": "ZDI-18-731" }, { "cve": "CVE-2018-14270", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-730/advisory.json", "detail_path": "advisories/ZDI-18-730", "id": "ZDI-18-730", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader removeDataObject Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-730/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6033", "zdi_id": "ZDI-18-730" }, { "cve": "CVE-2018-14269", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-729/advisory.json", "detail_path": "advisories/ZDI-18-729", "id": "ZDI-18-729", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader print Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-729/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6032", "zdi_id": "ZDI-18-729" }, { "cve": "CVE-2018-14268", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-728/advisory.json", "detail_path": "advisories/ZDI-18-728", "id": "ZDI-18-728", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader mailForm Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-728/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6031", "zdi_id": "ZDI-18-728" }, { "cve": "CVE-2018-14267", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-727/advisory.json", "detail_path": "advisories/ZDI-18-727", "id": "ZDI-18-727", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader importTextData Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-727/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6030", "zdi_id": "ZDI-18-727" }, { "cve": "CVE-2018-14266", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-726/advisory.json", "detail_path": "advisories/ZDI-18-726", "id": "ZDI-18-726", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader importDataObject Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-726/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6029", "zdi_id": "ZDI-18-726" }, { "cve": "CVE-2018-14265", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-725/advisory.json", "detail_path": "advisories/ZDI-18-725", "id": "ZDI-18-725", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader importAnXFDX Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-725/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6028", "zdi_id": "ZDI-18-725" }, { "cve": "CVE-2018-14264", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-724/advisory.json", "detail_path": "advisories/ZDI-18-724", "id": "ZDI-18-724", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader importAnFDF Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-724/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6027", "zdi_id": "ZDI-18-724" }, { "cve": "CVE-2018-14263", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-723/advisory.json", "detail_path": "advisories/ZDI-18-723", "id": "ZDI-18-723", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getVersionID Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-723/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6026", "zdi_id": "ZDI-18-723" }, { "cve": "CVE-2018-14262", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-722/advisory.json", "detail_path": "advisories/ZDI-18-722", "id": "ZDI-18-722", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getURL Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-722/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6025", "zdi_id": "ZDI-18-722" }, { "cve": "CVE-2018-14261", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-721/advisory.json", "detail_path": "advisories/ZDI-18-721", "id": "ZDI-18-721", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getTemplate Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-721/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6024", "zdi_id": "ZDI-18-721" }, { "cve": "CVE-2018-14260", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-720/advisory.json", "detail_path": "advisories/ZDI-18-720", "id": "ZDI-18-720", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getPageRotation Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-720/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6023", "zdi_id": "ZDI-18-720" }, { "cve": "CVE-2018-14259", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-719/advisory.json", "detail_path": "advisories/ZDI-18-719", "id": "ZDI-18-719", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getPageNthWordQuads Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-719/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6022", "zdi_id": "ZDI-18-719" }, { "cve": "CVE-2018-14258", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-718/advisory.json", "detail_path": "advisories/ZDI-18-718", "id": "ZDI-18-718", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getPageNthWord Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-718/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6021", "zdi_id": "ZDI-18-718" }, { "cve": "CVE-2018-14257", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-717/advisory.json", "detail_path": "advisories/ZDI-18-717", "id": "ZDI-18-717", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getPageBox Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-717/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6020", "zdi_id": "ZDI-18-717" }, { "cve": "CVE-2018-14256", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-716/advisory.json", "detail_path": "advisories/ZDI-18-716", "id": "ZDI-18-716", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getOCGs Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-716/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6019", "zdi_id": "ZDI-18-716" }, { "cve": "CVE-2018-14255", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-715/advisory.json", "detail_path": "advisories/ZDI-18-715", "id": "ZDI-18-715", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getNthFieldName Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-715/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6018", "zdi_id": "ZDI-18-715" }, { "cve": "CVE-2018-14254", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-714/advisory.json", "detail_path": "advisories/ZDI-18-714", "id": "ZDI-18-714", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getLinks Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-714/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6017", "zdi_id": "ZDI-18-714" }, { "cve": "CVE-2018-14253", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-713/advisory.json", "detail_path": "advisories/ZDI-18-713", "id": "ZDI-18-713", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getIcon Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-713/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6016", "zdi_id": "ZDI-18-713" }, { "cve": "CVE-2018-14252", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-712/advisory.json", "detail_path": "advisories/ZDI-18-712", "id": "ZDI-18-712", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getField Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-712/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6015", "zdi_id": "ZDI-18-712" }, { "cve": "CVE-2018-14251", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-711/advisory.json", "detail_path": "advisories/ZDI-18-711", "id": "ZDI-18-711", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getDataObject Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-711/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6014", "zdi_id": "ZDI-18-711" }, { "cve": "CVE-2018-14250", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-710/advisory.json", "detail_path": "advisories/ZDI-18-710", "id": "ZDI-18-710", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader getAnnot Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-710/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6013", "zdi_id": "ZDI-18-710" }, { "cve": "CVE-2018-14249", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-709/advisory.json", "detail_path": "advisories/ZDI-18-709", "id": "ZDI-18-709", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportDataObject Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-709/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6012", "zdi_id": "ZDI-18-709" }, { "cve": "CVE-2018-14248", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-708/advisory.json", "detail_path": "advisories/ZDI-18-708", "id": "ZDI-18-708", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportAsXFDF Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-708/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6011", "zdi_id": "ZDI-18-708" }, { "cve": "CVE-2018-14247", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-707/advisory.json", "detail_path": "advisories/ZDI-18-707", "id": "ZDI-18-707", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader exportAsFDF Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-707/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6010", "zdi_id": "ZDI-18-707" }, { "cve": "CVE-2018-14246", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-706/advisory.json", "detail_path": "advisories/ZDI-18-706", "id": "ZDI-18-706", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader convertTocPDF Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-706/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6009", "zdi_id": "ZDI-18-706" }, { "cve": "CVE-2018-14245", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-705/advisory.json", "detail_path": "advisories/ZDI-18-705", "id": "ZDI-18-705", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader closeDoc Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-705/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6008", "zdi_id": "ZDI-18-705" }, { "cve": "CVE-2018-14244", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-704/advisory.json", "detail_path": "advisories/ZDI-18-704", "id": "ZDI-18-704", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader calculateNow Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-704/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6007", "zdi_id": "ZDI-18-704" }, { "cve": "CVE-2018-14243", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-703/advisory.json", "detail_path": "advisories/ZDI-18-703", "id": "ZDI-18-703", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader addPageOpenJSMessage Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-703/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6006", "zdi_id": "ZDI-18-703" }, { "cve": "CVE-2018-14242", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-702/advisory.json", "detail_path": "advisories/ZDI-18-702", "id": "ZDI-18-702", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader addField Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-702/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6005", "zdi_id": "ZDI-18-702" }, { "cve": "CVE-2018-14241", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-701/advisory.json", "detail_path": "advisories/ZDI-18-701", "id": "ZDI-18-701", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader addAnnot Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-701/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6004", "zdi_id": "ZDI-18-701" }, { "cve": "CVE-2018-11623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-700/advisory.json", "detail_path": "advisories/ZDI-18-700", "id": "ZDI-18-700", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader addAdLayer Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-700/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-6003", "zdi_id": "ZDI-18-700" }, { "cve": "CVE-2018-11622", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-699/advisory.json", "detail_path": "advisories/ZDI-18-699", "id": "ZDI-18-699", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-699/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5873", "zdi_id": "ZDI-18-699" }, { "cve": "CVE-2018-11621", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-698/advisory.json", "detail_path": "advisories/ZDI-18-698", "id": "ZDI-18-698", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-698/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5896", "zdi_id": "ZDI-18-698" }, { "cve": "CVE-2018-11620", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-697/advisory.json", "detail_path": "advisories/ZDI-18-697", "id": "ZDI-18-697", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-697/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5756", "zdi_id": "ZDI-18-697" }, { "cve": "CVE-2018-11619", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-696/advisory.json", "detail_path": "advisories/ZDI-18-696", "id": "ZDI-18-696", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader setFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-696/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5417", "zdi_id": "ZDI-18-696" }, { "cve": "CVE-2018-11618", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-695/advisory.json", "detail_path": "advisories/ZDI-18-695", "id": "ZDI-18-695", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader resetForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-695/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5416", "zdi_id": "ZDI-18-695" }, { "cve": "CVE-2018-11617", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-694/advisory.json", "detail_path": "advisories/ZDI-18-694", "id": "ZDI-18-694", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Foxit Reader ComboBox Format event Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-694/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5415", "zdi_id": "ZDI-18-694" }, { "cve": "CVE-2018-5015", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-693/advisory.json", "detail_path": "advisories/ZDI-18-693", "id": "ZDI-18-693", "kind": "published", "published_date": "2018-07-19", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS idDelta Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-693/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5737", "zdi_id": "ZDI-18-693" }, { "cve": "CVE-2018-12779", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-692/advisory.json", "detail_path": "advisories/ZDI-18-692", "id": "ZDI-18-692", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-692/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5776", "zdi_id": "ZDI-18-692" }, { "cve": "CVE-2018-3091", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-691/advisory.json", "detail_path": "advisories/ZDI-18-691", "id": "ZDI-18-691", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox SHCRGL_GUEST_FN_WRITE_READ_BUFFERED Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-691/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6114", "zdi_id": "ZDI-18-691" }, { "cve": "CVE-2018-3090", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-690/advisory.json", "detail_path": "advisories/ZDI-18-690", "id": "ZDI-18-690", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crUnpackPixelMapfv Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-690/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6237", "zdi_id": "ZDI-18-690" }, { "cve": "CVE-2018-3089", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-689/advisory.json", "detail_path": "advisories/ZDI-18-689", "id": "ZDI-18-689", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crUnpackTexImage2D Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-689/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6234", "zdi_id": "ZDI-18-689" }, { "cve": "CVE-2018-3088", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-688/advisory.json", "detail_path": "advisories/ZDI-18-688", "id": "ZDI-18-688", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crUnpackPixelMapuiv Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-688/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6236", "zdi_id": "ZDI-18-688" }, { "cve": "CVE-2018-3087", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-687/advisory.json", "detail_path": "advisories/ZDI-18-687", "id": "ZDI-18-687", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crUnpackPixelMapusv Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-687/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6235", "zdi_id": "ZDI-18-687" }, { "cve": "CVE-2018-3086", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-686/advisory.json", "detail_path": "advisories/ZDI-18-686", "id": "ZDI-18-686", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchGetShaderSource Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-686/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6268", "zdi_id": "ZDI-18-686" }, { "cve": "CVE-2018-3085", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-685/advisory.json", "detail_path": "advisories/ZDI-18-685", "id": "ZDI-18-685", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchMessage Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-685/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6116", "zdi_id": "ZDI-18-685" }, { "cve": "CVE-2018-3055", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerab...", "detail_json": "/data/advisories/ZDI-18-684/advisory.json", "detail_path": "advisories/ZDI-18-684", "id": "ZDI-18-684", "kind": "published", "published_date": "2018-07-18", "status": "published", "title": "Oracle VirtualBox crUnpackExtendAreProgramsResidentNV Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-684/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-6115", "zdi_id": "ZDI-18-684" }, { "cve": "CVE-2018-12761", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-683/advisory.json", "detail_path": "advisories/ZDI-18-683", "id": "ZDI-18-683", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-683/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6264", "zdi_id": "ZDI-18-683" }, { "cve": "CVE-2018-12794", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-682/advisory.json", "detail_path": "advisories/ZDI-18-682", "id": "ZDI-18-682", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC XFA Template Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-682/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6282", "zdi_id": "ZDI-18-682" }, { "cve": "CVE-2018-12789", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-681/advisory.json", "detail_path": "advisories/ZDI-18-681", "id": "ZDI-18-681", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-681/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6339", "zdi_id": "ZDI-18-681" }, { "cve": "CVE-2018-12788", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-680/advisory.json", "detail_path": "advisories/ZDI-18-680", "id": "ZDI-18-680", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-680/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6325", "zdi_id": "ZDI-18-680" }, { "cve": "CVE-2018-5063", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-679/advisory.json", "detail_path": "advisories/ZDI-18-679", "id": "ZDI-18-679", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-679/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5967", "zdi_id": "ZDI-18-679" }, { "cve": "CVE-2018-5056", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-678/advisory.json", "detail_path": "advisories/ZDI-18-678", "id": "ZDI-18-678", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat XPS2PDF Format String Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-678/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6180", "zdi_id": "ZDI-18-678" }, { "cve": "CVE-2018-12790", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC and Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-18-677/advisory.json", "detail_path": "advisories/ZDI-18-677", "id": "ZDI-18-677", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-677/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6341", "zdi_id": "ZDI-18-677" }, { "cve": "CVE-2018-5067", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-676/advisory.json", "detail_path": "advisories/ZDI-18-676", "id": "ZDI-18-676", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat EmfPlusDrawLines Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-676/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6179", "zdi_id": "ZDI-18-676" }, { "cve": "CVE-2018-5061", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-675/advisory.json", "detail_path": "advisories/ZDI-18-675", "id": "ZDI-18-675", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-675/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6153", "zdi_id": "ZDI-18-675" }, { "cve": "CVE-2018-5058", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-674/advisory.json", "detail_path": "advisories/ZDI-18-674", "id": "ZDI-18-674", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-674/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6101", "zdi_id": "ZDI-18-674" }, { "cve": "CVE-2018-5063", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-673/advisory.json", "detail_path": "advisories/ZDI-18-673", "id": "ZDI-18-673", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-673/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6261", "zdi_id": "ZDI-18-673" }, { "cve": "CVE-2018-5065", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-672/advisory.json", "detail_path": "advisories/ZDI-18-672", "id": "ZDI-18-672", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-672/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6305", "zdi_id": "ZDI-18-672" }, { "cve": "CVE-2018-5020", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-671/advisory.json", "detail_path": "advisories/ZDI-18-671", "id": "ZDI-18-671", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-671/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6049", "zdi_id": "ZDI-18-671" }, { "cve": "CVE-2018-5054", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-670/advisory.json", "detail_path": "advisories/ZDI-18-670", "id": "ZDI-18-670", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D RGB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-670/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5990", "zdi_id": "ZDI-18-670" }, { "cve": "CVE-2018-5053", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-669/advisory.json", "detail_path": "advisories/ZDI-18-669", "id": "ZDI-18-669", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D TIFF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-669/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5991", "zdi_id": "ZDI-18-669" }, { "cve": "CVE-2018-5052", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-668/advisory.json", "detail_path": "advisories/ZDI-18-668", "id": "ZDI-18-668", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D CEL Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-668/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5992", "zdi_id": "ZDI-18-668" }, { "cve": "CVE-2018-5051", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-667/advisory.json", "detail_path": "advisories/ZDI-18-667", "id": "ZDI-18-667", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D BMP Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-667/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5993", "zdi_id": "ZDI-18-667" }, { "cve": "CVE-2018-5050", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-666/advisory.json", "detail_path": "advisories/ZDI-18-666", "id": "ZDI-18-666", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D GIF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-666/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5994", "zdi_id": "ZDI-18-666" }, { "cve": "CVE-2018-5049", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-665/advisory.json", "detail_path": "advisories/ZDI-18-665", "id": "ZDI-18-665", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D BMP Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-665/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6040", "zdi_id": "ZDI-18-665" }, { "cve": "CVE-2018-5048", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-664/advisory.json", "detail_path": "advisories/ZDI-18-664", "id": "ZDI-18-664", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D IFF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-664/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5996", "zdi_id": "ZDI-18-664" }, { "cve": "CVE-2018-5047", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-663/advisory.json", "detail_path": "advisories/ZDI-18-663", "id": "ZDI-18-663", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D RGB Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-663/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6047", "zdi_id": "ZDI-18-663" }, { "cve": "CVE-2018-5046", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-662/advisory.json", "detail_path": "advisories/ZDI-18-662", "id": "ZDI-18-662", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D CEL Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-662/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6046", "zdi_id": "ZDI-18-662" }, { "cve": "CVE-2018-5045", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-661/advisory.json", "detail_path": "advisories/ZDI-18-661", "id": "ZDI-18-661", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D TGA Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-661/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6045", "zdi_id": "ZDI-18-661" }, { "cve": "CVE-2018-5044", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-660/advisory.json", "detail_path": "advisories/ZDI-18-660", "id": "ZDI-18-660", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D TIFF Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-660/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5997", "zdi_id": "ZDI-18-660" }, { "cve": "CVE-2018-5043", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-659/advisory.json", "detail_path": "advisories/ZDI-18-659", "id": "ZDI-18-659", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D TGA Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-659/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6044", "zdi_id": "ZDI-18-659" }, { "cve": "CVE-2018-5042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-658/advisory.json", "detail_path": "advisories/ZDI-18-658", "id": "ZDI-18-658", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D PSD Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-658/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6041", "zdi_id": "ZDI-18-658" }, { "cve": "CVE-2018-5041", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-657/advisory.json", "detail_path": "advisories/ZDI-18-657", "id": "ZDI-18-657", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D PIC Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-657/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5998", "zdi_id": "ZDI-18-657" }, { "cve": "CVE-2018-5040", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-656/advisory.json", "detail_path": "advisories/ZDI-18-656", "id": "ZDI-18-656", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D RGB Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-656/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5999", "zdi_id": "ZDI-18-656" }, { "cve": "CVE-2018-5039", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-655/advisory.json", "detail_path": "advisories/ZDI-18-655", "id": "ZDI-18-655", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D PCX Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-655/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6000", "zdi_id": "ZDI-18-655" }, { "cve": "CVE-2018-5038", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-654/advisory.json", "detail_path": "advisories/ZDI-18-654", "id": "ZDI-18-654", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D PSD Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-654/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6042", "zdi_id": "ZDI-18-654" }, { "cve": "CVE-2018-5037", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-653/advisory.json", "detail_path": "advisories/ZDI-18-653", "id": "ZDI-18-653", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D GIF Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-653/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6001", "zdi_id": "ZDI-18-653" }, { "cve": "CVE-2018-5036", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-652/advisory.json", "detail_path": "advisories/ZDI-18-652", "id": "ZDI-18-652", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC U3D PIC Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-652/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6002", "zdi_id": "ZDI-18-652" }, { "cve": "CVE-2018-12783", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-651/advisory.json", "detail_path": "advisories/ZDI-18-651", "id": "ZDI-18-651", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-651/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5743", "zdi_id": "ZDI-18-651" }, { "cve": "CVE-2018-12781", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-650/advisory.json", "detail_path": "advisories/ZDI-18-650", "id": "ZDI-18-650", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-650/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5777", "zdi_id": "ZDI-18-650" }, { "cve": "CVE-2018-12777", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-649/advisory.json", "detail_path": "advisories/ZDI-18-649", "id": "ZDI-18-649", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-649/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5742", "zdi_id": "ZDI-18-649" }, { "cve": "CVE-2018-12776", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-648/advisory.json", "detail_path": "advisories/ZDI-18-648", "id": "ZDI-18-648", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-648/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5780", "zdi_id": "ZDI-18-648" }, { "cve": "CVE-2018-12774", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-647/advisory.json", "detail_path": "advisories/ZDI-18-647", "id": "ZDI-18-647", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-647/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5779", "zdi_id": "ZDI-18-647" }, { "cve": "CVE-2018-12773", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-646/advisory.json", "detail_path": "advisories/ZDI-18-646", "id": "ZDI-18-646", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-646/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5745", "zdi_id": "ZDI-18-646" }, { "cve": "CVE-2018-12772", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-645/advisory.json", "detail_path": "advisories/ZDI-18-645", "id": "ZDI-18-645", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-645/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5778", "zdi_id": "ZDI-18-645" }, { "cve": "CVE-2018-12770", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-644/advisory.json", "detail_path": "advisories/ZDI-18-644", "id": "ZDI-18-644", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-644/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5782", "zdi_id": "ZDI-18-644" }, { "cve": "CVE-2018-12780", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-643/advisory.json", "detail_path": "advisories/ZDI-18-643", "id": "ZDI-18-643", "kind": "published", "published_date": "2018-07-16", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-643/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5744", "zdi_id": "ZDI-18-643" }, { "cve": "CVE-2018-12797", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-642/advisory.json", "detail_path": "advisories/ZDI-18-642", "id": "ZDI-18-642", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC WebLink rect Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-642/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6308", "zdi_id": "ZDI-18-642" }, { "cve": "CVE-2018-5056", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-641/advisory.json", "detail_path": "advisories/ZDI-18-641", "id": "ZDI-18-641", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-641/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6090", "zdi_id": "ZDI-18-641" }, { "cve": "CVE-2018-5055", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-640/advisory.json", "detail_path": "advisories/ZDI-18-640", "id": "ZDI-18-640", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-640/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6091", "zdi_id": "ZDI-18-640" }, { "cve": "CVE-2018-5032", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-639/advisory.json", "detail_path": "advisories/ZDI-18-639", "id": "ZDI-18-639", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-639/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5987", "zdi_id": "ZDI-18-639" }, { "cve": "CVE-2018-5028", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-638/advisory.json", "detail_path": "advisories/ZDI-18-638", "id": "ZDI-18-638", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-638/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5983", "zdi_id": "ZDI-18-638" }, { "cve": "CVE-2018-5027", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-637/advisory.json", "detail_path": "advisories/ZDI-18-637", "id": "ZDI-18-637", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-637/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5982", "zdi_id": "ZDI-18-637" }, { "cve": "CVE-2018-5019", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-636/advisory.json", "detail_path": "advisories/ZDI-18-636", "id": "ZDI-18-636", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-636/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5741", "zdi_id": "ZDI-18-636" }, { "cve": "CVE-2018-5018", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-635/advisory.json", "detail_path": "advisories/ZDI-18-635", "id": "ZDI-18-635", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-635/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5740", "zdi_id": "ZDI-18-635" }, { "cve": "CVE-2018-5017", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-634/advisory.json", "detail_path": "advisories/ZDI-18-634", "id": "ZDI-18-634", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS ulUnicodeRange2 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-634/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5736", "zdi_id": "ZDI-18-634" }, { "cve": "CVE-2018-5016", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-633/advisory.json", "detail_path": "advisories/ZDI-18-633", "id": "ZDI-18-633", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS fsType Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-633/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5738", "zdi_id": "ZDI-18-633" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-632/advisory.json", "detail_path": "advisories/ZDI-18-632", "id": "ZDI-18-632", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-632/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5643", "zdi_id": "ZDI-18-632" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-631/advisory.json", "detail_path": "advisories/ZDI-18-631", "id": "ZDI-18-631", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-631/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5587", "zdi_id": "ZDI-18-631" }, { "cve": "CVE-2018-5014", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-630/advisory.json", "detail_path": "advisories/ZDI-18-630", "id": "ZDI-18-630", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-630/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5735", "zdi_id": "ZDI-18-630" }, { "cve": "CVE-2018-12803", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-629/advisory.json", "detail_path": "advisories/ZDI-18-629", "id": "ZDI-18-629", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-629/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5734", "zdi_id": "ZDI-18-629" }, { "cve": "CVE-2018-5029", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-628/advisory.json", "detail_path": "advisories/ZDI-18-628", "id": "ZDI-18-628", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-628/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5984", "zdi_id": "ZDI-18-628" }, { "cve": "CVE-2018-5031", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-627/advisory.json", "detail_path": "advisories/ZDI-18-627", "id": "ZDI-18-627", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-627/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5985", "zdi_id": "ZDI-18-627" }, { "cve": "CVE-2018-5057", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-626/advisory.json", "detail_path": "advisories/ZDI-18-626", "id": "ZDI-18-626", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-626/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6089", "zdi_id": "ZDI-18-626" }, { "cve": "CVE-2018-12796", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-625/advisory.json", "detail_path": "advisories/ZDI-18-625", "id": "ZDI-18-625", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-625/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6260", "zdi_id": "ZDI-18-625" }, { "cve": "CVE-2018-12793", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-624/advisory.json", "detail_path": "advisories/ZDI-18-624", "id": "ZDI-18-624", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-624/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6259", "zdi_id": "ZDI-18-624" }, { "cve": "CVE-2018-5060", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-623/advisory.json", "detail_path": "advisories/ZDI-18-623", "id": "ZDI-18-623", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-623/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6092", "zdi_id": "ZDI-18-623" }, { "cve": "CVE-2018-5059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-622/advisory.json", "detail_path": "advisories/ZDI-18-622", "id": "ZDI-18-622", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-622/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6093", "zdi_id": "ZDI-18-622" }, { "cve": "CVE-2018-5034", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-621/advisory.json", "detail_path": "advisories/ZDI-18-621", "id": "ZDI-18-621", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-621/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5977", "zdi_id": "ZDI-18-621" }, { "cve": "CVE-2018-5033", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-620/advisory.json", "detail_path": "advisories/ZDI-18-620", "id": "ZDI-18-620", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-620/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5978", "zdi_id": "ZDI-18-620" }, { "cve": "CVE-2018-5030", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-619/advisory.json", "detail_path": "advisories/ZDI-18-619", "id": "ZDI-18-619", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-619/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5957", "zdi_id": "ZDI-18-619" }, { "cve": "CVE-2018-5012", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-618/advisory.json", "detail_path": "advisories/ZDI-18-618", "id": "ZDI-18-618", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-618/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5767", "zdi_id": "ZDI-18-618" }, { "cve": "CVE-2018-5035", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-617/advisory.json", "detail_path": "advisories/ZDI-18-617", "id": "ZDI-18-617", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-617/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5979", "zdi_id": "ZDI-18-617" }, { "cve": "CVE-2018-8282", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-616/advisory.json", "detail_path": "advisories/ZDI-18-616", "id": "ZDI-18-616", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Microsoft Windows Child Window NULL Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-616/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6147", "zdi_id": "ZDI-18-616" }, { "cve": "CVE-2018-8239", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-615/advisory.json", "detail_path": "advisories/ZDI-18-615", "id": "ZDI-18-615", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Microsoft Internet Explorer EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-615/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6257", "zdi_id": "ZDI-18-615" }, { "cve": "CVE-2018-8307", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-614/advisory.json", "detail_path": "advisories/ZDI-18-614", "id": "ZDI-18-614", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Microsoft Windows WordPad Privilege Chaining Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-614/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5894", "zdi_id": "ZDI-18-614" }, { "cve": "CVE-2018-8242", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-613/advisory.json", "detail_path": "advisories/ZDI-18-613", "id": "ZDI-18-613", "kind": "published", "published_date": "2018-07-13", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Double Free Remote Code Execution Vulnerability", "updated_date": "2018-07-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-613/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6338", "zdi_id": "ZDI-18-613" }, { "cve": "CVE-2018-1025", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-612/advisory.json", "detail_path": "advisories/ZDI-18-612", "id": "ZDI-18-612", "kind": "published", "published_date": "2018-07-12", "status": "published", "title": "(Pwn2Own) Microsoft Edge WebGL ImageData Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-07-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-612/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5814", "zdi_id": "ZDI-18-612" }, { "cve": "CVE-2018-8275", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-611/advisory.json", "detail_path": "advisories/ZDI-18-611", "id": "ZDI-18-611", "kind": "published", "published_date": "2018-07-12", "status": "published", "title": "Microsoft Chakra Array.splice Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-611/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6129", "zdi_id": "ZDI-18-611" }, { "cve": "CVE-2018-4886", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-610/advisory.json", "detail_path": "advisories/ZDI-18-610", "id": "ZDI-18-610", "kind": "published", "published_date": "2018-07-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-610/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5968", "zdi_id": "ZDI-18-610" }, { "cve": "CVE-2018-8274", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-609/advisory.json", "detail_path": "advisories/ZDI-18-609", "id": "ZDI-18-609", "kind": "published", "published_date": "2018-07-12", "status": "published", "title": "Microsoft Edge CWUCLayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-609/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6250", "zdi_id": "ZDI-18-609" }, { "cve": "CVE-2018-8847", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton 9000XDrive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-608/advisory.json", "detail_path": "advisories/ZDI-18-608", "id": "ZDI-18-608", "kind": "published", "published_date": "2018-07-12", "status": "published", "title": "Eaton 9000XDrive TLF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-07-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-608/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-5669", "zdi_id": "ZDI-18-608" }, { "cve": "CVE-2018-4283", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-607/advisory.json", "detail_path": "advisories/ZDI-18-607", "id": "ZDI-18-607", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple macOS IOGraphics IDState Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-607/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6204", "zdi_id": "ZDI-18-607" }, { "cve": "CVE-2018-4262", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-606/advisory.json", "detail_path": "advisories/ZDI-18-606", "id": "ZDI-18-606", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple Safari RegExp Exec Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-606/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6113", "zdi_id": "ZDI-18-606" }, { "cve": "CVE-2018-4263", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-605/advisory.json", "detail_path": "advisories/ZDI-18-605", "id": "ZDI-18-605", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple Safari InputType Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-605/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6107", "zdi_id": "ZDI-18-605" }, { "cve": "CVE-2018-4261", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-604/advisory.json", "detail_path": "advisories/ZDI-18-604", "id": "ZDI-18-604", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple Safari WebGL Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-604/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6048", "zdi_id": "ZDI-18-604" }, { "cve": "CVE-2018-4265", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-603/advisory.json", "detail_path": "advisories/ZDI-18-603", "id": "ZDI-18-603", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple Safari FrameView Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-603/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6133", "zdi_id": "ZDI-18-603" }, { "cve": "CVE-2018-4268", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-602/advisory.json", "detail_path": "advisories/ZDI-18-602", "id": "ZDI-18-602", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple macOS APFS methodVolumeCreate Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-602/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6132", "zdi_id": "ZDI-18-602" }, { "cve": "CVE-2018-4267", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-601/advisory.json", "detail_path": "advisories/ZDI-18-601", "id": "ZDI-18-601", "kind": "published", "published_date": "2018-07-10", "status": "published", "title": "Apple Safari HTMLFormElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-07-10", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-601/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6128", "zdi_id": "ZDI-18-601" }, { "cve": "CVE-2018-4901", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-600/advisory.json", "detail_path": "advisories/ZDI-18-600", "id": "ZDI-18-600", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-600/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6100", "zdi_id": "ZDI-18-600" }, { "cve": "CVE-2018-4984", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-599/advisory.json", "detail_path": "advisories/ZDI-18-599", "id": "ZDI-18-599", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC Catalog Index Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-599/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5891", "zdi_id": "ZDI-18-599" }, { "cve": "CVE-2018-4949", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-598/advisory.json", "detail_path": "advisories/ZDI-18-598", "id": "ZDI-18-598", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-598/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5766", "zdi_id": "ZDI-18-598" }, { "cve": "CVE-2018-4966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-597/advisory.json", "detail_path": "advisories/ZDI-18-597", "id": "ZDI-18-597", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-597/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5760", "zdi_id": "ZDI-18-597" }, { "cve": "CVE-2018-4946", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-596/advisory.json", "detail_path": "advisories/ZDI-18-596", "id": "ZDI-18-596", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-596/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5750", "zdi_id": "ZDI-18-596" }, { "cve": "CVE-2018-4964", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-595/advisory.json", "detail_path": "advisories/ZDI-18-595", "id": "ZDI-18-595", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-595/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5710", "zdi_id": "ZDI-18-595" }, { "cve": "CVE-2018-4965", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-594/advisory.json", "detail_path": "advisories/ZDI-18-594", "id": "ZDI-18-594", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-594/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5706", "zdi_id": "ZDI-18-594" }, { "cve": "CVE-2018-8246", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-593/advisory.json", "detail_path": "advisories/ZDI-18-593", "id": "ZDI-18-593", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Microsoft Office Excel Parsed Expression Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-593/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6340", "zdi_id": "ZDI-18-593" }, { "cve": "CVE-2018-8174", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-592/advisory.json", "detail_path": "advisories/ZDI-18-592", "id": "ZDI-18-592", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Invalid Object Access Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-592/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6199", "zdi_id": "ZDI-18-592" }, { "cve": "CVE-2018-8174", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-591/advisory.json", "detail_path": "advisories/ZDI-18-591", "id": "ZDI-18-591", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-591/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6198", "zdi_id": "ZDI-18-591" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-590/advisory.json", "detail_path": "advisories/ZDI-18-590", "id": "ZDI-18-590", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Apple macOS Dock Service DSMinimizeWindowWithTitle Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-590/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6124", "zdi_id": "ZDI-18-590" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-589/advisory.json", "detail_path": "advisories/ZDI-18-589", "id": "ZDI-18-589", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Apple macOS Dock Service DSSetProcessLabel Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-589/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6121", "zdi_id": "ZDI-18-589" }, { "cve": "CVE-2018-10594", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of TCP packets sen...", "detail_json": "/data/advisories/ZDI-18-588/advisory.json", "detail_path": "advisories/ZDI-18-588", "id": "ZDI-18-588", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Delta Industrial Automation COMMGR AHSIM_5x0 Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-588/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5667", "zdi_id": "ZDI-18-588" }, { "cve": "CVE-2018-10594", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets...", "detail_json": "/data/advisories/ZDI-18-587/advisory.json", "detail_path": "advisories/ZDI-18-587", "id": "ZDI-18-587", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Delta Industrial Automation COMMGR DVP Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-587/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5668", "zdi_id": "ZDI-18-587" }, { "cve": "CVE-2018-10594", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets...", "detail_json": "/data/advisories/ZDI-18-586/advisory.json", "detail_path": "advisories/ZDI-18-586", "id": "ZDI-18-586", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Delta Industrial Automation COMMGR AHSIM_5x1 Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-586/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5666", "zdi_id": "ZDI-18-586" }, { "cve": "CVE-2018-10594", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets...", "detail_json": "/data/advisories/ZDI-18-585/advisory.json", "detail_path": "advisories/ZDI-18-585", "id": "ZDI-18-585", "kind": "published", "published_date": "2018-06-26", "status": "published", "title": "Delta Industrial Automation COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-585/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5665", "zdi_id": "ZDI-18-585" }, { "cve": "CVE-2018-11616", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-584/advisory.json", "detail_path": "advisories/ZDI-18-584", "id": "ZDI-18-584", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Tencent Foxmail URI parsing Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-584/", "vendor": "Tencent", "vendor_url": null, "zdi_can": "ZDI-CAN-5543", "zdi_id": "ZDI-18-584" }, { "cve": "CVE-2018-11615", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause...", "detail_json": "/data/advisories/ZDI-18-583/advisory.json", "detail_path": "advisories/ZDI-18-583", "id": "ZDI-18-583", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "npm mosca Regular Expression Parsing Denial-of-Service Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-583/", "vendor": "npm", "vendor_url": null, "zdi_can": "ZDI-CAN-6306", "zdi_id": "ZDI-18-583" }, { "cve": "CVE-2018-8239", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-582/advisory.json", "detail_path": "advisories/ZDI-18-582", "id": "ZDI-18-582", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Windows PlayEnhMetaFile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-582/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6081", "zdi_id": "ZDI-18-582" }, { "cve": "CVE-2018-8239", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-581/advisory.json", "detail_path": "advisories/ZDI-18-581", "id": "ZDI-18-581", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Windows PlayEnhMetaFile Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-581/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6080", "zdi_id": "ZDI-18-581" }, { "cve": "CVE-2018-8236", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-580/advisory.json", "detail_path": "advisories/ZDI-18-580", "id": "ZDI-18-580", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Chakra Typed Array Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-580/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6050", "zdi_id": "ZDI-18-580" }, { "cve": "CVE-2018-8251", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-579/advisory.json", "detail_path": "advisories/ZDI-18-579", "id": "ZDI-18-579", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Windows Media Foundation Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-579/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5707", "zdi_id": "ZDI-18-579" }, { "cve": "CVE-2018-8207", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-578/advisory.json", "detail_path": "advisories/ZDI-18-578", "id": "ZDI-18-578", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Windows ksecdd IOCTL 0x390400 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-578/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5702", "zdi_id": "ZDI-18-578" }, { "cve": "CVE-2018-0763", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-577/advisory.json", "detail_path": "advisories/ZDI-18-577", "id": "ZDI-18-577", "kind": "published", "published_date": "2018-06-13", "status": "published", "title": "Microsoft Edge CSS Background Property Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-06-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-577/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5605", "zdi_id": "ZDI-18-577" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-576/advisory.json", "detail_path": "advisories/ZDI-18-576", "id": "ZDI-18-576", "kind": "published", "published_date": "2018-06-11", "status": "published", "title": "Apple macOS Dock Service DSSetItemTitle Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-576/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6123", "zdi_id": "ZDI-18-576" }, { "cve": "CVE-2018-4196", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-18-575/advisory.json", "detail_path": "advisories/ZDI-18-575", "id": "ZDI-18-575", "kind": "published", "published_date": "2018-06-11", "status": "published", "title": "Apple macOS Dock Service DSMinimizeManyWindowsWithTitle Uninitialized Pointer Privilege Escalation Vulnerability", "updated_date": "2018-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-575/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-6122", "zdi_id": "ZDI-18-575" }, { "cve": "CVE-2018-4951", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-574/advisory.json", "detail_path": "advisories/ZDI-18-574", "id": "ZDI-18-574", "kind": "published", "published_date": "2018-06-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-574/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5708", "zdi_id": "ZDI-18-574" }, { "cve": "CVE-2018-8164", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-573/advisory.json", "detail_path": "advisories/ZDI-18-573", "id": "ZDI-18-573", "kind": "published", "published_date": "2018-06-08", "status": "published", "title": "(Pwn2Own) Microsoft Windows D3DKMTCreateDCFromMemory Memory Corruption Privilege Escalation Vulnerability", "updated_date": "2018-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-573/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5823", "zdi_id": "ZDI-18-573" }, { "cve": "CVE-2018-8165", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-572/advisory.json", "detail_path": "advisories/ZDI-18-572", "id": "ZDI-18-572", "kind": "published", "published_date": "2018-06-08", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectX Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-572/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5816", "zdi_id": "ZDI-18-572" }, { "cve": "CVE-2018-8179", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-571/advisory.json", "detail_path": "advisories/ZDI-18-571", "id": "ZDI-18-571", "kind": "published", "published_date": "2018-06-08", "status": "published", "title": "(Pwn2Own) Microsoft Edge WebRTC Parameters Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-571/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5815", "zdi_id": "ZDI-18-571" }, { "cve": "CVE-2018-4945", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-570/advisory.json", "detail_path": "advisories/ZDI-18-570", "id": "ZDI-18-570", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Adobe Flash Microphone Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-570/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-6131", "zdi_id": "ZDI-18-570" }, { "cve": "CVE-2018-5000", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-569/advisory.json", "detail_path": "advisories/ZDI-18-569", "id": "ZDI-18-569", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Adobe Flash RTMP Parsing Integer Overflow Information Disclosure Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5614", "zdi_id": "ZDI-18-569" }, { "cve": "CVE-2018-5001", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-568/advisory.json", "detail_path": "advisories/ZDI-18-568", "id": "ZDI-18-568", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5954", "zdi_id": "ZDI-18-568" }, { "cve": "CVE-2018-11806", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. An attacker must first obtain the ability to execute code on the guest OS in order to exploit this vulnerability. The specific flaw exists within the hand...", "detail_json": "/data/advisories/ZDI-18-567/advisory.json", "detail_path": "advisories/ZDI-18-567", "id": "ZDI-18-567", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/", "vendor": "Qemu", "vendor_url": null, "zdi_can": "ZDI-CAN-5588", "zdi_id": "ZDI-18-567" }, { "cve": "CVE-2018-10506", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi...", "detail_json": "/data/advisories/ZDI-18-566/advisory.json", "detail_path": "advisories/ZDI-18-566", "id": "ZDI-18-566", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Trend Micro OfficeScan TMWFP Driver Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-566/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5893", "zdi_id": "ZDI-18-566" }, { "cve": "CVE-2018-10358", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-565/advisory.json", "detail_path": "advisories/ZDI-18-565", "id": "ZDI-18-565", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Trend Micro OfficeScan TMWFP driver Pool Corruption Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-565/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5639", "zdi_id": "ZDI-18-565" }, { "cve": "CVE-2018-10359", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-564/advisory.json", "detail_path": "advisories/ZDI-18-564", "id": "ZDI-18-564", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Trend Micro OfficeScan TMWFP driver Pool Corruption Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-564/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5638", "zdi_id": "ZDI-18-564" }, { "cve": "CVE-2018-10505", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-563/advisory.json", "detail_path": "advisories/ZDI-18-563", "id": "ZDI-18-563", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Trend Micro OfficeScan TMWFP driver Pool Corruption Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-563/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5637", "zdi_id": "ZDI-18-563" }, { "cve": "CVE-2018-11614", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-18-562/advisory.json", "detail_path": "advisories/ZDI-18-562", "id": "ZDI-18-562", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "(Pwn2Own) Samsung Members Intent Proxy Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-562/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5361", "zdi_id": "ZDI-18-562" }, { "cve": "CVE-2018-10501", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-18-561/advisory.json", "detail_path": "advisories/ZDI-18-561", "id": "ZDI-18-561", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "(Pwn2Own) Samsung Notes ZIP File Directory Traversal File Write Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-561/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5358", "zdi_id": "ZDI-18-561" }, { "cve": "CVE-2018-10502", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-18-560/advisory.json", "detail_path": "advisories/ZDI-18-560", "id": "ZDI-18-560", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "(Pwn2Own) Samsung Galaxy Apps Staging Mode Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-560/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5359", "zdi_id": "ZDI-18-560" }, { "cve": "CVE-2018-10500", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-18-559/advisory.json", "detail_path": "advisories/ZDI-18-559", "id": "ZDI-18-559", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Samsung Galaxy Apps Activity Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-559/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5331", "zdi_id": "ZDI-18-559" }, { "cve": "CVE-2018-10499", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-558/advisory.json", "detail_path": "advisories/ZDI-18-558", "id": "ZDI-18-558", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Samsung Galaxy Apps URL Handling Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-558/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5330", "zdi_id": "ZDI-18-558" }, { "cve": "CVE-2018-10498", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-18-557/advisory.json", "detail_path": "advisories/ZDI-18-557", "id": "ZDI-18-557", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Samsung Email Arbitrary File Read Information Disclosure Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-557/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5329", "zdi_id": "ZDI-18-557" }, { "cve": "CVE-2018-10497", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-18-556/advisory.json", "detail_path": "advisories/ZDI-18-556", "id": "ZDI-18-556", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Samsung Email EML File Parsing Privilege Escalation Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-556/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5328", "zdi_id": "ZDI-18-556" }, { "cve": "CVE-2018-10496", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-555/advisory.json", "detail_path": "advisories/ZDI-18-555", "id": "ZDI-18-555", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "Samsung Internet Browser TypedArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-555/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-5326", "zdi_id": "ZDI-18-555" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the UpdateProblemTicke...", "detail_json": "/data/advisories/ZDI-18-554/advisory.json", "detail_path": "advisories/ZDI-18-554", "id": "ZDI-18-554", "kind": "published", "published_date": "2018-06-07", "status": "published", "title": "GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-554/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5540", "zdi_id": "ZDI-18-554" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-553/advisory.json", "detail_path": "advisories/ZDI-18-553", "id": "ZDI-18-553", "kind": "published", "published_date": "2018-06-08", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetNodeList SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-553/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5590", "zdi_id": "ZDI-18-553" }, { "cve": "CVE-2018-1000006", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Web Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-552/advisory.json", "detail_path": "advisories/ZDI-18-552", "id": "ZDI-18-552", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "Google Web Designer URI Parsing Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-552/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-5522", "zdi_id": "ZDI-18-552" }, { "cve": "CVE-2018-10611", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-18-551/advisory.json", "detail_path": "advisories/ZDI-18-551", "id": "ZDI-18-551", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET Account Java RMI Incorrect Privilege Assignment Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-551/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5591", "zdi_id": "ZDI-18-551" }, { "cve": "CVE-2018-10611", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of data from a Java RMI Pooled In...", "detail_json": "/data/advisories/ZDI-18-550/advisory.json", "detail_path": "advisories/ZDI-18-550", "id": "ZDI-18-550", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET Pooled Invoker Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-550/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5575", "zdi_id": "ZDI-18-550" }, { "cve": "CVE-2018-10611", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the ToolingService web service...", "detail_json": "/data/advisories/ZDI-18-549/advisory.json", "detail_path": "advisories/ZDI-18-549", "id": "ZDI-18-549", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET ToolingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-549/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5537", "zdi_id": "ZDI-18-549" }, { "cve": "CVE-2018-10611", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the HealthCheck web service. T...", "detail_json": "/data/advisories/ZDI-18-548/advisory.json", "detail_path": "advisories/ZDI-18-548", "id": "ZDI-18-548", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET HealthCheck Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-548/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5536", "zdi_id": "ZDI-18-548" }, { "cve": "CVE-2018-10611", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the CommandLineService web ser...", "detail_json": "/data/advisories/ZDI-18-547/advisory.json", "detail_path": "advisories/ZDI-18-547", "id": "ZDI-18-547", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET CommandLineService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-547/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5535", "zdi_id": "ZDI-18-547" }, { "cve": "CVE-2018-10615", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...", "detail_json": "/data/advisories/ZDI-18-546/advisory.json", "detail_path": "advisories/ZDI-18-546", "id": "ZDI-18-546", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET FileServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-546/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5520", "zdi_id": "ZDI-18-546" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the AlarmActions metho...", "detail_json": "/data/advisories/ZDI-18-545/advisory.json", "detail_path": "advisories/ZDI-18-545", "id": "ZDI-18-545", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET IntegrationXMLProcessorServlet AlarmActions XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-545/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5541", "zdi_id": "ZDI-18-545" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Write method of th...", "detail_json": "/data/advisories/ZDI-18-544/advisory.json", "detail_path": "advisories/ZDI-18-544", "id": "ZDI-18-544", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET IntegrationXMLProcessorServlet Write XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-544/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5539", "zdi_id": "ZDI-18-544" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FglAMServlet servlet. Due to the imp...", "detail_json": "/data/advisories/ZDI-18-543/advisory.json", "detail_path": "advisories/ZDI-18-543", "id": "ZDI-18-543", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET FglAMServlet XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-543/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5538", "zdi_id": "ZDI-18-543" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XmlAdapterServlet servlet. Due to th...", "detail_json": "/data/advisories/ZDI-18-542/advisory.json", "detail_path": "advisories/ZDI-18-542", "id": "ZDI-18-542", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET XmlAdapterServlet XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-542/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5518", "zdi_id": "ZDI-18-542" }, { "cve": "CVE-2018-10613", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MagnumEmulator servlet. Due to the i...", "detail_json": "/data/advisories/ZDI-18-541/advisory.json", "detail_path": "advisories/ZDI-18-541", "id": "ZDI-18-541", "kind": "published", "published_date": "2018-06-06", "status": "published", "title": "GE MDS PulseNET MagnumEmulator Servlet XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-06-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-541/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-5517", "zdi_id": "ZDI-18-541" }, { "cve": "CVE-2018-8174", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-540/advisory.json", "detail_path": "advisories/ZDI-18-540", "id": "ZDI-18-540", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-540/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6197", "zdi_id": "ZDI-18-540" }, { "cve": "CVE-2018-0951", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-539/advisory.json", "detail_path": "advisories/ZDI-18-539", "id": "ZDI-18-539", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Microsoft Chakra typeof Operator Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-539/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-6152", "zdi_id": "ZDI-18-539" }, { "cve": "CVE-2018-10621", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-538/advisory.json", "detail_path": "advisories/ZDI-18-538", "id": "ZDI-18-538", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-538/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-6057", "zdi_id": "ZDI-18-538" }, { "cve": "CVE-2018-10623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-537/advisory.json", "detail_path": "advisories/ZDI-18-537", "id": "ZDI-18-537", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-537/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5975", "zdi_id": "ZDI-18-537" }, { "cve": "CVE-2018-10617", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-536/advisory.json", "detail_path": "advisories/ZDI-18-536", "id": "ZDI-18-536", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-536/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5974", "zdi_id": "ZDI-18-536" }, { "cve": "CVE-2018-10623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-535/advisory.json", "detail_path": "advisories/ZDI-18-535", "id": "ZDI-18-535", "kind": "published", "published_date": "2018-06-05", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-06-05", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-535/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5973", "zdi_id": "ZDI-18-535" }, { "cve": "CVE-2018-8267", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-534/advisory.json", "detail_path": "advisories/ZDI-18-534", "id": "ZDI-18-534", "kind": "published", "published_date": "2018-05-29", "status": "published", "title": "(0Day) Microsoft Windows JScript Error Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-06-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-534/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5613", "zdi_id": "ZDI-18-534" }, { "cve": "CVE-2018-6963", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-18-533/advisory.json", "detail_path": "advisories/ZDI-18-533", "id": "ZDI-18-533", "kind": "published", "published_date": "2018-05-24", "status": "published", "title": "VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability", "updated_date": "2018-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-533/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-6078", "zdi_id": "ZDI-18-533" }, { "cve": "CVE-2018-6963", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-18-532/advisory.json", "detail_path": "advisories/ZDI-18-532", "id": "ZDI-18-532", "kind": "published", "published_date": "2018-05-24", "status": "published", "title": "VMware Workstation unity operation request Null Pointer Dereference Denial of Service Vulnerability", "updated_date": "2018-05-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-532/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-6077", "zdi_id": "ZDI-18-532" }, { "cve": "CVE-2018-4999", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-531/advisory.json", "detail_path": "advisories/ZDI-18-531", "id": "ZDI-18-531", "kind": "published", "published_date": "2018-05-23", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-531/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5474", "zdi_id": "ZDI-18-531" }, { "cve": "CVE-2018-4998", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-530/advisory.json", "detail_path": "advisories/ZDI-18-530", "id": "ZDI-18-530", "kind": "published", "published_date": "2018-05-23", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-05-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-530/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5238", "zdi_id": "ZDI-18-530" }, { "cve": "CVE-2018-4997", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-529/advisory.json", "detail_path": "advisories/ZDI-18-529", "id": "ZDI-18-529", "kind": "published", "published_date": "2018-05-23", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-529/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5237", "zdi_id": "ZDI-18-529" }, { "cve": "CVE-2018-7687", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Micro Focus Client for Open Enterprise Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...", "detail_json": "/data/advisories/ZDI-18-528/advisory.json", "detail_path": "advisories/ZDI-18-528", "id": "ZDI-18-528", "kind": "published", "published_date": "2018-05-22", "status": "published", "title": "Micro Focus Client for Open Enterprise Server Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-05-22", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-528/", "vendor": "Micro Focus", "vendor_url": null, "zdi_can": "ZDI-CAN-5479", "zdi_id": "ZDI-18-528" }, { "cve": "CVE-2018-8845", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-18-527/advisory.json", "detail_path": "advisories/ZDI-18-527", "id": "ZDI-18-527", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess webvrpcs Service viewdll1 strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-527/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5897", "zdi_id": "ZDI-18-527" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in...", "detail_json": "/data/advisories/ZDI-18-526/advisory.json", "detail_path": "advisories/ZDI-18-526", "id": "ZDI-18-526", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-526/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5711", "zdi_id": "ZDI-18-526" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwPSLinkZip.exe, which is accessed throug...", "detail_json": "/data/advisories/ZDI-18-525/advisory.json", "detail_path": "advisories/ZDI-18-525", "id": "ZDI-18-525", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BwPSLinkZip Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-525/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5700", "zdi_id": "ZDI-18-525" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-524/advisory.json", "detail_path": "advisories/ZDI-18-524", "id": "ZDI-18-524", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-524/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5699", "zdi_id": "ZDI-18-524" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-523/advisory.json", "detail_path": "advisories/ZDI-18-523", "id": "ZDI-18-523", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwsound Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-523/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5698", "zdi_id": "ZDI-18-523" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within waexec.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-18-522/advisory.json", "detail_path": "advisories/ZDI-18-522", "id": "ZDI-18-522", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node waexec Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-522/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5697", "zdi_id": "ZDI-18-522" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunmie.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-521/advisory.json", "detail_path": "advisories/ZDI-18-521", "id": "ZDI-18-521", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwrunmie Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-521/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5696", "zdi_id": "ZDI-18-521" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrtdup.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-520/advisory.json", "detail_path": "advisories/ZDI-18-520", "id": "ZDI-18-520", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwrtdup Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-520/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5695", "zdi_id": "ZDI-18-520" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwdlgup.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-519/advisory.json", "detail_path": "advisories/ZDI-18-519", "id": "ZDI-18-519", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwdlgup Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-519/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5694", "zdi_id": "ZDI-18-519" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within upandpr.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-518/advisory.json", "detail_path": "advisories/ZDI-18-518", "id": "ZDI-18-518", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node upandpr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-518/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5693", "zdi_id": "ZDI-18-518" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within datacore.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-517/advisory.json", "detail_path": "advisories/ZDI-18-517", "id": "ZDI-18-517", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node datacore Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-517/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5692", "zdi_id": "ZDI-18-517" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwtagblk.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-516/advisory.json", "detail_path": "advisories/ZDI-18-516", "id": "ZDI-18-516", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwtagblk Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-516/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5691", "zdi_id": "ZDI-18-516" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-515/advisory.json", "detail_path": "advisories/ZDI-18-515", "id": "ZDI-18-515", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-515/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5690", "zdi_id": "ZDI-18-515" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-514/advisory.json", "detail_path": "advisories/ZDI-18-514", "id": "ZDI-18-514", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwsound Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-514/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5689", "zdi_id": "ZDI-18-514" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwblcmd.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-513/advisory.json", "detail_path": "advisories/ZDI-18-513", "id": "ZDI-18-513", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwblcmd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-513/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5688", "zdi_id": "ZDI-18-513" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwaccrts.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-512/advisory.json", "detail_path": "advisories/ZDI-18-512", "id": "ZDI-18-512", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwaccrts Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-512/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5687", "zdi_id": "ZDI-18-512" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within notify2.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-511/advisory.json", "detail_path": "advisories/ZDI-18-511", "id": "ZDI-18-511", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node notify2 msg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-511/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5686", "zdi_id": "ZDI-18-511" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within notify2.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-510/advisory.json", "detail_path": "advisories/ZDI-18-510", "id": "ZDI-18-510", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node notify2 TeleNum Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-510/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5685", "zdi_id": "ZDI-18-510" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within notify2.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-509/advisory.json", "detail_path": "advisories/ZDI-18-509", "id": "ZDI-18-509", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node notify2 pw Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-509/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5684", "zdi_id": "ZDI-18-509" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within notify2.exe, which is accessed through th...", "detail_json": "/data/advisories/ZDI-18-508/advisory.json", "detail_path": "advisories/ZDI-18-508", "id": "ZDI-18-508", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node notify2 IpAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-508/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5683", "zdi_id": "ZDI-18-508" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within AutoConfig4IIS.exe, which is accessed thr...", "detail_json": "/data/advisories/ZDI-18-507/advisory.json", "detail_path": "advisories/ZDI-18-507", "id": "ZDI-18-507", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node AutoConfig4IIS Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-507/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5682", "zdi_id": "ZDI-18-507" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwclrptw.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-506/advisory.json", "detail_path": "advisories/ZDI-18-506", "id": "ZDI-18-506", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwclrptw Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-506/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5681", "zdi_id": "ZDI-18-506" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwctrkrl.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-505/advisory.json", "detail_path": "advisories/ZDI-18-505", "id": "ZDI-18-505", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwctrkrl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-505/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5680", "zdi_id": "ZDI-18-505" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwdnload.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-504/advisory.json", "detail_path": "advisories/ZDI-18-504", "id": "ZDI-18-504", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwdnload Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-504/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5679", "zdi_id": "ZDI-18-504" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwview.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-18-503/advisory.json", "detail_path": "advisories/ZDI-18-503", "id": "ZDI-18-503", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwview Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-503/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5678", "zdi_id": "ZDI-18-503" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within wapnp.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-18-502/advisory.json", "detail_path": "advisories/ZDI-18-502", "id": "ZDI-18-502", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node wapnp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-502/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5677", "zdi_id": "ZDI-18-502" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within waexec.exe, which is accessed through the...", "detail_json": "/data/advisories/ZDI-18-501/advisory.json", "detail_path": "advisories/ZDI-18-501", "id": "ZDI-18-501", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node waexec Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-501/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5676", "zdi_id": "ZDI-18-501" }, { "cve": "CVE-2018-8841", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-18-500/advisory.json", "detail_path": "advisories/ZDI-18-500", "id": "ZDI-18-500", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-500/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5670", "zdi_id": "ZDI-18-500" }, { "cve": "CVE-2018-7495", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL...", "detail_json": "/data/advisories/ZDI-18-499/advisory.json", "detail_path": "advisories/ZDI-18-499", "id": "ZDI-18-499", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Arbitrary File Deletion Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-499/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5664", "zdi_id": "ZDI-18-499" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within screnc.exe, which is accessed through t...", "detail_json": "/data/advisories/ZDI-18-498/advisory.json", "detail_path": "advisories/ZDI-18-498", "id": "ZDI-18-498", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node screnc Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-498/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5663", "zdi_id": "ZDI-18-498" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmakdir.exe, which is accessed through...", "detail_json": "/data/advisories/ZDI-18-497/advisory.json", "detail_path": "advisories/ZDI-18-497", "id": "ZDI-18-497", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node bwmakdir Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-497/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5662", "zdi_id": "ZDI-18-497" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2781 IOCTL...", "detail_json": "/data/advisories/ZDI-18-496/advisory.json", "detail_path": "advisories/ZDI-18-496", "id": "ZDI-18-496", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-496/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5661", "zdi_id": "ZDI-18-496" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2780 IOCTL...", "detail_json": "/data/advisories/ZDI-18-495/advisory.json", "detail_path": "advisories/ZDI-18-495", "id": "ZDI-18-495", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-495/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5660", "zdi_id": "ZDI-18-495" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL...", "detail_json": "/data/advisories/ZDI-18-494/advisory.json", "detail_path": "advisories/ZDI-18-494", "id": "ZDI-18-494", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-494/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5659", "zdi_id": "ZDI-18-494" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277f IOCTL...", "detail_json": "/data/advisories/ZDI-18-493/advisory.json", "detail_path": "advisories/ZDI-18-493", "id": "ZDI-18-493", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-493/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5658", "zdi_id": "ZDI-18-493" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2775 IOCTL...", "detail_json": "/data/advisories/ZDI-18-492/advisory.json", "detail_path": "advisories/ZDI-18-492", "id": "ZDI-18-492", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-492/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5656", "zdi_id": "ZDI-18-492" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL...", "detail_json": "/data/advisories/ZDI-18-491/advisory.json", "detail_path": "advisories/ZDI-18-491", "id": "ZDI-18-491", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-491/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5655", "zdi_id": "ZDI-18-491" }, { "cve": "CVE-2018-7499", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within implementation of the 0x138bd IOCTL in...", "detail_json": "/data/advisories/ZDI-18-490/advisory.json", "detail_path": "advisories/ZDI-18-490", "id": "ZDI-18-490", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-490/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5654", "zdi_id": "ZDI-18-490" }, { "cve": "CVE-2018-7501", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within Quality.asp. When parsing the I...", "detail_json": "/data/advisories/ZDI-18-489/advisory.json", "detail_path": "advisories/ZDI-18-489", "id": "ZDI-18-489", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node Quality ItemGroupIdAry SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-489/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5653", "zdi_id": "ZDI-18-489" }, { "cve": "CVE-2018-7501", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within Quality.asp. When parsing the I...", "detail_json": "/data/advisories/ZDI-18-488/advisory.json", "detail_path": "advisories/ZDI-18-488", "id": "ZDI-18-488", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node Quality ItemIdAry SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-488/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5652", "zdi_id": "ZDI-18-488" }, { "cve": "CVE-2018-7501", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within Quality_Reg.asp. When parsing t...", "detail_json": "/data/advisories/ZDI-18-487/advisory.json", "detail_path": "advisories/ZDI-18-487", "id": "ZDI-18-487", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node Quality_Reg ItemIdAry SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-487/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5651", "zdi_id": "ZDI-18-487" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-486/advisory.json", "detail_path": "advisories/ZDI-18-486", "id": "ZDI-18-486", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GraphListByNode SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-486/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5650", "zdi_id": "ZDI-18-486" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-485/advisory.json", "detail_path": "advisories/ZDI-18-485", "id": "ZDI-18-485", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap PointListByNode SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-485/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5649", "zdi_id": "ZDI-18-485" }, { "cve": "CVE-2018-7497", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277e IOCTL...", "detail_json": "/data/advisories/ZDI-18-484/advisory.json", "detail_path": "advisories/ZDI-18-484", "id": "ZDI-18-484", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-484/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5648", "zdi_id": "ZDI-18-484" }, { "cve": "CVE-2018-10589", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2711 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-483/advisory.json", "detail_path": "advisories/ZDI-18-483", "id": "ZDI-18-483", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess webvrpcs Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-483/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5627", "zdi_id": "ZDI-18-483" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-482/advisory.json", "detail_path": "advisories/ZDI-18-482", "id": "ZDI-18-482", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GraphListByPage SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-482/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5612", "zdi_id": "ZDI-18-482" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-481/advisory.json", "detail_path": "advisories/ZDI-18-481", "id": "ZDI-18-481", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetAlarms SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-481/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5611", "zdi_id": "ZDI-18-481" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-480/advisory.json", "detail_path": "advisories/ZDI-18-480", "id": "ZDI-18-480", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap PointList SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-480/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5610", "zdi_id": "ZDI-18-480" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-479/advisory.json", "detail_path": "advisories/ZDI-18-479", "id": "ZDI-18-479", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetTrendDetail SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-479/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5609", "zdi_id": "ZDI-18-479" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-478/advisory.json", "detail_path": "advisories/ZDI-18-478", "id": "ZDI-18-478", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GraphList SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-478/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5608", "zdi_id": "ZDI-18-478" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-477/advisory.json", "detail_path": "advisories/ZDI-18-477", "id": "ZDI-18-477", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetAlarmsByPage SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-477/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5607", "zdi_id": "ZDI-18-477" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-476/advisory.json", "detail_path": "advisories/ZDI-18-476", "id": "ZDI-18-476", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetUnackAlarms SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-476/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5606", "zdi_id": "ZDI-18-476" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-475/advisory.json", "detail_path": "advisories/ZDI-18-475", "id": "ZDI-18-475", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetTrendList SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-475/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5595", "zdi_id": "ZDI-18-475" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-474/advisory.json", "detail_path": "advisories/ZDI-18-474", "id": "ZDI-18-474", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap GetUnackAlarmsByPage SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-474/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5597", "zdi_id": "ZDI-18-474" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-473/advisory.json", "detail_path": "advisories/ZDI-18-473", "id": "ZDI-18-473", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node BWSCADASoap PointListByPage SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-473/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5596", "zdi_id": "ZDI-18-473" }, { "cve": "CVE-2018-7501", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...", "detail_json": "/data/advisories/ZDI-18-472/advisory.json", "detail_path": "advisories/ZDI-18-472", "id": "ZDI-18-472", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess Node controlNode bnid SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-472/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5519", "zdi_id": "ZDI-18-472" }, { "cve": "CVE-2018-7503", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadAction servlet. When...", "detail_json": "/data/advisories/ZDI-18-471/advisory.json", "detail_path": "advisories/ZDI-18-471", "id": "ZDI-18-471", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess NMS DownloadAction Servlet Directory Traversal Information Disclosure Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-471/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5477", "zdi_id": "ZDI-18-471" }, { "cve": "CVE-2018-7505", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the TFTP service. The issue r...", "detail_json": "/data/advisories/ZDI-18-470/advisory.json", "detail_path": "advisories/ZDI-18-470", "id": "ZDI-18-470", "kind": "published", "published_date": "2018-05-18", "status": "published", "title": "Advantech WebAccess NMS TFTP Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2018-05-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-470/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5476", "zdi_id": "ZDI-18-470" }, { "cve": "CVE-2018-10357", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Endpoint Application Control. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileDrop servlet. When...", "detail_json": "/data/advisories/ZDI-18-469/advisory.json", "detail_path": "advisories/ZDI-18-469", "id": "ZDI-18-469", "kind": "published", "published_date": "2018-05-17", "status": "published", "title": "Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2018-05-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-469/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5640", "zdi_id": "ZDI-18-469" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-468/advisory.json", "detail_path": "advisories/ZDI-18-468", "id": "ZDI-18-468", "kind": "published", "published_date": "2018-05-16", "status": "published", "title": "(0Day) Delta Industrial Automation TPEditor TPE File Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-06-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-468/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5389", "zdi_id": "ZDI-18-468" }, { "cve": "CVE-2018-4984", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-467/advisory.json", "detail_path": "advisories/ZDI-18-467", "id": "ZDI-18-467", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC Catalog Index Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-467/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5890", "zdi_id": "ZDI-18-467" }, { "cve": "CVE-2018-4982", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-466/advisory.json", "detail_path": "advisories/ZDI-18-466", "id": "ZDI-18-466", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-466/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5783", "zdi_id": "ZDI-18-466" }, { "cve": "CVE-2018-4981", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-465/advisory.json", "detail_path": "advisories/ZDI-18-465", "id": "ZDI-18-465", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-465/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5784", "zdi_id": "ZDI-18-465" }, { "cve": "CVE-2018-4980", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-464/advisory.json", "detail_path": "advisories/ZDI-18-464", "id": "ZDI-18-464", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC Compare Files Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-464/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5811", "zdi_id": "ZDI-18-464" }, { "cve": "CVE-2018-4979", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-463/advisory.json", "detail_path": "advisories/ZDI-18-463", "id": "ZDI-18-463", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC URL Parsing Insufficient Verification of Data Authenticity Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-463/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5810", "zdi_id": "ZDI-18-463" }, { "cve": "CVE-2018-4978", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-462/advisory.json", "detail_path": "advisories/ZDI-18-462", "id": "ZDI-18-462", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-462/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5728", "zdi_id": "ZDI-18-462" }, { "cve": "CVE-2018-4977", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-461/advisory.json", "detail_path": "advisories/ZDI-18-461", "id": "ZDI-18-461", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Acrobat Reader DC XFA Subform Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-461/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5516", "zdi_id": "ZDI-18-461" }, { "cve": "CVE-2018-4976", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-460/advisory.json", "detail_path": "advisories/ZDI-18-460", "id": "ZDI-18-460", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawCurve Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-460/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5729", "zdi_id": "ZDI-18-460" }, { "cve": "CVE-2018-4975", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-459/advisory.json", "detail_path": "advisories/ZDI-18-459", "id": "ZDI-18-459", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-459/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5732", "zdi_id": "ZDI-18-459" }, { "cve": "CVE-2018-4974", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-458/advisory.json", "detail_path": "advisories/ZDI-18-458", "id": "ZDI-18-458", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA SubForm Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-458/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5510", "zdi_id": "ZDI-18-458" }, { "cve": "CVE-2018-4973", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-457/advisory.json", "detail_path": "advisories/ZDI-18-457", "id": "ZDI-18-457", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-457/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5751", "zdi_id": "ZDI-18-457" }, { "cve": "CVE-2018-4972", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-456/advisory.json", "detail_path": "advisories/ZDI-18-456", "id": "ZDI-18-456", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-456/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5730", "zdi_id": "ZDI-18-456" }, { "cve": "CVE-2018-4971", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-455/advisory.json", "detail_path": "advisories/ZDI-18-455", "id": "ZDI-18-455", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PDF Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-455/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5752", "zdi_id": "ZDI-18-455" }, { "cve": "CVE-2018-4970", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-454/advisory.json", "detail_path": "advisories/ZDI-18-454", "id": "ZDI-18-454", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-454/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5731", "zdi_id": "ZDI-18-454" }, { "cve": "CVE-2018-4969", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-453/advisory.json", "detail_path": "advisories/ZDI-18-453", "id": "ZDI-18-453", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF ImageData Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-453/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5709", "zdi_id": "ZDI-18-453" }, { "cve": "CVE-2018-4968", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-452/advisory.json", "detail_path": "advisories/ZDI-18-452", "id": "ZDI-18-452", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_CREATEDIBPATTERNBRUSHPT Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-452/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5768", "zdi_id": "ZDI-18-452" }, { "cve": "CVE-2018-4967", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-451/advisory.json", "detail_path": "advisories/ZDI-18-451", "id": "ZDI-18-451", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-451/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5733", "zdi_id": "ZDI-18-451" }, { "cve": "CVE-2018-4966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-450/advisory.json", "detail_path": "advisories/ZDI-18-450", "id": "ZDI-18-450", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF ImageDescriptor Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-450/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5759", "zdi_id": "ZDI-18-450" }, { "cve": "CVE-2018-4965", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-449/advisory.json", "detail_path": "advisories/ZDI-18-449", "id": "ZDI-18-449", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-449/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5761", "zdi_id": "ZDI-18-449" }, { "cve": "CVE-2018-4964", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-448/advisory.json", "detail_path": "advisories/ZDI-18-448", "id": "ZDI-18-448", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-448/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5764", "zdi_id": "ZDI-18-448" }, { "cve": "CVE-2018-4963", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-447/advisory.json", "detail_path": "advisories/ZDI-18-447", "id": "ZDI-18-447", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-447/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5765", "zdi_id": "ZDI-18-447" }, { "cve": "CVE-2018-4962", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-446/advisory.json", "detail_path": "advisories/ZDI-18-446", "id": "ZDI-18-446", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC OCG setIntent Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-446/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5775", "zdi_id": "ZDI-18-446" }, { "cve": "CVE-2018-4957", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-445/advisory.json", "detail_path": "advisories/ZDI-18-445", "id": "ZDI-18-445", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-445/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5241", "zdi_id": "ZDI-18-445" }, { "cve": "CVE-2018-4956", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-444/advisory.json", "detail_path": "advisories/ZDI-18-444", "id": "ZDI-18-444", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-444/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5291", "zdi_id": "ZDI-18-444" }, { "cve": "CVE-2018-4955", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-443/advisory.json", "detail_path": "advisories/ZDI-18-443", "id": "ZDI-18-443", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XPS TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-443/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5585", "zdi_id": "ZDI-18-443" }, { "cve": "CVE-2018-4954", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-442/advisory.json", "detail_path": "advisories/ZDI-18-442", "id": "ZDI-18-442", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA removeInstance Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-442/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5455", "zdi_id": "ZDI-18-442" }, { "cve": "CVE-2018-4953", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-441/advisory.json", "detail_path": "advisories/ZDI-18-441", "id": "ZDI-18-441", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC PutItemValue Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-441/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5456", "zdi_id": "ZDI-18-441" }, { "cve": "CVE-2018-4952", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-440/advisory.json", "detail_path": "advisories/ZDI-18-440", "id": "ZDI-18-440", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC XFA use Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-440/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5457", "zdi_id": "ZDI-18-440" }, { "cve": "CVE-2018-4951", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-439/advisory.json", "detail_path": "advisories/ZDI-18-439", "id": "ZDI-18-439", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-439/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5468", "zdi_id": "ZDI-18-439" }, { "cve": "CVE-2018-4950", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-438/advisory.json", "detail_path": "advisories/ZDI-18-438", "id": "ZDI-18-438", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC EMF EMR_STRETCHDIBITS Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-438/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5469", "zdi_id": "ZDI-18-438" }, { "cve": "CVE-2018-4949", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-437/advisory.json", "detail_path": "advisories/ZDI-18-437", "id": "ZDI-18-437", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-437/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5554", "zdi_id": "ZDI-18-437" }, { "cve": "CVE-2018-4948", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-436/advisory.json", "detail_path": "advisories/ZDI-18-436", "id": "ZDI-18-436", "kind": "published", "published_date": "2018-05-15", "status": "published", "title": "Adobe Acrobat Pro DC EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-436/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5584", "zdi_id": "ZDI-18-436" }, { "cve": "CVE-2018-8843", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Arena. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-435/advisory.json", "detail_path": "advisories/ZDI-18-435", "id": "ZDI-18-435", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Rockwell Automation Arena File Parsing SmAnim Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-435/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5496", "zdi_id": "ZDI-18-435" }, { "cve": "CVE-2018-1025", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-434/advisory.json", "detail_path": "advisories/ZDI-18-434", "id": "ZDI-18-434", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Edge WebGL ImageData Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-434/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5988", "zdi_id": "ZDI-18-434" }, { "cve": "CVE-2018-8123", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-433/advisory.json", "detail_path": "advisories/ZDI-18-433", "id": "ZDI-18-433", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Edge OutputElement DoReset Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-433/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5753", "zdi_id": "ZDI-18-433" }, { "cve": "CVE-2018-8162", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-432/advisory.json", "detail_path": "advisories/ZDI-18-432", "id": "ZDI-18-432", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Office Excel PtgName Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-432/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5726", "zdi_id": "ZDI-18-432" }, { "cve": "CVE-2018-8163", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-431/advisory.json", "detail_path": "advisories/ZDI-18-431", "id": "ZDI-18-431", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Office Excel Formula Record Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-431/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5725", "zdi_id": "ZDI-18-431" }, { "cve": "CVE-2018-8157", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Graph. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-430/advisory.json", "detail_path": "advisories/ZDI-18-430", "id": "ZDI-18-430", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Office Graph Serialized Data Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-430/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5633", "zdi_id": "ZDI-18-430" }, { "cve": "CVE-2018-8112", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escape the sandbox on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-18-429/advisory.json", "detail_path": "advisories/ZDI-18-429", "id": "ZDI-18-429", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Edge XML File Sandbox Escape Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-429/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5626", "zdi_id": "ZDI-18-429" }, { "cve": "CVE-2018-1021", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-428/advisory.json", "detail_path": "advisories/ZDI-18-428", "id": "ZDI-18-428", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Edge Undo Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-428/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5622", "zdi_id": "ZDI-18-428" }, { "cve": "CVE-2018-8124", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-427/advisory.json", "detail_path": "advisories/ZDI-18-427", "id": "ZDI-18-427", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-427/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5616", "zdi_id": "ZDI-18-427" }, { "cve": "CVE-2018-1000006", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-426/advisory.json", "detail_path": "advisories/ZDI-18-426", "id": "ZDI-18-426", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Microsoft Teams URL Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-426/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5589", "zdi_id": "ZDI-18-426" }, { "cve": "CVE-2018-0288", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-425/advisory.json", "detail_path": "advisories/ZDI-18-425", "id": "ZDI-18-425", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Length Field Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-425/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5599", "zdi_id": "ZDI-18-425" }, { "cve": "CVE-2018-0288", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-18-424/advisory.json", "detail_path": "advisories/ZDI-18-424", "id": "ZDI-18-424", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Length Field Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-424/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5598", "zdi_id": "ZDI-18-424" }, { "cve": "CVE-2018-2418", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-18-423/advisory.json", "detail_path": "advisories/ZDI-18-423", "id": "ZDI-18-423", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "SAP MaxDB Data Link Properties Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-423/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5478", "zdi_id": "ZDI-18-423" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-422/advisory.json", "detail_path": "advisories/ZDI-18-422", "id": "ZDI-18-422", "kind": "published", "published_date": "2018-05-14", "status": "published", "title": "(0Day) Delta Industrial Automation DOPSoft DPA File TagTotalSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-422/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5273", "zdi_id": "ZDI-18-422" }, { "cve": "CVE-2018-10350", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Smart Protection Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of parameters provi...", "detail_json": "/data/advisories/ZDI-18-421/advisory.json", "detail_path": "advisories/ZDI-18-421", "id": "ZDI-18-421", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Smart Protection Server BWListMgmt SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5807", "zdi_id": "ZDI-18-421" }, { "cve": "CVE-2018-10356", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ca...", "detail_json": "/data/advisories/ZDI-18-420/advisory.json", "detail_path": "advisories/ZDI-18-420", "id": "ZDI-18-420", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway requestDomains hidDomains SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-420/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5592", "zdi_id": "ZDI-18-420" }, { "cve": "CVE-2018-10353", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-18-419/advisory.json", "detail_path": "advisories/ZDI-18-419", "id": "ZDI-18-419", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway formChangePass username SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-419/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5594", "zdi_id": "ZDI-18-419" }, { "cve": "CVE-2018-10352", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-18-418/advisory.json", "detail_path": "advisories/ZDI-18-418", "id": "ZDI-18-418", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway formConfiguration saveValue SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-418/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5550", "zdi_id": "ZDI-18-418" }, { "cve": "CVE-2018-6230", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ca...", "detail_json": "/data/advisories/ZDI-18-417/advisory.json", "detail_path": "advisories/ZDI-18-417", "id": "ZDI-18-417", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway emailSearch SearchString SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-417/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5553", "zdi_id": "ZDI-18-417" }, { "cve": "CVE-2018-10354", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas...", "detail_json": "/data/advisories/ZDI-18-416/advisory.json", "detail_path": "advisories/ZDI-18-416", "id": "ZDI-18-416", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway LauncherServer DownloadBlackList Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-416/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5552", "zdi_id": "ZDI-18-416" }, { "cve": "CVE-2018-10351", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ca...", "detail_json": "/data/advisories/ZDI-18-415/advisory.json", "detail_path": "advisories/ZDI-18-415", "id": "ZDI-18-415", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway register2 Client SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-415/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5551", "zdi_id": "ZDI-18-415" }, { "cve": "CVE-2018-6229", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption of Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-18-414/advisory.json", "detail_path": "advisories/ZDI-18-414", "id": "ZDI-18-414", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway editPolicy hidRuleId SQL Injection Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-414/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5534", "zdi_id": "ZDI-18-414" }, { "cve": "CVE-2018-6229", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can...", "detail_json": "/data/advisories/ZDI-18-413/advisory.json", "detail_path": "advisories/ZDI-18-413", "id": "ZDI-18-413", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway editPolicy editRuleId SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-413/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5533", "zdi_id": "ZDI-18-413" }, { "cve": "CVE-2018-6223", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to reset the Administrator password on vulnerable installations of Trend Micro Encryption for Email Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...", "detail_json": "/data/advisories/ZDI-18-412/advisory.json", "detail_path": "advisories/ZDI-18-412", "id": "ZDI-18-412", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway Registration Authentication Bypass Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-412/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5532", "zdi_id": "ZDI-18-412" }, { "cve": "CVE-2018-10355", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to recover user passwords on vulnerable installations of Trend Micro Encryption for Email Gateway. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-18-411/advisory.json", "detail_path": "advisories/ZDI-18-411", "id": "ZDI-18-411", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Encryption for Email Gateway DBCrypto Authentication Weakness Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-411/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5513", "zdi_id": "ZDI-18-411" }, { "cve": "CVE-2018-6236", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-410/advisory.json", "detail_path": "advisories/ZDI-18-410", "id": "ZDI-18-410", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Trend Micro Maximum Security tmusa Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-410/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5500", "zdi_id": "ZDI-18-410" }, { "cve": "CVE-2018-7527", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PI Studio HMI Project Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-18-409/advisory.json", "detail_path": "advisories/ZDI-18-409", "id": "ZDI-18-409", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Wecon PI Studio HMI Project Programmer TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-409/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5506", "zdi_id": "ZDI-18-409" }, { "cve": "CVE-2018-7527", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-18-408/advisory.json", "detail_path": "advisories/ZDI-18-408", "id": "ZDI-18-408", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Wecon LeviStudioU DataLogTool Edit Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-408/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5482", "zdi_id": "ZDI-18-408" }, { "cve": "CVE-2018-7527", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-18-407/advisory.json", "detail_path": "advisories/ZDI-18-407", "id": "ZDI-18-407", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Wecon LeviStudioU DataLogTool History Curve Set Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-407/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5481", "zdi_id": "ZDI-18-407" }, { "cve": "CVE-2018-7527", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-18-406/advisory.json", "detail_path": "advisories/ZDI-18-406", "id": "ZDI-18-406", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-406/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5480", "zdi_id": "ZDI-18-406" }, { "cve": "CVE-2018-10495", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-405/advisory.json", "detail_path": "advisories/ZDI-18-405", "id": "ZDI-18-405", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader PDF Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-405/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5586", "zdi_id": "ZDI-18-405" }, { "cve": "CVE-2018-10494", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-404/advisory.json", "detail_path": "advisories/ZDI-18-404", "id": "ZDI-18-404", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D 3DView Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-404/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5493", "zdi_id": "ZDI-18-404" }, { "cve": "CVE-2018-10493", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-403/advisory.json", "detail_path": "advisories/ZDI-18-403", "id": "ZDI-18-403", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Final Maximum Resolution Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-403/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5426", "zdi_id": "ZDI-18-403" }, { "cve": "CVE-2018-10492", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-402/advisory.json", "detail_path": "advisories/ZDI-18-402", "id": "ZDI-18-402", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Clod Progressive Mesh Continuation Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-402/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5424", "zdi_id": "ZDI-18-402" }, { "cve": "CVE-2018-10491", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-401/advisory.json", "detail_path": "advisories/ZDI-18-401", "id": "ZDI-18-401", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Bone Weight Modifier Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-401/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5423", "zdi_id": "ZDI-18-401" }, { "cve": "CVE-2018-10490", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-400/advisory.json", "detail_path": "advisories/ZDI-18-400", "id": "ZDI-18-400", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D JPEG Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-400/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5422", "zdi_id": "ZDI-18-400" }, { "cve": "CVE-2018-10489", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-399/advisory.json", "detail_path": "advisories/ZDI-18-399", "id": "ZDI-18-399", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Clod Progressive Mesh Declaration Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-399/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5421", "zdi_id": "ZDI-18-399" }, { "cve": "CVE-2018-10488", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-398/advisory.json", "detail_path": "advisories/ZDI-18-398", "id": "ZDI-18-398", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Width Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-398/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5420", "zdi_id": "ZDI-18-398" }, { "cve": "CVE-2018-10487", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-397/advisory.json", "detail_path": "advisories/ZDI-18-397", "id": "ZDI-18-397", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-397/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5419", "zdi_id": "ZDI-18-397" }, { "cve": "CVE-2018-10486", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-396/advisory.json", "detail_path": "advisories/ZDI-18-396", "id": "ZDI-18-396", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Image Index Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-396/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5418", "zdi_id": "ZDI-18-396" }, { "cve": "CVE-2018-10485", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-395/advisory.json", "detail_path": "advisories/ZDI-18-395", "id": "ZDI-18-395", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Height Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-395/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5412", "zdi_id": "ZDI-18-395" }, { "cve": "CVE-2018-10484", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-394/advisory.json", "detail_path": "advisories/ZDI-18-394", "id": "ZDI-18-394", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Node Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-394/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5411", "zdi_id": "ZDI-18-394" }, { "cve": "CVE-2018-10483", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-393/advisory.json", "detail_path": "advisories/ZDI-18-393", "id": "ZDI-18-393", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Clod Progressive Mesh Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-393/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5410", "zdi_id": "ZDI-18-393" }, { "cve": "CVE-2018-10482", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-392/advisory.json", "detail_path": "advisories/ZDI-18-392", "id": "ZDI-18-392", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Image Format Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-392/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5409", "zdi_id": "ZDI-18-392" }, { "cve": "CVE-2018-10481", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-391/advisory.json", "detail_path": "advisories/ZDI-18-391", "id": "ZDI-18-391", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Resource Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-391/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5408", "zdi_id": "ZDI-18-391" }, { "cve": "CVE-2018-10480", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-390/advisory.json", "detail_path": "advisories/ZDI-18-390", "id": "ZDI-18-390", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Node Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-390/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5401", "zdi_id": "ZDI-18-390" }, { "cve": "CVE-2018-10479", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-389/advisory.json", "detail_path": "advisories/ZDI-18-389", "id": "ZDI-18-389", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Key Frame Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-389/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5399", "zdi_id": "ZDI-18-389" }, { "cve": "CVE-2018-10478", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-388/advisory.json", "detail_path": "advisories/ZDI-18-388", "id": "ZDI-18-388", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Coord Dimensions Parsing Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-388/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5397", "zdi_id": "ZDI-18-388" }, { "cve": "CVE-2018-10477", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-387/advisory.json", "detail_path": "advisories/ZDI-18-387", "id": "ZDI-18-387", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Chain Index Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-387/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5396", "zdi_id": "ZDI-18-387" }, { "cve": "CVE-2018-10476", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-386/advisory.json", "detail_path": "advisories/ZDI-18-386", "id": "ZDI-18-386", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Model Node Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-386/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5395", "zdi_id": "ZDI-18-386" }, { "cve": "CVE-2018-10475", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-385/advisory.json", "detail_path": "advisories/ZDI-18-385", "id": "ZDI-18-385", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Light Node Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-385/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5394", "zdi_id": "ZDI-18-385" }, { "cve": "CVE-2018-10474", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-384/advisory.json", "detail_path": "advisories/ZDI-18-384", "id": "ZDI-18-384", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Shading Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-384/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5393", "zdi_id": "ZDI-18-384" }, { "cve": "CVE-2018-10473", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-383/advisory.json", "detail_path": "advisories/ZDI-18-383", "id": "ZDI-18-383", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D CLOD Base Mesh Continuation Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-383/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5392", "zdi_id": "ZDI-18-383" }, { "cve": "CVE-2018-9984", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-382/advisory.json", "detail_path": "advisories/ZDI-18-382", "id": "ZDI-18-382", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Image Channels Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-382/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5495", "zdi_id": "ZDI-18-382" }, { "cve": "CVE-2018-9983", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-381/advisory.json", "detail_path": "advisories/ZDI-18-381", "id": "ZDI-18-381", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-381/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5494", "zdi_id": "ZDI-18-381" }, { "cve": "CVE-2018-9982", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-380/advisory.json", "detail_path": "advisories/ZDI-18-380", "id": "ZDI-18-380", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Width Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-380/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5483", "zdi_id": "ZDI-18-380" }, { "cve": "CVE-2018-9981", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-379/advisory.json", "detail_path": "advisories/ZDI-18-379", "id": "ZDI-18-379", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-379/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5431", "zdi_id": "ZDI-18-379" }, { "cve": "CVE-2018-9980", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-378/advisory.json", "detail_path": "advisories/ZDI-18-378", "id": "ZDI-18-378", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-378/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5430", "zdi_id": "ZDI-18-378" }, { "cve": "CVE-2018-9979", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-377/advisory.json", "detail_path": "advisories/ZDI-18-377", "id": "ZDI-18-377", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Texture Continuation Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-377/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5429", "zdi_id": "ZDI-18-377" }, { "cve": "CVE-2018-9978", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-376/advisory.json", "detail_path": "advisories/ZDI-18-376", "id": "ZDI-18-376", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-376/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5428", "zdi_id": "ZDI-18-376" }, { "cve": "CVE-2018-9977", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-375/advisory.json", "detail_path": "advisories/ZDI-18-375", "id": "ZDI-18-375", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Modifier Chain Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-375/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5427", "zdi_id": "ZDI-18-375" }, { "cve": "CVE-2018-9976", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-374/advisory.json", "detail_path": "advisories/ZDI-18-374", "id": "ZDI-18-374", "kind": "published", "published_date": "2018-05-04", "status": "published", "title": "Foxit Reader U3D Textures Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-05-04", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-374/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5425", "zdi_id": "ZDI-18-374" }, { "cve": "CVE-2018-0763", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-373/advisory.json", "detail_path": "advisories/ZDI-18-373", "id": "ZDI-18-373", "kind": "published", "published_date": "2018-04-25", "status": "published", "title": "Microsoft Edge CSS var Function Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-04-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-373/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5313", "zdi_id": "ZDI-18-373" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-372/advisory.json", "detail_path": "advisories/ZDI-18-372", "id": "ZDI-18-372", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-372/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5257", "zdi_id": "ZDI-18-372" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-371/advisory.json", "detail_path": "advisories/ZDI-18-371", "id": "ZDI-18-371", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-371/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5256", "zdi_id": "ZDI-18-371" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-370/advisory.json", "detail_path": "advisories/ZDI-18-370", "id": "ZDI-18-370", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-370/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5255", "zdi_id": "ZDI-18-370" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-369/advisory.json", "detail_path": "advisories/ZDI-18-369", "id": "ZDI-18-369", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-369/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5254", "zdi_id": "ZDI-18-369" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-368/advisory.json", "detail_path": "advisories/ZDI-18-368", "id": "ZDI-18-368", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-368/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5253", "zdi_id": "ZDI-18-368" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-367/advisory.json", "detail_path": "advisories/ZDI-18-367", "id": "ZDI-18-367", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-367/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5252", "zdi_id": "ZDI-18-367" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-366/advisory.json", "detail_path": "advisories/ZDI-18-366", "id": "ZDI-18-366", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-366/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5251", "zdi_id": "ZDI-18-366" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-365/advisory.json", "detail_path": "advisories/ZDI-18-365", "id": "ZDI-18-365", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Double Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-365/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5250", "zdi_id": "ZDI-18-365" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-364/advisory.json", "detail_path": "advisories/ZDI-18-364", "id": "ZDI-18-364", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM2 File Conversion Double Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-364/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5249", "zdi_id": "ZDI-18-364" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-363/advisory.json", "detail_path": "advisories/ZDI-18-363", "id": "ZDI-18-363", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-363/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5248", "zdi_id": "ZDI-18-363" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-362/advisory.json", "detail_path": "advisories/ZDI-18-362", "id": "ZDI-18-362", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-362/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5247", "zdi_id": "ZDI-18-362" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-361/advisory.json", "detail_path": "advisories/ZDI-18-361", "id": "ZDI-18-361", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-361/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5246", "zdi_id": "ZDI-18-361" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-18-360/advisory.json", "detail_path": "advisories/ZDI-18-360", "id": "ZDI-18-360", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "(0Day) Advantech WebAccess HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-360/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5235", "zdi_id": "ZDI-18-360" }, { "cve": "CVE-2018-9975", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-359/advisory.json", "detail_path": "advisories/ZDI-18-359", "id": "ZDI-18-359", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader shift event Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-359/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5762", "zdi_id": "ZDI-18-359" }, { "cve": "CVE-2018-9974", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-358/advisory.json", "detail_path": "advisories/ZDI-18-358", "id": "ZDI-18-358", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-358/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5895", "zdi_id": "ZDI-18-358" }, { "cve": "CVE-2018-9973", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-357/advisory.json", "detail_path": "advisories/ZDI-18-357", "id": "ZDI-18-357", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader ePub Parsing Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-357/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5758", "zdi_id": "ZDI-18-357" }, { "cve": "CVE-2018-9972", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-356/advisory.json", "detail_path": "advisories/ZDI-18-356", "id": "ZDI-18-356", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-356/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5755", "zdi_id": "ZDI-18-356" }, { "cve": "CVE-2018-9971", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-355/advisory.json", "detail_path": "advisories/ZDI-18-355", "id": "ZDI-18-355", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-355/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5754", "zdi_id": "ZDI-18-355" }, { "cve": "CVE-2018-9970", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-354/advisory.json", "detail_path": "advisories/ZDI-18-354", "id": "ZDI-18-354", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button execEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-354/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5580", "zdi_id": "ZDI-18-354" }, { "cve": "CVE-2018-9969", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-353/advisory.json", "detail_path": "advisories/ZDI-18-353", "id": "ZDI-18-353", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button boundItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-353/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5579", "zdi_id": "ZDI-18-353" }, { "cve": "CVE-2018-9968", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-352/advisory.json", "detail_path": "advisories/ZDI-18-352", "id": "ZDI-18-352", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader TextBox Keystroke Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-352/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5572", "zdi_id": "ZDI-18-352" }, { "cve": "CVE-2018-9967", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-351/advisory.json", "detail_path": "advisories/ZDI-18-351", "id": "ZDI-18-351", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader TextBox Format Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-351/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5571", "zdi_id": "ZDI-18-351" }, { "cve": "CVE-2018-9966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-350/advisory.json", "detail_path": "advisories/ZDI-18-350", "id": "ZDI-18-350", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader TextBox Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-350/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5570", "zdi_id": "ZDI-18-350" }, { "cve": "CVE-2018-9965", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-349/advisory.json", "detail_path": "advisories/ZDI-18-349", "id": "ZDI-18-349", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-349/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5569", "zdi_id": "ZDI-18-349" }, { "cve": "CVE-2018-9964", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-348/advisory.json", "detail_path": "advisories/ZDI-18-348", "id": "ZDI-18-348", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader OCG name Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-348/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5568", "zdi_id": "ZDI-18-348" }, { "cve": "CVE-2018-9963", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-347/advisory.json", "detail_path": "advisories/ZDI-18-347", "id": "ZDI-18-347", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-347/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5549", "zdi_id": "ZDI-18-347" }, { "cve": "CVE-2018-9962", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-346/advisory.json", "detail_path": "advisories/ZDI-18-346", "id": "ZDI-18-346", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Annotation author Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-346/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5435", "zdi_id": "ZDI-18-346" }, { "cve": "CVE-2018-9961", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-345/advisory.json", "detail_path": "advisories/ZDI-18-345", "id": "ZDI-18-345", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Field rect Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-345/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5434", "zdi_id": "ZDI-18-345" }, { "cve": "CVE-2018-9960", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-344/advisory.json", "detail_path": "advisories/ZDI-18-344", "id": "ZDI-18-344", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Field textColor Setter Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-344/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5433", "zdi_id": "ZDI-18-344" }, { "cve": "CVE-2018-9959", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-343/advisory.json", "detail_path": "advisories/ZDI-18-343", "id": "ZDI-18-343", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader pageNum Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-343/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5432", "zdi_id": "ZDI-18-343" }, { "cve": "CVE-2018-9958", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-342/advisory.json", "detail_path": "advisories/ZDI-18-342", "id": "ZDI-18-342", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Text Annotations point Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-342/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5620", "zdi_id": "ZDI-18-342" }, { "cve": "CVE-2018-9957", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-341/advisory.json", "detail_path": "advisories/ZDI-18-341", "id": "ZDI-18-341", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button resetData Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-341/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5618", "zdi_id": "ZDI-18-341" }, { "cve": "CVE-2018-9956", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-340/advisory.json", "detail_path": "advisories/ZDI-18-340", "id": "ZDI-18-340", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button title Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-340/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5617", "zdi_id": "ZDI-18-340" }, { "cve": "CVE-2018-9955", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-339/advisory.json", "detail_path": "advisories/ZDI-18-339", "id": "ZDI-18-339", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button resolveNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-339/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5531", "zdi_id": "ZDI-18-339" }, { "cve": "CVE-2018-9954", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-338/advisory.json", "detail_path": "advisories/ZDI-18-338", "id": "ZDI-18-338", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button y Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-338/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5529", "zdi_id": "ZDI-18-338" }, { "cve": "CVE-2018-9953", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-337/advisory.json", "detail_path": "advisories/ZDI-18-337", "id": "ZDI-18-337", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button resolveNodes Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-337/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5528", "zdi_id": "ZDI-18-337" }, { "cve": "CVE-2018-9952", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-336/advisory.json", "detail_path": "advisories/ZDI-18-336", "id": "ZDI-18-336", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA Button formattedValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-336/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5527", "zdi_id": "ZDI-18-336" }, { "cve": "CVE-2018-9951", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-335/advisory.json", "detail_path": "advisories/ZDI-18-335", "id": "ZDI-18-335", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader CPDF_Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-335/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5414", "zdi_id": "ZDI-18-335" }, { "cve": "CVE-2018-9950", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-334/advisory.json", "detail_path": "advisories/ZDI-18-334", "id": "ZDI-18-334", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-334/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5413", "zdi_id": "ZDI-18-334" }, { "cve": "CVE-2018-9949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-333/advisory.json", "detail_path": "advisories/ZDI-18-333", "id": "ZDI-18-333", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-333/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5473", "zdi_id": "ZDI-18-333" }, { "cve": "CVE-2018-9948", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-332/advisory.json", "detail_path": "advisories/ZDI-18-332", "id": "ZDI-18-332", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader Typed Array Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-332/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5380", "zdi_id": "ZDI-18-332" }, { "cve": "CVE-2018-9947", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-331/advisory.json", "detail_path": "advisories/ZDI-18-331", "id": "ZDI-18-331", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader BMP Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-331/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5472", "zdi_id": "ZDI-18-331" }, { "cve": "CVE-2018-9946", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-330/advisory.json", "detail_path": "advisories/ZDI-18-330", "id": "ZDI-18-330", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader setTimeOut Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-330/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5471", "zdi_id": "ZDI-18-330" }, { "cve": "CVE-2018-9945", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-329/advisory.json", "detail_path": "advisories/ZDI-18-329", "id": "ZDI-18-329", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader getField Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-329/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5382", "zdi_id": "ZDI-18-329" }, { "cve": "CVE-2018-9944", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-328/advisory.json", "detail_path": "advisories/ZDI-18-328", "id": "ZDI-18-328", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader addLink Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-328/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5379", "zdi_id": "ZDI-18-328" }, { "cve": "CVE-2018-9943", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-327/advisory.json", "detail_path": "advisories/ZDI-18-327", "id": "ZDI-18-327", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA openList Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-327/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5377", "zdi_id": "ZDI-18-327" }, { "cve": "CVE-2018-9942", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-326/advisory.json", "detail_path": "advisories/ZDI-18-326", "id": "ZDI-18-326", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA record remove Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-326/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5376", "zdi_id": "ZDI-18-326" }, { "cve": "CVE-2018-9941", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-325/advisory.json", "detail_path": "advisories/ZDI-18-325", "id": "ZDI-18-325", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA record append Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-325/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5375", "zdi_id": "ZDI-18-325" }, { "cve": "CVE-2018-9940", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-324/advisory.json", "detail_path": "advisories/ZDI-18-324", "id": "ZDI-18-324", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA layout sheet Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-324/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5374", "zdi_id": "ZDI-18-324" }, { "cve": "CVE-2018-9939", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-323/advisory.json", "detail_path": "advisories/ZDI-18-323", "id": "ZDI-18-323", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA layout Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-323/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5373", "zdi_id": "ZDI-18-323" }, { "cve": "CVE-2018-9938", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-322/advisory.json", "detail_path": "advisories/ZDI-18-322", "id": "ZDI-18-322", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA absPageSpan Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-322/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5372", "zdi_id": "ZDI-18-322" }, { "cve": "CVE-2018-9937", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-321/advisory.json", "detail_path": "advisories/ZDI-18-321", "id": "ZDI-18-321", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA subform Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-321/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5371", "zdi_id": "ZDI-18-321" }, { "cve": "CVE-2018-9936", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-320/advisory.json", "detail_path": "advisories/ZDI-18-320", "id": "ZDI-18-320", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA field Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-320/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5370", "zdi_id": "ZDI-18-320" }, { "cve": "CVE-2018-9935", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-319/advisory.json", "detail_path": "advisories/ZDI-18-319", "id": "ZDI-18-319", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader addField Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-319/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5312", "zdi_id": "ZDI-18-319" }, { "cve": "CVE-2018-1180", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-318/advisory.json", "detail_path": "advisories/ZDI-18-318", "id": "ZDI-18-318", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader AFSimple_Calculate Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-318/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5491", "zdi_id": "ZDI-18-318" }, { "cve": "CVE-2018-1179", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-317/advisory.json", "detail_path": "advisories/ZDI-18-317", "id": "ZDI-18-317", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader GIF DataSubBlock Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-317/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5490", "zdi_id": "ZDI-18-317" }, { "cve": "CVE-2018-1178", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-316/advisory.json", "detail_path": "advisories/ZDI-18-316", "id": "ZDI-18-316", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader addField Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-316/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5489", "zdi_id": "ZDI-18-316" }, { "cve": "CVE-2018-1177", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-315/advisory.json", "detail_path": "advisories/ZDI-18-315", "id": "ZDI-18-315", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader addAnnot Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-315/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5488", "zdi_id": "ZDI-18-315" }, { "cve": "CVE-2018-1176", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-314/advisory.json", "detail_path": "advisories/ZDI-18-314", "id": "ZDI-18-314", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader ePub Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-314/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5442", "zdi_id": "ZDI-18-314" }, { "cve": "CVE-2018-1175", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-313/advisory.json", "detail_path": "advisories/ZDI-18-313", "id": "ZDI-18-313", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader PrintParams interactive Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-313/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5438", "zdi_id": "ZDI-18-313" }, { "cve": "CVE-2018-1174", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-312/advisory.json", "detail_path": "advisories/ZDI-18-312", "id": "ZDI-18-312", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader PrintParams bitmapDPI Uninitialized Memory Information Disclosure Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-312/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5437", "zdi_id": "ZDI-18-312" }, { "cve": "CVE-2018-1173", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-311/advisory.json", "detail_path": "advisories/ZDI-18-311", "id": "ZDI-18-311", "kind": "published", "published_date": "2018-04-20", "status": "published", "title": "Foxit Reader XFA borderColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-311/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5436", "zdi_id": "ZDI-18-311" }, { "cve": "CVE-2018-0763", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-310/advisory.json", "detail_path": "advisories/ZDI-18-310", "id": "ZDI-18-310", "kind": "published", "published_date": "2018-04-19", "status": "published", "title": "Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-04-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-310/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5322", "zdi_id": "ZDI-18-310" }, { "cve": "CVE-2018-1172", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessChe...", "detail_json": "/data/advisories/ZDI-18-309/advisory.json", "detail_path": "advisories/ZDI-18-309", "id": "ZDI-18-309", "kind": "published", "published_date": "2018-04-19", "status": "published", "title": "The Squid Software Foundation Squid Reverse Proxy sslBumpAccessCheck Null Pointer Dereference Denial of Service Vulnerability", "updated_date": "2018-04-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-309/", "vendor": "The Squid Software Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-6088", "zdi_id": "ZDI-18-309" }, { "cve": "CVE-2018-1000006", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-308/advisory.json", "detail_path": "advisories/ZDI-18-308", "id": "ZDI-18-308", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Microsoft Skype URL Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-04-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-308/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5548", "zdi_id": "ZDI-18-308" }, { "cve": "CVE-2018-2826", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-307/advisory.json", "detail_path": "advisories/ZDI-18-307", "id": "ZDI-18-307", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-307/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5505", "zdi_id": "ZDI-18-307" }, { "cve": "CVE-2018-2825", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-306/advisory.json", "detail_path": "advisories/ZDI-18-306", "id": "ZDI-18-306", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-306/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5504", "zdi_id": "ZDI-18-306" }, { "cve": "CVE-2018-2837", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-305/advisory.json", "detail_path": "advisories/ZDI-18-305", "id": "ZDI-18-305", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle VirtualBox crStateProgramParameters4dvNV Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-305/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5158", "zdi_id": "ZDI-18-305" }, { "cve": "CVE-2018-2836", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-304/advisory.json", "detail_path": "advisories/ZDI-18-304", "id": "ZDI-18-304", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle VirtualBox crUnpackExtendLockArraysEXT Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-304/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5157", "zdi_id": "ZDI-18-304" }, { "cve": "CVE-2018-2835", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-303/advisory.json", "detail_path": "advisories/ZDI-18-303", "id": "ZDI-18-303", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle VirtualBox crStateTrackMatrixNV Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-303/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5156", "zdi_id": "ZDI-18-303" }, { "cve": "CVE-2018-2830", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-302/advisory.json", "detail_path": "advisories/ZDI-18-302", "id": "ZDI-18-302", "kind": "published", "published_date": "2018-04-18", "status": "published", "title": "Oracle VirtualBox crUnpackExtendProgramParameters4fvNV Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-04-18", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-302/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5155", "zdi_id": "ZDI-18-302" }, { "cve": "CVE-2017-11837", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-301/advisory.json", "detail_path": "advisories/ZDI-18-301", "id": "ZDI-18-301", "kind": "published", "published_date": "2018-04-17", "status": "published", "title": "Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-301/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5297", "zdi_id": "ZDI-18-301" }, { "cve": "CVE-2017-11790", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. Interaction with a particular library is required to exploit this vulnerability but specific attack vectors may vary. The specific f...", "detail_json": "/data/advisories/ZDI-18-300/advisory.json", "detail_path": "advisories/ZDI-18-300", "id": "ZDI-18-300", "kind": "published", "published_date": "2018-04-17", "status": "published", "title": "Microsoft Windows URL Moniker Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-300/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4969", "zdi_id": "ZDI-18-300" }, { "cve": "CVE-2018-6491", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu...", "detail_json": "/data/advisories/ZDI-18-299/advisory.json", "detail_path": "advisories/ZDI-18-299", "id": "ZDI-18-299", "kind": "published", "published_date": "2018-04-12", "status": "published", "title": "Hewlett Packard Enterprise Universal CMDB Product Installation File Access Control Privilege Escalation Vulnerability", "updated_date": "2018-04-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-299/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5487", "zdi_id": "ZDI-18-299" }, { "cve": "CVE-2018-0987", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows JScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-18-298/advisory.json", "detail_path": "advisories/ZDI-18-298", "id": "ZDI-18-298", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows JScript defineProperty Use-After-Free Information Disclosure Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-298/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5769", "zdi_id": "ZDI-18-298" }, { "cve": "CVE-2018-0981", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-297/advisory.json", "detail_path": "advisories/ZDI-18-297", "id": "ZDI-18-297", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows VBScript Join Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-297/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5632", "zdi_id": "ZDI-18-297" }, { "cve": "CVE-2018-1000", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-296/advisory.json", "detail_path": "advisories/ZDI-18-296", "id": "ZDI-18-296", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows VBScript Filter Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-296/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5631", "zdi_id": "ZDI-18-296" }, { "cve": "CVE-2018-1001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-295/advisory.json", "detail_path": "advisories/ZDI-18-295", "id": "ZDI-18-295", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows JScript String Manipulation Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-295/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5630", "zdi_id": "ZDI-18-295" }, { "cve": "CVE-2018-0996", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-294/advisory.json", "detail_path": "advisories/ZDI-18-294", "id": "ZDI-18-294", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows JScript String Manipulation Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-294/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5629", "zdi_id": "ZDI-18-294" }, { "cve": "CVE-2018-1008", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-293/advisory.json", "detail_path": "advisories/ZDI-18-293", "id": "ZDI-18-293", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows Font Integer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-293/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5628", "zdi_id": "ZDI-18-293" }, { "cve": "CVE-2018-1011", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-292/advisory.json", "detail_path": "advisories/ZDI-18-292", "id": "ZDI-18-292", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Office Excel Slicer Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-292/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5621", "zdi_id": "ZDI-18-292" }, { "cve": "CVE-2018-1004", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-291/advisory.json", "detail_path": "advisories/ZDI-18-291", "id": "ZDI-18-291", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "Microsoft Windows SAFEARRAY Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-291/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5566", "zdi_id": "ZDI-18-291" }, { "cve": "CVE-2018-8834", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-290/advisory.json", "detail_path": "advisories/ZDI-18-290", "id": "ZDI-18-290", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-FLnet Node Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-290/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5462", "zdi_id": "ZDI-18-290" }, { "cve": "CVE-2018-8834", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-289/advisory.json", "detail_path": "advisories/ZDI-18-289", "id": "ZDI-18-289", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-FLnet Version Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-289/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5454", "zdi_id": "ZDI-18-289" }, { "cve": "CVE-2018-8834", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-288/advisory.json", "detail_path": "advisories/ZDI-18-288", "id": "ZDI-18-288", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-FLnet FLN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-288/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5453", "zdi_id": "ZDI-18-288" }, { "cve": "CVE-2018-7514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-287/advisory.json", "detail_path": "advisories/ZDI-18-287", "id": "ZDI-18-287", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One SBA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-287/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5440", "zdi_id": "ZDI-18-287" }, { "cve": "CVE-2018-8834", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-286/advisory.json", "detail_path": "advisories/ZDI-18-286", "id": "ZDI-18-286", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One Network Configurator Uz01Eip21 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-286/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5439", "zdi_id": "ZDI-18-286" }, { "cve": "CVE-2018-7514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-285/advisory.json", "detail_path": "advisories/ZDI-18-285", "id": "ZDI-18-285", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-Programmer mbsnbcat Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-285/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5406", "zdi_id": "ZDI-18-285" }, { "cve": "CVE-2018-7514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-284/advisory.json", "detail_path": "advisories/ZDI-18-284", "id": "ZDI-18-284", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-FLnet cdmapi32 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-284/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5405", "zdi_id": "ZDI-18-284" }, { "cve": "CVE-2018-7530", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-283/advisory.json", "detail_path": "advisories/ZDI-18-283", "id": "ZDI-18-283", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-283/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5404", "zdi_id": "ZDI-18-283" }, { "cve": "CVE-2018-7514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-282/advisory.json", "detail_path": "advisories/ZDI-18-282", "id": "ZDI-18-282", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-Motion wcscpy Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-282/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5403", "zdi_id": "ZDI-18-282" }, { "cve": "CVE-2018-7514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-281/advisory.json", "detail_path": "advisories/ZDI-18-281", "id": "ZDI-18-281", "kind": "published", "published_date": "2018-04-11", "status": "published", "title": "OMRON CX-One CX-Motion sscanf Stack-based Buffer Overflow Vulnerability", "updated_date": "2018-04-11", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-281/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5402", "zdi_id": "ZDI-18-281" }, { "cve": "CVE-2018-1167", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-280/advisory.json", "detail_path": "advisories/ZDI-18-280", "id": "ZDI-18-280", "kind": "published", "published_date": "2018-04-10", "status": "published", "title": "Spotify Music Player URI parsing Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-04-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-280/", "vendor": "Spotify", "vendor_url": null, "zdi_can": "ZDI-CAN-5501", "zdi_id": "ZDI-18-280" }, { "cve": "CVE-2018-6661", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Intel Security True Key. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-18-279/advisory.json", "detail_path": "advisories/ZDI-18-279", "id": "ZDI-18-279", "kind": "published", "published_date": "2018-04-09", "status": "published", "title": "Intel Security True Key SecureExecute Privilege Escalation Vulnerability", "updated_date": "2018-04-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-279/", "vendor": "Intel Security", "vendor_url": null, "zdi_can": "ZDI-CAN-4882", "zdi_id": "ZDI-18-279" }, { "cve": "CVE-2018-4163", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-278/advisory.json", "detail_path": "advisories/ZDI-18-278", "id": "ZDI-18-278", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari Math sqrt Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-278/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5526", "zdi_id": "ZDI-18-278" }, { "cve": "CVE-2018-4161", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-277/advisory.json", "detail_path": "advisories/ZDI-18-277", "id": "ZDI-18-277", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari Math floor Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-277/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5525", "zdi_id": "ZDI-18-277" }, { "cve": "CVE-2018-4125", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-276/advisory.json", "detail_path": "advisories/ZDI-18-276", "id": "ZDI-18-276", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari Math abs Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-276/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5524", "zdi_id": "ZDI-18-276" }, { "cve": "CVE-2018-4162", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-275/advisory.json", "detail_path": "advisories/ZDI-18-275", "id": "ZDI-18-275", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari Loose Comparison Operator Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-275/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5604", "zdi_id": "ZDI-18-275" }, { "cve": "CVE-2018-4127", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-274/advisory.json", "detail_path": "advisories/ZDI-18-274", "id": "ZDI-18-274", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari RenderLayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-274/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5388", "zdi_id": "ZDI-18-274" }, { "cve": "CVE-2018-4130", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-273/advisory.json", "detail_path": "advisories/ZDI-18-273", "id": "ZDI-18-273", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari WebGL BufferSubData Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-273/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5515", "zdi_id": "ZDI-18-273" }, { "cve": "CVE-2018-4129", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-272/advisory.json", "detail_path": "advisories/ZDI-18-272", "id": "ZDI-18-272", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari TypedArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-272/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5387", "zdi_id": "ZDI-18-272" }, { "cve": "CVE-2018-4122", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-271/advisory.json", "detail_path": "advisories/ZDI-18-271", "id": "ZDI-18-271", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari Spread Operator Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-271/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5558", "zdi_id": "ZDI-18-271" }, { "cve": "CVE-2018-4119", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-270/advisory.json", "detail_path": "advisories/ZDI-18-270", "id": "ZDI-18-270", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-270/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5544", "zdi_id": "ZDI-18-270" }, { "cve": "CVE-2018-6235", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-269/advisory.json", "detail_path": "advisories/ZDI-18-269", "id": "ZDI-18-269", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-269/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5461", "zdi_id": "ZDI-18-269" }, { "cve": "CVE-2018-6234", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers disclose sensitive information on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner...", "detail_json": "/data/advisories/ZDI-18-268/advisory.json", "detail_path": "advisories/ZDI-18-268", "id": "ZDI-18-268", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-268/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5460", "zdi_id": "ZDI-18-268" }, { "cve": "CVE-2018-6233", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-267/advisory.json", "detail_path": "advisories/ZDI-18-267", "id": "ZDI-18-267", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-267/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5459", "zdi_id": "ZDI-18-267" }, { "cve": "CVE-2018-6232", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-266/advisory.json", "detail_path": "advisories/ZDI-18-266", "id": "ZDI-18-266", "kind": "published", "published_date": "2018-04-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-04-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-266/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5458", "zdi_id": "ZDI-18-266" }, { "cve": "CVE-2018-1000006", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Slack Technologies Slack. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-18-265/advisory.json", "detail_path": "advisories/ZDI-18-265", "id": "ZDI-18-265", "kind": "published", "published_date": "2018-03-28", "status": "published", "title": "Slack Technologies Slack URI Parsing Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-04-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-265/", "vendor": "Slack Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-5523", "zdi_id": "ZDI-18-265" }, { "cve": "CVE-2018-0839", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-18-264/advisory.json", "detail_path": "advisories/ZDI-18-264", "id": "ZDI-18-264", "kind": "published", "published_date": "2018-03-26", "status": "published", "title": "Microsoft Edge Select Element Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": "2018-03-26", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-264/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5497", "zdi_id": "ZDI-18-264" }, { "cve": "CVE-2018-5146", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-18-263/advisory.json", "detail_path": "advisories/ZDI-18-263", "id": "ZDI-18-263", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-263/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-5822", "zdi_id": "ZDI-18-263" }, { "cve": "CVE-2018-4897", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-262/advisory.json", "detail_path": "advisories/ZDI-18-262", "id": "ZDI-18-262", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "Adobe Acrobat Pro DC TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-262/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5475", "zdi_id": "ZDI-18-262" }, { "cve": "CVE-2018-7519", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-261/advisory.json", "detail_path": "advisories/ZDI-18-261", "id": "ZDI-18-261", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-261/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5384", "zdi_id": "ZDI-18-261" }, { "cve": "CVE-2018-7525", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-260/advisory.json", "detail_path": "advisories/ZDI-18-260", "id": "ZDI-18-260", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor CDM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-260/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5309", "zdi_id": "ZDI-18-260" }, { "cve": "CVE-2018-7521", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-259/advisory.json", "detail_path": "advisories/ZDI-18-259", "id": "ZDI-18-259", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-259/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5308", "zdi_id": "ZDI-18-259" }, { "cve": "CVE-2018-7521", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-258/advisory.json", "detail_path": "advisories/ZDI-18-258", "id": "ZDI-18-258", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-258/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5307", "zdi_id": "ZDI-18-258" }, { "cve": "CVE-2018-7521", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-257/advisory.json", "detail_path": "advisories/ZDI-18-257", "id": "ZDI-18-257", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-257/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5306", "zdi_id": "ZDI-18-257" }, { "cve": "CVE-2018-7517", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-256/advisory.json", "detail_path": "advisories/ZDI-18-256", "id": "ZDI-18-256", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-256/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5305", "zdi_id": "ZDI-18-256" }, { "cve": "CVE-2018-7521", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-255/advisory.json", "detail_path": "advisories/ZDI-18-255", "id": "ZDI-18-255", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS Alarm Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-255/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5304", "zdi_id": "ZDI-18-255" }, { "cve": "CVE-2018-7523", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-254/advisory.json", "detail_path": "advisories/ZDI-18-254", "id": "ZDI-18-254", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS Scatter Chart Object Double Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-254/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5303", "zdi_id": "ZDI-18-254" }, { "cve": "CVE-2018-7515", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-253/advisory.json", "detail_path": "advisories/ZDI-18-253", "id": "ZDI-18-253", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-253/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5302", "zdi_id": "ZDI-18-253" }, { "cve": "CVE-2018-7515", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-252/advisory.json", "detail_path": "advisories/ZDI-18-252", "id": "ZDI-18-252", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-252/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5301", "zdi_id": "ZDI-18-252" }, { "cve": "CVE-2018-7521", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-251/advisory.json", "detail_path": "advisories/ZDI-18-251", "id": "ZDI-18-251", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-251/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5300", "zdi_id": "ZDI-18-251" }, { "cve": "CVE-2018-7513", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-250/advisory.json", "detail_path": "advisories/ZDI-18-250", "id": "ZDI-18-250", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "OMRON CX-Supervisor SCS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-250/", "vendor": "OMRON", "vendor_url": null, "zdi_can": "ZDI-CAN-5299", "zdi_id": "ZDI-18-250" }, { "cve": "CVE-2018-0763", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-249/advisory.json", "detail_path": "advisories/ZDI-18-249", "id": "ZDI-18-249", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-249/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5547", "zdi_id": "ZDI-18-249" }, { "cve": "CVE-2018-0977", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-248/advisory.json", "detail_path": "advisories/ZDI-18-248", "id": "ZDI-18-248", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows BasicRender Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-248/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5560", "zdi_id": "ZDI-18-248" }, { "cve": "CVE-2018-0889", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-247/advisory.json", "detail_path": "advisories/ZDI-18-247", "id": "ZDI-18-247", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-247/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5447", "zdi_id": "ZDI-18-247" }, { "cve": "CVE-2018-0815", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-246/advisory.json", "detail_path": "advisories/ZDI-18-246", "id": "ZDI-18-246", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-246/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5446", "zdi_id": "ZDI-18-246" }, { "cve": "CVE-2018-0815", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-18-245/advisory.json", "detail_path": "advisories/ZDI-18-245", "id": "ZDI-18-245", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Palette Object Race Condition Information Disclosure Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-245/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5445", "zdi_id": "ZDI-18-245" }, { "cve": "CVE-2018-0815", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-244/advisory.json", "detail_path": "advisories/ZDI-18-244", "id": "ZDI-18-244", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-244/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5444", "zdi_id": "ZDI-18-244" }, { "cve": "CVE-2018-0816", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-18-243/advisory.json", "detail_path": "advisories/ZDI-18-243", "id": "ZDI-18-243", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Font Creation Race Condition Privilege Escalation Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-243/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5443", "zdi_id": "ZDI-18-243" }, { "cve": "CVE-2018-0878", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-242/advisory.json", "detail_path": "advisories/ZDI-18-242", "id": "ZDI-18-242", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Remote Assistance XML External Entity Processing Information Disclosure Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-242/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5378", "zdi_id": "ZDI-18-242" }, { "cve": "CVE-2018-0929", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-241/advisory.json", "detail_path": "advisories/ZDI-18-241", "id": "ZDI-18-241", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Internet Explorer VML textpath Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-241/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5369", "zdi_id": "ZDI-18-241" }, { "cve": "CVE-2018-0855", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-240/advisory.json", "detail_path": "advisories/ZDI-18-240", "id": "ZDI-18-240", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-240/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5319", "zdi_id": "ZDI-18-240" }, { "cve": "CVE-2017-0228", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-239/advisory.json", "detail_path": "advisories/ZDI-18-239", "id": "ZDI-18-239", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Chakra Array.splice Memory Corruption Remote Code Execution Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-239/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5067", "zdi_id": "ZDI-18-239" }, { "cve": "CVE-2018-0763", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-238/advisory.json", "detail_path": "advisories/ZDI-18-238", "id": "ZDI-18-238", "kind": "published", "published_date": "2018-03-19", "status": "published", "title": "Microsoft Edge CQuotes Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-03-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-238/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5485", "zdi_id": "ZDI-18-238" }, { "cve": "CVE-2018-4085", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-237/advisory.json", "detail_path": "advisories/ZDI-18-237", "id": "ZDI-18-237", "kind": "published", "published_date": "2018-03-07", "status": "published", "title": "Apple macOS QuartzCore render_mask Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-237/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5245", "zdi_id": "ZDI-18-237" }, { "cve": "CVE-2018-1171", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-236/advisory.json", "detail_path": "advisories/ZDI-18-236", "id": "ZDI-18-236", "kind": "published", "published_date": "2018-03-07", "status": "published", "title": "Joyent SmartOS DTrace DOF Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": "2018-03-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-236/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-5106", "zdi_id": "ZDI-18-236" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-235/advisory.json", "detail_path": "advisories/ZDI-18-235", "id": "ZDI-18-235", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File SysKeyPwd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-235/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5287", "zdi_id": "ZDI-18-235" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-234/advisory.json", "detail_path": "advisories/ZDI-18-234", "id": "ZDI-18-234", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File ListTotalSize Stack-based Buffer Overrun Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-234/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5286", "zdi_id": "ZDI-18-234" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-233/advisory.json", "detail_path": "advisories/ZDI-18-233", "id": "ZDI-18-233", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File LinkSize Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-233/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5285", "zdi_id": "ZDI-18-233" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-232/advisory.json", "detail_path": "advisories/ZDI-18-232", "id": "ZDI-18-232", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File wTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-232/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5284", "zdi_id": "ZDI-18-232" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-231/advisory.json", "detail_path": "advisories/ZDI-18-231", "id": "ZDI-18-231", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File Application Attribute Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-231/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5283", "zdi_id": "ZDI-18-231" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-230/advisory.json", "detail_path": "advisories/ZDI-18-230", "id": "ZDI-18-230", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File AfterExecMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-230/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5276", "zdi_id": "ZDI-18-230" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-229/advisory.json", "detail_path": "advisories/ZDI-18-229", "id": "ZDI-18-229", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File CloseMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-229/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5275", "zdi_id": "ZDI-18-229" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-228/advisory.json", "detail_path": "advisories/ZDI-18-228", "id": "ZDI-18-228", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File ButtonOnMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-228/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5274", "zdi_id": "ZDI-18-228" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-227/advisory.json", "detail_path": "advisories/ZDI-18-227", "id": "ZDI-18-227", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA FIle BackgroundMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-227/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5272", "zdi_id": "ZDI-18-227" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-226/advisory.json", "detail_path": "advisories/ZDI-18-226", "id": "ZDI-18-226", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DOP File ButtonOffMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-226/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5271", "zdi_id": "ZDI-18-226" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-225/advisory.json", "detail_path": "advisories/ZDI-18-225", "id": "ZDI-18-225", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DOP File BeforeExecMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-225/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5270", "zdi_id": "ZDI-18-225" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-224/advisory.json", "detail_path": "advisories/ZDI-18-224", "id": "ZDI-18-224", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DOP File AfterExecMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-224/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5269", "zdi_id": "ZDI-18-224" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-223/advisory.json", "detail_path": "advisories/ZDI-18-223", "id": "ZDI-18-223", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File ButtonOffMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-223/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5268", "zdi_id": "ZDI-18-223" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-222/advisory.json", "detail_path": "advisories/ZDI-18-222", "id": "ZDI-18-222", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DPA File BeforeExecMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-222/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5267", "zdi_id": "ZDI-18-222" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-221/advisory.json", "detail_path": "advisories/ZDI-18-221", "id": "ZDI-18-221", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DOP File BackgroundMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-221/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5266", "zdi_id": "ZDI-18-221" }, { "cve": "CVE-2018-5476", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-18-220/advisory.json", "detail_path": "advisories/ZDI-18-220", "id": "ZDI-18-220", "kind": "published", "published_date": "2018-03-02", "status": "published", "title": "Delta Industrial Automation DOPSoft DOP File TagTotalSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-02", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-220/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-5265", "zdi_id": "ZDI-18-220" }, { "cve": "CVE-2018-0841", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-219/advisory.json", "detail_path": "advisories/ZDI-18-219", "id": "ZDI-18-219", "kind": "published", "published_date": "2018-02-28", "status": "published", "title": "Microsoft Office Excel XLS File Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-02-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-219/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5470", "zdi_id": "ZDI-18-219" }, { "cve": "CVE-2018-6231", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Trend Micro Smart Protection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials pro...", "detail_json": "/data/advisories/ZDI-18-218/advisory.json", "detail_path": "advisories/ZDI-18-218", "id": "ZDI-18-218", "kind": "published", "published_date": "2018-02-28", "status": "published", "title": "Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability", "updated_date": "2018-02-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5625", "zdi_id": "ZDI-18-218" }, { "cve": "CVE-2017-11253", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-217/advisory.json", "detail_path": "advisories/ZDI-18-217", "id": "ZDI-18-217", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-217/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5236", "zdi_id": "ZDI-18-217" }, { "cve": "CVE-2016-1699", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-216/advisory.json", "detail_path": "advisories/ZDI-18-216", "id": "ZDI-18-216", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-216/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4911", "zdi_id": "ZDI-18-216" }, { "cve": "CVE-2018-1169", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-215/advisory.json", "detail_path": "advisories/ZDI-18-215", "id": "ZDI-18-215", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Amazon Music Player URI parsing Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-215/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-5521", "zdi_id": "ZDI-18-215" }, { "cve": "CVE-2018-1170", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-18-214/advisory.json", "detail_path": "advisories/ZDI-18-214", "id": "ZDI-18-214", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Volkswagen Customer-Link App Protection Mechanism Failure CAN Message Injection Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-214/", "vendor": "Volkswagen", "vendor_url": null, "zdi_can": "ZDI-CAN-5264", "zdi_id": "ZDI-18-214" }, { "cve": "CVE-2018-4911", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-213/advisory.json", "detail_path": "advisories/ZDI-18-213", "id": "ZDI-18-213", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-213/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5557", "zdi_id": "ZDI-18-213" }, { "cve": "CVE-2018-4915", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-212/advisory.json", "detail_path": "advisories/ZDI-18-212", "id": "ZDI-18-212", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC colorConvertPage Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-212/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5508", "zdi_id": "ZDI-18-212" }, { "cve": "CVE-2018-4903", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-211/advisory.json", "detail_path": "advisories/ZDI-18-211", "id": "ZDI-18-211", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-211/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5582", "zdi_id": "ZDI-18-211" }, { "cve": "CVE-2018-4914", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-210/advisory.json", "detail_path": "advisories/ZDI-18-210", "id": "ZDI-18-210", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-210/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5556", "zdi_id": "ZDI-18-210" }, { "cve": "CVE-2018-4916", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-209/advisory.json", "detail_path": "advisories/ZDI-18-209", "id": "ZDI-18-209", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-209/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5467", "zdi_id": "ZDI-18-209" }, { "cve": "CVE-2018-4898", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-208/advisory.json", "detail_path": "advisories/ZDI-18-208", "id": "ZDI-18-208", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-208/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5546", "zdi_id": "ZDI-18-208" }, { "cve": "CVE-2018-4917", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-207/advisory.json", "detail_path": "advisories/ZDI-18-207", "id": "ZDI-18-207", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-207/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5150", "zdi_id": "ZDI-18-207" }, { "cve": "CVE-2018-4918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-206/advisory.json", "detail_path": "advisories/ZDI-18-206", "id": "ZDI-18-206", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-206/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5141", "zdi_id": "ZDI-18-206" }, { "cve": "CVE-2017-16392", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-205/advisory.json", "detail_path": "advisories/ZDI-18-205", "id": "ZDI-18-205", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-205/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5239", "zdi_id": "ZDI-18-205" }, { "cve": "CVE-2017-16392", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-204/advisory.json", "detail_path": "advisories/ZDI-18-204", "id": "ZDI-18-204", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-204/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5223", "zdi_id": "ZDI-18-204" }, { "cve": "CVE-2017-16368", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-203/advisory.json", "detail_path": "advisories/ZDI-18-203", "id": "ZDI-18-203", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-203/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5210", "zdi_id": "ZDI-18-203" }, { "cve": "CVE-2017-16407", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-202/advisory.json", "detail_path": "advisories/ZDI-18-202", "id": "ZDI-18-202", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-202/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5145", "zdi_id": "ZDI-18-202" }, { "cve": "CVE-2017-11306", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-201/advisory.json", "detail_path": "advisories/ZDI-18-201", "id": "ZDI-18-201", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-201/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5144", "zdi_id": "ZDI-18-201" }, { "cve": "CVE-2017-16406", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-200/advisory.json", "detail_path": "advisories/ZDI-18-200", "id": "ZDI-18-200", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-200/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5143", "zdi_id": "ZDI-18-200" }, { "cve": "CVE-2018-4880", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-199/advisory.json", "detail_path": "advisories/ZDI-18-199", "id": "ZDI-18-199", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-199/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5240", "zdi_id": "ZDI-18-199" }, { "cve": "CVE-2017-16407", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-198/advisory.json", "detail_path": "advisories/ZDI-18-198", "id": "ZDI-18-198", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-198/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5142", "zdi_id": "ZDI-18-198" }, { "cve": "CVE-2017-16409", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-197/advisory.json", "detail_path": "advisories/ZDI-18-197", "id": "ZDI-18-197", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_EXTTEXTOUTA Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-197/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5140", "zdi_id": "ZDI-18-197" }, { "cve": "CVE-2018-0761", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-196/advisory.json", "detail_path": "advisories/ZDI-18-196", "id": "ZDI-18-196", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-196/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5316", "zdi_id": "ZDI-18-196" }, { "cve": "CVE-2018-0766", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-195/advisory.json", "detail_path": "advisories/ZDI-18-195", "id": "ZDI-18-195", "kind": "published", "published_date": "2018-02-27", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-27", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-195/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5090", "zdi_id": "ZDI-18-195" }, { "cve": "CVE-2018-4909", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-194/advisory.json", "detail_path": "advisories/ZDI-18-194", "id": "ZDI-18-194", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-194/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5583", "zdi_id": "ZDI-18-194" }, { "cve": "CVE-2018-4890", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-193/advisory.json", "detail_path": "advisories/ZDI-18-193", "id": "ZDI-18-193", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-193/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5225", "zdi_id": "ZDI-18-193" }, { "cve": "CVE-2018-4890", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-192/advisory.json", "detail_path": "advisories/ZDI-18-192", "id": "ZDI-18-192", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-192/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5224", "zdi_id": "ZDI-18-192" }, { "cve": "CVE-2018-4889", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-191/advisory.json", "detail_path": "advisories/ZDI-18-191", "id": "ZDI-18-191", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-191/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5222", "zdi_id": "ZDI-18-191" }, { "cve": "CVE-2018-4891", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-190/advisory.json", "detail_path": "advisories/ZDI-18-190", "id": "ZDI-18-190", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-190/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5226", "zdi_id": "ZDI-18-190" }, { "cve": "CVE-2018-4881", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-189/advisory.json", "detail_path": "advisories/ZDI-18-189", "id": "ZDI-18-189", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-189/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5205", "zdi_id": "ZDI-18-189" }, { "cve": "CVE-2018-4882", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-188/advisory.json", "detail_path": "advisories/ZDI-18-188", "id": "ZDI-18-188", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-188/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5211", "zdi_id": "ZDI-18-188" }, { "cve": "CVE-2018-4892", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-187/advisory.json", "detail_path": "advisories/ZDI-18-187", "id": "ZDI-18-187", "kind": "published", "published_date": "2018-02-24", "status": "published", "title": "Adobe Acrobat Pro DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-24", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-187/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5213", "zdi_id": "ZDI-18-187" }, { "cve": "CVE-2018-4888", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-18-186/advisory.json", "detail_path": "advisories/ZDI-18-186", "id": "ZDI-18-186", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Reader DC XFA dashDot Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-186/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5258", "zdi_id": "ZDI-18-186" }, { "cve": "CVE-2018-4887", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-185/advisory.json", "detail_path": "advisories/ZDI-18-185", "id": "ZDI-18-185", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-185/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5201", "zdi_id": "ZDI-18-185" }, { "cve": "CVE-2018-4886", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-184/advisory.json", "detail_path": "advisories/ZDI-18-184", "id": "ZDI-18-184", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Record Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-184/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5153", "zdi_id": "ZDI-18-184" }, { "cve": "CVE-2018-4886", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-183/advisory.json", "detail_path": "advisories/ZDI-18-183", "id": "ZDI-18-183", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHBLT cxSrc Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-183/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5152", "zdi_id": "ZDI-18-183" }, { "cve": "CVE-2018-4885", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-182/advisory.json", "detail_path": "advisories/ZDI-18-182", "id": "ZDI-18-182", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-182/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5151", "zdi_id": "ZDI-18-182" }, { "cve": "CVE-2018-4884", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-181/advisory.json", "detail_path": "advisories/ZDI-18-181", "id": "ZDI-18-181", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-181/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5149", "zdi_id": "ZDI-18-181" }, { "cve": "CVE-2018-4883", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-180/advisory.json", "detail_path": "advisories/ZDI-18-180", "id": "ZDI-18-180", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_EXTTEXTOUTA Options Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-180/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5147", "zdi_id": "ZDI-18-180" }, { "cve": "CVE-2018-4882", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-179/advisory.json", "detail_path": "advisories/ZDI-18-179", "id": "ZDI-18-179", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-179/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5214", "zdi_id": "ZDI-18-179" }, { "cve": "CVE-2018-4877", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-18-178/advisory.json", "detail_path": "advisories/ZDI-18-178", "id": "ZDI-18-178", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Flash Player QOSProvider attachMediaPlayerItemLoader Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-178/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5381", "zdi_id": "ZDI-18-178" }, { "cve": "CVE-2017-16397", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-177/advisory.json", "detail_path": "advisories/ZDI-18-177", "id": "ZDI-18-177", "kind": "published", "published_date": "2018-02-23", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS cySrc Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-177/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5227", "zdi_id": "ZDI-18-177" }, { "cve": "CVE-2018-4913", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-176/advisory.json", "detail_path": "advisories/ZDI-18-176", "id": "ZDI-18-176", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC XFA picture Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-176/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5509", "zdi_id": "ZDI-18-176" }, { "cve": "CVE-2018-4912", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-175/advisory.json", "detail_path": "advisories/ZDI-18-175", "id": "ZDI-18-175", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-175/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5545", "zdi_id": "ZDI-18-175" }, { "cve": "CVE-2018-4911", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-174/advisory.json", "detail_path": "advisories/ZDI-18-174", "id": "ZDI-18-174", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC Bookmark Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-174/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5577", "zdi_id": "ZDI-18-174" }, { "cve": "CVE-2018-4910", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-173/advisory.json", "detail_path": "advisories/ZDI-18-173", "id": "ZDI-18-173", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC OCG setIntent Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-173/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5578", "zdi_id": "ZDI-18-173" }, { "cve": "CVE-2018-4894", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-172/advisory.json", "detail_path": "advisories/ZDI-18-172", "id": "ZDI-18-172", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC XPS Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-172/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5514", "zdi_id": "ZDI-18-172" }, { "cve": "CVE-2018-4905", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-171/advisory.json", "detail_path": "advisories/ZDI-18-171", "id": "ZDI-18-171", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS TIFF YCbCrCoefficients Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-171/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5464", "zdi_id": "ZDI-18-171" }, { "cve": "CVE-2018-4904", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-170/advisory.json", "detail_path": "advisories/ZDI-18-170", "id": "ZDI-18-170", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS TIFF dir count Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-170/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5463", "zdi_id": "ZDI-18-170" }, { "cve": "CVE-2018-4903", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-169/advisory.json", "detail_path": "advisories/ZDI-18-169", "id": "ZDI-18-169", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS TIFF Software Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-169/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5465", "zdi_id": "ZDI-18-169" }, { "cve": "CVE-2018-4886", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-18-168/advisory.json", "detail_path": "advisories/ZDI-18-168", "id": "ZDI-18-168", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-168/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5466", "zdi_id": "ZDI-18-168" }, { "cve": "CVE-2018-0839", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-167/advisory.json", "detail_path": "advisories/ZDI-18-167", "id": "ZDI-18-167", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Edge Select Element Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-167/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5486", "zdi_id": "ZDI-18-167" }, { "cve": "CVE-2018-0833", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to vulnerable installations of Microsoft Windows. In some cases, user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file, but...", "detail_json": "/data/advisories/ZDI-18-166/advisory.json", "detail_path": "advisories/ZDI-18-166", "id": "ZDI-18-166", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Windows SMB Client Improper Initialization Denial of Service Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-166/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5441", "zdi_id": "ZDI-18-166" }, { "cve": "CVE-2018-0758", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-165/advisory.json", "detail_path": "advisories/ZDI-18-165", "id": "ZDI-18-165", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Chakra String Concatenation Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-165/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5324", "zdi_id": "ZDI-18-165" }, { "cve": "CVE-2018-0755", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-164/advisory.json", "detail_path": "advisories/ZDI-18-164", "id": "ZDI-18-164", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-164/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5314", "zdi_id": "ZDI-18-164" }, { "cve": "CVE-2018-0760", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-163/advisory.json", "detail_path": "advisories/ZDI-18-163", "id": "ZDI-18-163", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-163/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5318", "zdi_id": "ZDI-18-163" }, { "cve": "CVE-2018-0763", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-162/advisory.json", "detail_path": "advisories/ZDI-18-162", "id": "ZDI-18-162", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-162/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5323", "zdi_id": "ZDI-18-162" }, { "cve": "CVE-2018-0796", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-18-161/advisory.json", "detail_path": "advisories/ZDI-18-161", "id": "ZDI-18-161", "kind": "published", "published_date": "2018-02-21", "status": "published", "title": "Microsoft Office Excel Formula Type Confusion Information Disclosure Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-161/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5325", "zdi_id": "ZDI-18-161" }, { "cve": "CVE-2018-5442", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-18-160/advisory.json", "detail_path": "advisories/ZDI-18-160", "id": "ZDI-18-160", "kind": "published", "published_date": "2018-02-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-160/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-5383", "zdi_id": "ZDI-18-160" }, { "cve": "CVE-2018-1166", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-159/advisory.json", "detail_path": "advisories/ZDI-18-159", "id": "ZDI-18-159", "kind": "published", "published_date": "2018-02-12", "status": "published", "title": "Joyent SmartOS SMBIOC_TREE_RELE Use-After-Free Privilege Escalation Vulnerability", "updated_date": "2018-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-159/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-4984", "zdi_id": "ZDI-18-159" }, { "cve": "CVE-2018-1165", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-158/advisory.json", "detail_path": "advisories/ZDI-18-158", "id": "ZDI-18-158", "kind": "published", "published_date": "2018-02-12", "status": "published", "title": "Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": "2018-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-158/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-4983", "zdi_id": "ZDI-18-158" }, { "cve": "CVE-2017-16383", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-18-157/advisory.json", "detail_path": "advisories/ZDI-18-157", "id": "ZDI-18-157", "kind": "published", "published_date": "2018-02-12", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-12", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-157/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5204", "zdi_id": "ZDI-18-157" }, { "cve": "CVE-2017-7171", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-156/advisory.json", "detail_path": "advisories/ZDI-18-156", "id": "ZDI-18-156", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple iOS backboardd Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-156/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5367", "zdi_id": "ZDI-18-156" }, { "cve": "CVE-2017-13885", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-155/advisory.json", "detail_path": "advisories/ZDI-18-155", "id": "ZDI-18-155", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-155/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5366", "zdi_id": "ZDI-18-155" }, { "cve": "CVE-2017-7162", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-154/advisory.json", "detail_path": "advisories/ZDI-18-154", "id": "ZDI-18-154", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "Apple iOS backboardd Double Free Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-154/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5354", "zdi_id": "ZDI-18-154" }, { "cve": "CVE-2017-13884", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-153/advisory.json", "detail_path": "advisories/ZDI-18-153", "id": "ZDI-18-153", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-153/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5353", "zdi_id": "ZDI-18-153" }, { "cve": "CVE-2017-7165", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-152/advisory.json", "detail_path": "advisories/ZDI-18-152", "id": "ZDI-18-152", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari HTMLButtonElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-152/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5352", "zdi_id": "ZDI-18-152" }, { "cve": "CVE-2017-7172", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-18-151/advisory.json", "detail_path": "advisories/ZDI-18-151", "id": "ZDI-18-151", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari UIProcess Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-151/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5345", "zdi_id": "ZDI-18-151" }, { "cve": "CVE-2017-7160", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-150/advisory.json", "detail_path": "advisories/ZDI-18-150", "id": "ZDI-18-150", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari FTL JIT Integer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-150/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5344", "zdi_id": "ZDI-18-150" }, { "cve": "CVE-2017-7162", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-149/advisory.json", "detail_path": "advisories/ZDI-18-149", "id": "ZDI-18-149", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple iOS backboardd Double Free Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-149/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5343", "zdi_id": "ZDI-18-149" }, { "cve": "CVE-2017-13866", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-148/advisory.json", "detail_path": "advisories/ZDI-18-148", "id": "ZDI-18-148", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-148/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5342", "zdi_id": "ZDI-18-148" }, { "cve": "CVE-2017-7171", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-18-147/advisory.json", "detail_path": "advisories/ZDI-18-147", "id": "ZDI-18-147", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple iOS backboardd Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-147/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5341", "zdi_id": "ZDI-18-147" }, { "cve": "CVE-2017-13870", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-18-146/advisory.json", "detail_path": "advisories/ZDI-18-146", "id": "ZDI-18-146", "kind": "published", "published_date": "2018-02-07", "status": "published", "title": "(Pwn2Own) Apple Safari MutationObserver Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-146/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5340", "zdi_id": "ZDI-18-146" }, { "cve": "CVE-2018-1342", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FwRequest class. The issue resul...", "detail_json": "/data/advisories/ZDI-18-145/advisory.json", "detail_path": "advisories/ZDI-18-145", "id": "ZDI-18-145", "kind": "published", "published_date": "2018-02-06", "status": "published", "title": "Novell NetIQ Access Manager FwRequest Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": "2018-02-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-145/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-5088", "zdi_id": "ZDI-18-145" }, { "cve": "CVE-2018-5443", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ProjName pa...", "detail_json": "/data/advisories/ZDI-18-144/advisory.json", "detail_path": "advisories/ZDI-18-144", "id": "ZDI-18-144", "kind": "published", "published_date": "2018-02-06", "status": "published", "title": "Advantech WebAccess Node uMailLogin Proj SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-02-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-144/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5503", "zdi_id": "ZDI-18-144" }, { "cve": "CVE-2018-5443", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the user parame...", "detail_json": "/data/advisories/ZDI-18-143/advisory.json", "detail_path": "advisories/ZDI-18-143", "id": "ZDI-18-143", "kind": "published", "published_date": "2018-02-06", "status": "published", "title": "Advantech WebAccess Node chkLogin2 user SQL Injection Information Disclosure Vulnerability", "updated_date": "2018-02-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-143/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5502", "zdi_id": "ZDI-18-143" }, { "cve": "CVE-2018-5445", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the filename parameter...", "detail_json": "/data/advisories/ZDI-18-142/advisory.json", "detail_path": "advisories/ZDI-18-142", "id": "ZDI-18-142", "kind": "published", "published_date": "2018-02-06", "status": "published", "title": "Advantech WebAccess Node certUpdate filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2018-02-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-142/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5492", "zdi_id": "ZDI-18-142" }, { "cve": "CVE-2018-1168", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-18-141/advisory.json", "detail_path": "advisories/ZDI-18-141", "id": "ZDI-18-141", "kind": "published", "published_date": "2018-02-06", "status": "published", "title": "ABB MicroSCADA Improper Access Control Privilege Escalation Vulnerability", "updated_date": "2018-02-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-141/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-5097", "zdi_id": "ZDI-18-141" }, { "cve": "CVE-2017-8981", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman.e...", "detail_json": "/data/advisories/ZDI-18-140/advisory.json", "detail_path": "advisories/ZDI-18-140", "id": "ZDI-18-140", "kind": "published", "published_date": "2018-01-25", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-01-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-140/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5120", "zdi_id": "ZDI-18-140" }, { "cve": "CVE-2017-8982", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center Smart Connect with Wireless Manager. Authentication is not required to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-18-139/advisory.json", "detail_path": "advisories/ZDI-18-139", "id": "ZDI-18-139", "kind": "published", "published_date": "2018-01-25", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability", "updated_date": "2018-01-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-139/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4757", "zdi_id": "ZDI-18-139" }, { "cve": "CVE-2017-8983", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-18-138/advisory.json", "detail_path": "advisories/ZDI-18-138", "id": "ZDI-18-138", "kind": "published", "published_date": "2018-01-25", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center redirectviewer Directory Traversal Remote Code Execution Vulnerability", "updated_date": "2018-01-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-138/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4905", "zdi_id": "ZDI-18-138" }, { "cve": "CVE-2017-5792", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the eup...", "detail_json": "/data/advisories/ZDI-18-137/advisory.json", "detail_path": "advisories/ZDI-18-137", "id": "ZDI-18-137", "kind": "published", "published_date": "2018-01-25", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": "2018-01-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-137/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4824", "zdi_id": "ZDI-18-137" }, { "cve": "CVE-2017-8980", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authenticatio...", "detail_json": "/data/advisories/ZDI-18-136/advisory.json", "detail_path": "advisories/ZDI-18-136", "id": "ZDI-18-136", "kind": "published", "published_date": "2018-01-25", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_contentOnly Information Disclosure Vulnerability", "updated_date": "2018-01-25", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-136/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-5093", "zdi_id": "ZDI-18-136" }, { "cve": "CVE-2018-1164", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI end...", "detail_json": "/data/advisories/ZDI-18-135/advisory.json", "detail_path": "advisories/ZDI-18-135", "id": "ZDI-18-135", "kind": "published", "published_date": "2018-01-23", "status": "published", "title": "(0Day) ZyXEL P-870H-51 DSL Router Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-135/", "vendor": "ZyXEL", "vendor_url": null, "zdi_can": "ZDI-CAN-4540", "zdi_id": "ZDI-18-135" }, { "cve": null, "cvss": 6.1, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers on the local network to create a denial-of-service condition on the Belkin Wemo Link and Smart Plug device, despite factory resets. Authentication is not required to exploit this vulnerability. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-18-134/advisory.json", "detail_path": "advisories/ZDI-18-134", "id": "ZDI-18-134", "kind": "published", "published_date": "2018-01-23", "status": "published", "title": "(0Day) Belkin Wemo Link and Smart Plug UPNP changeFriendlyName Buffer Overflow Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-134/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-5206", "zdi_id": "ZDI-18-134" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin Wemo Link. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syseventd daemon, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-18-133/advisory.json", "detail_path": "advisories/ZDI-18-133", "id": "ZDI-18-133", "kind": "published", "published_date": "2018-01-23", "status": "published", "title": "(0Day) Belkin Wemo Link syseventd Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-133/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-5095", "zdi_id": "ZDI-18-133" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin NetCam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Wemo SetSmartDev...", "detail_json": "/data/advisories/ZDI-18-132/advisory.json", "detail_path": "advisories/ZDI-18-132", "id": "ZDI-18-132", "kind": "published", "published_date": "2018-01-23", "status": "published", "title": "(0Day) Belkin NetCam SetSmartDevURL Server-Side Request Forgery Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-132/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-4970", "zdi_id": "ZDI-18-132" }, { "cve": "CVE-2017-14803", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadBasicSSOServlet...", "detail_json": "/data/advisories/ZDI-18-131/advisory.json", "detail_path": "advisories/ZDI-18-131", "id": "ZDI-18-131", "kind": "published", "published_date": "2018-01-19", "status": "published", "title": "Novell NetIQ Access Manager OspUIBasicSSODownload Servlet fileInfo1 Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-131/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-5087", "zdi_id": "ZDI-18-131" }, { "cve": "CVE-2017-9315", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability. The specific flaw exists within the disaster recovery password functi...", "detail_json": "/data/advisories/ZDI-18-130/advisory.json", "detail_path": "advisories/ZDI-18-130", "id": "ZDI-18-130", "kind": "published", "published_date": "2018-01-19", "status": "published", "title": "Dahua Technology IP Camera Predictable Password Algorithm Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-130/", "vendor": "Dahua Technology", "vendor_url": null, "zdi_can": "ZDI-CAN-4956", "zdi_id": "ZDI-18-130" }, { "cve": "CVE-2017-14384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Dell EMC Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmConfigMigration servlet,...", "detail_json": "/data/advisories/ZDI-18-129/advisory.json", "detail_path": "advisories/ZDI-18-129", "id": "ZDI-18-129", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Dell EMC Storage Manager EmConfigMigration Servlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-129/", "vendor": "Dell EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-5293", "zdi_id": "ZDI-18-129" }, { "cve": "CVE-2017-16739", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-128/advisory.json", "detail_path": "advisories/ZDI-18-128", "id": "ZDI-18-128", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Wecon LeviStudioU General WriteAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-128/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5311", "zdi_id": "ZDI-18-128" }, { "cve": "CVE-2017-16739", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-127/advisory.json", "detail_path": "advisories/ZDI-18-127", "id": "ZDI-18-127", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Wecon LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-127/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5230", "zdi_id": "ZDI-18-127" }, { "cve": "CVE-2017-16737", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-126/advisory.json", "detail_path": "advisories/ZDI-18-126", "id": "ZDI-18-126", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Wecon LeviStudioU General FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-126/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5229", "zdi_id": "ZDI-18-126" }, { "cve": "CVE-2017-16739", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-18-125/advisory.json", "detail_path": "advisories/ZDI-18-125", "id": "ZDI-18-125", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Wecon LeviStudioU MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-125/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5217", "zdi_id": "ZDI-18-125" }, { "cve": "CVE-2018-4871", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-18-124/advisory.json", "detail_path": "advisories/ZDI-18-124", "id": "ZDI-18-124", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-124/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5310", "zdi_id": "ZDI-18-124" }, { "cve": "CVE-2017-11887", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-18-123/advisory.json", "detail_path": "advisories/ZDI-18-123", "id": "ZDI-18-123", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-123/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5109", "zdi_id": "ZDI-18-123" }, { "cve": "CVE-2018-2690", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-122/advisory.json", "detail_path": "advisories/ZDI-18-122", "id": "ZDI-18-122", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crUnpackPolygonStipple Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-122/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5261", "zdi_id": "ZDI-18-122" }, { "cve": "CVE-2018-2689", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-121/advisory.json", "detail_path": "advisories/ZDI-18-121", "id": "ZDI-18-121", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchDeleteTextures Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-121/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5260", "zdi_id": "ZDI-18-121" }, { "cve": "CVE-2018-2688", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-120/advisory.json", "detail_path": "advisories/ZDI-18-120", "id": "ZDI-18-120", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crUnpackTexGendv Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-120/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5259", "zdi_id": "ZDI-18-120" }, { "cve": "CVE-2018-2687", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-119/advisory.json", "detail_path": "advisories/ZDI-18-119", "id": "ZDI-18-119", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchDeleteProgramsARB Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-119/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5231", "zdi_id": "ZDI-18-119" }, { "cve": "CVE-2018-2686", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-118/advisory.json", "detail_path": "advisories/ZDI-18-118", "id": "ZDI-18-118", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crStatePixelMapuiv Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-118/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5160", "zdi_id": "ZDI-18-118" }, { "cve": "CVE-2018-2685", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-18-117/advisory.json", "detail_path": "advisories/ZDI-18-117", "id": "ZDI-18-117", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle VirtualBox crServerDispatchCallLists Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-117/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5159", "zdi_id": "ZDI-18-117" }, { "cve": "CVE-2018-2616", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-18-116/advisory.json", "detail_path": "advisories/ZDI-18-116", "id": "ZDI-18-116", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle WebLogic Remote Diagnosis Assistant rda_tfa_hrs Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-116/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5033", "zdi_id": "ZDI-18-116" }, { "cve": "CVE-2018-2615", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-18-115/advisory.json", "detail_path": "advisories/ZDI-18-115", "id": "ZDI-18-115", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-115/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5032", "zdi_id": "ZDI-18-115" }, { "cve": "CVE-2018-2617", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle WebLogic Remote Diagnosis Server. The specific flaw exists within the Remote Diagnosis Assistant, which listens on TCP port 8888 when enabled. The issue...", "detail_json": "/data/advisories/ZDI-18-114/advisory.json", "detail_path": "advisories/ZDI-18-114", "id": "ZDI-18-114", "kind": "published", "published_date": "2018-01-18", "status": "published", "title": "Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-114/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-5031", "zdi_id": "ZDI-18-114" }, { "cve": "CVE-2018-3601", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of challenges for auth...", "detail_json": "/data/advisories/ZDI-18-113/advisory.json", "detail_path": "advisories/ZDI-18-113", "id": "ZDI-18-113", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TMCM_MembershipProvider ValidateUser Password Hash Usage Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5233", "zdi_id": "ZDI-18-113" }, { "cve": "CVE-2018-3603", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-112/advisory.json", "detail_path": "advisories/ZDI-18-112", "id": "ZDI-18-112", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager CCGIServlet ID_QUERY_COMMAND_TRACKING_USER_ID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5234", "zdi_id": "ZDI-18-112" }, { "cve": "CVE-2018-3600", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-18-111/advisory.json", "detail_path": "advisories/ZDI-18-111", "id": "ZDI-18-111", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_Processor External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5232", "zdi_id": "ZDI-18-111" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-110/advisory.json", "detail_path": "advisories/ZDI-18-110", "id": "ZDI-18-110", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ThreatDistributedTrail SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5169", "zdi_id": "ZDI-18-110" }, { "cve": "CVE-2018-3607", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-109/advisory.json", "detail_path": "advisories/ZDI-18-109", "id": "ZDI-18-109", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ClearSelectedTreeNode SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5124", "zdi_id": "ZDI-18-109" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-108/advisory.json", "detail_path": "advisories/ZDI-18-108", "id": "ZDI-18-108", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager AntiVirusSummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5125", "zdi_id": "ZDI-18-108" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-107/advisory.json", "detail_path": "advisories/ZDI-18-107", "id": "ZDI-18-107", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ApplicationCompliance SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5126", "zdi_id": "ZDI-18-107" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-106/advisory.json", "detail_path": "advisories/ZDI-18-106", "id": "ZDI-18-106", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ApplicationStatus SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5127", "zdi_id": "ZDI-18-106" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-105/advisory.json", "detail_path": "advisories/ZDI-18-105", "id": "ZDI-18-105", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ComponentCompliance SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5128", "zdi_id": "ZDI-18-105" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-104/advisory.json", "detail_path": "advisories/ZDI-18-104", "id": "ZDI-18-104", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ContentSecuritySummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5129", "zdi_id": "ZDI-18-104" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-103/advisory.json", "detail_path": "advisories/ZDI-18-103", "id": "ZDI-18-103", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager SpywareSummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5132", "zdi_id": "ZDI-18-103" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-102/advisory.json", "detail_path": "advisories/ZDI-18-102", "id": "ZDI-18-102", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager GetChannelList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5133", "zdi_id": "ZDI-18-102" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-101/advisory.json", "detail_path": "advisories/ZDI-18-101", "id": "ZDI-18-101", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager NetworkVirusSummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5134", "zdi_id": "ZDI-18-101" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-100/advisory.json", "detail_path": "advisories/ZDI-18-100", "id": "ZDI-18-100", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager PersonalFirewallSummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5135", "zdi_id": "ZDI-18-100" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-099/advisory.json", "detail_path": "advisories/ZDI-18-099", "id": "ZDI-18-099", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager PolicyResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5136", "zdi_id": "ZDI-18-099" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-098/advisory.json", "detail_path": "advisories/ZDI-18-098", "id": "ZDI-18-098", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager DLPIncidentJobWidget SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5161", "zdi_id": "ZDI-18-098" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-097/advisory.json", "detail_path": "advisories/ZDI-18-097", "id": "ZDI-18-097", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager GetScheduleSubscription SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5162", "zdi_id": "ZDI-18-097" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-096/advisory.json", "detail_path": "advisories/ZDI-18-096", "id": "ZDI-18-096", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager GetOnetimeSubscription SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5163", "zdi_id": "ZDI-18-096" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-095/advisory.json", "detail_path": "advisories/ZDI-18-095", "id": "ZDI-18-095", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager sp_DDI_GetInterestedIPByJobID2 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5164", "zdi_id": "ZDI-18-095" }, { "cve": "CVE-2018-3607", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-094/advisory.json", "detail_path": "advisories/ZDI-18-094", "id": "ZDI-18-094", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager sp_DeleteSelectedTreeNodesByRefKey SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5165", "zdi_id": "ZDI-18-094" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-093/advisory.json", "detail_path": "advisories/ZDI-18-093", "id": "ZDI-18-093", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TemplateMatch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5166", "zdi_id": "ZDI-18-093" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-092/advisory.json", "detail_path": "advisories/ZDI-18-092", "id": "ZDI-18-092", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TemplateMatchByChannel SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5167", "zdi_id": "ZDI-18-092" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-091/advisory.json", "detail_path": "advisories/ZDI-18-091", "id": "ZDI-18-091", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TemplateMatchByTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5168", "zdi_id": "ZDI-18-091" }, { "cve": "CVE-2018-3607", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-090/advisory.json", "detail_path": "advisories/ZDI-18-090", "id": "ZDI-18-090", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager InsertSelectedTreeNodeWithACL SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5123", "zdi_id": "ZDI-18-090" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-089/advisory.json", "detail_path": "advisories/ZDI-18-089", "id": "ZDI-18-089", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager SensitiveFilesOverTime SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5170", "zdi_id": "ZDI-18-089" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-088/advisory.json", "detail_path": "advisories/ZDI-18-088", "id": "ZDI-18-088", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager sCloudService GetProductServerType SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5122", "zdi_id": "ZDI-18-088" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-087/advisory.json", "detail_path": "advisories/ZDI-18-087", "id": "ZDI-18-087", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ViolationStatus SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5172", "zdi_id": "ZDI-18-087" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-086/advisory.json", "detail_path": "advisories/ZDI-18-086", "id": "ZDI-18-086", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager WebSecuritySummary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5173", "zdi_id": "ZDI-18-086" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-085/advisory.json", "detail_path": "advisories/ZDI-18-085", "id": "ZDI-18-085", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager UserStatusBySeverity SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5174", "zdi_id": "ZDI-18-085" }, { "cve": "CVE-2018-3604", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-084/advisory.json", "detail_path": "advisories/ZDI-18-084", "id": "ZDI-18-084", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager GetRuleList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5175", "zdi_id": "ZDI-18-084" }, { "cve": "CVE-2018-3606", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-083/advisory.json", "detail_path": "advisories/ZDI-18-083", "id": "ZDI-18-083", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ThreatStastics SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5176", "zdi_id": "ZDI-18-083" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-082/advisory.json", "detail_path": "advisories/ZDI-18-082", "id": "ZDI-18-082", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopViolatorsByChannel SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5177", "zdi_id": "ZDI-18-082" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-081/advisory.json", "detail_path": "advisories/ZDI-18-081", "id": "ZDI-18-081", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ViolationCnt SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5178", "zdi_id": "ZDI-18-081" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-080/advisory.json", "detail_path": "advisories/ZDI-18-080", "id": "ZDI-18-080", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopXThreatTrail SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5179", "zdi_id": "ZDI-18-080" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-079/advisory.json", "detail_path": "advisories/ZDI-18-079", "id": "ZDI-18-079", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopViolatorsByTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5180", "zdi_id": "ZDI-18-079" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-078/advisory.json", "detail_path": "advisories/ZDI-18-078", "id": "ZDI-18-078", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopXThreat SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5181", "zdi_id": "ZDI-18-078" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-077/advisory.json", "detail_path": "advisories/ZDI-18-077", "id": "ZDI-18-077", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ViolationCntByChannel SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5182", "zdi_id": "ZDI-18-077" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-076/advisory.json", "detail_path": "advisories/ZDI-18-076", "id": "ZDI-18-076", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopViolators SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5183", "zdi_id": "ZDI-18-076" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-075/advisory.json", "detail_path": "advisories/ZDI-18-075", "id": "ZDI-18-075", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopTemplateByChannel SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5184", "zdi_id": "ZDI-18-075" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-074/advisory.json", "detail_path": "advisories/ZDI-18-074", "id": "ZDI-18-074", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopTemplateMatches SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5185", "zdi_id": "ZDI-18-074" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-073/advisory.json", "detail_path": "advisories/ZDI-18-073", "id": "ZDI-18-073", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopViolationPolicy SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5186", "zdi_id": "ZDI-18-073" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-072/advisory.json", "detail_path": "advisories/ZDI-18-072", "id": "ZDI-18-072", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopSensitiveMachines SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5187", "zdi_id": "ZDI-18-072" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-071/advisory.json", "detail_path": "advisories/ZDI-18-071", "id": "ZDI-18-071", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopSensitiveFilesDetected SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5188", "zdi_id": "ZDI-18-071" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-070/advisory.json", "detail_path": "advisories/ZDI-18-070", "id": "ZDI-18-070", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager TopChannelByTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5189", "zdi_id": "ZDI-18-070" }, { "cve": "CVE-2018-3605", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-069/advisory.json", "detail_path": "advisories/ZDI-18-069", "id": "ZDI-18-069", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager ViolationCntByTemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5171", "zdi_id": "ZDI-18-069" }, { "cve": "CVE-2018-3602", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-18-068/advisory.json", "detail_path": "advisories/ZDI-18-068", "id": "ZDI-18-068", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_Processor ProductLogQuery SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5121", "zdi_id": "ZDI-18-068" }, { "cve": "CVE-2018-3604", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is cal...", "detail_json": "/data/advisories/ZDI-18-067/advisory.json", "detail_path": "advisories/ZDI-18-067", "id": "ZDI-18-067", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5107", "zdi_id": "ZDI-18-067" }, { "cve": "CVE-2018-0772", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-18-066/advisory.json", "detail_path": "advisories/ZDI-18-066", "id": "ZDI-18-066", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Microsoft Chakra Memory Allocator Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-066/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5484", "zdi_id": "ZDI-18-066" }, { "cve": "CVE-2017-16716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Advantech WebAccess. The specific flaw exists within processing of the Login method of the BWSCADASoap entry point. When parsing the ProjectName and Username el...", "detail_json": "/data/advisories/ZDI-18-065/advisory.json", "detail_path": "advisories/ZDI-18-065", "id": "ZDI-18-065", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BWSCADASoap Login Method SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-065/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5407", "zdi_id": "ZDI-18-065" }, { "cve": "CVE-2017-16716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Advantech WebAccess. The specific flaw exists within the ChkAdminViewUsrPwd method of the gChkUser.asp servlet, called by the gmap.asp servlet. When parsing the...", "detail_json": "/data/advisories/ZDI-18-064/advisory.json", "detail_path": "advisories/ZDI-18-064", "id": "ZDI-18-064", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess gChkUser ChkAdminViewUsrPwd SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-064/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5398", "zdi_id": "ZDI-18-064" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2721 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-063/advisory.json", "detail_path": "advisories/ZDI-18-063", "id": "ZDI-18-063", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Arbitrary Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-063/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5066", "zdi_id": "ZDI-18-063" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwSyn...", "detail_json": "/data/advisories/ZDI-18-062/advisory.json", "detail_path": "advisories/ZDI-18-062", "id": "ZDI-18-062", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwSyncDb Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-062/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5065", "zdi_id": "ZDI-18-062" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwOpc...", "detail_json": "/data/advisories/ZDI-18-061/advisory.json", "detail_path": "advisories/ZDI-18-061", "id": "ZDI-18-061", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwOpcImg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-061/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5064", "zdi_id": "ZDI-18-061" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwscr...", "detail_json": "/data/advisories/ZDI-18-060/advisory.json", "detail_path": "advisories/ZDI-18-060", "id": "ZDI-18-060", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-060/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5063", "zdi_id": "ZDI-18-060" }, { "cve": "CVE-2017-16728", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the cnvlg...", "detail_json": "/data/advisories/ZDI-18-059/advisory.json", "detail_path": "advisories/ZDI-18-059", "id": "ZDI-18-059", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess cnvlgxtag Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-059/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5062", "zdi_id": "ZDI-18-059" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the Notif...", "detail_json": "/data/advisories/ZDI-18-058/advisory.json", "detail_path": "advisories/ZDI-18-058", "id": "ZDI-18-058", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess Notify2 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-058/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5061", "zdi_id": "ZDI-18-058" }, { "cve": "CVE-2017-16728", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of RPC packets in the webvrpcs p...", "detail_json": "/data/advisories/ZDI-18-057/advisory.json", "detail_path": "advisories/ZDI-18-057", "id": "ZDI-18-057", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-057/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5060", "zdi_id": "ZDI-18-057" }, { "cve": "CVE-2017-16720", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DelIcon method in gmicons.asp. The issue...", "detail_json": "/data/advisories/ZDI-18-056/advisory.json", "detail_path": "advisories/ZDI-18-056", "id": "ZDI-18-056", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess DelIcon Directory Traversal File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-056/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5058", "zdi_id": "ZDI-18-056" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the picfile parameter in gmicons.asp. The is...", "detail_json": "/data/advisories/ZDI-18-055/advisory.json", "detail_path": "advisories/ZDI-18-055", "id": "ZDI-18-055", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess picfile File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-055/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5057", "zdi_id": "ZDI-18-055" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BWRPs...", "detail_json": "/data/advisories/ZDI-18-054/advisory.json", "detail_path": "advisories/ZDI-18-054", "id": "ZDI-18-054", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BWRPswd Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-054/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5055", "zdi_id": "ZDI-18-054" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwPSL...", "detail_json": "/data/advisories/ZDI-18-053/advisory.json", "detail_path": "advisories/ZDI-18-053", "id": "ZDI-18-053", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwPSLinkZip Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-053/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5054", "zdi_id": "ZDI-18-053" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwthi...", "detail_json": "/data/advisories/ZDI-18-052/advisory.json", "detail_path": "advisories/ZDI-18-052", "id": "ZDI-18-052", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-052/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5053", "zdi_id": "ZDI-18-052" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwFre...", "detail_json": "/data/advisories/ZDI-18-051/advisory.json", "detail_path": "advisories/ZDI-18-051", "id": "ZDI-18-051", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwFreRPT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-051/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5051", "zdi_id": "ZDI-18-051" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwSyn...", "detail_json": "/data/advisories/ZDI-18-050/advisory.json", "detail_path": "advisories/ZDI-18-050", "id": "ZDI-18-050", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwSyncLg Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-050/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5052", "zdi_id": "ZDI-18-050" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwOpc...", "detail_json": "/data/advisories/ZDI-18-049/advisory.json", "detail_path": "advisories/ZDI-18-049", "id": "ZDI-18-049", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwOpcBs Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-049/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5050", "zdi_id": "ZDI-18-049" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwprt...", "detail_json": "/data/advisories/ZDI-18-048/advisory.json", "detail_path": "advisories/ZDI-18-048", "id": "ZDI-18-048", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwprtscr Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-048/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5049", "zdi_id": "ZDI-18-048" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwmai...", "detail_json": "/data/advisories/ZDI-18-047/advisory.json", "detail_path": "advisories/ZDI-18-047", "id": "ZDI-18-047", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwmail Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-047/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5048", "zdi_id": "ZDI-18-047" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the jpegc...", "detail_json": "/data/advisories/ZDI-18-046/advisory.json", "detail_path": "advisories/ZDI-18-046", "id": "ZDI-18-046", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess jpegconv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-046/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5047", "zdi_id": "ZDI-18-046" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the BwNod...", "detail_json": "/data/advisories/ZDI-18-045/advisory.json", "detail_path": "advisories/ZDI-18-045", "id": "ZDI-18-045", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess BwNodeIP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-045/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5046", "zdi_id": "ZDI-18-045" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwwfa...", "detail_json": "/data/advisories/ZDI-18-044/advisory.json", "detail_path": "advisories/ZDI-18-044", "id": "ZDI-18-044", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwwfaa Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-044/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5045", "zdi_id": "ZDI-18-044" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwstw...", "detail_json": "/data/advisories/ZDI-18-043/advisory.json", "detail_path": "advisories/ZDI-18-043", "id": "ZDI-18-043", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwstwww Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-043/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5044", "zdi_id": "ZDI-18-043" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the DrawC...", "detail_json": "/data/advisories/ZDI-18-042/advisory.json", "detail_path": "advisories/ZDI-18-042", "id": "ZDI-18-042", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess DrawCMD Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-042/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5043", "zdi_id": "ZDI-18-042" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwstm...", "detail_json": "/data/advisories/ZDI-18-041/advisory.json", "detail_path": "advisories/ZDI-18-041", "id": "ZDI-18-041", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwstmps Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-041/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5042", "zdi_id": "ZDI-18-041" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e6 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-040/advisory.json", "detail_path": "advisories/ZDI-18-040", "id": "ZDI-18-040", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLNumParams Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-040/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5010", "zdi_id": "ZDI-18-040" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e7 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-039/advisory.json", "detail_path": "advisories/ZDI-18-039", "id": "ZDI-18-039", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLNumResultCols Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-039/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5007", "zdi_id": "ZDI-18-039" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e4 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-038/advisory.json", "detail_path": "advisories/ZDI-18-038", "id": "ZDI-18-038", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLExecDirect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-038/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5006", "zdi_id": "ZDI-18-038" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e8 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-037/advisory.json", "detail_path": "advisories/ZDI-18-037", "id": "ZDI-18-037", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLDescribeParam Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-037/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5005", "zdi_id": "ZDI-18-037" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27ea IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-036/advisory.json", "detail_path": "advisories/ZDI-18-036", "id": "ZDI-18-036", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLExecute Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-036/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5004", "zdi_id": "ZDI-18-036" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e9 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-035/advisory.json", "detail_path": "advisories/ZDI-18-035", "id": "ZDI-18-035", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLSetParam Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-035/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5003", "zdi_id": "ZDI-18-035" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e5 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-034/advisory.json", "detail_path": "advisories/ZDI-18-034", "id": "ZDI-18-034", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLPrepare Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-034/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5002", "zdi_id": "ZDI-18-034" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27f1 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-033/advisory.json", "detail_path": "advisories/ZDI-18-033", "id": "ZDI-18-033", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLFetch Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-033/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5001", "zdi_id": "ZDI-18-033" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27ed IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-032/advisory.json", "detail_path": "advisories/ZDI-18-032", "id": "ZDI-18-032", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLPutData Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-032/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-5000", "zdi_id": "ZDI-18-032" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27ec IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-031/advisory.json", "detail_path": "advisories/ZDI-18-031", "id": "ZDI-18-031", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLParamData Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-031/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4999", "zdi_id": "ZDI-18-031" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27f2 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-030/advisory.json", "detail_path": "advisories/ZDI-18-030", "id": "ZDI-18-030", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLFetchScroll Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-030/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4998", "zdi_id": "ZDI-18-030" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27eb IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-029/advisory.json", "detail_path": "advisories/ZDI-18-029", "id": "ZDI-18-029", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLCancel Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-029/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4997", "zdi_id": "ZDI-18-029" }, { "cve": "CVE-2017-16716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within mSignin.asp. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-18-028/advisory.json", "detail_path": "advisories/ZDI-18-028", "id": "ZDI-18-028", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess mSignin SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-028/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4996", "zdi_id": "ZDI-18-028" }, { "cve": "CVE-2017-16716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within ChkAdminViewUsrPwd1, called from LogList.asp...", "detail_json": "/data/advisories/ZDI-18-027/advisory.json", "detail_path": "advisories/ZDI-18-027", "id": "ZDI-18-027", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess LogList ChkAdminViewUsrPwd1 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-027/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4995", "zdi_id": "ZDI-18-027" }, { "cve": "CVE-2017-16716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within ChkAdminViewUsrPwd1, called from mailPg.asp....", "detail_json": "/data/advisories/ZDI-18-026/advisory.json", "detail_path": "advisories/ZDI-18-026", "id": "ZDI-18-026", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess mailPg ChkAdminViewUsrPwd1 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-026/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4994", "zdi_id": "ZDI-18-026" }, { "cve": "CVE-2017-16724", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwMQT...", "detail_json": "/data/advisories/ZDI-18-025/advisory.json", "detail_path": "advisories/ZDI-18-025", "id": "ZDI-18-025", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess bwMQTT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-025/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4993", "zdi_id": "ZDI-18-025" }, { "cve": "CVE-2017-16720", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2711 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-024/advisory.json", "detail_path": "advisories/ZDI-18-024", "id": "ZDI-18-024", "kind": "published", "published_date": "2018-09-13", "status": "published", "title": "Advantech WebAccess webvrpcs Command Injection Remote Code Execution Vulnerability", "updated_date": "2018-09-13", "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-024/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4992", "zdi_id": "ZDI-18-024" }, { "cve": "CVE-2017-16724", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the maken...", "detail_json": "/data/advisories/ZDI-18-023/advisory.json", "detail_path": "advisories/ZDI-18-023", "id": "ZDI-18-023", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-023/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4991", "zdi_id": "ZDI-18-023" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e3 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-022/advisory.json", "detail_path": "advisories/ZDI-18-022", "id": "ZDI-18-022", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLSetStmtAttr Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-022/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4975", "zdi_id": "ZDI-18-022" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e2 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-021/advisory.json", "detail_path": "advisories/ZDI-18-021", "id": "ZDI-18-021", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLFreeStmt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-021/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4974", "zdi_id": "ZDI-18-021" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27e1 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-020/advisory.json", "detail_path": "advisories/ZDI-18-020", "id": "ZDI-18-020", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLAllocStmt Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-020/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4973", "zdi_id": "ZDI-18-020" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27dd IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-019/advisory.json", "detail_path": "advisories/ZDI-18-019", "id": "ZDI-18-019", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLDisconnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-019/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4966", "zdi_id": "ZDI-18-019" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27db IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-018/advisory.json", "detail_path": "advisories/ZDI-18-018", "id": "ZDI-18-018", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLFreeConnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-018/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4965", "zdi_id": "ZDI-18-018" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27d9 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-017/advisory.json", "detail_path": "advisories/ZDI-18-017", "id": "ZDI-18-017", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLFreeEnv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-017/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4964", "zdi_id": "ZDI-18-017" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27da IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-016/advisory.json", "detail_path": "advisories/ZDI-18-016", "id": "ZDI-18-016", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLSetEnvAttr Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-016/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4963", "zdi_id": "ZDI-18-016" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277f IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-015/advisory.json", "detail_path": "advisories/ZDI-18-015", "id": "ZDI-18-015", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-015/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4962", "zdi_id": "ZDI-18-015" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27dc IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-014/advisory.json", "detail_path": "advisories/ZDI-18-014", "id": "ZDI-18-014", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLConnect Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-014/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4961", "zdi_id": "ZDI-18-014" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2780 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-013/advisory.json", "detail_path": "advisories/ZDI-18-013", "id": "ZDI-18-013", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-013/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4960", "zdi_id": "ZDI-18-013" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2781 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-012/advisory.json", "detail_path": "advisories/ZDI-18-012", "id": "ZDI-18-012", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-012/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4959", "zdi_id": "ZDI-18-012" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27de IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-011/advisory.json", "detail_path": "advisories/ZDI-18-011", "id": "ZDI-18-011", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv SQLSetConnectOption Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-011/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4958", "zdi_id": "ZDI-18-011" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x277d IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-010/advisory.json", "detail_path": "advisories/ZDI-18-010", "id": "ZDI-18-010", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-010/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4953", "zdi_id": "ZDI-18-010" }, { "cve": "CVE-2017-16728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in th...", "detail_json": "/data/advisories/ZDI-18-009/advisory.json", "detail_path": "advisories/ZDI-18-009", "id": "ZDI-18-009", "kind": "published", "published_date": "2018-01-05", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-009/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4952", "zdi_id": "ZDI-18-009" }, { "cve": "CVE-2018-0104", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-008/advisory.json", "detail_path": "advisories/ZDI-18-008", "id": "ZDI-18-008", "kind": "published", "published_date": "2018-01-03", "status": "published", "title": "Cisco WebEx ARF File DLL Planting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-008/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5008", "zdi_id": "ZDI-18-008" }, { "cve": "CVE-2018-0103", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-18-007/advisory.json", "detail_path": "advisories/ZDI-18-007", "id": "ZDI-18-007", "kind": "published", "published_date": "2018-01-03", "status": "published", "title": "Cisco WebEx ARF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-007/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4913", "zdi_id": "ZDI-18-007" }, { "cve": "CVE-2018-1163", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to b...", "detail_json": "/data/advisories/ZDI-18-006/advisory.json", "detail_path": "advisories/ZDI-18-006", "id": "ZDI-18-006", "kind": "published", "published_date": "2018-01-16", "status": "published", "title": "(0Day) Quest NetVault Backup Server checksession Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-006/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4752", "zdi_id": "ZDI-18-006" }, { "cve": "CVE-2018-1162", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily byp...", "detail_json": "/data/advisories/ZDI-18-005/advisory.json", "detail_path": "advisories/ZDI-18-005", "id": "ZDI-18-005", "kind": "published", "published_date": "2018-01-16", "status": "published", "title": "(0Day) Quest NetVault Backup Server Process Manager Service Export Method Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-005/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4222", "zdi_id": "ZDI-18-005" }, { "cve": "CVE-2018-1161", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary...", "detail_json": "/data/advisories/ZDI-18-004/advisory.json", "detail_path": "advisories/ZDI-18-004", "id": "ZDI-18-004", "kind": "published", "published_date": "2018-01-16", "status": "published", "title": "(0Day) Quest NetVault Backup Process Manager Service Multipart Boundary Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-004/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4215", "zdi_id": "ZDI-18-004" }, { "cve": "CVE-2017-8977", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-18-003/advisory.json", "detail_path": "advisories/ZDI-18-003", "id": "ZDI-18-003", "kind": "published", "published_date": "2018-01-03", "status": "published", "title": "Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance server_response Directory Traversal Denial Of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-003/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4945", "zdi_id": "ZDI-18-003" }, { "cve": "CVE-2017-8975", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the khu...", "detail_json": "/data/advisories/ZDI-18-002/advisory.json", "detail_path": "advisories/ZDI-18-002", "id": "ZDI-18-002", "kind": "published", "published_date": "2018-01-03", "status": "published", "title": "Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance khuploadfile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-002/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4943", "zdi_id": "ZDI-18-002" }, { "cve": "CVE-2017-8976", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the khu...", "detail_json": "/data/advisories/ZDI-18-001/advisory.json", "detail_path": "advisories/ZDI-18-001", "id": "ZDI-18-001", "kind": "published", "published_date": "2018-01-03", "status": "published", "title": "Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance khuploadfile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-001/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4944", "zdi_id": "ZDI-18-001" }, { "cve": "CVE-2017-15316", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei Mate 9 Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-17-1017/advisory.json", "detail_path": "advisories/ZDI-17-1017", "id": "ZDI-17-1017", "kind": "published", "published_date": "2018-06-08", "status": "published", "title": "Huawei Mate 9 Pro Mali Double Free Privilege Escalation Vulnerability", "updated_date": "2018-06-08", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1017/", "vendor": "Huawei", "vendor_url": null, "zdi_can": "ZDI-CAN-5337", "zdi_id": "ZDI-17-1017" }, { "cve": "CVE-2017-11889", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-1016/advisory.json", "detail_path": "advisories/ZDI-17-1016", "id": "ZDI-17-1016", "kind": "published", "published_date": "2018-04-16", "status": "published", "title": "Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-04-16", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5321", "zdi_id": "ZDI-17-1016" }, { "cve": "CVE-2017-11837", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-1015/advisory.json", "detail_path": "advisories/ZDI-17-1015", "id": "ZDI-17-1015", "kind": "published", "published_date": "2018-03-23", "status": "published", "title": "Microsoft Windows JavaScript Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": "2018-03-23", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1015/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5215", "zdi_id": "ZDI-17-1015" }, { "cve": "CVE-2017-11835", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-1014/advisory.json", "detail_path": "advisories/ZDI-17-1014", "id": "ZDI-17-1014", "kind": "published", "published_date": "2018-03-07", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5315", "zdi_id": "ZDI-17-1014" }, { "cve": "CVE-2017-11308", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-1013/advisory.json", "detail_path": "advisories/ZDI-17-1013", "id": "ZDI-17-1013", "kind": "published", "published_date": "2018-03-07", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-07", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1013/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5154", "zdi_id": "ZDI-17-1013" }, { "cve": "CVE-2017-11240", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-1012/advisory.json", "detail_path": "advisories/ZDI-17-1012", "id": "ZDI-17-1012", "kind": "published", "published_date": "2018-03-06", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1012/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5148", "zdi_id": "ZDI-17-1012" }, { "cve": "CVE-2017-11307", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-1011/advisory.json", "detail_path": "advisories/ZDI-17-1011", "id": "ZDI-17-1011", "kind": "published", "published_date": "2018-03-06", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1011/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5146", "zdi_id": "ZDI-17-1011" }, { "cve": "CVE-2017-11835", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-1010/advisory.json", "detail_path": "advisories/ZDI-17-1010", "id": "ZDI-17-1010", "kind": "published", "published_date": "2018-03-06", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": "2018-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1010/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5317", "zdi_id": "ZDI-17-1010" }, { "cve": "CVE-2017-15532", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the export servlet. When parsing...", "detail_json": "/data/advisories/ZDI-17-1009/advisory.json", "detail_path": "advisories/ZDI-17-1009", "id": "ZDI-17-1009", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1009/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-4755", "zdi_id": "ZDI-17-1009" }, { "cve": "CVE-2017-17032", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the USER_NAME parameter provided to the...", "detail_json": "/data/advisories/ZDI-17-1008/advisory.json", "detail_path": "advisories/ZDI-17-1008", "id": "ZDI-17-1008", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1008/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5280", "zdi_id": "ZDI-17-1008" }, { "cve": "CVE-2017-17033", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the lang parameter provided to the sysi...", "detail_json": "/data/advisories/ZDI-17-1007/advisory.json", "detail_path": "advisories/ZDI-17-1007", "id": "ZDI-17-1007", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS Web sysinfoReq Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1007/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5279", "zdi_id": "ZDI-17-1007" }, { "cve": "CVE-2017-17031", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the OLD_PASSWORD parameter provided to...", "detail_json": "/data/advisories/ZDI-17-1006/advisory.json", "detail_path": "advisories/ZDI-17-1006", "id": "ZDI-17-1006", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1006/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5278", "zdi_id": "ZDI-17-1006" }, { "cve": "CVE-2017-17030", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within authLogin.cgi. When parsing the Host header, the proces...", "detail_json": "/data/advisories/ZDI-17-1005/advisory.json", "detail_path": "advisories/ZDI-17-1005", "id": "ZDI-17-1005", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS authLogin Host Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1005/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5263", "zdi_id": "ZDI-17-1005" }, { "cve": "CVE-2017-17029", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within authLogin.cgi. When parsing the X-Forwarded-For header,...", "detail_json": "/data/advisories/ZDI-17-1004/advisory.json", "detail_path": "advisories/ZDI-17-1004", "id": "ZDI-17-1004", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS authLogin Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1004/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5262", "zdi_id": "ZDI-17-1004" }, { "cve": "CVE-2017-17028", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within devRequest.cgi. When parsing the password parameter, th...", "detail_json": "/data/advisories/ZDI-17-1003/advisory.json", "detail_path": "advisories/ZDI-17-1003", "id": "ZDI-17-1003", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS Web devRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1003/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5209", "zdi_id": "ZDI-17-1003" }, { "cve": "CVE-2017-17027", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS NASFTPD. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NASFTPD service, which listens on TCP port...", "detail_json": "/data/advisories/ZDI-17-1002/advisory.json", "detail_path": "advisories/ZDI-17-1002", "id": "ZDI-17-1002", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "QNAP QTS NASFTPD USER Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1002/", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-5208", "zdi_id": "ZDI-17-1002" }, { "cve": "CVE-2017-16717", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-1001/advisory.json", "detail_path": "advisories/ZDI-17-1001", "id": "ZDI-17-1001", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "WECON LeviStudio PLC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1001/", "vendor": "Wecon", "vendor_url": null, "zdi_can": "ZDI-CAN-5085", "zdi_id": "ZDI-17-1001" }, { "cve": "CVE-2017-16735", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter prov...", "detail_json": "/data/advisories/ZDI-17-1000/advisory.json", "detail_path": "advisories/ZDI-17-1000", "id": "ZDI-17-1000", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Ecava IntegraXor Report getdata name SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-1000/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-5386", "zdi_id": "ZDI-17-1000" }, { "cve": "CVE-2017-16733", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the batchlist report page. When parsing...", "detail_json": "/data/advisories/ZDI-17-999/advisory.json", "detail_path": "advisories/ZDI-17-999", "id": "ZDI-17-999", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Ecava IntegraXor Report batchlist SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-999/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-5385", "zdi_id": "ZDI-17-999" }, { "cve": "CVE-2017-11213", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-998/advisory.json", "detail_path": "advisories/ZDI-17-998", "id": "ZDI-17-998", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Adobe Flash Player BitmapData hitTest Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-998/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5139", "zdi_id": "ZDI-17-998" }, { "cve": "CVE-2017-3114", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-997/advisory.json", "detail_path": "advisories/ZDI-17-997", "id": "ZDI-17-997", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Adobe Flash LocaleID determinePreferredLocales Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-997/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5075", "zdi_id": "ZDI-17-997" }, { "cve": "CVE-2017-3112", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-996/advisory.json", "detail_path": "advisories/ZDI-17-996", "id": "ZDI-17-996", "kind": "published", "published_date": "2017-12-20", "status": "published", "title": "Adobe Flash NetworkConfiguration addCustomHeader Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-996/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5074", "zdi_id": "ZDI-17-996" }, { "cve": "CVE-2017-17659", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method...", "detail_json": "/data/advisories/ZDI-17-995/advisory.json", "detail_path": "advisories/ZDI-17-995", "id": "ZDI-17-995", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUJobHistory Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-995/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4906", "zdi_id": "ZDI-17-995" }, { "cve": "CVE-2017-17658", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get met...", "detail_json": "/data/advisories/ZDI-17-994/advisory.json", "detail_path": "advisories/ZDI-17-994", "id": "ZDI-17-994", "kind": "published", "published_date": "2018-01-02", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUJobDefinitions Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-994/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4316", "zdi_id": "ZDI-17-994" }, { "cve": "CVE-2017-17657", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange metho...", "detail_json": "/data/advisories/ZDI-17-993/advisory.json", "detail_path": "advisories/ZDI-17-993", "id": "ZDI-17-993", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup TimeRange Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-993/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4294", "zdi_id": "ZDI-17-993" }, { "cve": "CVE-2017-17656", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method...", "detail_json": "/data/advisories/ZDI-17-992/advisory.json", "detail_path": "advisories/ZDI-17-992", "id": "ZDI-17-992", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup JobList Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-992/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4292", "zdi_id": "ZDI-17-992" }, { "cve": "CVE-2017-17655", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList meth...", "detail_json": "/data/advisories/ZDI-17-991/advisory.json", "detail_path": "advisories/ZDI-17-991", "id": "ZDI-17-991", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup PluginList Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-991/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4289", "zdi_id": "ZDI-17-991" }, { "cve": "CVE-2017-17654", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList meth...", "detail_json": "/data/advisories/ZDI-17-990/advisory.json", "detail_path": "advisories/ZDI-17-990", "id": "ZDI-17-990", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup ClientList Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-990/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4287", "zdi_id": "ZDI-17-990" }, { "cve": "CVE-2017-17653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get me...", "detail_json": "/data/advisories/ZDI-17-989/advisory.json", "detail_path": "advisories/ZDI-17-989", "id": "ZDI-17-989", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackupOptionSet Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-989/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4286", "zdi_id": "ZDI-17-989" }, { "cve": "CVE-2017-17652", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method re...", "detail_json": "/data/advisories/ZDI-17-988/advisory.json", "detail_path": "advisories/ZDI-17-988", "id": "ZDI-17-988", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup Count Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-988/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4238", "zdi_id": "ZDI-17-988" }, { "cve": "CVE-2017-17425", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get me...", "detail_json": "/data/advisories/ZDI-17-987/advisory.json", "detail_path": "advisories/ZDI-17-987", "id": "ZDI-17-987", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUSourceDeviceSet Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-987/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4237", "zdi_id": "ZDI-17-987" }, { "cve": "CVE-2017-17421", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get metho...", "detail_json": "/data/advisories/ZDI-17-986/advisory.json", "detail_path": "advisories/ZDI-17-986", "id": "ZDI-17-986", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUSelectionSet Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-986/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4232", "zdi_id": "ZDI-17-986" }, { "cve": "CVE-2017-17420", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get me...", "detail_json": "/data/advisories/ZDI-17-985/advisory.json", "detail_path": "advisories/ZDI-17-985", "id": "ZDI-17-985", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUJobCountHistory Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-985/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4231", "zdi_id": "ZDI-17-985" }, { "cve": "CVE-2017-17419", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get me...", "detail_json": "/data/advisories/ZDI-17-984/advisory.json", "detail_path": "advisories/ZDI-17-984", "id": "ZDI-17-984", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUTransferHistory Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-984/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4230", "zdi_id": "ZDI-17-984" }, { "cve": "CVE-2017-17418", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requ...", "detail_json": "/data/advisories/ZDI-17-983/advisory.json", "detail_path": "advisories/ZDI-17-983", "id": "ZDI-17-983", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUPolicy Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-983/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4229", "zdi_id": "ZDI-17-983" }, { "cve": "CVE-2017-17417", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledg...", "detail_json": "/data/advisories/ZDI-17-982/advisory.json", "detail_path": "advisories/ZDI-17-982", "id": "ZDI-17-982", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus Acknowledge Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-982/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4228", "zdi_id": "ZDI-17-982" }, { "cve": "CVE-2017-17416", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins...", "detail_json": "/data/advisories/ZDI-17-981/advisory.json", "detail_path": "advisories/ZDI-17-981", "id": "ZDI-17-981", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus GetPlugins Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-981/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4227", "zdi_id": "ZDI-17-981" }, { "cve": "CVE-2017-17415", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count meth...", "detail_json": "/data/advisories/ZDI-17-980/advisory.json", "detail_path": "advisories/ZDI-17-980", "id": "ZDI-17-980", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus Count Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-980/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4226", "zdi_id": "ZDI-17-980" }, { "cve": "CVE-2017-17414", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method...", "detail_json": "/data/advisories/ZDI-17-979/advisory.json", "detail_path": "advisories/ZDI-17-979", "id": "ZDI-17-979", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-979/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4225", "zdi_id": "ZDI-17-979" }, { "cve": "CVE-2017-17413", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get me...", "detail_json": "/data/advisories/ZDI-17-978/advisory.json", "detail_path": "advisories/ZDI-17-978", "id": "ZDI-17-978", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackupTargetSet Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-978/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4224", "zdi_id": "ZDI-17-978" }, { "cve": "CVE-2017-17424", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method...", "detail_json": "/data/advisories/ZDI-17-977/advisory.json", "detail_path": "advisories/ZDI-17-977", "id": "ZDI-17-977", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUScheduleSet Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-977/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4235", "zdi_id": "ZDI-17-977" }, { "cve": "CVE-2017-17423", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get meth...", "detail_json": "/data/advisories/ZDI-17-976/advisory.json", "detail_path": "advisories/ZDI-17-976", "id": "ZDI-17-976", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackupSegment Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-976/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4234", "zdi_id": "ZDI-17-976" }, { "cve": "CVE-2017-17422", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requ...", "detail_json": "/data/advisories/ZDI-17-975/advisory.json", "detail_path": "advisories/ZDI-17-975", "id": "ZDI-17-975", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUBackup Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-975/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4233", "zdi_id": "ZDI-17-975" }, { "cve": "CVE-2017-17412", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The i...", "detail_json": "/data/advisories/ZDI-17-974/advisory.json", "detail_path": "advisories/ZDI-17-974", "id": "ZDI-17-974", "kind": "published", "published_date": "2017-12-15", "status": "published", "title": "Quest NetVault Backup Server Process Manager Service NVBUEventHistory Get Method SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-974/", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-4223", "zdi_id": "ZDI-17-974" }, { "cve": "CVE-2017-17411", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the l...", "detail_json": "/data/advisories/ZDI-17-973/advisory.json", "detail_path": "advisories/ZDI-17-973", "id": "ZDI-17-973", "kind": "published", "published_date": "2017-12-18", "status": "published", "title": "(0Day) Linksys WVBR0 User-Agent Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-973/", "vendor": "Linksys", "vendor_url": null, "zdi_can": "ZDI-CAN-4892", "zdi_id": "ZDI-17-973" }, { "cve": "CVE-2017-14082", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of...", "detail_json": "/data/advisories/ZDI-17-972/advisory.json", "detail_path": "advisories/ZDI-17-972", "id": "ZDI-17-972", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "Trend Micro Mobile Security for Enterprise clt_report_sms_status Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-972/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4789", "zdi_id": "ZDI-17-972" }, { "cve": "CVE-2017-16606", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism...", "detail_json": "/data/advisories/ZDI-17-971/advisory.json", "detail_path": "advisories/ZDI-17-971", "id": "ZDI-17-971", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager _3d.add_005f3d_005fview_005fdo_jsp Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-971/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5197", "zdi_id": "ZDI-17-971" }, { "cve": "CVE-2017-16605", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-17-970/advisory.json", "detail_path": "advisories/ZDI-17-970", "id": "ZDI-17-970", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager db.save_005fattrs_jsp id Directory Traversal Arbitrary File Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-970/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5196", "zdi_id": "ZDI-17-970" }, { "cve": "CVE-2017-16604", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-17-969/advisory.json", "detail_path": "advisories/ZDI-17-969", "id": "ZDI-17-969", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager deviceReport.deviceReport_005fexport_005fdo_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-969/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5195", "zdi_id": "ZDI-17-969" }, { "cve": "CVE-2017-16603", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism...", "detail_json": "/data/advisories/ZDI-17-968/advisory.json", "detail_path": "advisories/ZDI-17-968", "id": "ZDI-17-968", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager settings.upload_005ffile_005fdo_jsp filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-968/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5194", "zdi_id": "ZDI-17-968" }, { "cve": "CVE-2017-16602", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-17-967/advisory.json", "detail_path": "advisories/ZDI-17-967", "id": "ZDI-17-967", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager tools.exec_jsp command Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-967/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5193", "zdi_id": "ZDI-17-967" }, { "cve": "CVE-2017-16601", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-17-966/advisory.json", "detail_path": "advisories/ZDI-17-966", "id": "ZDI-17-966", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager service.service_005ffailures_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-966/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5192", "zdi_id": "ZDI-17-966" }, { "cve": "CVE-2017-16600", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-965/advisory.json", "detail_path": "advisories/ZDI-17-965", "id": "ZDI-17-965", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager network.traffic_005freport_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-965/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5191", "zdi_id": "ZDI-17-965" }, { "cve": "CVE-2017-16599", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-17-964/advisory.json", "detail_path": "advisories/ZDI-17-964", "id": "ZDI-17-964", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager misc.sample_jsp type Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-964/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5190", "zdi_id": "ZDI-17-964" }, { "cve": "CVE-2017-16598", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechani...", "detail_json": "/data/advisories/ZDI-17-963/advisory.json", "detail_path": "advisories/ZDI-17-963", "id": "ZDI-17-963", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager snmpwalk.snmpwalk_005fdo_jsp ip Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-963/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5138", "zdi_id": "ZDI-17-963" }, { "cve": "CVE-2017-16597", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ request...", "detail_json": "/data/advisories/ZDI-17-962/advisory.json", "detail_path": "advisories/ZDI-17-962", "id": "ZDI-17-962", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager TFtpServer Filename Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-962/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5137", "zdi_id": "ZDI-17-962" }, { "cve": "CVE-2017-16596", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be byp...", "detail_json": "/data/advisories/ZDI-17-961/advisory.json", "detail_path": "advisories/ZDI-17-961", "id": "ZDI-17-961", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager designer.script_005fsamples_jsp type Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-961/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5119", "zdi_id": "ZDI-17-961" }, { "cve": "CVE-2017-16595", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be byp...", "detail_json": "/data/advisories/ZDI-17-960/advisory.json", "detail_path": "advisories/ZDI-17-960", "id": "ZDI-17-960", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager reports.export_005fdownload_jsp filename Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-960/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5118", "zdi_id": "ZDI-17-960" }, { "cve": "CVE-2017-16594", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-17-959/advisory.json", "detail_path": "advisories/ZDI-17-959", "id": "ZDI-17-959", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager db.save_005fimage_jsp id Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-959/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5117", "zdi_id": "ZDI-17-959" }, { "cve": "CVE-2017-16593", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. T...", "detail_json": "/data/advisories/ZDI-17-958/advisory.json", "detail_path": "advisories/ZDI-17-958", "id": "ZDI-17-958", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager restore.del_005fdo_jsp filenames Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-958/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5104", "zdi_id": "ZDI-17-958" }, { "cve": "CVE-2017-16592", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be byp...", "detail_json": "/data/advisories/ZDI-17-957/advisory.json", "detail_path": "advisories/ZDI-17-957", "id": "ZDI-17-957", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager common.download_jsp filename Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-957/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5103", "zdi_id": "ZDI-17-957" }, { "cve": "CVE-2017-16591", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be byp...", "detail_json": "/data/advisories/ZDI-17-956/advisory.json", "detail_path": "advisories/ZDI-17-956", "id": "ZDI-17-956", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager restore.download_005fdo_jsp Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-956/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5100", "zdi_id": "ZDI-17-956" }, { "cve": "CVE-2017-16590", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise MainFilter. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The i...", "detail_json": "/data/advisories/ZDI-17-955/advisory.json", "detail_path": "advisories/ZDI-17-955", "id": "ZDI-17-955", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Systems Enterprise Manager MainFilter doFilter Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-955/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5099", "zdi_id": "ZDI-17-955" }, { "cve": "CVE-2017-17407", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content p...", "detail_json": "/data/advisories/ZDI-17-954/advisory.json", "detail_path": "advisories/ZDI-17-954", "id": "ZDI-17-954", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "Netgain Systems Enterprise Manager script_test Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-954/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-5080", "zdi_id": "ZDI-17-954" }, { "cve": "CVE-2017-17406", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listen...", "detail_json": "/data/advisories/ZDI-17-953/advisory.json", "detail_path": "advisories/ZDI-17-953", "id": "ZDI-17-953", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Enterprise Manager RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-953/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-4753", "zdi_id": "ZDI-17-953" }, { "cve": "CVE-2017-16610", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results...", "detail_json": "/data/advisories/ZDI-17-952/advisory.json", "detail_path": "advisories/ZDI-17-952", "id": "ZDI-17-952", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Enterprise Manager upload_save_do Remote Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-952/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-4751", "zdi_id": "ZDI-17-952" }, { "cve": "CVE-2017-16609", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue resul...", "detail_json": "/data/advisories/ZDI-17-951/advisory.json", "detail_path": "advisories/ZDI-17-951", "id": "ZDI-17-951", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Enterprise Manager download Arbitrary File Download Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-951/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-4750", "zdi_id": "ZDI-17-951" }, { "cve": "CVE-2017-16608", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the...", "detail_json": "/data/advisories/ZDI-17-950/advisory.json", "detail_path": "advisories/ZDI-17-950", "id": "ZDI-17-950", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Enterprise Manager exec Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-950/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-4749", "zdi_id": "ZDI-17-950" }, { "cve": "CVE-2017-16607", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue resu...", "detail_json": "/data/advisories/ZDI-17-949/advisory.json", "detail_path": "advisories/ZDI-17-949", "id": "ZDI-17-949", "kind": "published", "published_date": "2017-12-13", "status": "published", "title": "NetGain Enterprise Manager heapdumps Remote Download Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-949/", "vendor": "NetGain Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-4718", "zdi_id": "ZDI-17-949" }, { "cve": "CVE-2017-11901", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-948/advisory.json", "detail_path": "advisories/ZDI-17-948", "id": "ZDI-17-948", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Microsoft Windows JavaScript Array JIT Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-948/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5242", "zdi_id": "ZDI-17-948" }, { "cve": "CVE-2017-11913", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-947/advisory.json", "detail_path": "advisories/ZDI-17-947", "id": "ZDI-17-947", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Microsoft Windows VBScript VT_BSTR Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-947/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5243", "zdi_id": "ZDI-17-947" }, { "cve": "CVE-2017-11887", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-946/advisory.json", "detail_path": "advisories/ZDI-17-946", "id": "ZDI-17-946", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Microsoft Windows VBScript VT_BSTR Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-946/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5111", "zdi_id": "ZDI-17-946" }, { "cve": "CVE-2017-11887", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-945/advisory.json", "detail_path": "advisories/ZDI-17-945", "id": "ZDI-17-945", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Microsoft Windows VBScript Join Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-945/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5110", "zdi_id": "ZDI-17-945" }, { "cve": "CVE-2017-17410", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-944/advisory.json", "detail_path": "advisories/ZDI-17-944", "id": "ZDI-17-944", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Bitdefender Internet Security Emulator 0x102 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-944/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-5116", "zdi_id": "ZDI-17-944" }, { "cve": "CVE-2017-17409", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-943/advisory.json", "detail_path": "advisories/ZDI-17-943", "id": "ZDI-17-943", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Bitdefender Internet Security Emulator 0x10A Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-943/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-5102", "zdi_id": "ZDI-17-943" }, { "cve": "CVE-2017-17408", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-942/advisory.json", "detail_path": "advisories/ZDI-17-942", "id": "ZDI-17-942", "kind": "published", "published_date": "2017-12-12", "status": "published", "title": "Bitdefender Internet Security Themida Emulator Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-942/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-5101", "zdi_id": "ZDI-17-942" }, { "cve": "CVE-2017-11250", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-941/advisory.json", "detail_path": "advisories/ZDI-17-941", "id": "ZDI-17-941", "kind": "published", "published_date": "2018-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-941/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5203", "zdi_id": "ZDI-17-941" }, { "cve": "CVE-2017-12719", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2775 IOCTL in th...", "detail_json": "/data/advisories/ZDI-17-940/advisory.json", "detail_path": "advisories/ZDI-17-940", "id": "ZDI-17-940", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-940/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4951", "zdi_id": "ZDI-17-940" }, { "cve": "CVE-2017-12719", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL in th...", "detail_json": "/data/advisories/ZDI-17-939/advisory.json", "detail_path": "advisories/ZDI-17-939", "id": "ZDI-17-939", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-939/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4950", "zdi_id": "ZDI-17-939" }, { "cve": "CVE-2017-14016", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within implementation of the 0x138bd IOCTL in the w...", "detail_json": "/data/advisories/ZDI-17-938/advisory.json", "detail_path": "advisories/ZDI-17-938", "id": "ZDI-17-938", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-938/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4949", "zdi_id": "ZDI-17-938" }, { "cve": "CVE-2017-12371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-937/advisory.json", "detail_path": "advisories/ZDI-17-937", "id": "ZDI-17-937", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-937/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4986", "zdi_id": "ZDI-17-937" }, { "cve": "CVE-2017-12370", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-936/advisory.json", "detail_path": "advisories/ZDI-17-936", "id": "ZDI-17-936", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-936/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4988", "zdi_id": "ZDI-17-936" }, { "cve": "CVE-2017-12370", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-935/advisory.json", "detail_path": "advisories/ZDI-17-935", "id": "ZDI-17-935", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-935/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4989", "zdi_id": "ZDI-17-935" }, { "cve": "CVE-2017-12370", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-934/advisory.json", "detail_path": "advisories/ZDI-17-934", "id": "ZDI-17-934", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-934/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4990", "zdi_id": "ZDI-17-934" }, { "cve": "CVE-2017-12372", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wbx URI handler. When p...", "detail_json": "/data/advisories/ZDI-17-933/advisory.json", "detail_path": "advisories/ZDI-17-933", "id": "ZDI-17-933", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Network Recording Player Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-933/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5041", "zdi_id": "ZDI-17-933" }, { "cve": "CVE-2017-12371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-17-932/advisory.json", "detail_path": "advisories/ZDI-17-932", "id": "ZDI-17-932", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx ARF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-932/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-5009", "zdi_id": "ZDI-17-932" }, { "cve": "CVE-2017-12371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-931/advisory.json", "detail_path": "advisories/ZDI-17-931", "id": "ZDI-17-931", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-931/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4987", "zdi_id": "ZDI-17-931" }, { "cve": "CVE-2017-12371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-17-930/advisory.json", "detail_path": "advisories/ZDI-17-930", "id": "ZDI-17-930", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Cisco WebEx ARF File Parsing Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-930/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4914", "zdi_id": "ZDI-17-930" }, { "cve": "CVE-2017-11884", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-929/advisory.json", "detail_path": "advisories/ZDI-17-929", "id": "ZDI-17-929", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Microsoft Office Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-929/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5320", "zdi_id": "ZDI-17-929" }, { "cve": "CVE-2017-11812", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-928/advisory.json", "detail_path": "advisories/ZDI-17-928", "id": "ZDI-17-928", "kind": "published", "published_date": "2017-12-06", "status": "published", "title": "Microsoft Chakra asm.js ArrayBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-928/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5114", "zdi_id": "ZDI-17-928" }, { "cve": "CVE-2017-16369", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-927/advisory.json", "detail_path": "advisories/ZDI-17-927", "id": "ZDI-17-927", "kind": "published", "published_date": "2017-11-21", "status": "published", "title": "Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-927/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4756", "zdi_id": "ZDI-17-927" }, { "cve": "CVE-2017-11304", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-926/advisory.json", "detail_path": "advisories/ZDI-17-926", "id": "ZDI-17-926", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Adobe Photoshop JPEG2000 Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-926/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4891", "zdi_id": "ZDI-17-926" }, { "cve": "CVE-2017-13833", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-925/advisory.json", "detail_path": "advisories/ZDI-17-925", "id": "ZDI-17-925", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Apple macOS nsurlstoraged Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-925/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4927", "zdi_id": "ZDI-17-925" }, { "cve": "CVE-2017-13829", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-924/advisory.json", "detail_path": "advisories/ZDI-17-924", "id": "ZDI-17-924", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Apple macOS nsurlstoraged Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-924/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4908", "zdi_id": "ZDI-17-924" }, { "cve": "CVE-2017-15908", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of systemd Network Name Resolution Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...", "detail_json": "/data/advisories/ZDI-17-923/advisory.json", "detail_path": "advisories/ZDI-17-923", "id": "ZDI-17-923", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "systemd Network Name Resolution Manager NSEC Resource Record Pseudo-Types Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-923/", "vendor": "systemd", "vendor_url": null, "zdi_can": "ZDI-CAN-5076", "zdi_id": "ZDI-17-923" }, { "cve": "CVE-2017-4935", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-17-922/advisory.json", "detail_path": "advisories/ZDI-17-922", "id": "ZDI-17-922", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-922/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4856", "zdi_id": "ZDI-17-922" }, { "cve": "CVE-2017-4934", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-921/advisory.json", "detail_path": "advisories/ZDI-17-921", "id": "ZDI-17-921", "kind": "published", "published_date": "2017-11-21", "status": "published", "title": "VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-921/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4909", "zdi_id": "ZDI-17-921" }, { "cve": "CVE-2017-13793", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-920/advisory.json", "detail_path": "advisories/ZDI-17-920", "id": "ZDI-17-920", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Apple Safari Node Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-920/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-5096", "zdi_id": "ZDI-17-920" }, { "cve": "CVE-2017-14375", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Unisphere For VMAX vApp Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ORBServlet. The...", "detail_json": "/data/advisories/ZDI-17-919/advisory.json", "detail_path": "advisories/ZDI-17-919", "id": "ZDI-17-919", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "EMC Unisphere For VMAX vApp Manager ORBServlet Remote Credential Creation Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-919/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-5070", "zdi_id": "ZDI-17-919" }, { "cve": "CVE-2017-12285", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within graph.php. When parsing the...", "detail_json": "/data/advisories/ZDI-17-918/advisory.json", "detail_path": "advisories/ZDI-17-918", "id": "ZDI-17-918", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-918/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4918", "zdi_id": "ZDI-17-918" }, { "cve": "CVE-2017-11851", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-917/advisory.json", "detail_path": "advisories/ZDI-17-917", "id": "ZDI-17-917", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Windows EngLockSurface Time-Of-Check Time-Of-Use Race Condition Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-917/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5131", "zdi_id": "ZDI-17-917" }, { "cve": "CVE-2017-11869", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-916/advisory.json", "detail_path": "advisories/ZDI-17-916", "id": "ZDI-17-916", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-916/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5112", "zdi_id": "ZDI-17-916" }, { "cve": "CVE-2017-11878", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-915/advisory.json", "detail_path": "advisories/ZDI-17-915", "id": "ZDI-17-915", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Office Excel Workbook Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-915/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5105", "zdi_id": "ZDI-17-915" }, { "cve": "CVE-2017-11856", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-914/advisory.json", "detail_path": "advisories/ZDI-17-914", "id": "ZDI-17-914", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Windows JavaScript Array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-914/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5077", "zdi_id": "ZDI-17-914" }, { "cve": "CVE-2017-8595", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-913/advisory.json", "detail_path": "advisories/ZDI-17-913", "id": "ZDI-17-913", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Chakra Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-913/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4912", "zdi_id": "ZDI-17-913" }, { "cve": "CVE-2017-11858", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-912/advisory.json", "detail_path": "advisories/ZDI-17-912", "id": "ZDI-17-912", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Chakra Regular Expression Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-912/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5198", "zdi_id": "ZDI-17-912" }, { "cve": "CVE-2017-11847", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-911/advisory.json", "detail_path": "advisories/ZDI-17-911", "id": "ZDI-17-911", "kind": "published", "published_date": "2017-11-20", "status": "published", "title": "Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-911/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5086", "zdi_id": "ZDI-17-911" }, { "cve": "CVE-2017-16402", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-910/advisory.json", "detail_path": "advisories/ZDI-17-910", "id": "ZDI-17-910", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Reader DC JPEG2000 QCC Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-910/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5221", "zdi_id": "ZDI-17-910" }, { "cve": "CVE-2017-16400", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-909/advisory.json", "detail_path": "advisories/ZDI-17-909", "id": "ZDI-17-909", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Reader DC JPEG2000 ihdr Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-909/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5220", "zdi_id": "ZDI-17-909" }, { "cve": "CVE-2017-16401", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-908/advisory.json", "detail_path": "advisories/ZDI-17-908", "id": "ZDI-17-908", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-908/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5219", "zdi_id": "ZDI-17-908" }, { "cve": "CVE-2017-16404", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-907/advisory.json", "detail_path": "advisories/ZDI-17-907", "id": "ZDI-17-907", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusObject Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-907/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5218", "zdi_id": "ZDI-17-907" }, { "cve": "CVE-2017-16403", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-906/advisory.json", "detail_path": "advisories/ZDI-17-906", "id": "ZDI-17-906", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-906/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5202", "zdi_id": "ZDI-17-906" }, { "cve": "CVE-2017-16382", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-905/advisory.json", "detail_path": "advisories/ZDI-17-905", "id": "ZDI-17-905", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS TIFF Rational Data Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-905/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5039", "zdi_id": "ZDI-17-905" }, { "cve": "CVE-2017-16385", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-904/advisory.json", "detail_path": "advisories/ZDI-17-904", "id": "ZDI-17-904", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS TIFF PhotometricInterpretation Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-904/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5036", "zdi_id": "ZDI-17-904" }, { "cve": "CVE-2017-16381", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-903/advisory.json", "detail_path": "advisories/ZDI-17-903", "id": "ZDI-17-903", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS TIFF dir Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-903/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5040", "zdi_id": "ZDI-17-903" }, { "cve": "CVE-2017-16386", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-902/advisory.json", "detail_path": "advisories/ZDI-17-902", "id": "ZDI-17-902", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS JPEG APP13 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-902/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5034", "zdi_id": "ZDI-17-902" }, { "cve": "CVE-2017-16384", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-901/advisory.json", "detail_path": "advisories/ZDI-17-901", "id": "ZDI-17-901", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS PNG tEXT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-901/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5037", "zdi_id": "ZDI-17-901" }, { "cve": "CVE-2017-16383", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-900/advisory.json", "detail_path": "advisories/ZDI-17-900", "id": "ZDI-17-900", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Acrobat Pro DC XPS JPEG APP2 Parsing Heap-based Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-900/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-5038", "zdi_id": "ZDI-17-900" }, { "cve": "CVE-2017-16387", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-899/advisory.json", "detail_path": "advisories/ZDI-17-899", "id": "ZDI-17-899", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-899/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4972", "zdi_id": "ZDI-17-899" }, { "cve": "CVE-2017-16587", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-898/advisory.json", "detail_path": "advisories/ZDI-17-898", "id": "ZDI-17-898", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader removeField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-898/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5296", "zdi_id": "ZDI-17-898" }, { "cve": "CVE-2017-16586", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-897/advisory.json", "detail_path": "advisories/ZDI-17-897", "id": "ZDI-17-897", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader addAnnot Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-897/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5295", "zdi_id": "ZDI-17-897" }, { "cve": "CVE-2017-16585", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-896/advisory.json", "detail_path": "advisories/ZDI-17-896", "id": "ZDI-17-896", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader App response Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-896/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5294", "zdi_id": "ZDI-17-896" }, { "cve": "CVE-2017-16584", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-895/advisory.json", "detail_path": "advisories/ZDI-17-895", "id": "ZDI-17-895", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader util printf Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-895/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5290", "zdi_id": "ZDI-17-895" }, { "cve": "CVE-2017-16583", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-894/advisory.json", "detail_path": "advisories/ZDI-17-894", "id": "ZDI-17-894", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA datasets Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-894/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5289", "zdi_id": "ZDI-17-894" }, { "cve": "CVE-2017-16582", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-893/advisory.json", "detail_path": "advisories/ZDI-17-893", "id": "ZDI-17-893", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader clearItems Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-893/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5288", "zdi_id": "ZDI-17-893" }, { "cve": "CVE-2017-16581", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-892/advisory.json", "detail_path": "advisories/ZDI-17-892", "id": "ZDI-17-892", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Document author Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-892/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5282", "zdi_id": "ZDI-17-892" }, { "cve": "CVE-2017-16580", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-891/advisory.json", "detail_path": "advisories/ZDI-17-891", "id": "ZDI-17-891", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA ImageField Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-891/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5281", "zdi_id": "ZDI-17-891" }, { "cve": "CVE-2017-16579", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-890/advisory.json", "detail_path": "advisories/ZDI-17-890", "id": "ZDI-17-890", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-890/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5244", "zdi_id": "ZDI-17-890" }, { "cve": "CVE-2017-16578", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-889/advisory.json", "detail_path": "advisories/ZDI-17-889", "id": "ZDI-17-889", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA picture Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-889/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5216", "zdi_id": "ZDI-17-889" }, { "cve": "CVE-2017-16577", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-888/advisory.json", "detail_path": "advisories/ZDI-17-888", "id": "ZDI-17-888", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Field alignment Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-888/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5094", "zdi_id": "ZDI-17-888" }, { "cve": "CVE-2017-16576", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-887/advisory.json", "detail_path": "advisories/ZDI-17-887", "id": "ZDI-17-887", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA field element Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-887/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5092", "zdi_id": "ZDI-17-887" }, { "cve": "CVE-2017-16575", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-886/advisory.json", "detail_path": "advisories/ZDI-17-886", "id": "ZDI-17-886", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA bind Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-886/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5091", "zdi_id": "ZDI-17-886" }, { "cve": "CVE-2017-16574", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-885/advisory.json", "detail_path": "advisories/ZDI-17-885", "id": "ZDI-17-885", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Image Filter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-885/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5079", "zdi_id": "ZDI-17-885" }, { "cve": "CVE-2017-16573", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-884/advisory.json", "detail_path": "advisories/ZDI-17-884", "id": "ZDI-17-884", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader LZWDecode filter Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-884/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5078", "zdi_id": "ZDI-17-884" }, { "cve": "CVE-2017-16572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-883/advisory.json", "detail_path": "advisories/ZDI-17-883", "id": "ZDI-17-883", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader FormCalc closeDoc Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-883/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5073", "zdi_id": "ZDI-17-883" }, { "cve": "CVE-2017-16571", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-882/advisory.json", "detail_path": "advisories/ZDI-17-882", "id": "ZDI-17-882", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader FormCalc app Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-882/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5072", "zdi_id": "ZDI-17-882" }, { "cve": "CVE-2017-14837", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-881/advisory.json", "detail_path": "advisories/ZDI-17-881", "id": "ZDI-17-881", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Layout pageSpan Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-881/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5029", "zdi_id": "ZDI-17-881" }, { "cve": "CVE-2017-14836", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-880/advisory.json", "detail_path": "advisories/ZDI-17-880", "id": "ZDI-17-880", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Annotations modDate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-880/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5028", "zdi_id": "ZDI-17-880" }, { "cve": "CVE-2017-14835", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-879/advisory.json", "detail_path": "advisories/ZDI-17-879", "id": "ZDI-17-879", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Layout page Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-879/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5027", "zdi_id": "ZDI-17-879" }, { "cve": "CVE-2017-14834", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-878/advisory.json", "detail_path": "advisories/ZDI-17-878", "id": "ZDI-17-878", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader FileAttachment Annotations style Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-878/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5026", "zdi_id": "ZDI-17-878" }, { "cve": "CVE-2017-14833", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-877/advisory.json", "detail_path": "advisories/ZDI-17-877", "id": "ZDI-17-877", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Text Annotations style Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-877/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5025", "zdi_id": "ZDI-17-877" }, { "cve": "CVE-2017-14832", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-876/advisory.json", "detail_path": "advisories/ZDI-17-876", "id": "ZDI-17-876", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Caret Annotations style Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-876/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5024", "zdi_id": "ZDI-17-876" }, { "cve": "CVE-2017-14831", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-875/advisory.json", "detail_path": "advisories/ZDI-17-875", "id": "ZDI-17-875", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Circle Annotations author Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-875/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5023", "zdi_id": "ZDI-17-875" }, { "cve": "CVE-2017-14830", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-874/advisory.json", "detail_path": "advisories/ZDI-17-874", "id": "ZDI-17-874", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFAScriptObject setFocus Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-874/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5022", "zdi_id": "ZDI-17-874" }, { "cve": "CVE-2017-14829", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-873/advisory.json", "detail_path": "advisories/ZDI-17-873", "id": "ZDI-17-873", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFAScriptObject openList Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-873/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5021", "zdi_id": "ZDI-17-873" }, { "cve": "CVE-2017-14828", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-872/advisory.json", "detail_path": "advisories/ZDI-17-872", "id": "ZDI-17-872", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Layout w Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-872/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5020", "zdi_id": "ZDI-17-872" }, { "cve": "CVE-2017-14827", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-871/advisory.json", "detail_path": "advisories/ZDI-17-871", "id": "ZDI-17-871", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Nodes append Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-871/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5019", "zdi_id": "ZDI-17-871" }, { "cve": "CVE-2017-14826", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-870/advisory.json", "detail_path": "advisories/ZDI-17-870", "id": "ZDI-17-870", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Nodes formNodes Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-870/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5018", "zdi_id": "ZDI-17-870" }, { "cve": "CVE-2017-14825", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-869/advisory.json", "detail_path": "advisories/ZDI-17-869", "id": "ZDI-17-869", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFAScriptObject remove Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-869/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5017", "zdi_id": "ZDI-17-869" }, { "cve": "CVE-2017-14824", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-868/advisory.json", "detail_path": "advisories/ZDI-17-868", "id": "ZDI-17-868", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFAScriptObject insert Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-868/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5016", "zdi_id": "ZDI-17-868" }, { "cve": "CVE-2017-14823", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-867/advisory.json", "detail_path": "advisories/ZDI-17-867", "id": "ZDI-17-867", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader XFA Signature Object signer Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-867/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5015", "zdi_id": "ZDI-17-867" }, { "cve": "CVE-2017-14822", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-866/advisory.json", "detail_path": "advisories/ZDI-17-866", "id": "ZDI-17-866", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 SIZ marker xOsiz Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-866/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5014", "zdi_id": "ZDI-17-866" }, { "cve": "CVE-2017-14821", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-865/advisory.json", "detail_path": "advisories/ZDI-17-865", "id": "ZDI-17-865", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 SIZ marker xTsiz Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-865/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5013", "zdi_id": "ZDI-17-865" }, { "cve": "CVE-2017-14820", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-864/advisory.json", "detail_path": "advisories/ZDI-17-864", "id": "ZDI-17-864", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 SOT tile index Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-864/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5012", "zdi_id": "ZDI-17-864" }, { "cve": "CVE-2017-14819", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-863/advisory.json", "detail_path": "advisories/ZDI-17-863", "id": "ZDI-17-863", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 cdef channel number Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-863/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5011", "zdi_id": "ZDI-17-863" }, { "cve": "CVE-2017-14818", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-17-862/advisory.json", "detail_path": "advisories/ZDI-17-862", "id": "ZDI-17-862", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-862/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4982", "zdi_id": "ZDI-17-862" }, { "cve": "CVE-2017-10959", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-861/advisory.json", "detail_path": "advisories/ZDI-17-861", "id": "ZDI-17-861", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-861/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4981", "zdi_id": "ZDI-17-861" }, { "cve": "CVE-2017-10958", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-860/advisory.json", "detail_path": "advisories/ZDI-17-860", "id": "ZDI-17-860", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Field value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-860/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4980", "zdi_id": "ZDI-17-860" }, { "cve": "CVE-2017-10957", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-859/advisory.json", "detail_path": "advisories/ZDI-17-859", "id": "ZDI-17-859", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader Annotations arrowEnd Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-859/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4979", "zdi_id": "ZDI-17-859" }, { "cve": "CVE-2017-10956", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-858/advisory.json", "detail_path": "advisories/ZDI-17-858", "id": "ZDI-17-858", "kind": "published", "published_date": "2017-11-14", "status": "published", "title": "Foxit Reader JPEG2000 SOT marker tile index Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-858/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4978", "zdi_id": "ZDI-17-858" }, { "cve": "CVE-2017-16589", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-857/advisory.json", "detail_path": "advisories/ZDI-17-857", "id": "ZDI-17-857", "kind": "published", "published_date": "2017-11-29", "status": "published", "title": "Foxit Reader JPEG2000 SIZ marker yTsiz Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-857/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4977", "zdi_id": "ZDI-17-857" }, { "cve": "CVE-2017-16588", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-856/advisory.json", "detail_path": "advisories/ZDI-17-856", "id": "ZDI-17-856", "kind": "published", "published_date": "2017-11-29", "status": "published", "title": "Foxit Reader JPEG2000 SOT marker Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-856/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4976", "zdi_id": "ZDI-17-856" }, { "cve": "CVE-2017-8962", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-855/advisory.json", "detail_path": "advisories/ZDI-17-855", "id": "ZDI-17-855", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfAccessMgrServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-855/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4810", "zdi_id": "ZDI-17-855" }, { "cve": "CVE-2017-8963", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-854/advisory.json", "detail_path": "advisories/ZDI-17-854", "id": "ZDI-17-854", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center TopoReqServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-854/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4811", "zdi_id": "ZDI-17-854" }, { "cve": "CVE-2017-8964", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-853/advisory.json", "detail_path": "advisories/ZDI-17-853", "id": "ZDI-17-853", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center TopoBroadcastServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-853/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4812", "zdi_id": "ZDI-17-853" }, { "cve": "CVE-2017-8967", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-852/advisory.json", "detail_path": "advisories/ZDI-17-852", "id": "ZDI-17-852", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-852/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4813", "zdi_id": "ZDI-17-852" }, { "cve": "CVE-2017-8965", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-851/advisory.json", "detail_path": "advisories/ZDI-17-851", "id": "ZDI-17-851", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-851/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4814", "zdi_id": "ZDI-17-851" }, { "cve": "CVE-2017-8966", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-850/advisory.json", "detail_path": "advisories/ZDI-17-850", "id": "ZDI-17-850", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-850/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4815", "zdi_id": "ZDI-17-850" }, { "cve": "CVE-2017-8961", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-849/advisory.json", "detail_path": "advisories/ZDI-17-849", "id": "ZDI-17-849", "kind": "published", "published_date": "2017-11-06", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-849/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4758", "zdi_id": "ZDI-17-849" }, { "cve": "CVE-2017-11812", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-848/advisory.json", "detail_path": "advisories/ZDI-17-848", "id": "ZDI-17-848", "kind": "published", "published_date": "2017-10-11", "status": "published", "title": "Microsoft Chakra asm.js ArrayBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-848/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5115", "zdi_id": "ZDI-17-848" }, { "cve": "CVE-2017-11790", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-847/advisory.json", "detail_path": "advisories/ZDI-17-847", "id": "ZDI-17-847", "kind": "published", "published_date": "2017-10-11", "status": "published", "title": "Microsoft Office Excel xls File Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-847/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4948", "zdi_id": "ZDI-17-847" }, { "cve": "CVE-2017-11779", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-846/advisory.json", "detail_path": "advisories/ZDI-17-846", "id": "ZDI-17-846", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows DNSAPI NSEC3_RecordRead Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-846/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5207", "zdi_id": "ZDI-17-846" }, { "cve": "CVE-2017-8689", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-845/advisory.json", "detail_path": "advisories/ZDI-17-845", "id": "ZDI-17-845", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows Submenu Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-845/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5199", "zdi_id": "ZDI-17-845" }, { "cve": "CVE-2017-11800", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-844/advisory.json", "detail_path": "advisories/ZDI-17-844", "id": "ZDI-17-844", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-844/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5084", "zdi_id": "ZDI-17-844" }, { "cve": "CVE-2017-11781", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-17-843/advisory.json", "detail_path": "advisories/ZDI-17-843", "id": "ZDI-17-843", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-843/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5069", "zdi_id": "ZDI-17-843" }, { "cve": "CVE-2017-11794", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-842/advisory.json", "detail_path": "advisories/ZDI-17-842", "id": "ZDI-17-842", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Edge substringData Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-842/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5059", "zdi_id": "ZDI-17-842" }, { "cve": "CVE-2017-11762", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-841/advisory.json", "detail_path": "advisories/ZDI-17-841", "id": "ZDI-17-841", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-841/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4967", "zdi_id": "ZDI-17-841" }, { "cve": "CVE-2017-8717", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-840/advisory.json", "detail_path": "advisories/ZDI-17-840", "id": "ZDI-17-840", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows XLS File Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-840/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4702", "zdi_id": "ZDI-17-840" }, { "cve": "CVE-2017-8718", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-839/advisory.json", "detail_path": "advisories/ZDI-17-839", "id": "ZDI-17-839", "kind": "published", "published_date": "2017-10-10", "status": "published", "title": "Microsoft Windows XLS File Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-839/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4669", "zdi_id": "ZDI-17-839" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-838/advisory.json", "detail_path": "advisories/ZDI-17-838", "id": "ZDI-17-838", "kind": "published", "published_date": "2017-10-06", "status": "published", "title": "(0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-838/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5130", "zdi_id": "ZDI-17-838" }, { "cve": "CVE-2017-12263", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco License Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportCSV servlet, whic...", "detail_json": "/data/advisories/ZDI-17-837/advisory.json", "detail_path": "advisories/ZDI-17-837", "id": "ZDI-17-837", "kind": "published", "published_date": "2017-10-04", "status": "published", "title": "Cisco License Manager Server ReportCSV Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-837/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4635", "zdi_id": "ZDI-17-837" }, { "cve": "CVE-2017-12561", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman s...", "detail_json": "/data/advisories/ZDI-17-836/advisory.json", "detail_path": "advisories/ZDI-17-836", "id": "ZDI-17-836", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10012 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-836/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4896", "zdi_id": "ZDI-17-836" }, { "cve": "CVE-2017-12560", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary directories on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication...", "detail_json": "/data/advisories/ZDI-17-835/advisory.json", "detail_path": "advisories/ZDI-17-835", "id": "ZDI-17-835", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-835/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4809", "zdi_id": "ZDI-17-835" }, { "cve": "CVE-2017-12559", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-834/advisory.json", "detail_path": "advisories/ZDI-17-834", "id": "ZDI-17-834", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-834/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4808", "zdi_id": "ZDI-17-834" }, { "cve": "CVE-2017-12558", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web...", "detail_json": "/data/advisories/ZDI-17-833/advisory.json", "detail_path": "advisories/ZDI-17-833", "id": "ZDI-17-833", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center WebDMServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-833/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4761", "zdi_id": "ZDI-17-833" }, { "cve": "CVE-2017-12557", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web...", "detail_json": "/data/advisories/ZDI-17-832/advisory.json", "detail_path": "advisories/ZDI-17-832", "id": "ZDI-17-832", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center WebDMDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-832/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4760", "zdi_id": "ZDI-17-832" }, { "cve": "CVE-2017-12556", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Mib...", "detail_json": "/data/advisories/ZDI-17-831/advisory.json", "detail_path": "advisories/ZDI-17-831", "id": "ZDI-17-831", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center MibBrowserTopoFilterServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-831/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4759", "zdi_id": "ZDI-17-831" }, { "cve": "CVE-2017-12554", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to rename arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-830/advisory.json", "detail_path": "advisories/ZDI-17-830", "id": "ZDI-17-830", "kind": "published", "published_date": "2017-10-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-830/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4837", "zdi_id": "ZDI-17-830" }, { "cve": "CVE-2017-14088", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-17-829/advisory.json", "detail_path": "advisories/ZDI-17-829", "id": "ZDI-17-829", "kind": "published", "published_date": "2017-09-27", "status": "published", "title": "Trend Micro OfficeScan tmwfp Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-829/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5071", "zdi_id": "ZDI-17-829" }, { "cve": "CVE-2017-14088", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Th...", "detail_json": "/data/advisories/ZDI-17-828/advisory.json", "detail_path": "advisories/ZDI-17-828", "id": "ZDI-17-828", "kind": "published", "published_date": "2017-09-27", "status": "published", "title": "Trend Micro OfficeScan tmwfp Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-828/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-5068", "zdi_id": "ZDI-17-828" }, { "cve": "CVE-2017-8007", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-17-827/advisory.json", "detail_path": "advisories/ZDI-17-827", "id": "ZDI-17-827", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Dell EMC VNX Monitoring and Reporting Scheduler Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-827/", "vendor": "Dell EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4754", "zdi_id": "ZDI-17-827" }, { "cve": "CVE-2017-8012", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa...", "detail_json": "/data/advisories/ZDI-17-826/advisory.json", "detail_path": "advisories/ZDI-17-826", "id": "ZDI-17-826", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Dell EMC VNX Monitoring and Reporting RMI Registry Deserialization of Untrusted Data Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-826/", "vendor": "Dell EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4807", "zdi_id": "ZDI-17-826" }, { "cve": "CVE-2017-14350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator. The specific flaw exists within the hpbsmsdr web service, which listens...", "detail_json": "/data/advisories/ZDI-17-825/advisory.json", "detail_path": "advisories/ZDI-17-825", "id": "ZDI-17-825", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-825/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4825", "zdi_id": "ZDI-17-825" }, { "cve": "CVE-2017-7111", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-824/advisory.json", "detail_path": "advisories/ZDI-17-824", "id": "ZDI-17-824", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Apple Safari RegExp replace Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-824/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4955", "zdi_id": "ZDI-17-824" }, { "cve": "CVE-2017-7095", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-823/advisory.json", "detail_path": "advisories/ZDI-17-823", "id": "ZDI-17-823", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Apple Safari JSString Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-823/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4771", "zdi_id": "ZDI-17-823" }, { "cve": "CVE-2017-7091", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-822/advisory.json", "detail_path": "advisories/ZDI-17-822", "id": "ZDI-17-822", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Apple Safari RenderFlowThread Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-822/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4717", "zdi_id": "ZDI-17-822" }, { "cve": "CVE-2017-7092", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-821/advisory.json", "detail_path": "advisories/ZDI-17-821", "id": "ZDI-17-821", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Apple Safari String link Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-821/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4712", "zdi_id": "ZDI-17-821" }, { "cve": "CVE-2017-7093", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-820/advisory.json", "detail_path": "advisories/ZDI-17-820", "id": "ZDI-17-820", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "Apple Safari BoundFunction Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-820/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4711", "zdi_id": "ZDI-17-820" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-819/advisory.json", "detail_path": "advisories/ZDI-17-819", "id": "ZDI-17-819", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft SegCmt Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-819/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4553", "zdi_id": "ZDI-17-819" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-818/advisory.json", "detail_path": "advisories/ZDI-17-818", "id": "ZDI-17-818", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft LAD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-818/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4637", "zdi_id": "ZDI-17-818" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-817/advisory.json", "detail_path": "advisories/ZDI-17-817", "id": "ZDI-17-817", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft SFC File Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-817/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4636", "zdi_id": "ZDI-17-817" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-816/advisory.json", "detail_path": "advisories/ZDI-17-816", "id": "ZDI-17-816", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft DEV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-816/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4555", "zdi_id": "ZDI-17-816" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-815/advisory.json", "detail_path": "advisories/ZDI-17-815", "id": "ZDI-17-815", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft EPC File Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-815/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4554", "zdi_id": "ZDI-17-815" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-814/advisory.json", "detail_path": "advisories/ZDI-17-814", "id": "ZDI-17-814", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft EPC File Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-814/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4551", "zdi_id": "ZDI-17-814" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-813/advisory.json", "detail_path": "advisories/ZDI-17-813", "id": "ZDI-17-813", "kind": "published", "published_date": "2017-09-26", "status": "published", "title": "(0Day) Eaton ELCSoft Device Comment Range Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-813/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4552", "zdi_id": "ZDI-17-813" }, { "cve": "CVE-2017-10955", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which l...", "detail_json": "/data/advisories/ZDI-17-812/advisory.json", "detail_path": "advisories/ZDI-17-812", "id": "ZDI-17-812", "kind": "published", "published_date": "2017-09-28", "status": "published", "title": "(0Day) EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-812/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4697", "zdi_id": "ZDI-17-812" }, { "cve": "CVE-2017-8013", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which...", "detail_json": "/data/advisories/ZDI-17-811/advisory.json", "detail_path": "advisories/ZDI-17-811", "id": "ZDI-17-811", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-811/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4699", "zdi_id": "ZDI-17-811" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-810/advisory.json", "detail_path": "advisories/ZDI-17-810", "id": "ZDI-17-810", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_moveto_group_list Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-810/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4683", "zdi_id": "ZDI-17-810" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the del...", "detail_json": "/data/advisories/ZDI-17-809/advisory.json", "detail_path": "advisories/ZDI-17-809", "id": "ZDI-17-809", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise delete_admin_account UserName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-809/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4679", "zdi_id": "ZDI-17-809" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the add...", "detail_json": "/data/advisories/ZDI-17-808/advisory.json", "detail_path": "advisories/ZDI-17-808", "id": "ZDI-17-808", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise add_app_category Name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-808/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4806", "zdi_id": "ZDI-17-808" }, { "cve": "CVE-2017-14079", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upl...", "detail_json": "/data/advisories/ZDI-17-807/advisory.json", "detail_path": "advisories/ZDI-17-807", "id": "ZDI-17-807", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise upload_img_file Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-807/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4805", "zdi_id": "ZDI-17-807" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-806/advisory.json", "detail_path": "advisories/ZDI-17-806", "id": "ZDI-17-806", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_check_upgrade SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-806/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4804", "zdi_id": "ZDI-17-806" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-805/advisory.json", "detail_path": "advisories/ZDI-17-805", "id": "ZDI-17-805", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_sync_client_info SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-805/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4803", "zdi_id": "ZDI-17-805" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-804/advisory.json", "detail_path": "advisories/ZDI-17-804", "id": "ZDI-17-804", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_sync_all_devices SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-804/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4802", "zdi_id": "ZDI-17-804" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-803/advisory.json", "detail_path": "advisories/ZDI-17-803", "id": "ZDI-17-803", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_unregister SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-803/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4801", "zdi_id": "ZDI-17-803" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-802/advisory.json", "detail_path": "advisories/ZDI-17-802", "id": "ZDI-17-802", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_upload_new_devices SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-802/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4800", "zdi_id": "ZDI-17-802" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the eas...", "detail_json": "/data/advisories/ZDI-17-801/advisory.json", "detail_path": "advisories/ZDI-17-801", "id": "ZDI-17-801", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_command SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-801/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4799", "zdi_id": "ZDI-17-801" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-800/advisory.json", "detail_path": "advisories/ZDI-17-800", "id": "ZDI-17-800", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise eas_agent_register SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-800/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4797", "zdi_id": "ZDI-17-800" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the can...", "detail_json": "/data/advisories/ZDI-17-799/advisory.json", "detail_path": "advisories/ZDI-17-799", "id": "ZDI-17-799", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise cancel_command_list CmdUUID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-799/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4796", "zdi_id": "ZDI-17-799" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the del...", "detail_json": "/data/advisories/ZDI-17-798/advisory.json", "detail_path": "advisories/ZDI-17-798", "id": "ZDI-17-798", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise delete_user Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-798/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4794", "zdi_id": "ZDI-17-798" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the rem...", "detail_json": "/data/advisories/ZDI-17-797/advisory.json", "detail_path": "advisories/ZDI-17-797", "id": "ZDI-17-797", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise remove_command_list CmdUUID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-797/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4793", "zdi_id": "ZDI-17-797" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the res...", "detail_json": "/data/advisories/ZDI-17-796/advisory.json", "detail_path": "advisories/ZDI-17-796", "id": "ZDI-17-796", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise resend_command_list CmdUUID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-796/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4792", "zdi_id": "ZDI-17-796" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the edi...", "detail_json": "/data/advisories/ZDI-17-795/advisory.json", "detail_path": "advisories/ZDI-17-795", "id": "ZDI-17-795", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise edit_eas_note Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-795/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4791", "zdi_id": "ZDI-17-795" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-794/advisory.json", "detail_path": "advisories/ZDI-17-794", "id": "ZDI-17-794", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise save_eas_agent_setting SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-794/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4790", "zdi_id": "ZDI-17-794" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-793/advisory.json", "detail_path": "advisories/ZDI-17-793", "id": "ZDI-17-793", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise remove_eas_agent_info SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-793/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4788", "zdi_id": "ZDI-17-793" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-792/advisory.json", "detail_path": "advisories/ZDI-17-792", "id": "ZDI-17-792", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise show_eas_agent_info SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-792/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4787", "zdi_id": "ZDI-17-792" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the cre...", "detail_json": "/data/advisories/ZDI-17-791/advisory.json", "detail_path": "advisories/ZDI-17-791", "id": "ZDI-17-791", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise create_db SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-791/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4786", "zdi_id": "ZDI-17-791" }, { "cve": "CVE-2017-14079", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upl...", "detail_json": "/data/advisories/ZDI-17-790/advisory.json", "detail_path": "advisories/ZDI-17-790", "id": "ZDI-17-790", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise upload_font_file Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-790/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4785", "zdi_id": "ZDI-17-790" }, { "cve": "CVE-2017-14079", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upl...", "detail_json": "/data/advisories/ZDI-17-789/advisory.json", "detail_path": "advisories/ZDI-17-789", "id": "ZDI-17-789", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise upload_wallpaper_file Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-789/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4784", "zdi_id": "ZDI-17-789" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-788/advisory.json", "detail_path": "advisories/ZDI-17-788", "id": "ZDI-17-788", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise mdm_register_new_connector SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-788/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4783", "zdi_id": "ZDI-17-788" }, { "cve": "CVE-2017-14078", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the...", "detail_json": "/data/advisories/ZDI-17-787/advisory.json", "detail_path": "advisories/ZDI-17-787", "id": "ZDI-17-787", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise diagnose_eas_status SlinkId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-787/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4782", "zdi_id": "ZDI-17-787" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the rei...", "detail_json": "/data/advisories/ZDI-17-786/advisory.json", "detail_path": "advisories/ZDI-17-786", "id": "ZDI-17-786", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise reinvite_user Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-786/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4781", "zdi_id": "ZDI-17-786" }, { "cve": "CVE-2017-14079", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upl...", "detail_json": "/data/advisories/ZDI-17-785/advisory.json", "detail_path": "advisories/ZDI-17-785", "id": "ZDI-17-785", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise upload_app_file Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-785/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4780", "zdi_id": "ZDI-17-785" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the ass...", "detail_json": "/data/advisories/ZDI-17-784/advisory.json", "detail_path": "advisories/ZDI-17-784", "id": "ZDI-17-784", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise assign_policy Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-784/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4779", "zdi_id": "ZDI-17-784" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the rem...", "detail_json": "/data/advisories/ZDI-17-783/advisory.json", "detail_path": "advisories/ZDI-17-783", "id": "ZDI-17-783", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise remote_selective_wipe_device id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-783/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4693", "zdi_id": "ZDI-17-783" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-782/advisory.json", "detail_path": "advisories/ZDI-17-782", "id": "ZDI-17-782", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_dep_profile Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-782/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4692", "zdi_id": "ZDI-17-782" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upl...", "detail_json": "/data/advisories/ZDI-17-781/advisory.json", "detail_path": "advisories/ZDI-17-781", "id": "ZDI-17-781", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise upload_web_app AppFile SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-781/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4691", "zdi_id": "ZDI-17-781" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the inv...", "detail_json": "/data/advisories/ZDI-17-780/advisory.json", "detail_path": "advisories/ZDI-17-780", "id": "ZDI-17-780", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise invite_devices user_name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-780/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4690", "zdi_id": "ZDI-17-780" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upd...", "detail_json": "/data/advisories/ZDI-17-779/advisory.json", "detail_path": "advisories/ZDI-17-779", "id": "ZDI-17-779", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise update_group Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-779/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4688", "zdi_id": "ZDI-17-779" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the del...", "detail_json": "/data/advisories/ZDI-17-778/advisory.json", "detail_path": "advisories/ZDI-17-778", "id": "ZDI-17-778", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise delete_group ParentId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-778/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4687", "zdi_id": "ZDI-17-778" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the rem...", "detail_json": "/data/advisories/ZDI-17-777/advisory.json", "detail_path": "advisories/ZDI-17-777", "id": "ZDI-17-777", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise remote_lock_device Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-777/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4686", "zdi_id": "ZDI-17-777" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the exp...", "detail_json": "/data/advisories/ZDI-17-776/advisory.json", "detail_path": "advisories/ZDI-17-776", "id": "ZDI-17-776", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise export_devices Device_DeviceGroupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-776/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4685", "zdi_id": "ZDI-17-776" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-775/advisory.json", "detail_path": "advisories/ZDI-17-775", "id": "ZDI-17-775", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_subgroup_list id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-775/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4682", "zdi_id": "ZDI-17-775" }, { "cve": "CVE-2017-14081", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTMCSS Proxy functi...", "detail_json": "/data/advisories/ZDI-17-774/advisory.json", "detail_path": "advisories/ZDI-17-774", "id": "ZDI-17-774", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-774/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4681", "zdi_id": "ZDI-17-774" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the not...", "detail_json": "/data/advisories/ZDI-17-773/advisory.json", "detail_path": "advisories/ZDI-17-773", "id": "ZDI-17-773", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise notify_devices_to_update id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-773/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4680", "zdi_id": "ZDI-17-773" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-772/advisory.json", "detail_path": "advisories/ZDI-17-772", "id": "ZDI-17-772", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_device_detail_info id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-772/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4678", "zdi_id": "ZDI-17-772" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the que...", "detail_json": "/data/advisories/ZDI-17-771/advisory.json", "detail_path": "advisories/ZDI-17-771", "id": "ZDI-17-771", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise query_user search_by SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-771/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4677", "zdi_id": "ZDI-17-771" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-770/advisory.json", "detail_path": "advisories/ZDI-17-770", "id": "ZDI-17-770", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_device_list_brief_by_group id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-770/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4676", "zdi_id": "ZDI-17-770" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sea...", "detail_json": "/data/advisories/ZDI-17-769/advisory.json", "detail_path": "advisories/ZDI-17-769", "id": "ZDI-17-769", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise search_device_invitations user_name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-769/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4673", "zdi_id": "ZDI-17-769" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the edi...", "detail_json": "/data/advisories/ZDI-17-768/advisory.json", "detail_path": "advisories/ZDI-17-768", "id": "ZDI-17-768", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise edit_user id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-768/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4672", "zdi_id": "ZDI-17-768" }, { "cve": "CVE-2017-14080", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the initialization of...", "detail_json": "/data/advisories/ZDI-17-767/advisory.json", "detail_path": "advisories/ZDI-17-767", "id": "ZDI-17-767", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise widgetforsecurity talker Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-767/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4671", "zdi_id": "ZDI-17-767" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the cha...", "detail_json": "/data/advisories/ZDI-17-766/advisory.json", "detail_path": "advisories/ZDI-17-766", "id": "ZDI-17-766", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise change_device_user id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-766/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4670", "zdi_id": "ZDI-17-766" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the res...", "detail_json": "/data/advisories/ZDI-17-765/advisory.json", "detail_path": "advisories/ZDI-17-765", "id": "ZDI-17-765", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise reset_device_passwd id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-765/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4668", "zdi_id": "ZDI-17-765" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-764/advisory.json", "detail_path": "advisories/ZDI-17-764", "id": "ZDI-17-764", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_remote_unlockstring Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-764/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4667", "zdi_id": "ZDI-17-764" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-763/advisory.json", "detail_path": "advisories/ZDI-17-763", "id": "ZDI-17-763", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_user_list LDAPAccount SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-763/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4666", "zdi_id": "ZDI-17-763" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the mov...", "detail_json": "/data/advisories/ZDI-17-762/advisory.json", "detail_path": "advisories/ZDI-17-762", "id": "ZDI-17-762", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise move_group Id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-762/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4665", "zdi_id": "ZDI-17-762" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the que...", "detail_json": "/data/advisories/ZDI-17-761/advisory.json", "detail_path": "advisories/ZDI-17-761", "id": "ZDI-17-761", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise query_installed_applications application_name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-761/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4664", "zdi_id": "ZDI-17-761" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the edi...", "detail_json": "/data/advisories/ZDI-17-760/advisory.json", "detail_path": "advisories/ZDI-17-760", "id": "ZDI-17-760", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise edit_device id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-760/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4663", "zdi_id": "ZDI-17-760" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the loc...", "detail_json": "/data/advisories/ZDI-17-759/advisory.json", "detail_path": "advisories/ZDI-17-759", "id": "ZDI-17-759", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise locate_device id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-759/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4662", "zdi_id": "ZDI-17-759" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sea...", "detail_json": "/data/advisories/ZDI-17-758/advisory.json", "detail_path": "advisories/ZDI-17-758", "id": "ZDI-17-758", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise search_user_for_report user_name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-758/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4661", "zdi_id": "ZDI-17-758" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the get...", "detail_json": "/data/advisories/ZDI-17-757/advisory.json", "detail_path": "advisories/ZDI-17-757", "id": "ZDI-17-757", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise get_device_location Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-757/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4660", "zdi_id": "ZDI-17-757" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sea...", "detail_json": "/data/advisories/ZDI-17-756/advisory.json", "detail_path": "advisories/ZDI-17-756", "id": "ZDI-17-756", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise search_users_for_vpp user_name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-756/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4659", "zdi_id": "ZDI-17-756" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the que...", "detail_json": "/data/advisories/ZDI-17-755/advisory.json", "detail_path": "advisories/ZDI-17-755", "id": "ZDI-17-755", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise query_event_log AdminName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-755/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4658", "zdi_id": "ZDI-17-755" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the add...", "detail_json": "/data/advisories/ZDI-17-754/advisory.json", "detail_path": "advisories/ZDI-17-754", "id": "ZDI-17-754", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise add_group Name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-754/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4657", "zdi_id": "ZDI-17-754" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the rem...", "detail_json": "/data/advisories/ZDI-17-753/advisory.json", "detail_path": "advisories/ZDI-17-753", "id": "ZDI-17-753", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise remote_wipe_device id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-753/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4656", "zdi_id": "ZDI-17-753" }, { "cve": "CVE-2017-14081", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTMCSS Proxy functi...", "detail_json": "/data/advisories/ZDI-17-752/advisory.json", "detail_path": "advisories/ZDI-17-752", "id": "ZDI-17-752", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-752/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4655", "zdi_id": "ZDI-17-752" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the bro...", "detail_json": "/data/advisories/ZDI-17-751/advisory.json", "detail_path": "advisories/ZDI-17-751", "id": "ZDI-17-751", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise broadcast_group GroupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-751/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4654", "zdi_id": "ZDI-17-751" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sea...", "detail_json": "/data/advisories/ZDI-17-750/advisory.json", "detail_path": "advisories/ZDI-17-750", "id": "ZDI-17-750", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise search_devices group_id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-750/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4653", "zdi_id": "ZDI-17-750" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the inv...", "detail_json": "/data/advisories/ZDI-17-749/advisory.json", "detail_path": "advisories/ZDI-17-749", "id": "ZDI-17-749", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise invite_devices email SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-749/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4652", "zdi_id": "ZDI-17-749" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sto...", "detail_json": "/data/advisories/ZDI-17-748/advisory.json", "detail_path": "advisories/ZDI-17-748", "id": "ZDI-17-748", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise stop_mirroring Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-748/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4651", "zdi_id": "ZDI-17-748" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the cha...", "detail_json": "/data/advisories/ZDI-17-747/advisory.json", "detail_path": "advisories/ZDI-17-747", "id": "ZDI-17-747", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise change_ios_setting Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-747/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4650", "zdi_id": "ZDI-17-747" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the exp...", "detail_json": "/data/advisories/ZDI-17-746/advisory.json", "detail_path": "advisories/ZDI-17-746", "id": "ZDI-17-746", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise export_eas_devices Domain SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-746/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4649", "zdi_id": "ZDI-17-746" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within processing of the broadca...", "detail_json": "/data/advisories/ZDI-17-745/advisory.json", "detail_path": "advisories/ZDI-17-745", "id": "ZDI-17-745", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise broadcast_devices Device_DeviceDeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-745/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4648", "zdi_id": "ZDI-17-745" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the not...", "detail_json": "/data/advisories/ZDI-17-744/advisory.json", "detail_path": "advisories/ZDI-17-744", "id": "ZDI-17-744", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise notify_groups_to_update DeviceGroupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-744/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4647", "zdi_id": "ZDI-17-744" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the del...", "detail_json": "/data/advisories/ZDI-17-743/advisory.json", "detail_path": "advisories/ZDI-17-743", "id": "ZDI-17-743", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise delete_devices Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-743/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4646", "zdi_id": "ZDI-17-743" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the sho...", "detail_json": "/data/advisories/ZDI-17-742/advisory.json", "detail_path": "advisories/ZDI-17-742", "id": "ZDI-17-742", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise show_eas_devices Domain SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-742/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4645", "zdi_id": "ZDI-17-742" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the mov...", "detail_json": "/data/advisories/ZDI-17-741/advisory.json", "detail_path": "advisories/ZDI-17-741", "id": "ZDI-17-741", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise move_devices Device_DeviceDeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-741/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4644", "zdi_id": "ZDI-17-741" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the not...", "detail_json": "/data/advisories/ZDI-17-740/advisory.json", "detail_path": "advisories/ZDI-17-740", "id": "ZDI-17-740", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise notify_devices_to_scan Device_DeviceDeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-740/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4643", "zdi_id": "ZDI-17-740" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the not...", "detail_json": "/data/advisories/ZDI-17-739/advisory.json", "detail_path": "advisories/ZDI-17-739", "id": "ZDI-17-739", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise notify_groups_to_scan DeviceGroupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-739/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4642", "zdi_id": "ZDI-17-739" }, { "cve": "CVE-2017-4924", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-738/advisory.json", "detail_path": "advisories/ZDI-17-738", "id": "ZDI-17-738", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-738/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4857", "zdi_id": "ZDI-17-738" }, { "cve": "CVE-2017-14078", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within processing of the change_...", "detail_json": "/data/advisories/ZDI-17-737/advisory.json", "detail_path": "advisories/ZDI-17-737", "id": "ZDI-17-737", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Trend Micro Mobile Security for Enterprise change_user Device_DeviceId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-737/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4778", "zdi_id": "ZDI-17-737" }, { "cve": "CVE-2017-8738", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-736/advisory.json", "detail_path": "advisories/ZDI-17-736", "id": "ZDI-17-736", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-736/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5056", "zdi_id": "ZDI-17-736" }, { "cve": "CVE-2017-8720", "cvss": 1.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-735/advisory.json", "detail_path": "advisories/ZDI-17-735", "id": "ZDI-17-735", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Microsoft Windows PlgBlt Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-735/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5082", "zdi_id": "ZDI-17-735" }, { "cve": "CVE-2017-8692", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-734/advisory.json", "detail_path": "advisories/ZDI-17-734", "id": "ZDI-17-734", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Windows Uniscribe Bidirectional Text Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-734/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4845", "zdi_id": "ZDI-17-734" }, { "cve": "CVE-2016-0165", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-733/advisory.json", "detail_path": "advisories/ZDI-17-733", "id": "ZDI-17-733", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Windows win32kfull Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-733/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-5081", "zdi_id": "ZDI-17-733" }, { "cve": "CVE-2017-8743", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-17-732/advisory.json", "detail_path": "advisories/ZDI-17-732", "id": "ZDI-17-732", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Office PowerPoint ppt File Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-732/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4968", "zdi_id": "ZDI-17-732" }, { "cve": "CVE-2017-8738", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-731/advisory.json", "detail_path": "advisories/ZDI-17-731", "id": "ZDI-17-731", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-731/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4910", "zdi_id": "ZDI-17-731" }, { "cve": "CVE-2017-8744", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-730/advisory.json", "detail_path": "advisories/ZDI-17-730", "id": "ZDI-17-730", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Office Word WordPerfect Document Converter Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-730/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4893", "zdi_id": "ZDI-17-730" }, { "cve": "CVE-2017-8728", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-729/advisory.json", "detail_path": "advisories/ZDI-17-729", "id": "ZDI-17-729", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-729/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4885", "zdi_id": "ZDI-17-729" }, { "cve": "CVE-2017-8737", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-17-728/advisory.json", "detail_path": "advisories/ZDI-17-728", "id": "ZDI-17-728", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-728/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4844", "zdi_id": "ZDI-17-728" }, { "cve": "CVE-2017-8631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-727/advisory.json", "detail_path": "advisories/ZDI-17-727", "id": "ZDI-17-727", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Microsoft Office Excel xlsb File Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-727/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4795", "zdi_id": "ZDI-17-727" }, { "cve": "CVE-2017-8750", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-17-726/advisory.json", "detail_path": "advisories/ZDI-17-726", "id": "ZDI-17-726", "kind": "published", "published_date": "2017-09-15", "status": "published", "title": "Microsoft Internet Explorer JavaScript WeakMap Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-726/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4985", "zdi_id": "ZDI-17-726" }, { "cve": "CVE-2017-8661", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-725/advisory.json", "detail_path": "advisories/ZDI-17-725", "id": "ZDI-17-725", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Edge Undo Command Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-725/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4888", "zdi_id": "ZDI-17-725" }, { "cve": "CVE-2017-8676", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-724/advisory.json", "detail_path": "advisories/ZDI-17-724", "id": "ZDI-17-724", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "Microsoft Windows Bitmap Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-724/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4708", "zdi_id": "ZDI-17-724" }, { "cve": "CVE-2017-8015", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Appsync. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The speci...", "detail_json": "/data/advisories/ZDI-17-723/advisory.json", "detail_path": "advisories/ZDI-17-723", "id": "ZDI-17-723", "kind": "published", "published_date": "2017-09-12", "status": "published", "title": "EMC AppSync Apollo REST Services SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-723/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4710", "zdi_id": "ZDI-17-723" }, { "cve": "CVE-2017-13983", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Authentication is not required to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-17-722/advisory.json", "detail_path": "advisories/ZDI-17-722", "id": "ZDI-17-722", "kind": "published", "published_date": "2017-09-07", "status": "published", "title": "Hewlett Packard Enterprise Application Performance Management System Health Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-722/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4466", "zdi_id": "ZDI-17-722" }, { "cve": "CVE-2017-13985", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the exi...", "detail_json": "/data/advisories/ZDI-17-721/advisory.json", "detail_path": "advisories/ZDI-17-721", "id": "ZDI-17-721", "kind": "published", "published_date": "2017-09-07", "status": "published", "title": "Hewlett Packard Enterprise Application Performance Management System Health Email Servlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-721/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4456", "zdi_id": "ZDI-17-721" }, { "cve": "CVE-2017-13984", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the existing au...", "detail_json": "/data/advisories/ZDI-17-720/advisory.json", "detail_path": "advisories/ZDI-17-720", "id": "ZDI-17-720", "kind": "published", "published_date": "2017-09-07", "status": "published", "title": "Hewlett Packard Enterprise Application Performance Management System Health SHExportToExcel Servlet Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-720/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4457", "zdi_id": "ZDI-17-720" }, { "cve": "CVE-2017-13982", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the existing au...", "detail_json": "/data/advisories/ZDI-17-719/advisory.json", "detail_path": "advisories/ZDI-17-719", "id": "ZDI-17-719", "kind": "published", "published_date": "2017-09-07", "status": "published", "title": "Hewlett Packard Enterprise Application Performance Management System Health UploadManager Servlet Directory Traversal Unrestricted File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-719/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4455", "zdi_id": "ZDI-17-719" }, { "cve": "CVE-2017-10953", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-718/advisory.json", "detail_path": "advisories/ZDI-17-718", "id": "ZDI-17-718", "kind": "published", "published_date": "2017-09-07", "status": "published", "title": "Foxit Reader XFA gotoURL Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-718/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-5030", "zdi_id": "ZDI-17-718" }, { "cve": "CVE-2017-10954", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-717/advisory.json", "detail_path": "advisories/ZDI-17-717", "id": "ZDI-17-717", "kind": "published", "published_date": "2017-09-06", "status": "published", "title": "Bitdefender Internet Security PDF Predictor Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-717/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4361", "zdi_id": "ZDI-17-717" }, { "cve": "CVE-2017-8994", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wsExecut...", "detail_json": "/data/advisories/ZDI-17-716/advisory.json", "detail_path": "advisories/ZDI-17-716", "id": "ZDI-17-716", "kind": "published", "published_date": "2017-09-05", "status": "published", "title": "Hewlett Packard Enterprise Operations Orchestration Backwards Compatibility Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-716/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4524", "zdi_id": "ZDI-17-716" }, { "cve": "CVE-2017-8994", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the central-...", "detail_json": "/data/advisories/ZDI-17-715/advisory.json", "detail_path": "advisories/ZDI-17-715", "id": "ZDI-17-715", "kind": "published", "published_date": "2017-09-05", "status": "published", "title": "Hewlett Packard Enterprise Operations Orchestration Central-Remoting Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-715/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4563", "zdi_id": "ZDI-17-715" }, { "cve": "CVE-2017-7071", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-714/advisory.json", "detail_path": "advisories/ZDI-17-714", "id": "ZDI-17-714", "kind": "published", "published_date": "2017-09-05", "status": "published", "title": "Apple Safari HTMLSlotElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-714/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4521", "zdi_id": "ZDI-17-714" }, { "cve": "CVE-2017-12713", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-17-713/advisory.json", "detail_path": "advisories/ZDI-17-713", "id": "ZDI-17-713", "kind": "published", "published_date": "2017-08-30", "status": "published", "title": "Advantech WebAccess Product Installation File Access Control Modification Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-713/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4897", "zdi_id": "ZDI-17-713" }, { "cve": "CVE-2017-12710", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within rmTemplate.a...", "detail_json": "/data/advisories/ZDI-17-712/advisory.json", "detail_path": "advisories/ZDI-17-712", "id": "ZDI-17-712", "kind": "published", "published_date": "2017-08-30", "status": "published", "title": "Advantech WebAccess rmTemplate SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-712/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4548", "zdi_id": "ZDI-17-712" }, { "cve": "CVE-2017-8003", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily byp...", "detail_json": "/data/advisories/ZDI-17-711/advisory.json", "detail_path": "advisories/ZDI-17-711", "id": "ZDI-17-711", "kind": "published", "published_date": "2017-08-25", "status": "published", "title": "EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-711/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4695", "zdi_id": "ZDI-17-711" }, { "cve": "CVE-2017-8002", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily byp...", "detail_json": "/data/advisories/ZDI-17-710/advisory.json", "detail_path": "advisories/ZDI-17-710", "id": "ZDI-17-710", "kind": "published", "published_date": "2017-08-25", "status": "published", "title": "EMC Data Protection Advisor RequestHistoryResource orderby SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-710/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4698", "zdi_id": "ZDI-17-710" }, { "cve": "CVE-2017-8002", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily byp...", "detail_json": "/data/advisories/ZDI-17-709/advisory.json", "detail_path": "advisories/ZDI-17-709", "id": "ZDI-17-709", "kind": "published", "published_date": "2017-08-25", "status": "published", "title": "EMC Data Protection Advisor ReportQueueResource orderby SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-709/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4694", "zdi_id": "ZDI-17-709" }, { "cve": "CVE-2017-8002", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily byp...", "detail_json": "/data/advisories/ZDI-17-708/advisory.json", "detail_path": "advisories/ZDI-17-708", "id": "ZDI-17-708", "kind": "published", "published_date": "2017-08-25", "status": "published", "title": "EMC Data Protection Advisor BaseRestEntityResource orderby SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-708/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4696", "zdi_id": "ZDI-17-708" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-17-707/advisory.json", "detail_path": "advisories/ZDI-17-707", "id": "ZDI-17-707", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation PMSoft Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-707/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4111", "zdi_id": "ZDI-17-707" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-17-706/advisory.json", "detail_path": "advisories/ZDI-17-706", "id": "ZDI-17-706", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation PMSoft Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-706/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4045", "zdi_id": "ZDI-17-706" }, { "cve": "CVE-2018-7507", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-705/advisory.json", "detail_path": "advisories/ZDI-17-705", "id": "ZDI-17-705", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-705/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4442", "zdi_id": "ZDI-17-705" }, { "cve": "CVE-2018-7507", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-704/advisory.json", "detail_path": "advisories/ZDI-17-704", "id": "ZDI-17-704", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-704/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4441", "zdi_id": "ZDI-17-704" }, { "cve": "CVE-2018-7507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-703/advisory.json", "detail_path": "advisories/ZDI-17-703", "id": "ZDI-17-703", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-703/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4436", "zdi_id": "ZDI-17-703" }, { "cve": "CVE-2018-7507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-702/advisory.json", "detail_path": "advisories/ZDI-17-702", "id": "ZDI-17-702", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-702/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4440", "zdi_id": "ZDI-17-702" }, { "cve": "CVE-2018-7509", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-701/advisory.json", "detail_path": "advisories/ZDI-17-701", "id": "ZDI-17-701", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-701/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4435", "zdi_id": "ZDI-17-701" }, { "cve": "CVE-2018-7509", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-700/advisory.json", "detail_path": "advisories/ZDI-17-700", "id": "ZDI-17-700", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-700/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4428", "zdi_id": "ZDI-17-700" }, { "cve": "CVE-2018-7507", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-699/advisory.json", "detail_path": "advisories/ZDI-17-699", "id": "ZDI-17-699", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-699/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4439", "zdi_id": "ZDI-17-699" }, { "cve": "CVE-2018-7494", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must...", "detail_json": "/data/advisories/ZDI-17-698/advisory.json", "detail_path": "advisories/ZDI-17-698", "id": "ZDI-17-698", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-698/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3917", "zdi_id": "ZDI-17-698" }, { "cve": "CVE-2018-7509", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-697/advisory.json", "detail_path": "advisories/ZDI-17-697", "id": "ZDI-17-697", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-03-28", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-697/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4438", "zdi_id": "ZDI-17-697" }, { "cve": "CVE-2017-8496", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-17-696/advisory.json", "detail_path": "advisories/ZDI-17-696", "id": "ZDI-17-696", "kind": "published", "published_date": "2017-08-24", "status": "published", "title": "Microsoft Edge DOMAttrModified Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-696/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4884", "zdi_id": "ZDI-17-696" }, { "cve": "CVE-2017-12694", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within web server access to the scdefault d...", "detail_json": "/data/advisories/ZDI-17-695/advisory.json", "detail_path": "advisories/ZDI-17-695", "id": "ZDI-17-695", "kind": "published", "published_date": "2017-08-23", "status": "published", "title": "SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-695/", "vendor": "SpiderControl", "vendor_url": null, "zdi_can": "ZDI-CAN-4174", "zdi_id": "ZDI-17-695" }, { "cve": "CVE-2017-12707", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-694/advisory.json", "detail_path": "advisories/ZDI-17-694", "id": "ZDI-17-694", "kind": "published", "published_date": "2017-08-23", "status": "published", "title": "SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-694/", "vendor": "SpiderControl", "vendor_url": null, "zdi_can": "ZDI-CAN-4194", "zdi_id": "ZDI-17-694" }, { "cve": "CVE-2017-10950", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-17-693/advisory.json", "detail_path": "advisories/ZDI-17-693", "id": "ZDI-17-693", "kind": "published", "published_date": "2017-08-17", "status": "published", "title": "Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-693/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4776", "zdi_id": "ZDI-17-693" }, { "cve": "CVE-2017-10952", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-692/advisory.json", "detail_path": "advisories/ZDI-17-692", "id": "ZDI-17-692", "kind": "published", "published_date": "2017-08-17", "status": "published", "title": "(0Day) Foxit Reader saveAs Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-692/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4518", "zdi_id": "ZDI-17-692" }, { "cve": "CVE-2017-10951", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-691/advisory.json", "detail_path": "advisories/ZDI-17-691", "id": "ZDI-17-691", "kind": "published", "published_date": "2017-08-17", "status": "published", "title": "(0Day) Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-691/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4724", "zdi_id": "ZDI-17-691" }, { "cve": "CVE-2017-12526", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-690/advisory.json", "detail_path": "advisories/ZDI-17-690", "id": "ZDI-17-690", "kind": "published", "published_date": "2017-08-14", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center wmiConfigContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-690/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4880", "zdi_id": "ZDI-17-690" }, { "cve": "CVE-2017-12525", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-689/advisory.json", "detail_path": "advisories/ZDI-17-689", "id": "ZDI-17-689", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center index Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-689/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4879", "zdi_id": "ZDI-17-689" }, { "cve": "CVE-2017-12524", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-688/advisory.json", "detail_path": "advisories/ZDI-17-688", "id": "ZDI-17-688", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operatorGroupSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-688/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4878", "zdi_id": "ZDI-17-688" }, { "cve": "CVE-2017-12523", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-687/advisory.json", "detail_path": "advisories/ZDI-17-687", "id": "ZDI-17-687", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center guiDataDetail Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-687/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4875", "zdi_id": "ZDI-17-687" }, { "cve": "CVE-2017-12522", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-686/advisory.json", "detail_path": "advisories/ZDI-17-686", "id": "ZDI-17-686", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-686/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4873", "zdi_id": "ZDI-17-686" }, { "cve": "CVE-2017-12521", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-685/advisory.json", "detail_path": "advisories/ZDI-17-685", "id": "ZDI-17-685", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center userSelectPagingContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-685/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4872", "zdi_id": "ZDI-17-685" }, { "cve": "CVE-2017-12520", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-684/advisory.json", "detail_path": "advisories/ZDI-17-684", "id": "ZDI-17-684", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfAddorModDeviceMonitor Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-684/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4871", "zdi_id": "ZDI-17-684" }, { "cve": "CVE-2017-12519", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-683/advisory.json", "detail_path": "advisories/ZDI-17-683", "id": "ZDI-17-683", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center faultEventSelectFactWithRecover Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-683/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4870", "zdi_id": "ZDI-17-683" }, { "cve": "CVE-2017-12518", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-682/advisory.json", "detail_path": "advisories/ZDI-17-682", "id": "ZDI-17-682", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operationSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-682/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4869", "zdi_id": "ZDI-17-682" }, { "cve": "CVE-2017-12517", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-681/advisory.json", "detail_path": "advisories/ZDI-17-681", "id": "ZDI-17-681", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-681/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4868", "zdi_id": "ZDI-17-681" }, { "cve": "CVE-2017-12515", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-680/advisory.json", "detail_path": "advisories/ZDI-17-680", "id": "ZDI-17-680", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center iccSelectRules Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-680/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4864", "zdi_id": "ZDI-17-680" }, { "cve": "CVE-2017-12514", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-679/advisory.json", "detail_path": "advisories/ZDI-17-679", "id": "ZDI-17-679", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-679/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4862", "zdi_id": "ZDI-17-679" }, { "cve": "CVE-2017-12513", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-678/advisory.json", "detail_path": "advisories/ZDI-17-678", "id": "ZDI-17-678", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-678/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4860", "zdi_id": "ZDI-17-678" }, { "cve": "CVE-2017-12512", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-677/advisory.json", "detail_path": "advisories/ZDI-17-677", "id": "ZDI-17-677", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center deviceThresholdConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-677/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4859", "zdi_id": "ZDI-17-677" }, { "cve": "CVE-2017-12510", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-676/advisory.json", "detail_path": "advisories/ZDI-17-676", "id": "ZDI-17-676", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center iccSelectDeviceSeries Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-676/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4874", "zdi_id": "ZDI-17-676" }, { "cve": "CVE-2017-12511", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-675/advisory.json", "detail_path": "advisories/ZDI-17-675", "id": "ZDI-17-675", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dnd Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-675/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4853", "zdi_id": "ZDI-17-675" }, { "cve": "CVE-2017-12499", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-674/advisory.json", "detail_path": "advisories/ZDI-17-674", "id": "ZDI-17-674", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-674/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4841", "zdi_id": "ZDI-17-674" }, { "cve": "CVE-2017-12509", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-673/advisory.json", "detail_path": "advisories/ZDI-17-673", "id": "ZDI-17-673", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center smsRulesDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-673/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4877", "zdi_id": "ZDI-17-673" }, { "cve": "CVE-2017-12508", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-672/advisory.json", "detail_path": "advisories/ZDI-17-672", "id": "ZDI-17-672", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center operatorGroupTreeSelectContent Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-672/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4876", "zdi_id": "ZDI-17-672" }, { "cve": "CVE-2017-12516", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-671/advisory.json", "detail_path": "advisories/ZDI-17-671", "id": "ZDI-17-671", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-671/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4867", "zdi_id": "ZDI-17-671" }, { "cve": "CVE-2017-12507", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-670/advisory.json", "detail_path": "advisories/ZDI-17-670", "id": "ZDI-17-670", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center deploySelectSoftware Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-670/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4866", "zdi_id": "ZDI-17-670" }, { "cve": "CVE-2017-12506", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-669/advisory.json", "detail_path": "advisories/ZDI-17-669", "id": "ZDI-17-669", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-669/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4865", "zdi_id": "ZDI-17-669" }, { "cve": "CVE-2017-12505", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-668/advisory.json", "detail_path": "advisories/ZDI-17-668", "id": "ZDI-17-668", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-668/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4863", "zdi_id": "ZDI-17-668" }, { "cve": "CVE-2017-12504", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-667/advisory.json", "detail_path": "advisories/ZDI-17-667", "id": "ZDI-17-667", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-667/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4861", "zdi_id": "ZDI-17-667" }, { "cve": "CVE-2017-12503", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-666/advisory.json", "detail_path": "advisories/ZDI-17-666", "id": "ZDI-17-666", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center templateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-666/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4858", "zdi_id": "ZDI-17-666" }, { "cve": "CVE-2017-12502", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-665/advisory.json", "detail_path": "advisories/ZDI-17-665", "id": "ZDI-17-665", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-665/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4850", "zdi_id": "ZDI-17-665" }, { "cve": "CVE-2017-12501", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-664/advisory.json", "detail_path": "advisories/ZDI-17-664", "id": "ZDI-17-664", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-664/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4849", "zdi_id": "ZDI-17-664" }, { "cve": "CVE-2017-12500", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-663/advisory.json", "detail_path": "advisories/ZDI-17-663", "id": "ZDI-17-663", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center ictExpertDownload Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-663/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4848", "zdi_id": "ZDI-17-663" }, { "cve": "CVE-2017-12498", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-662/advisory.json", "detail_path": "advisories/ZDI-17-662", "id": "ZDI-17-662", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center customTemplateSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-662/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4839", "zdi_id": "ZDI-17-662" }, { "cve": "CVE-2017-12497", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-661/advisory.json", "detail_path": "advisories/ZDI-17-661", "id": "ZDI-17-661", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center deviceSelect Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-661/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4852", "zdi_id": "ZDI-17-661" }, { "cve": "CVE-2017-12496", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-660/advisory.json", "detail_path": "advisories/ZDI-17-660", "id": "ZDI-17-660", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-660/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4851", "zdi_id": "ZDI-17-660" }, { "cve": "CVE-2017-12495", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-659/advisory.json", "detail_path": "advisories/ZDI-17-659", "id": "ZDI-17-659", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center selectUserGroup Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-659/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4840", "zdi_id": "ZDI-17-659" }, { "cve": "CVE-2017-12494", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-658/advisory.json", "detail_path": "advisories/ZDI-17-658", "id": "ZDI-17-658", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center mediaForAction Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-658/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4838", "zdi_id": "ZDI-17-658" }, { "cve": "CVE-2017-12493", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-657/advisory.json", "detail_path": "advisories/ZDI-17-657", "id": "ZDI-17-657", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center queryCustomCondition Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-657/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4904", "zdi_id": "ZDI-17-657" }, { "cve": "CVE-2017-12492", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-656/advisory.json", "detail_path": "advisories/ZDI-17-656", "id": "ZDI-17-656", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center saveSelectedInterfaces Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-656/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4903", "zdi_id": "ZDI-17-656" }, { "cve": "CVE-2017-12491", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-655/advisory.json", "detail_path": "advisories/ZDI-17-655", "id": "ZDI-17-655", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center safeSelectedDevices Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-655/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4902", "zdi_id": "ZDI-17-655" }, { "cve": "CVE-2017-12490", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-654/advisory.json", "detail_path": "advisories/ZDI-17-654", "id": "ZDI-17-654", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfSelInsServer Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-654/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4901", "zdi_id": "ZDI-17-654" }, { "cve": "CVE-2017-12489", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-653/advisory.json", "detail_path": "advisories/ZDI-17-653", "id": "ZDI-17-653", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfInsListServer Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-653/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4900", "zdi_id": "ZDI-17-653" }, { "cve": "CVE-2017-12488", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-652/advisory.json", "detail_path": "advisories/ZDI-17-652", "id": "ZDI-17-652", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfSelItemServer Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-652/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4899", "zdi_id": "ZDI-17-652" }, { "cve": "CVE-2017-12487", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-651/advisory.json", "detail_path": "advisories/ZDI-17-651", "id": "ZDI-17-651", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center perfAddFormServer Expression Language Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-651/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4898", "zdi_id": "ZDI-17-651" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-650/advisory.json", "detail_path": "advisories/ZDI-17-650", "id": "ZDI-17-650", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security RAR STM Record Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-650/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4407", "zdi_id": "ZDI-17-650" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-649/advisory.json", "detail_path": "advisories/ZDI-17-649", "id": "ZDI-17-649", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security Inno File Locations Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-649/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4360", "zdi_id": "ZDI-17-649" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-648/advisory.json", "detail_path": "advisories/ZDI-17-648", "id": "ZDI-17-648", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security Inno Header Strings Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-648/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4359", "zdi_id": "ZDI-17-648" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-647/advisory.json", "detail_path": "advisories/ZDI-17-647", "id": "ZDI-17-647", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security NSIS Sections Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-647/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4406", "zdi_id": "ZDI-17-647" }, { "cve": "CVE-2017-9662", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnera...", "detail_json": "/data/advisories/ZDI-17-646/advisory.json", "detail_path": "advisories/ZDI-17-646", "id": "ZDI-17-646", "kind": "published", "published_date": "2017-08-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-646/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-4021", "zdi_id": "ZDI-17-646" }, { "cve": "CVE-2017-9660", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-645/advisory.json", "detail_path": "advisories/ZDI-17-645", "id": "ZDI-17-645", "kind": "published", "published_date": "2017-08-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT Project File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-645/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3994", "zdi_id": "ZDI-17-645" }, { "cve": "CVE-2017-9659", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-644/advisory.json", "detail_path": "advisories/ZDI-17-644", "id": "ZDI-17-644", "kind": "published", "published_date": "2017-08-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-644/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-4014", "zdi_id": "ZDI-17-644" }, { "cve": "CVE-2017-9659", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-643/advisory.json", "detail_path": "advisories/ZDI-17-643", "id": "ZDI-17-643", "kind": "published", "published_date": "2017-08-10", "status": "published", "title": "Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-643/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3993", "zdi_id": "ZDI-17-643" }, { "cve": "CVE-2017-11274", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-642/advisory.json", "detail_path": "advisories/ZDI-17-642", "id": "ZDI-17-642", "kind": "published", "published_date": "2017-08-09", "status": "published", "title": "Adobe Digital Editions ePub Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-642/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4127", "zdi_id": "ZDI-17-642" }, { "cve": "CVE-2017-8641", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-641/advisory.json", "detail_path": "advisories/ZDI-17-641", "id": "ZDI-17-641", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Chakra eval Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-641/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4826", "zdi_id": "ZDI-17-641" }, { "cve": "CVE-2017-8653", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-17-640/advisory.json", "detail_path": "advisories/ZDI-17-640", "id": "ZDI-17-640", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Internet Explorer SVG Layout Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-640/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4777", "zdi_id": "ZDI-17-640" }, { "cve": "CVE-2017-8633", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute medium-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-639/advisory.json", "detail_path": "advisories/ZDI-17-639", "id": "ZDI-17-639", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Windows Error Reporting Manager Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4770", "zdi_id": "ZDI-17-639" }, { "cve": "CVE-2017-0250", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-638/advisory.json", "detail_path": "advisories/ZDI-17-638", "id": "ZDI-17-638", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Windows Jet Engine Library Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-638/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4405", "zdi_id": "ZDI-17-638" }, { "cve": "CVE-2017-8503", "cvss": 3.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-17-637/advisory.json", "detail_path": "advisories/ZDI-17-637", "id": "ZDI-17-637", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Edge XAML File Improper Access Control Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-637/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4461", "zdi_id": "ZDI-17-637" }, { "cve": "CVE-2017-0293", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-636/advisory.json", "detail_path": "advisories/ZDI-17-636", "id": "ZDI-17-636", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-636/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4484", "zdi_id": "ZDI-17-636" }, { "cve": "CVE-2017-8624", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-635/advisory.json", "detail_path": "advisories/ZDI-17-635", "id": "ZDI-17-635", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Microsoft Windows CLFS Driver Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-635/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4773", "zdi_id": "ZDI-17-635" }, { "cve": "CVE-2017-3085", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-634/advisory.json", "detail_path": "advisories/ZDI-17-634", "id": "ZDI-17-634", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Flash URL Redirect Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-634/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4762", "zdi_id": "ZDI-17-634" }, { "cve": "CVE-2017-11231", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-633/advisory.json", "detail_path": "advisories/ZDI-17-633", "id": "ZDI-17-633", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-633/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4887", "zdi_id": "ZDI-17-633" }, { "cve": "CVE-2017-11265", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-632/advisory.json", "detail_path": "advisories/ZDI-17-632", "id": "ZDI-17-632", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-632/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4883", "zdi_id": "ZDI-17-632" }, { "cve": "CVE-2017-11256", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-631/advisory.json", "detail_path": "advisories/ZDI-17-631", "id": "ZDI-17-631", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC XFA AFLayoutInfo Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-631/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4881", "zdi_id": "ZDI-17-631" }, { "cve": "CVE-2017-11255", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-630/advisory.json", "detail_path": "advisories/ZDI-17-630", "id": "ZDI-17-630", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-630/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4854", "zdi_id": "ZDI-17-630" }, { "cve": "CVE-2017-11271", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-629/advisory.json", "detail_path": "advisories/ZDI-17-629", "id": "ZDI-17-629", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-629/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4847", "zdi_id": "ZDI-17-629" }, { "cve": "CVE-2017-11256", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-628/advisory.json", "detail_path": "advisories/ZDI-17-628", "id": "ZDI-17-628", "kind": "published", "published_date": "2017-08-09", "status": "published", "title": "Adobe Acrobat Pro DC XFA PDEContent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-628/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4843", "zdi_id": "ZDI-17-628" }, { "cve": "CVE-2017-11257", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-627/advisory.json", "detail_path": "advisories/ZDI-17-627", "id": "ZDI-17-627", "kind": "published", "published_date": "2017-08-09", "status": "published", "title": "Adobe Acrobat Pro DC XFA nodes Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-627/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4842", "zdi_id": "ZDI-17-627" }, { "cve": "CVE-2017-11261", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-626/advisory.json", "detail_path": "advisories/ZDI-17-626", "id": "ZDI-17-626", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-626/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4836", "zdi_id": "ZDI-17-626" }, { "cve": "CVE-2017-11270", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-625/advisory.json", "detail_path": "advisories/ZDI-17-625", "id": "ZDI-17-625", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-625/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4835", "zdi_id": "ZDI-17-625" }, { "cve": "CVE-2017-11259", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-624/advisory.json", "detail_path": "advisories/ZDI-17-624", "id": "ZDI-17-624", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-624/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4834", "zdi_id": "ZDI-17-624" }, { "cve": "CVE-2017-11269", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-623/advisory.json", "detail_path": "advisories/ZDI-17-623", "id": "ZDI-17-623", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-623/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4833", "zdi_id": "ZDI-17-623" }, { "cve": "CVE-2017-11268", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-622/advisory.json", "detail_path": "advisories/ZDI-17-622", "id": "ZDI-17-622", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-622/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4832", "zdi_id": "ZDI-17-622" }, { "cve": "CVE-2017-11267", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-621/advisory.json", "detail_path": "advisories/ZDI-17-621", "id": "ZDI-17-621", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-621/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4831", "zdi_id": "ZDI-17-621" }, { "cve": "CVE-2017-11259", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-620/advisory.json", "detail_path": "advisories/ZDI-17-620", "id": "ZDI-17-620", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-620/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4830", "zdi_id": "ZDI-17-620" }, { "cve": "CVE-2017-11258", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-619/advisory.json", "detail_path": "advisories/ZDI-17-619", "id": "ZDI-17-619", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-619/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4829", "zdi_id": "ZDI-17-619" }, { "cve": "CVE-2017-11261", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-618/advisory.json", "detail_path": "advisories/ZDI-17-618", "id": "ZDI-17-618", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-618/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4827", "zdi_id": "ZDI-17-618" }, { "cve": "CVE-2017-11260", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-617/advisory.json", "detail_path": "advisories/ZDI-17-617", "id": "ZDI-17-617", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-617/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4828", "zdi_id": "ZDI-17-617" }, { "cve": "CVE-2017-11233", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-616/advisory.json", "detail_path": "advisories/ZDI-17-616", "id": "ZDI-17-616", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-616/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4823", "zdi_id": "ZDI-17-616" }, { "cve": "CVE-2017-11249", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-615/advisory.json", "detail_path": "advisories/ZDI-17-615", "id": "ZDI-17-615", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-615/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4764", "zdi_id": "ZDI-17-615" }, { "cve": "CVE-2017-11232", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-614/advisory.json", "detail_path": "advisories/ZDI-17-614", "id": "ZDI-17-614", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-614/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4821", "zdi_id": "ZDI-17-614" }, { "cve": "CVE-2017-11231", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-613/advisory.json", "detail_path": "advisories/ZDI-17-613", "id": "ZDI-17-613", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-613/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4820", "zdi_id": "ZDI-17-613" }, { "cve": "CVE-2017-11252", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-612/advisory.json", "detail_path": "advisories/ZDI-17-612", "id": "ZDI-17-612", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-612/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4819", "zdi_id": "ZDI-17-612" }, { "cve": "CVE-2017-11230", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-611/advisory.json", "detail_path": "advisories/ZDI-17-611", "id": "ZDI-17-611", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-611/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4818", "zdi_id": "ZDI-17-611" }, { "cve": "CVE-2017-11228", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-610/advisory.json", "detail_path": "advisories/ZDI-17-610", "id": "ZDI-17-610", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-610/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4817", "zdi_id": "ZDI-17-610" }, { "cve": "CVE-2017-11251", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-609/advisory.json", "detail_path": "advisories/ZDI-17-609", "id": "ZDI-17-609", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-609/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4769", "zdi_id": "ZDI-17-609" }, { "cve": "CVE-2017-11244", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-608/advisory.json", "detail_path": "advisories/ZDI-17-608", "id": "ZDI-17-608", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-608/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4767", "zdi_id": "ZDI-17-608" }, { "cve": "CVE-2017-11216", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-607/advisory.json", "detail_path": "advisories/ZDI-17-607", "id": "ZDI-17-607", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-607/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4766", "zdi_id": "ZDI-17-607" }, { "cve": "CVE-2017-11227", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-606/advisory.json", "detail_path": "advisories/ZDI-17-606", "id": "ZDI-17-606", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-606/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4765", "zdi_id": "ZDI-17-606" }, { "cve": "CVE-2017-11242", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-605/advisory.json", "detail_path": "advisories/ZDI-17-605", "id": "ZDI-17-605", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-605/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4822", "zdi_id": "ZDI-17-605" }, { "cve": "CVE-2017-11248", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-604/advisory.json", "detail_path": "advisories/ZDI-17-604", "id": "ZDI-17-604", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-604/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4763", "zdi_id": "ZDI-17-604" }, { "cve": "CVE-2017-11246", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-603/advisory.json", "detail_path": "advisories/ZDI-17-603", "id": "ZDI-17-603", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-603/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4748", "zdi_id": "ZDI-17-603" }, { "cve": "CVE-2017-11245", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-602/advisory.json", "detail_path": "advisories/ZDI-17-602", "id": "ZDI-17-602", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-602/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4747", "zdi_id": "ZDI-17-602" }, { "cve": "CVE-2017-11244", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-601/advisory.json", "detail_path": "advisories/ZDI-17-601", "id": "ZDI-17-601", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-601/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4746", "zdi_id": "ZDI-17-601" }, { "cve": "CVE-2017-11243", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-600/advisory.json", "detail_path": "advisories/ZDI-17-600", "id": "ZDI-17-600", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-600/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4734", "zdi_id": "ZDI-17-600" }, { "cve": "CVE-2017-3121", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-599/advisory.json", "detail_path": "advisories/ZDI-17-599", "id": "ZDI-17-599", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-599/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4733", "zdi_id": "ZDI-17-599" }, { "cve": "CVE-2017-11242", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-598/advisory.json", "detail_path": "advisories/ZDI-17-598", "id": "ZDI-17-598", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-598/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4732", "zdi_id": "ZDI-17-598" }, { "cve": "CVE-2017-11241", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-597/advisory.json", "detail_path": "advisories/ZDI-17-597", "id": "ZDI-17-597", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-597/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4731", "zdi_id": "ZDI-17-597" }, { "cve": "CVE-2017-3122", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-596/advisory.json", "detail_path": "advisories/ZDI-17-596", "id": "ZDI-17-596", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-596/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4730", "zdi_id": "ZDI-17-596" }, { "cve": "CVE-2017-11239", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-595/advisory.json", "detail_path": "advisories/ZDI-17-595", "id": "ZDI-17-595", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-595/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4729", "zdi_id": "ZDI-17-595" }, { "cve": "CVE-2017-11239", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-594/advisory.json", "detail_path": "advisories/ZDI-17-594", "id": "ZDI-17-594", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-594/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4728", "zdi_id": "ZDI-17-594" }, { "cve": "CVE-2017-11238", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-593/advisory.json", "detail_path": "advisories/ZDI-17-593", "id": "ZDI-17-593", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-593/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4727", "zdi_id": "ZDI-17-593" }, { "cve": "CVE-2017-11237", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-592/advisory.json", "detail_path": "advisories/ZDI-17-592", "id": "ZDI-17-592", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-592/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4726", "zdi_id": "ZDI-17-592" }, { "cve": "CVE-2017-11236", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-591/advisory.json", "detail_path": "advisories/ZDI-17-591", "id": "ZDI-17-591", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC Forms Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-591/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4725", "zdi_id": "ZDI-17-591" }, { "cve": "CVE-2017-11235", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-590/advisory.json", "detail_path": "advisories/ZDI-17-590", "id": "ZDI-17-590", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-590/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4720", "zdi_id": "ZDI-17-590" }, { "cve": "CVE-2017-11234", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-589/advisory.json", "detail_path": "advisories/ZDI-17-589", "id": "ZDI-17-589", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-589/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4719", "zdi_id": "ZDI-17-589" }, { "cve": "CVE-2017-11223", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-588/advisory.json", "detail_path": "advisories/ZDI-17-588", "id": "ZDI-17-588", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA closeDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-588/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4716", "zdi_id": "ZDI-17-588" }, { "cve": "CVE-2017-11224", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-587/advisory.json", "detail_path": "advisories/ZDI-17-587", "id": "ZDI-17-587", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA loadXML Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-587/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4715", "zdi_id": "ZDI-17-587" }, { "cve": "CVE-2017-11217", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-586/advisory.json", "detail_path": "advisories/ZDI-17-586", "id": "ZDI-17-586", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-586/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4572", "zdi_id": "ZDI-17-586" }, { "cve": "CVE-2017-11219", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-585/advisory.json", "detail_path": "advisories/ZDI-17-585", "id": "ZDI-17-585", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA topInset Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-585/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4571", "zdi_id": "ZDI-17-585" }, { "cve": "CVE-2017-11216", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-584/advisory.json", "detail_path": "advisories/ZDI-17-584", "id": "ZDI-17-584", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-584/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4570", "zdi_id": "ZDI-17-584" }, { "cve": "CVE-2017-3121", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-583/advisory.json", "detail_path": "advisories/ZDI-17-583", "id": "ZDI-17-583", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-583/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4569", "zdi_id": "ZDI-17-583" }, { "cve": "CVE-2017-11214", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-582/advisory.json", "detail_path": "advisories/ZDI-17-582", "id": "ZDI-17-582", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-582/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4568", "zdi_id": "ZDI-17-582" }, { "cve": "CVE-2017-3122", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-581/advisory.json", "detail_path": "advisories/ZDI-17-581", "id": "ZDI-17-581", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-581/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4567", "zdi_id": "ZDI-17-581" }, { "cve": "CVE-2017-11212", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-580/advisory.json", "detail_path": "advisories/ZDI-17-580", "id": "ZDI-17-580", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-580/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4566", "zdi_id": "ZDI-17-580" }, { "cve": "CVE-2017-11211", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-579/advisory.json", "detail_path": "advisories/ZDI-17-579", "id": "ZDI-17-579", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-579/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4562", "zdi_id": "ZDI-17-579" }, { "cve": "CVE-2017-11210", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-578/advisory.json", "detail_path": "advisories/ZDI-17-578", "id": "ZDI-17-578", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-578/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4559", "zdi_id": "ZDI-17-578" }, { "cve": "CVE-2017-11209", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-577/advisory.json", "detail_path": "advisories/ZDI-17-577", "id": "ZDI-17-577", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-577/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4558", "zdi_id": "ZDI-17-577" }, { "cve": "CVE-2017-3124", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-576/advisory.json", "detail_path": "advisories/ZDI-17-576", "id": "ZDI-17-576", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion PCX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-576/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4557", "zdi_id": "ZDI-17-576" }, { "cve": "CVE-2017-3123", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-575/advisory.json", "detail_path": "advisories/ZDI-17-575", "id": "ZDI-17-575", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-575/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4556", "zdi_id": "ZDI-17-575" }, { "cve": "CVE-2017-3122", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-574/advisory.json", "detail_path": "advisories/ZDI-17-574", "id": "ZDI-17-574", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-574/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4534", "zdi_id": "ZDI-17-574" }, { "cve": "CVE-2017-3121", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-573/advisory.json", "detail_path": "advisories/ZDI-17-573", "id": "ZDI-17-573", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-573/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4502", "zdi_id": "ZDI-17-573" }, { "cve": "CVE-2017-11218", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-572/advisory.json", "detail_path": "advisories/ZDI-17-572", "id": "ZDI-17-572", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-572/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4490", "zdi_id": "ZDI-17-572" }, { "cve": "CVE-2017-3120", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-571/advisory.json", "detail_path": "advisories/ZDI-17-571", "id": "ZDI-17-571", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-571/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4489", "zdi_id": "ZDI-17-571" }, { "cve": "CVE-2017-3115", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-570/advisory.json", "detail_path": "advisories/ZDI-17-570", "id": "ZDI-17-570", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC URL Parsing Insufficient Verification of Data Authenticity Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-570/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4369", "zdi_id": "ZDI-17-570" }, { "cve": "CVE-2017-3113", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-569/advisory.json", "detail_path": "advisories/ZDI-17-569", "id": "ZDI-17-569", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Reader DC XFA exportAsXFAStr Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4310", "zdi_id": "ZDI-17-569" }, { "cve": "CVE-2017-3091", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-568/advisory.json", "detail_path": "advisories/ZDI-17-568", "id": "ZDI-17-568", "kind": "published", "published_date": "2017-08-08", "status": "published", "title": "Adobe Digital Editions ePub JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4128", "zdi_id": "ZDI-17-568" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-567/advisory.json", "detail_path": "advisories/ZDI-17-567", "id": "ZDI-17-567", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-567/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4099", "zdi_id": "ZDI-17-567" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-566/advisory.json", "detail_path": "advisories/ZDI-17-566", "id": "ZDI-17-566", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media DeviceType 3 Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-566/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4076", "zdi_id": "ZDI-17-566" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-565/advisory.json", "detail_path": "advisories/ZDI-17-565", "id": "ZDI-17-565", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-565/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4102", "zdi_id": "ZDI-17-565" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-564/advisory.json", "detail_path": "advisories/ZDI-17-564", "id": "ZDI-17-564", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-564/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4080", "zdi_id": "ZDI-17-564" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-563/advisory.json", "detail_path": "advisories/ZDI-17-563", "id": "ZDI-17-563", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out-of-bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-563/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4079", "zdi_id": "ZDI-17-563" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-562/advisory.json", "detail_path": "advisories/ZDI-17-562", "id": "ZDI-17-562", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-562/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4082", "zdi_id": "ZDI-17-562" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-561/advisory.json", "detail_path": "advisories/ZDI-17-561", "id": "ZDI-17-561", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT setCameraName Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-561/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4110", "zdi_id": "ZDI-17-561" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-560/advisory.json", "detail_path": "advisories/ZDI-17-560", "id": "ZDI-17-560", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-21", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-560/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4075", "zdi_id": "ZDI-17-560" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-559/advisory.json", "detail_path": "advisories/ZDI-17-559", "id": "ZDI-17-559", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT createStream Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-559/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4086", "zdi_id": "ZDI-17-559" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-558/advisory.json", "detail_path": "advisories/ZDI-17-558", "id": "ZDI-17-558", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-558/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4085", "zdi_id": "ZDI-17-558" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-557/advisory.json", "detail_path": "advisories/ZDI-17-557", "id": "ZDI-17-557", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-557/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4105", "zdi_id": "ZDI-17-557" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-556/advisory.json", "detail_path": "advisories/ZDI-17-556", "id": "ZDI-17-556", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-556/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4106", "zdi_id": "ZDI-17-556" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-555/advisory.json", "detail_path": "advisories/ZDI-17-555", "id": "ZDI-17-555", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Saturation Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-555/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4077", "zdi_id": "ZDI-17-555" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-554/advisory.json", "detail_path": "advisories/ZDI-17-554", "id": "ZDI-17-554", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media GetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-554/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4074", "zdi_id": "ZDI-17-554" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-553/advisory.json", "detail_path": "advisories/ZDI-17-553", "id": "ZDI-17-553", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-553/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4109", "zdi_id": "ZDI-17-553" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-552/advisory.json", "detail_path": "advisories/ZDI-17-552", "id": "ZDI-17-552", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Hue Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-552/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4071", "zdi_id": "ZDI-17-552" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-551/advisory.json", "detail_path": "advisories/ZDI-17-551", "id": "ZDI-17-551", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-551/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4098", "zdi_id": "ZDI-17-551" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-550/advisory.json", "detail_path": "advisories/ZDI-17-550", "id": "ZDI-17-550", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-550/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4108", "zdi_id": "ZDI-17-550" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-549/advisory.json", "detail_path": "advisories/ZDI-17-549", "id": "ZDI-17-549", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-549/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4068", "zdi_id": "ZDI-17-549" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-548/advisory.json", "detail_path": "advisories/ZDI-17-548", "id": "ZDI-17-548", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-548/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4107", "zdi_id": "ZDI-17-548" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-547/advisory.json", "detail_path": "advisories/ZDI-17-547", "id": "ZDI-17-547", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Brightness Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-547/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4069", "zdi_id": "ZDI-17-547" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-546/advisory.json", "detail_path": "advisories/ZDI-17-546", "id": "ZDI-17-546", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess VideoDAQ SDFileEnum Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-546/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4096", "zdi_id": "ZDI-17-546" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-545/advisory.json", "detail_path": "advisories/ZDI-17-545", "id": "ZDI-17-545", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-545/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4081", "zdi_id": "ZDI-17-545" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-544/advisory.json", "detail_path": "advisories/ZDI-17-544", "id": "ZDI-17-544", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT setGroupIp Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-544/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4090", "zdi_id": "ZDI-17-544" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-543/advisory.json", "detail_path": "advisories/ZDI-17-543", "id": "ZDI-17-543", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-543/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4089", "zdi_id": "ZDI-17-543" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-542/advisory.json", "detail_path": "advisories/ZDI-17-542", "id": "ZDI-17-542", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media ExecuteURLCommand Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-542/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4072", "zdi_id": "ZDI-17-542" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-541/advisory.json", "detail_path": "advisories/ZDI-17-541", "id": "ZDI-17-541", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-541/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4083", "zdi_id": "ZDI-17-541" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-540/advisory.json", "detail_path": "advisories/ZDI-17-540", "id": "ZDI-17-540", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess VideoDAQ SDFileDownload Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-540/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4095", "zdi_id": "ZDI-17-540" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-539/advisory.json", "detail_path": "advisories/ZDI-17-539", "id": "ZDI-17-539", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-539/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4097", "zdi_id": "ZDI-17-539" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-538/advisory.json", "detail_path": "advisories/ZDI-17-538", "id": "ZDI-17-538", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-538/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4104", "zdi_id": "ZDI-17-538" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-537/advisory.json", "detail_path": "advisories/ZDI-17-537", "id": "ZDI-17-537", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Contrast Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-537/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4070", "zdi_id": "ZDI-17-537" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-536/advisory.json", "detail_path": "advisories/ZDI-17-536", "id": "ZDI-17-536", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess bwocxrun OpenUrlToBufferTimeout Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-536/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4094", "zdi_id": "ZDI-17-536" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-535/advisory.json", "detail_path": "advisories/ZDI-17-535", "id": "ZDI-17-535", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT CreateSound Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-535/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4092", "zdi_id": "ZDI-17-535" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-534/advisory.json", "detail_path": "advisories/ZDI-17-534", "id": "ZDI-17-534", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT CreateStream Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-534/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4093", "zdi_id": "ZDI-17-534" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-533/advisory.json", "detail_path": "advisories/ZDI-17-533", "id": "ZDI-17-533", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT getSectionValue createStream Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-533/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4088", "zdi_id": "ZDI-17-533" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-532/advisory.json", "detail_path": "advisories/ZDI-17-532", "id": "ZDI-17-532", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media SetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-532/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4073", "zdi_id": "ZDI-17-532" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-531/advisory.json", "detail_path": "advisories/ZDI-17-531", "id": "ZDI-17-531", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetLangString Out-of-bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-531/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4078", "zdi_id": "ZDI-17-531" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-530/advisory.json", "detail_path": "advisories/ZDI-17-530", "id": "ZDI-17-530", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-530/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4087", "zdi_id": "ZDI-17-530" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-529/advisory.json", "detail_path": "advisories/ZDI-17-529", "id": "ZDI-17-529", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-529/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4084", "zdi_id": "ZDI-17-529" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-528/advisory.json", "detail_path": "advisories/ZDI-17-528", "id": "ZDI-17-528", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-528/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4103", "zdi_id": "ZDI-17-528" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-527/advisory.json", "detail_path": "advisories/ZDI-17-527", "id": "ZDI-17-527", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess TpMegaJVT Set_MD_Mode Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-527/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4091", "zdi_id": "ZDI-17-527" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-526/advisory.json", "detail_path": "advisories/ZDI-17-526", "id": "ZDI-17-526", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-526/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4100", "zdi_id": "ZDI-17-526" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-17-525/advisory.json", "detail_path": "advisories/ZDI-17-525", "id": "ZDI-17-525", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-525/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4101", "zdi_id": "ZDI-17-525" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-524/advisory.json", "detail_path": "advisories/ZDI-17-524", "id": "ZDI-17-524", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Advantech WebAccess ExlViewer getTemplateDetailByName template SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-524/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4211", "zdi_id": "ZDI-17-524" }, { "cve": "CVE-2017-10949", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Dell Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doGet method of the EmWebsiteSe...", "detail_json": "/data/advisories/ZDI-17-523/advisory.json", "detail_path": "advisories/ZDI-17-523", "id": "ZDI-17-523", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Dell Storage Manager EmWebsiteServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-523/", "vendor": "Dell EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4459", "zdi_id": "ZDI-17-523" }, { "cve": "CVE-2017-11393", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. Authentication is required to exploit this vulnerability. The specific flaw exists within the Web Console, which listens on TCP port 43...", "detail_json": "/data/advisories/ZDI-17-522/advisory.json", "detail_path": "advisories/ZDI-17-522", "id": "ZDI-17-522", "kind": "published", "published_date": "2017-11-29", "status": "published", "title": "Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-522/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4543", "zdi_id": "ZDI-17-522" }, { "cve": "CVE-2017-11394", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. Authentication is required to exploit this vulnerability. The specific flaw exists within the Web Console, which listens on TCP port 43...", "detail_json": "/data/advisories/ZDI-17-521/advisory.json", "detail_path": "advisories/ZDI-17-521", "id": "ZDI-17-521", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-521/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4544", "zdi_id": "ZDI-17-521" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of network TCP requests by ELCSimul...", "detail_json": "/data/advisories/ZDI-17-520/advisory.json", "detail_path": "advisories/ZDI-17-520", "id": "ZDI-17-520", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Eaton ELCSoft ELCSimulator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-520/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-4037", "zdi_id": "ZDI-17-520" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-519/advisory.json", "detail_path": "advisories/ZDI-17-519", "id": "ZDI-17-519", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "(0Day) Eaton ELCSoft Project File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-519/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-3960", "zdi_id": "ZDI-17-519" }, { "cve": "CVE-2017-9636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-518/advisory.json", "detail_path": "advisories/ZDI-17-518", "id": "ZDI-17-518", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEMatsushita Driver Configuration TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-518/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3794", "zdi_id": "ZDI-17-518" }, { "cve": "CVE-2017-9636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-517/advisory.json", "detail_path": "advisories/ZDI-17-517", "id": "ZDI-17-517", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEYaskawaSMC Driver Configuration IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-517/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3795", "zdi_id": "ZDI-17-517" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-516/advisory.json", "detail_path": "advisories/ZDI-17-516", "id": "ZDI-17-516", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BECMpi Driver Configuration ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-516/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3796", "zdi_id": "ZDI-17-516" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-515/advisory.json", "detail_path": "advisories/ZDI-17-515", "id": "ZDI-17-515", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BES7IsoTcp Driver Configuration ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-515/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3797", "zdi_id": "ZDI-17-515" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-514/advisory.json", "detail_path": "advisories/ZDI-17-514", "id": "ZDI-17-514", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEMBSlave Driver Configuration CommErrIO Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-514/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3798", "zdi_id": "ZDI-17-514" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-513/advisory.json", "detail_path": "advisories/ZDI-17-513", "id": "ZDI-17-513", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEModbus Driver Configuration ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-513/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3799", "zdi_id": "ZDI-17-513" }, { "cve": "CVE-2017-9636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-512/advisory.json", "detail_path": "advisories/ZDI-17-512", "id": "ZDI-17-512", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEGalil Driver Configuration IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-512/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3800", "zdi_id": "ZDI-17-512" }, { "cve": "CVE-2017-9636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-511/advisory.json", "detail_path": "advisories/ZDI-17-511", "id": "ZDI-17-511", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BECoDeSysARTI Driver Configuration IPAddress0 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-511/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3801", "zdi_id": "ZDI-17-511" }, { "cve": "CVE-2017-9636", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-510/advisory.json", "detail_path": "advisories/ZDI-17-510", "id": "ZDI-17-510", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEMicroLogix Driver Configuration TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-510/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3802", "zdi_id": "ZDI-17-510" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-509/advisory.json", "detail_path": "advisories/ZDI-17-509", "id": "ZDI-17-509", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-509/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3808", "zdi_id": "ZDI-17-509" }, { "cve": "CVE-2017-9638", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-508/advisory.json", "detail_path": "advisories/ZDI-17-508", "id": "ZDI-17-508", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer SetupAlarm Font Property Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-508/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3803", "zdi_id": "ZDI-17-508" }, { "cve": "CVE-2017-9634", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-507/advisory.json", "detail_path": "advisories/ZDI-17-507", "id": "ZDI-17-507", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer Symbol xSize Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-507/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3804", "zdi_id": "ZDI-17-507" }, { "cve": "CVE-2017-9634", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-506/advisory.json", "detail_path": "advisories/ZDI-17-506", "id": "ZDI-17-506", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Mitsubishi Electric E-Designer TxStaticString Col Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-506/", "vendor": "Mitsubishi Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3759", "zdi_id": "ZDI-17-506" }, { "cve": "CVE-2017-8011", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...", "detail_json": "/data/advisories/ZDI-17-505/advisory.json", "detail_path": "advisories/ZDI-17-505", "id": "ZDI-17-505", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Dell EMC VNX Monitoring and Reporting Scheduler Static Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-505/", "vendor": "Dell EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4768", "zdi_id": "ZDI-17-505" }, { "cve": "CVE-2017-11392", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-17-504/advisory.json", "detail_path": "advisories/ZDI-17-504", "id": "ZDI-17-504", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-504/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4745", "zdi_id": "ZDI-17-504" }, { "cve": "CVE-2017-11382", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within kdump_setting.php. Th...", "detail_json": "/data/advisories/ZDI-17-503/advisory.json", "detail_path": "advisories/ZDI-17-503", "id": "ZDI-17-503", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector kdump_setting Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-503/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4350", "zdi_id": "ZDI-17-503" }, { "cve": "CVE-2017-11391", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...", "detail_json": "/data/advisories/ZDI-17-502/advisory.json", "detail_path": "advisories/ZDI-17-502", "id": "ZDI-17-502", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-502/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4744", "zdi_id": "ZDI-17-502" }, { "cve": "CVE-2017-11390", "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within BasePageSessionExpire.cs. Due to...", "detail_json": "/data/advisories/ZDI-17-501/advisory.json", "detail_path": "advisories/ZDI-17-501", "id": "ZDI-17-501", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Control Manager BasePageSessionExpire External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-501/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4706", "zdi_id": "ZDI-17-501" }, { "cve": "CVE-2017-11389", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerFileHandling.dll. The issu...", "detail_json": "/data/advisories/ZDI-17-500/advisory.json", "detail_path": "advisories/ZDI-17-500", "id": "ZDI-17-500", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-500/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4684", "zdi_id": "ZDI-17-500" }, { "cve": "CVE-2017-11388", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Investigate endpoint in RestfulServi...", "detail_json": "/data/advisories/ZDI-17-499/advisory.json", "detail_path": "advisories/ZDI-17-499", "id": "ZDI-17-499", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-499/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4638", "zdi_id": "ZDI-17-499" }, { "cve": "CVE-2017-11388", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SupportTree endpoint in RestfulServi...", "detail_json": "/data/advisories/ZDI-17-498/advisory.json", "detail_path": "advisories/ZDI-17-498", "id": "ZDI-17-498", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-498/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4639", "zdi_id": "ZDI-17-498" }, { "cve": "CVE-2017-11387", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of debug sett...", "detail_json": "/data/advisories/ZDI-17-497/advisory.json", "detail_path": "advisories/ZDI-17-497", "id": "ZDI-17-497", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-497/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4512", "zdi_id": "ZDI-17-497" }, { "cve": "CVE-2017-11386", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerNewReportScheduler.dll when...", "detail_json": "/data/advisories/ZDI-17-496/advisory.json", "detail_path": "advisories/ZDI-17-496", "id": "ZDI-17-496", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Trend Micro Control Manager cmdHandlerNewReportScheduler SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-496/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4549", "zdi_id": "ZDI-17-496" }, { "cve": "CVE-2017-11385", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerStatusMonitor.dll when exec...", "detail_json": "/data/advisories/ZDI-17-495/advisory.json", "detail_path": "advisories/ZDI-17-495", "id": "ZDI-17-495", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-495/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4545", "zdi_id": "ZDI-17-495" }, { "cve": "CVE-2017-11384", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerLicenseManager.dll when exe...", "detail_json": "/data/advisories/ZDI-17-494/advisory.json", "detail_path": "advisories/ZDI-17-494", "id": "ZDI-17-494", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-494/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4561", "zdi_id": "ZDI-17-494" }, { "cve": "CVE-2017-11383", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerTVCSCommander.dll when exec...", "detail_json": "/data/advisories/ZDI-17-493/advisory.json", "detail_path": "advisories/ZDI-17-493", "id": "ZDI-17-493", "kind": "published", "published_date": "2017-08-02", "status": "published", "title": "Trend Micro Control Manager cmdHandlerTVCSCommander SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-493/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4560", "zdi_id": "ZDI-17-493" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within nfcapd's Process_ipfix_te...", "detail_json": "/data/advisories/ZDI-17-492/advisory.json", "detail_path": "advisories/ZDI-17-492", "id": "ZDI-17-492", "kind": "published", "published_date": "2017-07-20", "status": "published", "title": "AlienVault Unified Security Management nfcapd Process_ipfix_template_withdraw Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": "2018-02-09", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-492/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-4416", "zdi_id": "ZDI-17-492" }, { "cve": "CVE-2017-4997", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of EMC VMAX3 VASA Provider. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadConfigurator servlet, which li...", "detail_json": "/data/advisories/ZDI-17-491/advisory.json", "detail_path": "advisories/ZDI-17-491", "id": "ZDI-17-491", "kind": "published", "published_date": "2017-07-19", "status": "published", "title": "EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-491/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-4641", "zdi_id": "ZDI-17-491" }, { "cve": "CVE-2017-7053", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-17-490/advisory.json", "detail_path": "advisories/ZDI-17-490", "id": "ZDI-17-490", "kind": "published", "published_date": "2017-07-19", "status": "published", "title": "Apple iTunes iPodService Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-490/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4798", "zdi_id": "ZDI-17-490" }, { "cve": "CVE-2017-7052", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-489/advisory.json", "detail_path": "advisories/ZDI-17-489", "id": "ZDI-17-489", "kind": "published", "published_date": "2017-07-19", "status": "published", "title": "Apple Safari Frame Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-489/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4707", "zdi_id": "ZDI-17-489" }, { "cve": "CVE-2017-0285", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-488/advisory.json", "detail_path": "advisories/ZDI-17-488", "id": "ZDI-17-488", "kind": "published", "published_date": "2017-07-14", "status": "published", "title": "Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-488/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4713", "zdi_id": "ZDI-17-488" }, { "cve": "CVE-2017-8465", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-487/advisory.json", "detail_path": "advisories/ZDI-17-487", "id": "ZDI-17-487", "kind": "published", "published_date": "2017-07-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-487/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4612", "zdi_id": "ZDI-17-487" }, { "cve": "CVE-2017-3080", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Adobe Flash Player and disclose file contents. User interaction is required to exploit this vulnerability in that the target must visit a m...", "detail_json": "/data/advisories/ZDI-17-486/advisory.json", "detail_path": "advisories/ZDI-17-486", "id": "ZDI-17-486", "kind": "published", "published_date": "2017-07-12", "status": "published", "title": "Adobe Flash BrokerCreateFile Broker Method Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-486/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4640", "zdi_id": "ZDI-17-486" }, { "cve": "CVE-2017-9639", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-485/advisory.json", "detail_path": "advisories/ZDI-17-485", "id": "ZDI-17-485", "kind": "published", "published_date": "2017-07-12", "status": "published", "title": "Fuji Electric V-Server VPR File Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-485/", "vendor": "Fuji Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-4030", "zdi_id": "ZDI-17-485" }, { "cve": "CVE-2017-8956", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-484/advisory.json", "detail_path": "advisories/ZDI-17-484", "id": "ZDI-17-484", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-484/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4368", "zdi_id": "ZDI-17-484" }, { "cve": "CVE-2017-8954", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman s...", "detail_json": "/data/advisories/ZDI-17-483/advisory.json", "detail_path": "advisories/ZDI-17-483", "id": "ZDI-17-483", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10005 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-483/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4426", "zdi_id": "ZDI-17-483" }, { "cve": "CVE-2017-8955", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman s...", "detail_json": "/data/advisories/ZDI-17-482/advisory.json", "detail_path": "advisories/ZDI-17-482", "id": "ZDI-17-482", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10006 Arbitrary File Deletion Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-482/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4425", "zdi_id": "ZDI-17-482" }, { "cve": "CVE-2017-8957", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman s...", "detail_json": "/data/advisories/ZDI-17-481/advisory.json", "detail_path": "advisories/ZDI-17-481", "id": "ZDI-17-481", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10005 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-481/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4380", "zdi_id": "ZDI-17-481" }, { "cve": "CVE-2017-8601", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-480/advisory.json", "detail_path": "advisories/ZDI-17-480", "id": "ZDI-17-480", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-480/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4894", "zdi_id": "ZDI-17-480" }, { "cve": "CVE-2017-8601", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-479/advisory.json", "detail_path": "advisories/ZDI-17-479", "id": "ZDI-17-479", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-479/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4889", "zdi_id": "ZDI-17-479" }, { "cve": "CVE-2017-8601", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-478/advisory.json", "detail_path": "advisories/ZDI-17-478", "id": "ZDI-17-478", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-478/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4886", "zdi_id": "ZDI-17-478" }, { "cve": "CVE-2017-3100", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-477/advisory.json", "detail_path": "advisories/ZDI-17-477", "id": "ZDI-17-477", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-477/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4895", "zdi_id": "ZDI-17-477" }, { "cve": "CVE-2017-8590", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-476/advisory.json", "detail_path": "advisories/ZDI-17-476", "id": "ZDI-17-476", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-476/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4577", "zdi_id": "ZDI-17-476" }, { "cve": "CVE-2017-8598", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-475/advisory.json", "detail_path": "advisories/ZDI-17-475", "id": "ZDI-17-475", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Microsoft Windows JavaScript super Keyword Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-475/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4775", "zdi_id": "ZDI-17-475" }, { "cve": "CVE-2017-8580", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-474/advisory.json", "detail_path": "advisories/ZDI-17-474", "id": "ZDI-17-474", "kind": "published", "published_date": "2017-07-31", "status": "published", "title": "(Pwn2Own) Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-474/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4633", "zdi_id": "ZDI-17-474" }, { "cve": "CVE-2017-8578", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-473/advisory.json", "detail_path": "advisories/ZDI-17-473", "id": "ZDI-17-473", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-473/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4624", "zdi_id": "ZDI-17-473" }, { "cve": "CVE-2017-8577", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-472/advisory.json", "detail_path": "advisories/ZDI-17-472", "id": "ZDI-17-472", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows GDI Region Object Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-472/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4621", "zdi_id": "ZDI-17-472" }, { "cve": "CVE-2017-8486", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-471/advisory.json", "detail_path": "advisories/ZDI-17-471", "id": "ZDI-17-471", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kfull CopyOutputString Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-471/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4576", "zdi_id": "ZDI-17-471" }, { "cve": "CVE-2017-8467", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-470/advisory.json", "detail_path": "advisories/ZDI-17-470", "id": "ZDI-17-470", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows fnHKINLPRECT Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-470/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4626", "zdi_id": "ZDI-17-470" }, { "cve": "CVE-2017-8579", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-469/advisory.json", "detail_path": "advisories/ZDI-17-469", "id": "ZDI-17-469", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows D3DKMTCreateAllocation Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-469/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4630", "zdi_id": "ZDI-17-469" }, { "cve": "CVE-2017-0291", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-468/advisory.json", "detail_path": "advisories/ZDI-17-468", "id": "ZDI-17-468", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-468/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4485", "zdi_id": "ZDI-17-468" }, { "cve": "CVE-2017-0291", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-17-467/advisory.json", "detail_path": "advisories/ZDI-17-467", "id": "ZDI-17-467", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-467/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4482", "zdi_id": "ZDI-17-467" }, { "cve": "CVE-2017-0291", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-466/advisory.json", "detail_path": "advisories/ZDI-17-466", "id": "ZDI-17-466", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-466/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4481", "zdi_id": "ZDI-17-466" }, { "cve": "CVE-2017-6023", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PLC Ethernet Module Configuration Tool. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...", "detail_json": "/data/advisories/ZDI-17-465/advisory.json", "detail_path": "advisories/ZDI-17-465", "id": "ZDI-17-465", "kind": "published", "published_date": "2017-07-11", "status": "published", "title": "Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-465/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3706", "zdi_id": "ZDI-17-465" }, { "cve": "CVE-2017-0236", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-464/advisory.json", "detail_path": "advisories/ZDI-17-464", "id": "ZDI-17-464", "kind": "published", "published_date": "2017-07-10", "status": "published", "title": "(Pwn2Own) Microsoft Chakra ArrayBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-464/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4611", "zdi_id": "ZDI-17-464" }, { "cve": "CVE-2017-8575", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-463/advisory.json", "detail_path": "advisories/ZDI-17-463", "id": "ZDI-17-463", "kind": "published", "published_date": "2017-07-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows basicrender WarpKMEscape Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-463/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4603", "zdi_id": "ZDI-17-463" }, { "cve": "CVE-2017-5053", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-462/advisory.json", "detail_path": "advisories/ZDI-17-462", "id": "ZDI-17-462", "kind": "published", "published_date": "2017-07-10", "status": "published", "title": "(Pwn2Own) Google Chrome Array indexOf Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-462/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-4587", "zdi_id": "ZDI-17-462" }, { "cve": "CVE-2017-10948", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-461/advisory.json", "detail_path": "advisories/ZDI-17-461", "id": "ZDI-17-461", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader execMenuItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-461/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4723", "zdi_id": "ZDI-17-461" }, { "cve": "CVE-2017-10947", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-460/advisory.json", "detail_path": "advisories/ZDI-17-460", "id": "ZDI-17-460", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader print Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-460/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4722", "zdi_id": "ZDI-17-460" }, { "cve": "CVE-2017-10946", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-459/advisory.json", "detail_path": "advisories/ZDI-17-459", "id": "ZDI-17-459", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader setItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-459/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4721", "zdi_id": "ZDI-17-459" }, { "cve": "CVE-2017-10945", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-458/advisory.json", "detail_path": "advisories/ZDI-17-458", "id": "ZDI-17-458", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader App alert Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-458/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4855", "zdi_id": "ZDI-17-458" }, { "cve": "CVE-2017-10944", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-457/advisory.json", "detail_path": "advisories/ZDI-17-457", "id": "ZDI-17-457", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader ObjStm Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-457/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4846", "zdi_id": "ZDI-17-457" }, { "cve": "CVE-2017-10943", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-456/advisory.json", "detail_path": "advisories/ZDI-17-456", "id": "ZDI-17-456", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-456/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4738", "zdi_id": "ZDI-17-456" }, { "cve": "CVE-2017-10942", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-455/advisory.json", "detail_path": "advisories/ZDI-17-455", "id": "ZDI-17-455", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-455/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4737", "zdi_id": "ZDI-17-455" }, { "cve": "CVE-2017-10941", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-454/advisory.json", "detail_path": "advisories/ZDI-17-454", "id": "ZDI-17-454", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Foxit Reader AFParseDateEx Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-454/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4816", "zdi_id": "ZDI-17-454" }, { "cve": "CVE-2017-10940", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-453/advisory.json", "detail_path": "advisories/ZDI-17-453", "id": "ZDI-17-453", "kind": "published", "published_date": "2017-07-07", "status": "published", "title": "Joyent Smart Data Center Docker API Zone Escape Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-453/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3853", "zdi_id": "ZDI-17-453" }, { "cve": "CVE-2017-12705", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-17-452/advisory.json", "detail_path": "advisories/ZDI-17-452", "id": "ZDI-17-452", "kind": "published", "published_date": "2017-08-15", "status": "published", "title": "(0Day) Advantech WebOP Designer Project File Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-452/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3703", "zdi_id": "ZDI-17-452" }, { "cve": "CVE-2017-8553", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-451/advisory.json", "detail_path": "advisories/ZDI-17-451", "id": "ZDI-17-451", "kind": "published", "published_date": "2017-06-27", "status": "published", "title": "(Pwn2Own) Microsoft Windows XPS Document Writer Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-451/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4602", "zdi_id": "ZDI-17-451" }, { "cve": "CVE-2017-8576", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-450/advisory.json", "detail_path": "advisories/ZDI-17-450", "id": "ZDI-17-450", "kind": "published", "published_date": "2017-06-27", "status": "published", "title": "(Pwn2Own) Microsoft Windows WarpKMSubmitCommandVirtual Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-450/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4604", "zdi_id": "ZDI-17-450" }, { "cve": "CVE-2017-6636", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service that listens on TCP port...", "detail_json": "/data/advisories/ZDI-17-449/advisory.json", "detail_path": "advisories/ZDI-17-449", "id": "ZDI-17-449", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-449/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4344", "zdi_id": "ZDI-17-449" }, { "cve": "CVE-2017-6637", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logconfigtracer.jsp p...", "detail_json": "/data/advisories/ZDI-17-448/advisory.json", "detail_path": "advisories/ZDI-17-448", "id": "ZDI-17-448", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-448/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4469", "zdi_id": "ZDI-17-448" }, { "cve": "CVE-2017-6621", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logconfigtrac...", "detail_json": "/data/advisories/ZDI-17-447/advisory.json", "detail_path": "advisories/ZDI-17-447", "id": "ZDI-17-447", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-447/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4468", "zdi_id": "ZDI-17-447" }, { "cve": "CVE-2017-6635", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the licensestatus.jsp pag...", "detail_json": "/data/advisories/ZDI-17-446/advisory.json", "detail_path": "advisories/ZDI-17-446", "id": "ZDI-17-446", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-446/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4467", "zdi_id": "ZDI-17-446" }, { "cve": "CVE-2017-6622", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptMgr servlet, wh...", "detail_json": "/data/advisories/ZDI-17-445/advisory.json", "detail_path": "advisories/ZDI-17-445", "id": "ZDI-17-445", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-445/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4343", "zdi_id": "ZDI-17-445" }, { "cve": "CVE-2017-6669", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-17-444/advisory.json", "detail_path": "advisories/ZDI-17-444", "id": "ZDI-17-444", "kind": "published", "published_date": "2017-06-23", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-444/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4279", "zdi_id": "ZDI-17-444" }, { "cve": "CVE-2017-6669", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-17-443/advisory.json", "detail_path": "advisories/ZDI-17-443", "id": "ZDI-17-443", "kind": "published", "published_date": "2017-06-23", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-443/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4278", "zdi_id": "ZDI-17-443" }, { "cve": "CVE-2017-6669", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-17-442/advisory.json", "detail_path": "advisories/ZDI-17-442", "id": "ZDI-17-442", "kind": "published", "published_date": "2017-06-23", "status": "published", "title": "Cisco WebEx Network Recording Player ARF File CImageList Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-442/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-4277", "zdi_id": "ZDI-17-442" }, { "cve": "CVE-2017-2454", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-441/advisory.json", "detail_path": "advisories/ZDI-17-441", "id": "ZDI-17-441", "kind": "published", "published_date": "2017-06-22", "status": "published", "title": "Apple Safari Node Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-441/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4537", "zdi_id": "ZDI-17-441" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lepide LepideAuditor Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within genratereports.php. The issue lies in...", "detail_json": "/data/advisories/ZDI-17-440/advisory.json", "detail_path": "advisories/ZDI-17-440", "id": "ZDI-17-440", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) Lepide LepideAuditor Suite Malicious Server Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-440/", "vendor": "Lepide", "vendor_url": null, "zdi_can": "ZDI-CAN-3833", "zdi_id": "ZDI-17-440" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-439/advisory.json", "detail_path": "advisories/ZDI-17-439", "id": "ZDI-17-439", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddTabShapeEmptyPage Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-439/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3975", "zdi_id": "ZDI-17-439" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-438/advisory.json", "detail_path": "advisories/ZDI-17-438", "id": "ZDI-17-438", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddStringUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-438/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3974", "zdi_id": "ZDI-17-438" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-437/advisory.json", "detail_path": "advisories/ZDI-17-437", "id": "ZDI-17-437", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddIntUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-437/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3973", "zdi_id": "ZDI-17-437" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-436/advisory.json", "detail_path": "advisories/ZDI-17-436", "id": "ZDI-17-436", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddFloatUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-436/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3972", "zdi_id": "ZDI-17-436" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-435/advisory.json", "detail_path": "advisories/ZDI-17-435", "id": "ZDI-17-435", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite TKGIS RemoveShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-435/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3971", "zdi_id": "ZDI-17-435" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-434/advisory.json", "detail_path": "advisories/ZDI-17-434", "id": "ZDI-17-434", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite TKGIS FindPortFromIndex Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-434/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3970", "zdi_id": "ZDI-17-434" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-433/advisory.json", "detail_path": "advisories/ZDI-17-433", "id": "ZDI-17-433", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddDoubleUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-433/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3890", "zdi_id": "ZDI-17-433" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-432/advisory.json", "detail_path": "advisories/ZDI-17-432", "id": "ZDI-17-432", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddDateUserProperty AddDefaultPort Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-432/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3889", "zdi_id": "ZDI-17-432" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-431/advisory.json", "detail_path": "advisories/ZDI-17-431", "id": "ZDI-17-431", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddColorUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-431/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3888", "zdi_id": "ZDI-17-431" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-430/advisory.json", "detail_path": "advisories/ZDI-17-430", "id": "ZDI-17-430", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddBoolUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-430/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3887", "zdi_id": "ZDI-17-430" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-429/advisory.json", "detail_path": "advisories/ZDI-17-429", "id": "ZDI-17-429", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddShapePoint Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-429/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3886", "zdi_id": "ZDI-17-429" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-428/advisory.json", "detail_path": "advisories/ZDI-17-428", "id": "ZDI-17-428", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite TKGIS CloneShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-428/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3897", "zdi_id": "ZDI-17-428" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-427/advisory.json", "detail_path": "advisories/ZDI-17-427", "id": "ZDI-17-427", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCSIMPLE PositionShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-427/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3896", "zdi_id": "ZDI-17-427" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-426/advisory.json", "detail_path": "advisories/ZDI-17-426", "id": "ZDI-17-426", "kind": "published", "published_date": "2017-08-30", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCHMI UpdateShapeGeo Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-426/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3885", "zdi_id": "ZDI-17-426" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-425/advisory.json", "detail_path": "advisories/ZDI-17-425", "id": "ZDI-17-425", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCUML SetShapeWithLabelShow Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-425/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3884", "zdi_id": "ZDI-17-425" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-424/advisory.json", "detail_path": "advisories/ZDI-17-424", "id": "ZDI-17-424", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDIAGRAM InsertShapePoint Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-424/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3895", "zdi_id": "ZDI-17-424" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-423/advisory.json", "detail_path": "advisories/ZDI-17-423", "id": "ZDI-17-423", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCPRINT FlashShape Untrusted Pointer Dreference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-423/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3893", "zdi_id": "ZDI-17-423" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-422/advisory.json", "detail_path": "advisories/ZDI-17-422", "id": "ZDI-17-422", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite TKDRAWCAD RotateShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-422/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3907", "zdi_id": "ZDI-17-422" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-421/advisory.json", "detail_path": "advisories/ZDI-17-421", "id": "ZDI-17-421", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW MoveShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-421/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3906", "zdi_id": "ZDI-17-421" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-420/advisory.json", "detail_path": "advisories/ZDI-17-420", "id": "ZDI-17-420", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER RotateFromCenter Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-420/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3905", "zdi_id": "ZDI-17-420" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-419/advisory.json", "detail_path": "advisories/ZDI-17-419", "id": "ZDI-17-419", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER MoveCenterTo Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-419/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3894", "zdi_id": "ZDI-17-419" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-418/advisory.json", "detail_path": "advisories/ZDI-17-418", "id": "ZDI-17-418", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER ScaleFromCenter Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-418/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3904", "zdi_id": "ZDI-17-418" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-417/advisory.json", "detail_path": "advisories/ZDI-17-417", "id": "ZDI-17-417", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER SelectShape Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-417/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3892", "zdi_id": "ZDI-17-417" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-416/advisory.json", "detail_path": "advisories/ZDI-17-416", "id": "ZDI-17-416", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER AddShapeWithoutUndo Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-416/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3883", "zdi_id": "ZDI-17-416" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-415/advisory.json", "detail_path": "advisories/ZDI-17-415", "id": "ZDI-17-415", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER UpdateControl Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-415/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3882", "zdi_id": "ZDI-17-415" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-414/advisory.json", "detail_path": "advisories/ZDI-17-414", "id": "ZDI-17-414", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER StartRichTextEdit Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-414/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3881", "zdi_id": "ZDI-17-414" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-17-413/advisory.json", "detail_path": "advisories/ZDI-17-413", "id": "ZDI-17-413", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER Multiple Methods Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-413/", "vendor": "UCanCode", "vendor_url": null, "zdi_can": "ZDI-CAN-3880", "zdi_id": "ZDI-17-413" }, { "cve": "CVE-2017-2530", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-412/advisory.json", "detail_path": "advisories/ZDI-17-412", "id": "ZDI-17-412", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Apple Safari Element Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-412/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4709", "zdi_id": "ZDI-17-412" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-411/advisory.json", "detail_path": "advisories/ZDI-17-411", "id": "ZDI-17-411", "kind": "published", "published_date": "2017-06-15", "status": "published", "title": "Foxit Reader JPXDecode stream Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-411/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4376", "zdi_id": "ZDI-17-411" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Novell ZENworks Reporting Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FCExporter servlet. The...", "detail_json": "/data/advisories/ZDI-17-410/advisory.json", "detail_path": "advisories/ZDI-17-410", "id": "ZDI-17-410", "kind": "published", "published_date": "2017-06-14", "status": "published", "title": "Novell ZENworks Reporting Appliance Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-410/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-3879", "zdi_id": "ZDI-17-410" }, { "cve": "CVE-2017-0285", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-409/advisory.json", "detail_path": "advisories/ZDI-17-409", "id": "ZDI-17-409", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4701", "zdi_id": "ZDI-17-409" }, { "cve": "CVE-2017-3082", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-408/advisory.json", "detail_path": "advisories/ZDI-17-408", "id": "ZDI-17-408", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Adobe Flash LocaleID determinePreferredLocales Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-408/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4705", "zdi_id": "ZDI-17-408" }, { "cve": "CVE-2017-3084", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-407/advisory.json", "detail_path": "advisories/ZDI-17-407", "id": "ZDI-17-407", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Adobe Flash AuditudeSettings clone Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-407/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4704", "zdi_id": "ZDI-17-407" }, { "cve": "CVE-2017-3083", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-406/advisory.json", "detail_path": "advisories/ZDI-17-406", "id": "ZDI-17-406", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Adobe Flash Profile Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-406/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4703", "zdi_id": "ZDI-17-406" }, { "cve": "CVE-2017-8532", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-405/advisory.json", "detail_path": "advisories/ZDI-17-405", "id": "ZDI-17-405", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-405/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4700", "zdi_id": "ZDI-17-405" }, { "cve": "CVE-2017-8466", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-404/advisory.json", "detail_path": "advisories/ZDI-17-404", "id": "ZDI-17-404", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-404/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4619", "zdi_id": "ZDI-17-404" }, { "cve": "CVE-2017-8468", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-403/advisory.json", "detail_path": "advisories/ZDI-17-403", "id": "ZDI-17-403", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-403/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4590", "zdi_id": "ZDI-17-403" }, { "cve": "CVE-2017-8465", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-402/advisory.json", "detail_path": "advisories/ZDI-17-402", "id": "ZDI-17-402", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-402/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4608", "zdi_id": "ZDI-17-402" }, { "cve": "CVE-2017-8547", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-17-401/advisory.json", "detail_path": "advisories/ZDI-17-401", "id": "ZDI-17-401", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Microsoft Internet Explorer InsertRow Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-401/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4573", "zdi_id": "ZDI-17-401" }, { "cve": "CVE-2017-0296", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-400/advisory.json", "detail_path": "advisories/ZDI-17-400", "id": "ZDI-17-400", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "(Pwn2Own) Microsoft Windows TdxCreateTransportAddress Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-400/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4622", "zdi_id": "ZDI-17-400" }, { "cve": "CVE-2017-3075", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-399/advisory.json", "detail_path": "advisories/ZDI-17-399", "id": "ZDI-17-399", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Adobe Flash XML load Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-399/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4564", "zdi_id": "ZDI-17-399" }, { "cve": "CVE-2017-8460", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-17-398/advisory.json", "detail_path": "advisories/ZDI-17-398", "id": "ZDI-17-398", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-398/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4483", "zdi_id": "ZDI-17-398" }, { "cve": "CVE-2017-0292", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-397/advisory.json", "detail_path": "advisories/ZDI-17-397", "id": "ZDI-17-397", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-397/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4480", "zdi_id": "ZDI-17-397" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privilege on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-17-396/advisory.json", "detail_path": "advisories/ZDI-17-396", "id": "ZDI-17-396", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Trend Micro Maximum Security tmusa Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-396/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4065", "zdi_id": "ZDI-17-396" }, { "cve": null, "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to deny service on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-395/advisory.json", "detail_path": "advisories/ZDI-17-395", "id": "ZDI-17-395", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Trend Micro Maximum Security tmusa Kernel Driver Untrusted Pointer Dereference Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-395/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4191", "zdi_id": "ZDI-17-395" }, { "cve": "CVE-2016-8211", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ImageServlet servlet whi...", "detail_json": "/data/advisories/ZDI-17-394/advisory.json", "detail_path": "advisories/ZDI-17-394", "id": "ZDI-17-394", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "EMC Data Protection Advisor ImageServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-394/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-3844", "zdi_id": "ZDI-17-394" }, { "cve": "CVE-2017-8947", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within UploadFileOnUIServerSe...", "detail_json": "/data/advisories/ZDI-17-393/advisory.json", "detail_path": "advisories/ZDI-17-393", "id": "ZDI-17-393", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "Hewlett Packard Enterprise Universal CMDB UploadFileOnUIServerServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-393/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4342", "zdi_id": "ZDI-17-393" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the system configuratio...", "detail_json": "/data/advisories/ZDI-17-392/advisory.json", "detail_path": "advisories/ZDI-17-392", "id": "ZDI-17-392", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-392/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3648", "zdi_id": "ZDI-17-392" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of session manag...", "detail_json": "/data/advisories/ZDI-17-391/advisory.json", "detail_path": "advisories/ZDI-17-391", "id": "ZDI-17-391", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-391/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3582", "zdi_id": "ZDI-17-391" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within css.inc.php. The 'css' parameter con...", "detail_json": "/data/advisories/ZDI-17-390/advisory.json", "detail_path": "advisories/ZDI-17-390", "id": "ZDI-17-390", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder css.inc Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-390/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3583", "zdi_id": "ZDI-17-390" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within runscript.php applet. Th...", "detail_json": "/data/advisories/ZDI-17-389/advisory.json", "detail_path": "advisories/ZDI-17-389", "id": "ZDI-17-389", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder runscript Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-389/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3584", "zdi_id": "ZDI-17-389" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.Motion Builder. User authentication is required to exploit this vulnerability. The specific flaw exists within file_picker.php. The upload...", "detail_json": "/data/advisories/ZDI-17-388/advisory.json", "detail_path": "advisories/ZDI-17-388", "id": "ZDI-17-388", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder file_picker Directory Traversal Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-388/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3580", "zdi_id": "ZDI-17-388" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL commands on vulnerable installations of Schneider Electric U.Motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of SOAP r...", "detail_json": "/data/advisories/ZDI-17-387/advisory.json", "detail_path": "advisories/ZDI-17-387", "id": "ZDI-17-387", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder SOAP Request Remote SQL Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-387/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3579", "zdi_id": "ZDI-17-387" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to acquire path information about vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within externalframe.php. Exce...", "detail_json": "/data/advisories/ZDI-17-386/advisory.json", "detail_path": "advisories/ZDI-17-386", "id": "ZDI-17-386", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder Error Message Path Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-386/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3669", "zdi_id": "ZDI-17-386" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to acquire system information about vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within error.php. System inf...", "detail_json": "/data/advisories/ZDI-17-385/advisory.json", "detail_path": "advisories/ZDI-17-385", "id": "ZDI-17-385", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder error Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-385/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3670", "zdi_id": "ZDI-17-385" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the editobject...", "detail_json": "/data/advisories/ZDI-17-384/advisory.json", "detail_path": "advisories/ZDI-17-384", "id": "ZDI-17-384", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder editobject SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-384/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3631", "zdi_id": "ZDI-17-384" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of xmlserver.php,...", "detail_json": "/data/advisories/ZDI-17-383/advisory.json", "detail_path": "advisories/ZDI-17-383", "id": "ZDI-17-383", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder xmlserver SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-383/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3644", "zdi_id": "ZDI-17-383" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of track_getdata....", "detail_json": "/data/advisories/ZDI-17-382/advisory.json", "detail_path": "advisories/ZDI-17-382", "id": "ZDI-17-382", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder track_getdata SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-382/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3630", "zdi_id": "ZDI-17-382" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of nfcserver.php,...", "detail_json": "/data/advisories/ZDI-17-381/advisory.json", "detail_path": "advisories/ZDI-17-381", "id": "ZDI-17-381", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder nfcserver SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-381/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3652", "zdi_id": "ZDI-17-381" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of localize.php,...", "detail_json": "/data/advisories/ZDI-17-380/advisory.json", "detail_path": "advisories/ZDI-17-380", "id": "ZDI-17-380", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder localize SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-380/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3653", "zdi_id": "ZDI-17-380" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of syslog_getdata...", "detail_json": "/data/advisories/ZDI-17-379/advisory.json", "detail_path": "advisories/ZDI-17-379", "id": "ZDI-17-379", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder syslog_getdata SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-379/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3628", "zdi_id": "ZDI-17-379" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of track_import_e...", "detail_json": "/data/advisories/ZDI-17-378/advisory.json", "detail_path": "advisories/ZDI-17-378", "id": "ZDI-17-378", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder track_import_export SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-378/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3629", "zdi_id": "ZDI-17-378" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of applets which...", "detail_json": "/data/advisories/ZDI-17-377/advisory.json", "detail_path": "advisories/ZDI-17-377", "id": "ZDI-17-377", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder HTTP Cookie SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-377/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3649", "zdi_id": "ZDI-17-377" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is required to exploit this vulnerability. The specific flaw exists within processing of editscript.php. A...", "detail_json": "/data/advisories/ZDI-17-376/advisory.json", "detail_path": "advisories/ZDI-17-376", "id": "ZDI-17-376", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder editscript Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-376/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3647", "zdi_id": "ZDI-17-376" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of message_simple_html.php,...", "detail_json": "/data/advisories/ZDI-17-375/advisory.json", "detail_path": "advisories/ZDI-17-375", "id": "ZDI-17-375", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder message_simple_html reboot Parameter Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-375/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3646", "zdi_id": "ZDI-17-375" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of loadtemplate.p...", "detail_json": "/data/advisories/ZDI-17-374/advisory.json", "detail_path": "advisories/ZDI-17-374", "id": "ZDI-17-374", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder loadtemplate SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-374/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3632", "zdi_id": "ZDI-17-374" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to extract arbitrary files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of sendmail.php....", "detail_json": "/data/advisories/ZDI-17-373/advisory.json", "detail_path": "advisories/ZDI-17-373", "id": "ZDI-17-373", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder sendmail email_attachment Parameter Absolute Path Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-373/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3645", "zdi_id": "ZDI-17-373" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. The specific flaw exists within the configuration of the product. The web service comes with a hidden system account with...", "detail_json": "/data/advisories/ZDI-17-372/advisory.json", "detail_path": "advisories/ZDI-17-372", "id": "ZDI-17-372", "kind": "published", "published_date": "2017-06-12", "status": "published", "title": "(0Day) Schneider Electric U.motion Builder Hard-Coded Password Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-372/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3643", "zdi_id": "ZDI-17-372" }, { "cve": "CVE-2017-0266", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-371/advisory.json", "detail_path": "advisories/ZDI-17-371", "id": "ZDI-17-371", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "Microsoft Windows JavaScript Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-371/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4772", "zdi_id": "ZDI-17-371" }, { "cve": null, "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to trigger a denial-of-service condition on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-17-370/advisory.json", "detail_path": "advisories/ZDI-17-370", "id": "ZDI-17-370", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "(Pwn2Own) Apple macOS nsurlstoraged Null Pointer Dereference Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-370/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4583", "zdi_id": "ZDI-17-370" }, { "cve": "CVE-2017-7002", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-369/advisory.json", "detail_path": "advisories/ZDI-17-369", "id": "ZDI-17-369", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "(Pwn2Own) Apple Safari WebSQL matchinfo Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-369/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4596", "zdi_id": "ZDI-17-369" }, { "cve": "CVE-2017-7001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-368/advisory.json", "detail_path": "advisories/ZDI-17-368", "id": "ZDI-17-368", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "(Pwn2Own) Apple Safari WebSQL offsets Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-368/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4595", "zdi_id": "ZDI-17-368" }, { "cve": "CVE-2017-7000", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-367/advisory.json", "detail_path": "advisories/ZDI-17-367", "id": "ZDI-17-367", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "(Pwn2Own) Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-367/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4594", "zdi_id": "ZDI-17-367" }, { "cve": "CVE-2017-6983", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-366/advisory.json", "detail_path": "advisories/ZDI-17-366", "id": "ZDI-17-366", "kind": "published", "published_date": "2017-05-30", "status": "published", "title": "(Pwn2Own) Apple Safari WebSQL optimize Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-366/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4591", "zdi_id": "ZDI-17-366" }, { "cve": "CVE-2017-8944", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Cloud Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadS...", "detail_json": "/data/advisories/ZDI-17-365/advisory.json", "detail_path": "advisories/ZDI-17-365", "id": "ZDI-17-365", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "Hewlett Packard Enterprise Cloud Optimizer DownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-365/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4221", "zdi_id": "ZDI-17-365" }, { "cve": "CVE-2017-2543", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-364/advisory.json", "detail_path": "advisories/ZDI-17-364", "id": "ZDI-17-364", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS AppleMultitouchDevice Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-364/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4610", "zdi_id": "ZDI-17-364" }, { "cve": "CVE-2017-2542", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-17-363/advisory.json", "detail_path": "advisories/ZDI-17-363", "id": "ZDI-17-363", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS AppleMultitouchDevice Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-363/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4609", "zdi_id": "ZDI-17-363" }, { "cve": "CVE-2017-2538", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-362/advisory.json", "detail_path": "advisories/ZDI-17-362", "id": "ZDI-17-362", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple Safari ProcessingInstruction Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-362/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4598", "zdi_id": "ZDI-17-362" }, { "cve": "CVE-2017-2539", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-361/advisory.json", "detail_path": "advisories/ZDI-17-361", "id": "ZDI-17-361", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple Safari WebGLRenderingContextBase drawElements Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-361/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4597", "zdi_id": "ZDI-17-361" }, { "cve": "CVE-2017-6991", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-360/advisory.json", "detail_path": "advisories/ZDI-17-360", "id": "ZDI-17-360", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple Safari WebSQL Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-360/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4593", "zdi_id": "ZDI-17-360" }, { "cve": "CVE-2017-2546", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-359/advisory.json", "detail_path": "advisories/ZDI-17-359", "id": "ZDI-17-359", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS smbfs Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-359/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4617", "zdi_id": "ZDI-17-359" }, { "cve": "CVE-2017-2536", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-358/advisory.json", "detail_path": "advisories/ZDI-17-358", "id": "ZDI-17-358", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple Safari Spread Operator Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-358/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4582", "zdi_id": "ZDI-17-358" }, { "cve": "CVE-2017-2533", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-357/advisory.json", "detail_path": "advisories/ZDI-17-357", "id": "ZDI-17-357", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS diskarbitrationd Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-357/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4580", "zdi_id": "ZDI-17-357" }, { "cve": "CVE-2017-2535", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-356/advisory.json", "detail_path": "advisories/ZDI-17-356", "id": "ZDI-17-356", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS authd Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-356/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4579", "zdi_id": "ZDI-17-356" }, { "cve": "CVE-2017-2548", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-355/advisory.json", "detail_path": "advisories/ZDI-17-355", "id": "ZDI-17-355", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS WindowServer XSetWindowListBrightness Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-355/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4624", "zdi_id": "ZDI-17-355" }, { "cve": "CVE-2017-2547", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-354/advisory.json", "detail_path": "advisories/ZDI-17-354", "id": "ZDI-17-354", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple Safari B3 Optimization Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-354/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4623", "zdi_id": "ZDI-17-354" }, { "cve": "CVE-2017-2537", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-353/advisory.json", "detail_path": "advisories/ZDI-17-353", "id": "ZDI-17-353", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS WindowServer Dragging Space Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-353/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4592", "zdi_id": "ZDI-17-353" }, { "cve": "CVE-2017-6990", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-17-352/advisory.json", "detail_path": "advisories/ZDI-17-352", "id": "ZDI-17-352", "kind": "published", "published_date": "2017-05-18", "status": "published", "title": "(Pwn2Own) Apple macOS HFS Uninitialized Memory Information Disclosure Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-352/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4615", "zdi_id": "ZDI-17-352" }, { "cve": "CVE-2017-2545", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-351/advisory.json", "detail_path": "advisories/ZDI-17-351", "id": "ZDI-17-351", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "(Pwn2Own) Apple macOS IOGraphic Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-351/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4614", "zdi_id": "ZDI-17-351" }, { "cve": "CVE-2017-2544", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-350/advisory.json", "detail_path": "advisories/ZDI-17-350", "id": "ZDI-17-350", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "(Pwn2Own) Apple Safari Array concat Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-350/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4613", "zdi_id": "ZDI-17-350" }, { "cve": "CVE-2017-2541", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-349/advisory.json", "detail_path": "advisories/ZDI-17-349", "id": "ZDI-17-349", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "(Pwn2Own) Apple macOS WindowServer _XGetWindowMovementGroup Stack-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-349/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4600", "zdi_id": "ZDI-17-349" }, { "cve": "CVE-2017-2540", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-17-348/advisory.json", "detail_path": "advisories/ZDI-17-348", "id": "ZDI-17-348", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "(Pwn2Own) Apple macOS WindowServer _XGetConnectionPSN Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-348/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4599", "zdi_id": "ZDI-17-348" }, { "cve": "CVE-2017-2534, CVE-2017-6977", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-17-347/advisory.json", "detail_path": "advisories/ZDI-17-347", "id": "ZDI-17-347", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "(Pwn2Own) Apple macOS speechsynthesisd Unsigned Dylib Loading Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-347/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4581", "zdi_id": "ZDI-17-347" }, { "cve": "CVE-2017-2506", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-346/advisory.json", "detail_path": "advisories/ZDI-17-346", "id": "ZDI-17-346", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Apple Safari RenderElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-346/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4536", "zdi_id": "ZDI-17-346" }, { "cve": "CVE-2017-2526", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-345/advisory.json", "detail_path": "advisories/ZDI-17-345", "id": "ZDI-17-345", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Apple Safari RenderInline Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-345/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4520", "zdi_id": "ZDI-17-345" }, { "cve": "CVE-2017-2525", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-344/advisory.json", "detail_path": "advisories/ZDI-17-344", "id": "ZDI-17-344", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Apple Safari RenderLayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-344/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4519", "zdi_id": "ZDI-17-344" }, { "cve": "CVE-2017-5819", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-343/advisory.json", "detail_path": "advisories/ZDI-17-343", "id": "ZDI-17-343", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-343/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4387", "zdi_id": "ZDI-17-343" }, { "cve": "CVE-2017-5818", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-342/advisory.json", "detail_path": "advisories/ZDI-17-342", "id": "ZDI-17-342", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Arbitrary File Deletion Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-342/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4386", "zdi_id": "ZDI-17-342" }, { "cve": "CVE-2017-5817", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-341/advisory.json", "detail_path": "advisories/ZDI-17-341", "id": "ZDI-17-341", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-341/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4372", "zdi_id": "ZDI-17-341" }, { "cve": "CVE-2017-5816", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-340/advisory.json", "detail_path": "advisories/ZDI-17-340", "id": "ZDI-17-340", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10008 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-340/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4367", "zdi_id": "ZDI-17-340" }, { "cve": "CVE-2017-5821", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-339/advisory.json", "detail_path": "advisories/ZDI-17-339", "id": "ZDI-17-339", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10006 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-339/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4379", "zdi_id": "ZDI-17-339" }, { "cve": "CVE-2017-5823", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-338/advisory.json", "detail_path": "advisories/ZDI-17-338", "id": "ZDI-17-338", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10013 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-338/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4378", "zdi_id": "ZDI-17-338" }, { "cve": "CVE-2017-5822", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-337/advisory.json", "detail_path": "advisories/ZDI-17-337", "id": "ZDI-17-337", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10010 Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-337/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4377", "zdi_id": "ZDI-17-337" }, { "cve": "CVE-2017-5820", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbm...", "detail_json": "/data/advisories/ZDI-17-336/advisory.json", "detail_path": "advisories/ZDI-17-336", "id": "ZDI-17-336", "kind": "published", "published_date": "2017-05-15", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10004 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-336/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4373", "zdi_id": "ZDI-17-336" }, { "cve": "CVE-2017-3040", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-335/advisory.json", "detail_path": "advisories/ZDI-17-335", "id": "ZDI-17-335", "kind": "published", "published_date": "2017-05-12", "status": "published", "title": "Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-335/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4550", "zdi_id": "ZDI-17-335" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-334/advisory.json", "detail_path": "advisories/ZDI-17-334", "id": "ZDI-17-334", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Bitdefender Internet Security Dalvik Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-334/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4522", "zdi_id": "ZDI-17-334" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-333/advisory.json", "detail_path": "advisories/ZDI-17-333", "id": "ZDI-17-333", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Bitdefender Internet Security cevakrnl Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-333/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4574", "zdi_id": "ZDI-17-333" }, { "cve": "CVE-2017-5812", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PermissionFilte...", "detail_json": "/data/advisories/ZDI-17-332/advisory.json", "detail_path": "advisories/ZDI-17-332", "id": "ZDI-17-332", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Hewlett Packard Enterprise Network Automation PermissionFilter Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-332/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4362", "zdi_id": "ZDI-17-332" }, { "cve": "CVE-2017-5810", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RedirectServle...", "detail_json": "/data/advisories/ZDI-17-331/advisory.json", "detail_path": "advisories/ZDI-17-331", "id": "ZDI-17-331", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Hewlett Packard Enterprise Network Automation RedirectServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-331/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4219", "zdi_id": "ZDI-17-331" }, { "cve": "CVE-2017-5811", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileSe...", "detail_json": "/data/advisories/ZDI-17-330/advisory.json", "detail_path": "advisories/ZDI-17-330", "id": "ZDI-17-330", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Hewlett Packard Enterprise Network Automation TrueControl Management Engine Service FileServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-330/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4217", "zdi_id": "ZDI-17-330" }, { "cve": "CVE-2017-0240", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-17-329/advisory.json", "detail_path": "advisories/ZDI-17-329", "id": "ZDI-17-329", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-329/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4629", "zdi_id": "ZDI-17-329" }, { "cve": "CVE-2017-0240", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-328/advisory.json", "detail_path": "advisories/ZDI-17-328", "id": "ZDI-17-328", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-328/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4628", "zdi_id": "ZDI-17-328" }, { "cve": "CVE-2017-0238", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-327/advisory.json", "detail_path": "advisories/ZDI-17-327", "id": "ZDI-17-327", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Chakra Array unshift Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-327/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4625", "zdi_id": "ZDI-17-327" }, { "cve": "CVE-2017-0228", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-326/advisory.json", "detail_path": "advisories/ZDI-17-326", "id": "ZDI-17-326", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-326/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4618", "zdi_id": "ZDI-17-326" }, { "cve": "CVE-2017-0233", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the AppContainer sandbox on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-325/advisory.json", "detail_path": "advisories/ZDI-17-325", "id": "ZDI-17-325", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge WriteClassesOfCategory DLL Planting Sandbox Escape Vulnerability", "updated_date": "2018-03-06", "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-325/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4585", "zdi_id": "ZDI-17-325" }, { "cve": "CVE-2017-0234", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-17-324/advisory.json", "detail_path": "advisories/ZDI-17-324", "id": "ZDI-17-324", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge ArrayBuffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-324/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4584", "zdi_id": "ZDI-17-324" }, { "cve": "CVE-2017-0226", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the Enhanced Protected Mode (EPM) sandbox on vulnerable installations of Microsoft Internet Explorer. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...", "detail_json": "/data/advisories/ZDI-17-323/advisory.json", "detail_path": "advisories/ZDI-17-323", "id": "ZDI-17-323", "kind": "published", "published_date": "2017-05-10", "status": "published", "title": "Microsoft Internet Explorer Enhanced Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-323/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4285", "zdi_id": "ZDI-17-323" }, { "cve": "CVE-2017-7929", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within odbcPg4.asp. The issue results from...", "detail_json": "/data/advisories/ZDI-17-322/advisory.json", "detail_path": "advisories/ZDI-17-322", "id": "ZDI-17-322", "kind": "published", "published_date": "2017-05-04", "status": "published", "title": "Advantech WebAccess odbcPg4 Absolute Path Traversal File Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-322/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-4013", "zdi_id": "ZDI-17-322" }, { "cve": "CVE-2017-2491", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-321/advisory.json", "detail_path": "advisories/ZDI-17-321", "id": "ZDI-17-321", "kind": "published", "published_date": "2017-05-04", "status": "published", "title": "(Pwn2Own) Apple Safari String replace Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-321/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4578", "zdi_id": "ZDI-17-321" }, { "cve": "CVE-2017-5448", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-320/advisory.json", "detail_path": "advisories/ZDI-17-320", "id": "ZDI-17-320", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Mozilla Firefox ClearKeyDecryptor Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-320/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-4535", "zdi_id": "ZDI-17-320" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-319/advisory.json", "detail_path": "advisories/ZDI-17-319", "id": "ZDI-17-319", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-319/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4477", "zdi_id": "ZDI-17-319" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-318/advisory.json", "detail_path": "advisories/ZDI-17-318", "id": "ZDI-17-318", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-318/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4476", "zdi_id": "ZDI-17-318" }, { "cve": "CVE-2017-5806", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HPE...", "detail_json": "/data/advisories/ZDI-17-317/advisory.json", "detail_path": "advisories/ZDI-17-317", "id": "ZDI-17-317", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center imcwlandm SSID Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-317/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4538", "zdi_id": "ZDI-17-317" }, { "cve": "CVE-2017-5805", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HPE...", "detail_json": "/data/advisories/ZDI-17-316/advisory.json", "detail_path": "advisories/ZDI-17-316", "id": "ZDI-17-316", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center imcwlandm UserName Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-316/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4539", "zdi_id": "ZDI-17-316" }, { "cve": "CVE-2017-5804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HPE...", "detail_json": "/data/advisories/ZDI-17-315/advisory.json", "detail_path": "advisories/ZDI-17-315", "id": "ZDI-17-315", "kind": "published", "published_date": "2017-05-03", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center imcwlandm Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-315/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4507", "zdi_id": "ZDI-17-315" }, { "cve": "CVE-2017-5059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-314/advisory.json", "detail_path": "advisories/ZDI-17-314", "id": "ZDI-17-314", "kind": "published", "published_date": "2017-05-02", "status": "published", "title": "Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-314/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-4429", "zdi_id": "ZDI-17-314" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-313/advisory.json", "detail_path": "advisories/ZDI-17-313", "id": "ZDI-17-313", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader getAnnot Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-313/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4525", "zdi_id": "ZDI-17-313" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-312/advisory.json", "detail_path": "advisories/ZDI-17-312", "id": "ZDI-17-312", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Annotations lock Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-312/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4517", "zdi_id": "ZDI-17-312" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-311/advisory.json", "detail_path": "advisories/ZDI-17-311", "id": "ZDI-17-311", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Annotations style Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-311/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4513", "zdi_id": "ZDI-17-311" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-310/advisory.json", "detail_path": "advisories/ZDI-17-310", "id": "ZDI-17-310", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Annotations opacity Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-310/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4515", "zdi_id": "ZDI-17-310" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-309/advisory.json", "detail_path": "advisories/ZDI-17-309", "id": "ZDI-17-309", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Annotations arrowEnd Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-309/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4514", "zdi_id": "ZDI-17-309" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-308/advisory.json", "detail_path": "advisories/ZDI-17-308", "id": "ZDI-17-308", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader importAnXFDF Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-308/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4506", "zdi_id": "ZDI-17-308" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-307/advisory.json", "detail_path": "advisories/ZDI-17-307", "id": "ZDI-17-307", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Field setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-307/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4498", "zdi_id": "ZDI-17-307" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-306/advisory.json", "detail_path": "advisories/ZDI-17-306", "id": "ZDI-17-306", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-306/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4494", "zdi_id": "ZDI-17-306" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-305/advisory.json", "detail_path": "advisories/ZDI-17-305", "id": "ZDI-17-305", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader getURL Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-305/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4510", "zdi_id": "ZDI-17-305" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-304/advisory.json", "detail_path": "advisories/ZDI-17-304", "id": "ZDI-17-304", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader spawnPageFromTemplate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-304/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4504", "zdi_id": "ZDI-17-304" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-303/advisory.json", "detail_path": "advisories/ZDI-17-303", "id": "ZDI-17-303", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Field insertItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-303/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4505", "zdi_id": "ZDI-17-303" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-302/advisory.json", "detail_path": "advisories/ZDI-17-302", "id": "ZDI-17-302", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader scroll Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-302/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4503", "zdi_id": "ZDI-17-302" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-301/advisory.json", "detail_path": "advisories/ZDI-17-301", "id": "ZDI-17-301", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader exportAsFDF Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-301/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4497", "zdi_id": "ZDI-17-301" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-300/advisory.json", "detail_path": "advisories/ZDI-17-300", "id": "ZDI-17-300", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader resetForm Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-300/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4531", "zdi_id": "ZDI-17-300" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-299/advisory.json", "detail_path": "advisories/ZDI-17-299", "id": "ZDI-17-299", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Field buttonSetCaption Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-299/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4530", "zdi_id": "ZDI-17-299" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-298/advisory.json", "detail_path": "advisories/ZDI-17-298", "id": "ZDI-17-298", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader response Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-298/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4527", "zdi_id": "ZDI-17-298" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-297/advisory.json", "detail_path": "advisories/ZDI-17-297", "id": "ZDI-17-297", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader Field getItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-297/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4528", "zdi_id": "ZDI-17-297" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-296/advisory.json", "detail_path": "advisories/ZDI-17-296", "id": "ZDI-17-296", "kind": "published", "published_date": "2017-04-21", "status": "published", "title": "Foxit Reader addAnnot Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-296/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4526", "zdi_id": "ZDI-17-296" }, { "cve": "CVE-2017-4911", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-295/advisory.json", "detail_path": "advisories/ZDI-17-295", "id": "ZDI-17-295", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-295/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4388", "zdi_id": "ZDI-17-295" }, { "cve": "CVE-2017-4911", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-294/advisory.json", "detail_path": "advisories/ZDI-17-294", "id": "ZDI-17-294", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-294/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4207", "zdi_id": "ZDI-17-294" }, { "cve": "CVE-2017-4911", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-293/advisory.json", "detail_path": "advisories/ZDI-17-293", "id": "ZDI-17-293", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-293/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4205", "zdi_id": "ZDI-17-293" }, { "cve": "CVE-2017-4911", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-292/advisory.json", "detail_path": "advisories/ZDI-17-292", "id": "ZDI-17-292", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-292/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4203", "zdi_id": "ZDI-17-292" }, { "cve": "CVE-2017-4911", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-291/advisory.json", "detail_path": "advisories/ZDI-17-291", "id": "ZDI-17-291", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-291/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4206", "zdi_id": "ZDI-17-291" }, { "cve": "CVE-2017-4910", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-290/advisory.json", "detail_path": "advisories/ZDI-17-290", "id": "ZDI-17-290", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-290/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4204", "zdi_id": "ZDI-17-290" }, { "cve": "CVE-2017-4908", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-17-289/advisory.json", "detail_path": "advisories/ZDI-17-289", "id": "ZDI-17-289", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "ThinPrint TPView JPEG2000 Parsing Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-289/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-4059", "zdi_id": "ZDI-17-289" }, { "cve": "CVE-2017-3230", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Fusion Middleware MapViewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploaderServlet servl...", "detail_json": "/data/advisories/ZDI-17-288/advisory.json", "detail_path": "advisories/ZDI-17-288", "id": "ZDI-17-288", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-288/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3988", "zdi_id": "ZDI-17-288" }, { "cve": "CVE-2017-2994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-287/advisory.json", "detail_path": "advisories/ZDI-17-287", "id": "ZDI-17-287", "kind": "published", "published_date": "2017-04-19", "status": "published", "title": "Adobe Flash PSDKEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-287/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4565", "zdi_id": "ZDI-17-287" }, { "cve": "CVE-2017-6020", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within global processing of requests insi...", "detail_json": "/data/advisories/ZDI-17-286/advisory.json", "detail_path": "advisories/ZDI-17-286", "id": "ZDI-17-286", "kind": "published", "published_date": "2017-04-12", "status": "published", "title": "LAquis SCADA Software Web Server Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-286/", "vendor": "LAquis SCADA", "vendor_url": null, "zdi_can": "ZDI-CAN-4523", "zdi_id": "ZDI-17-286" }, { "cve": "CVE-2017-0155", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-285/advisory.json", "detail_path": "advisories/ZDI-17-285", "id": "ZDI-17-285", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Microsoft Windows Font Object Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-285/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4337", "zdi_id": "ZDI-17-285" }, { "cve": "CVE-2017-0158", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-284/advisory.json", "detail_path": "advisories/ZDI-17-284", "id": "ZDI-17-284", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4218", "zdi_id": "ZDI-17-284" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within policy_setting.php. T...", "detail_json": "/data/advisories/ZDI-17-283/advisory.json", "detail_path": "advisories/ZDI-17-283", "id": "ZDI-17-283", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector policy_setting Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-283/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4427", "zdi_id": "ZDI-17-283" }, { "cve": "CVE-2017-3057", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-282/advisory.json", "detail_path": "advisories/ZDI-17-282", "id": "ZDI-17-282", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "(Pwn2Own) Adobe Reader DC Collab documentToStream Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-282/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4589", "zdi_id": "ZDI-17-282" }, { "cve": "CVE-2017-3056", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-281/advisory.json", "detail_path": "advisories/ZDI-17-281", "id": "ZDI-17-281", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "(Pwn2Own) Adobe Reader DC util streamFromString Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-281/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4588", "zdi_id": "ZDI-17-281" }, { "cve": "CVE-2017-3055", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-280/advisory.json", "detail_path": "advisories/ZDI-17-280", "id": "ZDI-17-280", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "(Pwn2Own) Adobe Reader DC JPEG2000 Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-280/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4575", "zdi_id": "ZDI-17-280" }, { "cve": "CVE-2017-3063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-279/advisory.json", "detail_path": "advisories/ZDI-17-279", "id": "ZDI-17-279", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "(Pwn2Own) Adobe Flash NetStream Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-279/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4607", "zdi_id": "ZDI-17-279" }, { "cve": "CVE-2017-3062", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-278/advisory.json", "detail_path": "advisories/ZDI-17-278", "id": "ZDI-17-278", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "(Pwn2Own) Adobe Flash TextField Attribute Array Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-278/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4601", "zdi_id": "ZDI-17-278" }, { "cve": "CVE-2017-3053", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-277/advisory.json", "detail_path": "advisories/ZDI-17-277", "id": "ZDI-17-277", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-277/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4460", "zdi_id": "ZDI-17-277" }, { "cve": "CVE-2017-3052", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-276/advisory.json", "detail_path": "advisories/ZDI-17-276", "id": "ZDI-17-276", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-276/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4486", "zdi_id": "ZDI-17-276" }, { "cve": "CVE-2017-3051", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-275/advisory.json", "detail_path": "advisories/ZDI-17-275", "id": "ZDI-17-275", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-275/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4487", "zdi_id": "ZDI-17-275" }, { "cve": "CVE-2017-3050", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-274/advisory.json", "detail_path": "advisories/ZDI-17-274", "id": "ZDI-17-274", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-274/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4491", "zdi_id": "ZDI-17-274" }, { "cve": "CVE-2017-3049", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-273/advisory.json", "detail_path": "advisories/ZDI-17-273", "id": "ZDI-17-273", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-273/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4496", "zdi_id": "ZDI-17-273" }, { "cve": "CVE-2017-3048", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-272/advisory.json", "detail_path": "advisories/ZDI-17-272", "id": "ZDI-17-272", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-272/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4488", "zdi_id": "ZDI-17-272" }, { "cve": "CVE-2017-3047", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-271/advisory.json", "detail_path": "advisories/ZDI-17-271", "id": "ZDI-17-271", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC Annotations Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-271/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4495", "zdi_id": "ZDI-17-271" }, { "cve": "CVE-2017-3046", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-270/advisory.json", "detail_path": "advisories/ZDI-17-270", "id": "ZDI-17-270", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-270/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4500", "zdi_id": "ZDI-17-270" }, { "cve": "CVE-2017-3042", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-269/advisory.json", "detail_path": "advisories/ZDI-17-269", "id": "ZDI-17-269", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-269/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4493", "zdi_id": "ZDI-17-269" }, { "cve": "CVE-2017-3045", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-268/advisory.json", "detail_path": "advisories/ZDI-17-268", "id": "ZDI-17-268", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-268/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4499", "zdi_id": "ZDI-17-268" }, { "cve": "CVE-2017-3044", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-267/advisory.json", "detail_path": "advisories/ZDI-17-267", "id": "ZDI-17-267", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-267/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4501", "zdi_id": "ZDI-17-267" }, { "cve": "CVE-2017-3042", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-266/advisory.json", "detail_path": "advisories/ZDI-17-266", "id": "ZDI-17-266", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-266/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4431", "zdi_id": "ZDI-17-266" }, { "cve": "CVE-2017-3042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-265/advisory.json", "detail_path": "advisories/ZDI-17-265", "id": "ZDI-17-265", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-265/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4433", "zdi_id": "ZDI-17-265" }, { "cve": "CVE-2017-3042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-264/advisory.json", "detail_path": "advisories/ZDI-17-264", "id": "ZDI-17-264", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-264/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4432", "zdi_id": "ZDI-17-264" }, { "cve": "CVE-2017-3043", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-263/advisory.json", "detail_path": "advisories/ZDI-17-263", "id": "ZDI-17-263", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC Collab shareFile Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-263/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4434", "zdi_id": "ZDI-17-263" }, { "cve": "CVE-2017-3036", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-262/advisory.json", "detail_path": "advisories/ZDI-17-262", "id": "ZDI-17-262", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion PCX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-262/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4395", "zdi_id": "ZDI-17-262" }, { "cve": "CVE-2017-3035", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-261/advisory.json", "detail_path": "advisories/ZDI-17-261", "id": "ZDI-17-261", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC XFA dashDotDot Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-261/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4374", "zdi_id": "ZDI-17-261" }, { "cve": "CVE-2017-3034", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-260/advisory.json", "detail_path": "advisories/ZDI-17-260", "id": "ZDI-17-260", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC XFA Array Index Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-260/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4355", "zdi_id": "ZDI-17-260" }, { "cve": "CVE-2017-3031", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-259/advisory.json", "detail_path": "advisories/ZDI-17-259", "id": "ZDI-17-259", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC Nested Variables Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-259/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4382", "zdi_id": "ZDI-17-259" }, { "cve": "CVE-2017-3033", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-258/advisory.json", "detail_path": "advisories/ZDI-17-258", "id": "ZDI-17-258", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-258/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4384", "zdi_id": "ZDI-17-258" }, { "cve": "CVE-2017-3032", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-257/advisory.json", "detail_path": "advisories/ZDI-17-257", "id": "ZDI-17-257", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-257/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4334", "zdi_id": "ZDI-17-257" }, { "cve": "CVE-2017-3031", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-17-256/advisory.json", "detail_path": "advisories/ZDI-17-256", "id": "ZDI-17-256", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC XSLT Namespace Node Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-256/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4381", "zdi_id": "ZDI-17-256" }, { "cve": "CVE-2017-3029", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-255/advisory.json", "detail_path": "advisories/ZDI-17-255", "id": "ZDI-17-255", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-255/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4335", "zdi_id": "ZDI-17-255" }, { "cve": "CVE-2017-3028", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-254/advisory.json", "detail_path": "advisories/ZDI-17-254", "id": "ZDI-17-254", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-254/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4336", "zdi_id": "ZDI-17-254" }, { "cve": "CVE-2017-3023", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-253/advisory.json", "detail_path": "advisories/ZDI-17-253", "id": "ZDI-17-253", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-253/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4306", "zdi_id": "ZDI-17-253" }, { "cve": "CVE-2017-3022", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-252/advisory.json", "detail_path": "advisories/ZDI-17-252", "id": "ZDI-17-252", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-252/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4318", "zdi_id": "ZDI-17-252" }, { "cve": "CVE-2017-3021", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-17-251/advisory.json", "detail_path": "advisories/ZDI-17-251", "id": "ZDI-17-251", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-251/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4202", "zdi_id": "ZDI-17-251" }, { "cve": "CVE-2017-3020", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-17-250/advisory.json", "detail_path": "advisories/ZDI-17-250", "id": "ZDI-17-250", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC Weblink Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-250/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4201", "zdi_id": "ZDI-17-250" }, { "cve": "CVE-2017-3019", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-249/advisory.json", "detail_path": "advisories/ZDI-17-249", "id": "ZDI-17-249", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Reader DC PRC Parsing Out-Of-Bound Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-249/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4212", "zdi_id": "ZDI-17-249" }, { "cve": "CVE-2017-3060", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-248/advisory.json", "detail_path": "advisories/ZDI-17-248", "id": "ZDI-17-248", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Flash SWF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-248/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4533", "zdi_id": "ZDI-17-248" }, { "cve": "CVE-2017-3060", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-247/advisory.json", "detail_path": "advisories/ZDI-17-247", "id": "ZDI-17-247", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Flash SWF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-247/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4532", "zdi_id": "ZDI-17-247" }, { "cve": "CVE-2017-3059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-246/advisory.json", "detail_path": "advisories/ZDI-17-246", "id": "ZDI-17-246", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Flash AS2 New Opcode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-246/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4443", "zdi_id": "ZDI-17-246" }, { "cve": "CVE-2017-3058", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-245/advisory.json", "detail_path": "advisories/ZDI-17-245", "id": "ZDI-17-245", "kind": "published", "published_date": "2017-04-11", "status": "published", "title": "Adobe Flash ByteArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-245/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4448", "zdi_id": "ZDI-17-245" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to modify the security posture of the underlying product on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the p...", "detail_json": "/data/advisories/ZDI-17-244/advisory.json", "detail_path": "advisories/ZDI-17-244", "id": "ZDI-17-244", "kind": "published", "published_date": "2017-04-05", "status": "published", "title": "Trend Micro Control Manager cgiShowClientAdm Missing Authentication for Critical Function Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-244/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4511", "zdi_id": "ZDI-17-244" }, { "cve": null, "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Smart Protection Server. Authentication is required to exploit this vulnerability. The specific flaw exists within wcs_bwlists_handler.php. The iss...", "detail_json": "/data/advisories/ZDI-17-243/advisory.json", "detail_path": "advisories/ZDI-17-243", "id": "ZDI-17-243", "kind": "published", "published_date": "2017-04-05", "status": "published", "title": "Trend Micro Smart Protection Server wcs_bwlists_handler Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-243/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4242", "zdi_id": "ZDI-17-243" }, { "cve": "CVE-2017-3009", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-242/advisory.json", "detail_path": "advisories/ZDI-17-242", "id": "ZDI-17-242", "kind": "published", "published_date": "2017-04-05", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-242/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4039", "zdi_id": "ZDI-17-242" }, { "cve": "CVE-2017-2463", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-241/advisory.json", "detail_path": "advisories/ZDI-17-241", "id": "ZDI-17-241", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Apple Safari RenderBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-241/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4452", "zdi_id": "ZDI-17-241" }, { "cve": "CVE-2017-7184", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...", "detail_json": "/data/advisories/ZDI-17-240/advisory.json", "detail_path": "advisories/ZDI-17-240", "id": "ZDI-17-240", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "(Pwn2Own) Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-240/", "vendor": "Linux", "vendor_url": null, "zdi_can": "ZDI-CAN-4586", "zdi_id": "ZDI-17-240" }, { "cve": "CVE-2017-4904", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-239/advisory.json", "detail_path": "advisories/ZDI-17-239", "id": "ZDI-17-239", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "(Pwn2Own) VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-239/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4632", "zdi_id": "ZDI-17-239" }, { "cve": "CVE-2017-4905", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...", "detail_json": "/data/advisories/ZDI-17-238/advisory.json", "detail_path": "advisories/ZDI-17-238", "id": "ZDI-17-238", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "(Pwn2Own) VMware Workstation Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-238/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4631", "zdi_id": "ZDI-17-238" }, { "cve": "CVE-2017-4903", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-237/advisory.json", "detail_path": "advisories/ZDI-17-237", "id": "ZDI-17-237", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "(Pwn2Own) VMware Workstation SVGA Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-237/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4627", "zdi_id": "ZDI-17-237" }, { "cve": "CVE-2017-4902", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-236/advisory.json", "detail_path": "advisories/ZDI-17-236", "id": "ZDI-17-236", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-236/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4606", "zdi_id": "ZDI-17-236" }, { "cve": "CVE-2017-4902", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-17-235/advisory.json", "detail_path": "advisories/ZDI-17-235", "id": "ZDI-17-235", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-235/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-4605", "zdi_id": "ZDI-17-235" }, { "cve": "CVE-2017-5428", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-234/advisory.json", "detail_path": "advisories/ZDI-17-234", "id": "ZDI-17-234", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "(Pwn2Own) Mozilla Firefox createImageBitmap Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-234/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-4620", "zdi_id": "ZDI-17-234" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within transparent_...", "detail_json": "/data/advisories/ZDI-17-233/advisory.json", "detail_path": "advisories/ZDI-17-233", "id": "ZDI-17-233", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance transparent_setting CRLF Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-233/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4437", "zdi_id": "ZDI-17-233" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within TestConfigu...", "detail_json": "/data/advisories/ZDI-17-232/advisory.json", "detail_path": "advisories/ZDI-17-232", "id": "ZDI-17-232", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance TestConfigure Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-232/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4324", "zdi_id": "ZDI-17-232" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-231/advisory.json", "detail_path": "advisories/ZDI-17-231", "id": "ZDI-17-231", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration datagateIPv6Changed Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-231/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4304", "zdi_id": "ZDI-17-231" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-230/advisory.json", "detail_path": "advisories/ZDI-17-230", "id": "ZDI-17-230", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isMgntDHCPIPv6Changed Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-230/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4299", "zdi_id": "ZDI-17-230" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete oper...", "detail_json": "/data/advisories/ZDI-17-229/advisory.json", "detail_path": "advisories/ZDI-17-229", "id": "ZDI-17-229", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance PacFileManagement delete_pac_files Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-229/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4276", "zdi_id": "ZDI-17-229" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-228/advisory.json", "detail_path": "advisories/ZDI-17-228", "id": "ZDI-17-228", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration hostname Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-228/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4267", "zdi_id": "ZDI-17-228" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within process...", "detail_json": "/data/advisories/ZDI-17-227/advisory.json", "detail_path": "advisories/ZDI-17-227", "id": "ZDI-17-227", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigBackup Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-227/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4262", "zdi_id": "ZDI-17-227" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-226/advisory.json", "detail_path": "advisories/ZDI-17-226", "id": "ZDI-17-226", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setHostname Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-226/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4256", "zdi_id": "ZDI-17-226" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the uihelper application....", "detail_json": "/data/advisories/ZDI-17-225/advisory.json", "detail_path": "advisories/ZDI-17-225", "id": "ZDI-17-225", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance uihelper Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-225/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4385", "zdi_id": "ZDI-17-225" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-224/advisory.json", "detail_path": "advisories/ZDI-17-224", "id": "ZDI-17-224", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-224/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4315", "zdi_id": "ZDI-17-224" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-223/advisory.json", "detail_path": "advisories/ZDI-17-223", "id": "ZDI-17-223", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration manageIP6 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-223/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4303", "zdi_id": "ZDI-17-223" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-222/advisory.json", "detail_path": "advisories/ZDI-17-222", "id": "ZDI-17-222", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration gateChanged Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-222/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4298", "zdi_id": "ZDI-17-222" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-221/advisory.json", "detail_path": "advisories/ZDI-17-221", "id": "ZDI-17-221", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration dataIP6Changed Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-221/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4275", "zdi_id": "ZDI-17-221" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentCach...", "detail_json": "/data/advisories/ZDI-17-220/advisory.json", "detail_path": "advisories/ZDI-17-220", "id": "ZDI-17-220", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ContentCacheSSAction Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-220/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4266", "zdi_id": "ZDI-17-220" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the PacFileMana...", "detail_json": "/data/advisories/ZDI-17-219/advisory.json", "detail_path": "advisories/ZDI-17-219", "id": "ZDI-17-219", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance PacFileManagement Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-219/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4261", "zdi_id": "ZDI-17-219" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-218/advisory.json", "detail_path": "advisories/ZDI-17-218", "id": "ZDI-17-218", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setMgmtIPConfig Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-218/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4255", "zdi_id": "ZDI-17-218" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DomainL...", "detail_json": "/data/advisories/ZDI-17-217/advisory.json", "detail_path": "advisories/ZDI-17-217", "id": "ZDI-17-217", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance DomainList TestingADKerberos Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-217/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4375", "zdi_id": "ZDI-17-217" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the ManagePatch...", "detail_json": "/data/advisories/ZDI-17-216/advisory.json", "detail_path": "advisories/ZDI-17-216", "id": "ZDI-17-216", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManagePatches untarPatchFile Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-216/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4313", "zdi_id": "ZDI-17-216" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-215/advisory.json", "detail_path": "advisories/ZDI-17-215", "id": "ZDI-17-215", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration mgmtPingChanged Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-215/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4302", "zdi_id": "ZDI-17-215" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within DeploymentWizar...", "detail_json": "/data/advisories/ZDI-17-214/advisory.json", "detail_path": "advisories/ZDI-17-214", "id": "ZDI-17-214", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance DeploymentWizardAction GetClusterInfo Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-214/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4296", "zdi_id": "ZDI-17-214" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-213/advisory.json", "detail_path": "advisories/ZDI-17-213", "id": "ZDI-17-213", "kind": "published", "published_date": "2017-03-30", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration dataPingChanged Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-213/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4270", "zdi_id": "ZDI-17-213" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-212/advisory.json", "detail_path": "advisories/ZDI-17-212", "id": "ZDI-17-212", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration primaryDNS6 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-212/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4265", "zdi_id": "ZDI-17-212" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within process...", "detail_json": "/data/advisories/ZDI-17-211/advisory.json", "detail_path": "advisories/ZDI-17-211", "id": "ZDI-17-211", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance VerboseLog Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-211/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4260", "zdi_id": "ZDI-17-211" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-210/advisory.json", "detail_path": "advisories/ZDI-17-210", "id": "ZDI-17-210", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setMgmtIPConfig Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-210/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4254", "zdi_id": "ZDI-17-210" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within LogSettingH...", "detail_json": "/data/advisories/ZDI-17-209/advisory.json", "detail_path": "advisories/ZDI-17-209", "id": "ZDI-17-209", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance LogSettingHandler doPostMountDevice Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-209/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4326", "zdi_id": "ZDI-17-209" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the ManagePatch...", "detail_json": "/data/advisories/ZDI-17-208/advisory.json", "detail_path": "advisories/ZDI-17-208", "id": "ZDI-17-208", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManagePatches rollbackPatch Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-208/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4312", "zdi_id": "ZDI-17-208" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-207/advisory.json", "detail_path": "advisories/ZDI-17-207", "id": "ZDI-17-207", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration mgmtIPv6Changed Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-207/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4301", "zdi_id": "ZDI-17-207" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ReportHandler's...", "detail_json": "/data/advisories/ZDI-17-206/advisory.json", "detail_path": "advisories/ZDI-17-206", "id": "ZDI-17-206", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ReportHandler DoCmd Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-206/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4295", "zdi_id": "ZDI-17-206" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-205/advisory.json", "detail_path": "advisories/ZDI-17-205", "id": "ZDI-17-205", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration manageEth Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-205/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4269", "zdi_id": "ZDI-17-205" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-204/advisory.json", "detail_path": "advisories/ZDI-17-204", "id": "ZDI-17-204", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-204/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4264", "zdi_id": "ZDI-17-204" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-203/advisory.json", "detail_path": "advisories/ZDI-17-203", "id": "ZDI-17-203", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig static IP Information Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-203/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4258", "zdi_id": "ZDI-17-203" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ClusterManageme...", "detail_json": "/data/advisories/ZDI-17-202/advisory.json", "detail_path": "advisories/ZDI-17-202", "id": "ZDI-17-202", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ClusterManagement ChangeNodeSetting Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-202/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4253", "zdi_id": "ZDI-17-202" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within config_date_tim...", "detail_json": "/data/advisories/ZDI-17-201/advisory.json", "detail_path": "advisories/ZDI-17-201", "id": "ZDI-17-201", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance config_date_time Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-201/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4471", "zdi_id": "ZDI-17-201" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within WmiDCDetect...", "detail_json": "/data/advisories/ZDI-17-200/advisory.json", "detail_path": "advisories/ZDI-17-200", "id": "ZDI-17-200", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance WmiDCDetector getAdHost Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-200/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4325", "zdi_id": "ZDI-17-200" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the LogDelete p...", "detail_json": "/data/advisories/ZDI-17-199/advisory.json", "detail_path": "advisories/ZDI-17-199", "id": "ZDI-17-199", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance LogDelete processRequest method Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-199/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4311", "zdi_id": "ZDI-17-199" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-198/advisory.json", "detail_path": "advisories/ZDI-17-198", "id": "ZDI-17-198", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration mgnt_gateway6 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-198/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4300", "zdi_id": "ZDI-17-198" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-197/advisory.json", "detail_path": "advisories/ZDI-17-197", "id": "ZDI-17-197", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP6_data Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-197/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4280", "zdi_id": "ZDI-17-197" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-196/advisory.json", "detail_path": "advisories/ZDI-17-196", "id": "ZDI-17-196", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration proxyEthChanged Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-196/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4268", "zdi_id": "ZDI-17-196" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork...", "detail_json": "/data/advisories/ZDI-17-195/advisory.json", "detail_path": "advisories/ZDI-17-195", "id": "ZDI-17-195", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration dataIPChanged Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-195/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4263", "zdi_id": "ZDI-17-195" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-194/advisory.json", "detail_path": "advisories/ZDI-17-194", "id": "ZDI-17-194", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig DNS Information Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-194/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4257", "zdi_id": "ZDI-17-194" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig'...", "detail_json": "/data/advisories/ZDI-17-193/advisory.json", "detail_path": "advisories/ZDI-17-193", "id": "ZDI-17-193", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig DHCP Information Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-193/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4243", "zdi_id": "ZDI-17-193" }, { "cve": "CVE-2017-5797", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-17-192/advisory.json", "detail_path": "advisories/ZDI-17-192", "id": "ZDI-17-192", "kind": "published", "published_date": "2017-03-29", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center Service Operation Manager Module FileDownloadServlet filePath Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-192/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4057", "zdi_id": "ZDI-17-192" }, { "cve": "CVE-2017-2481", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-191/advisory.json", "detail_path": "advisories/ZDI-17-191", "id": "ZDI-17-191", "kind": "published", "published_date": "2017-03-28", "status": "published", "title": "Apple Safari ElementData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-191/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4454", "zdi_id": "ZDI-17-191" }, { "cve": "CVE-2017-2430", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-17-190/advisory.json", "detail_path": "advisories/ZDI-17-190", "id": "ZDI-17-190", "kind": "published", "published_date": "2017-03-28", "status": "published", "title": "Apple macOS M4A Parsing Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-190/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4414", "zdi_id": "ZDI-17-190" }, { "cve": "CVE-2017-2462", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-17-189/advisory.json", "detail_path": "advisories/ZDI-17-189", "id": "ZDI-17-189", "kind": "published", "published_date": "2017-03-28", "status": "published", "title": "Apple macOS M4A Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-189/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4413", "zdi_id": "ZDI-17-189" }, { "cve": "CVE-2017-2432", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-188/advisory.json", "detail_path": "advisories/ZDI-17-188", "id": "ZDI-17-188", "kind": "published", "published_date": "2017-03-28", "status": "published", "title": "Apple macOS ImageIO JPEG Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-188/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4329", "zdi_id": "ZDI-17-188" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro InterScan Messaging Security Suite. Authentication is required to exploit this vulnerability. The specific flaw exists within the showPictu...", "detail_json": "/data/advisories/ZDI-17-187/advisory.json", "detail_path": "advisories/ZDI-17-187", "id": "ZDI-17-187", "kind": "published", "published_date": "2017-03-22", "status": "published", "title": "Trend Micro InterScan Messaging Security Suite DetailReportAction Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-187/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4472", "zdi_id": "ZDI-17-187" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-186/advisory.json", "detail_path": "advisories/ZDI-17-186", "id": "ZDI-17-186", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet SpecialSpywarePolicyResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-186/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4166", "zdi_id": "ZDI-17-186" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-185/advisory.json", "detail_path": "advisories/ZDI-17-185", "id": "ZDI-17-185", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager AdHocQueryExportProcessing SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-185/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4116", "zdi_id": "ZDI-17-185" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-184/advisory.json", "detail_path": "advisories/ZDI-17-184", "id": "ZDI-17-184", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet IDTB_SV parameters SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-184/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4155", "zdi_id": "ZDI-17-184" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-183/advisory.json", "detail_path": "advisories/ZDI-17-183", "id": "ZDI-17-183", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet ID_HIDDEN_UG_STR SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-183/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4154", "zdi_id": "ZDI-17-183" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-182/advisory.json", "detail_path": "advisories/ZDI-17-182", "id": "ZDI-17-182", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager cgiCMUIDispatcher ScheduleDownloadSavedEnableList SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-182/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4117", "zdi_id": "ZDI-17-182" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-181/advisory.json", "detail_path": "advisories/ZDI-17-181", "id": "ZDI-17-181", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet ID_QUERY_COMMAND_TRACKING_ID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-181/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4115", "zdi_id": "ZDI-17-181" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-180/advisory.json", "detail_path": "advisories/ZDI-17-180", "id": "ZDI-17-180", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager cgiCMUIDispatcher ManualDownloadResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-180/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4112", "zdi_id": "ZDI-17-180" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-179/advisory.json", "detail_path": "advisories/ZDI-17-179", "id": "ZDI-17-179", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash MovieClip transform Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-179/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4465", "zdi_id": "ZDI-17-179" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-178/advisory.json", "detail_path": "advisories/ZDI-17-178", "id": "ZDI-17-178", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash Transform matrix Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-178/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4453", "zdi_id": "ZDI-17-178" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-177/advisory.json", "detail_path": "advisories/ZDI-17-177", "id": "ZDI-17-177", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash BitmapData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-177/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4447", "zdi_id": "ZDI-17-177" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-176/advisory.json", "detail_path": "advisories/ZDI-17-176", "id": "ZDI-17-176", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash Sound loadSound Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-176/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4446", "zdi_id": "ZDI-17-176" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-175/advisory.json", "detail_path": "advisories/ZDI-17-175", "id": "ZDI-17-175", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash TextFormat getTextExtent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-175/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4445", "zdi_id": "ZDI-17-175" }, { "cve": "CVE-2017-3001", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-174/advisory.json", "detail_path": "advisories/ZDI-17-174", "id": "ZDI-17-174", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Adobe Flash AS2 RemoveClip Opcode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-174/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4444", "zdi_id": "ZDI-17-174" }, { "cve": "CVE-2017-0067", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-17-173/advisory.json", "detail_path": "advisories/ZDI-17-173", "id": "ZDI-17-173", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Edge JavaScript Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-173/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4470", "zdi_id": "ZDI-17-173" }, { "cve": "CVE-2017-0015", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-17-172/advisory.json", "detail_path": "advisories/ZDI-17-172", "id": "ZDI-17-172", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Windows JavaScript Spread Operator Uninitialized Memory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-172/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4430", "zdi_id": "ZDI-17-172" }, { "cve": "CVE-2017-0032", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-171/advisory.json", "detail_path": "advisories/ZDI-17-171", "id": "ZDI-17-171", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-171/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4422", "zdi_id": "ZDI-17-171" }, { "cve": "CVE-2017-0094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-17-170/advisory.json", "detail_path": "advisories/ZDI-17-170", "id": "ZDI-17-170", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Windows JavaScript Proxy Setter Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-170/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4271", "zdi_id": "ZDI-17-170" }, { "cve": "CVE-2017-0018", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-17-169/advisory.json", "detail_path": "advisories/ZDI-17-169", "id": "ZDI-17-169", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Internet Explorer CHtmTag Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-169/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4058", "zdi_id": "ZDI-17-169" }, { "cve": "CVE-2017-0047", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-17-168/advisory.json", "detail_path": "advisories/ZDI-17-168", "id": "ZDI-17-168", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Windows DrawIconEx Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-168/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4052", "zdi_id": "ZDI-17-168" }, { "cve": "CVE-2017-0011", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-17-167/advisory.json", "detail_path": "advisories/ZDI-17-167", "id": "ZDI-17-167", "kind": "published", "published_date": "2017-03-21", "status": "published", "title": "Microsoft Edge CTransitionValues Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-167/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3934", "zdi_id": "ZDI-17-167" }, { "cve": "CVE-2017-5790", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acc...", "detail_json": "/data/advisories/ZDI-17-166/advisory.json", "detail_path": "advisories/ZDI-17-166", "id": "ZDI-17-166", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center accessMgrServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-166/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4122", "zdi_id": "ZDI-17-166" }, { "cve": "CVE-2017-5795", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authenticatio...", "detail_json": "/data/advisories/ZDI-17-165/advisory.json", "detail_path": "advisories/ZDI-17-165", "id": "ZDI-17-165", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet fileName Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-165/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4053", "zdi_id": "ZDI-17-165" }, { "cve": "CVE-2017-5794", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-164/advisory.json", "detail_path": "advisories/ZDI-17-164", "id": "ZDI-17-164", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center FileUploadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-164/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4055", "zdi_id": "ZDI-17-164" }, { "cve": "CVE-2017-5793", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechan...", "detail_json": "/data/advisories/ZDI-17-163/advisory.json", "detail_path": "advisories/ZDI-17-163", "id": "ZDI-17-163", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center CommonUtils Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-163/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4054", "zdi_id": "ZDI-17-163" }, { "cve": "CVE-2017-5792", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the eup...", "detail_json": "/data/advisories/ZDI-17-162/advisory.json", "detail_path": "advisories/ZDI-17-162", "id": "ZDI-17-162", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-162/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4067", "zdi_id": "ZDI-17-162" }, { "cve": "CVE-2017-5791", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. The specific flaw exists within UrlAccessController. The doFilter method contains multiple ways to byp...", "detail_json": "/data/advisories/ZDI-17-161/advisory.json", "detail_path": "advisories/ZDI-17-161", "id": "ZDI-17-161", "kind": "published", "published_date": "2017-03-11", "status": "published", "title": "Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-161/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-4056", "zdi_id": "ZDI-17-161" }, { "cve": "CVE-2017-5789", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libxdrutil.dll mxdr_st...", "detail_json": "/data/advisories/ZDI-17-160/advisory.json", "detail_path": "advisories/ZDI-17-160", "id": "ZDI-17-160", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Hewlett Packard Enterprise LoadRunner libxdrutil mxdr_string Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-160/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3933", "zdi_id": "ZDI-17-160" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within download_pdf.php. The...", "detail_json": "/data/advisories/ZDI-17-159/advisory.json", "detail_path": "advisories/ZDI-17-159", "id": "ZDI-17-159", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector download_pdf Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-159/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4418", "zdi_id": "ZDI-17-159" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within write_new_html_with_s...", "detail_json": "/data/advisories/ZDI-17-158/advisory.json", "detail_path": "advisories/ZDI-17-158", "id": "ZDI-17-158", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector write_new_html_with_svg Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-158/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4417", "zdi_id": "ZDI-17-158" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within network_dump.php. The...", "detail_json": "/data/advisories/ZDI-17-157/advisory.json", "detail_path": "advisories/ZDI-17-157", "id": "ZDI-17-157", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector network_dump Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-157/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4366", "zdi_id": "ZDI-17-157" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within get_filesize.php. The...", "detail_json": "/data/advisories/ZDI-17-156/advisory.json", "detail_path": "advisories/ZDI-17-156", "id": "ZDI-17-156", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector get_filesize Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-156/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4351", "zdi_id": "ZDI-17-156" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within firewall_setting.php....", "detail_json": "/data/advisories/ZDI-17-155/advisory.json", "detail_path": "advisories/ZDI-17-155", "id": "ZDI-17-155", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector firewall_setting Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-155/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4349", "zdi_id": "ZDI-17-155" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within reboot_...", "detail_json": "/data/advisories/ZDI-17-154/advisory.json", "detail_path": "advisories/ZDI-17-154", "id": "ZDI-17-154", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector reboot_after_hotfix Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-154/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4347", "zdi_id": "ZDI-17-154" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within screenshot.php. The i...", "detail_json": "/data/advisories/ZDI-17-153/advisory.json", "detail_path": "advisories/ZDI-17-153", "id": "ZDI-17-153", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector screenshot Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-153/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4348", "zdi_id": "ZDI-17-153" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_checklicense_AC....", "detail_json": "/data/advisories/ZDI-17-152/advisory.json", "detail_path": "advisories/ZDI-17-152", "id": "ZDI-17-152", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector ajax_checklicense_AC Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-152/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4346", "zdi_id": "ZDI-17-152" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within db_export.php. The is...", "detail_json": "/data/advisories/ZDI-17-151/advisory.json", "detail_path": "advisories/ZDI-17-151", "id": "ZDI-17-151", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Trend Micro Deep Discovery Email Inspector db_export Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-151/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4333", "zdi_id": "ZDI-17-151" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-150/advisory.json", "detail_path": "advisories/ZDI-17-150", "id": "ZDI-17-150", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader Field buttonGetIcon Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-150/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4529", "zdi_id": "ZDI-17-150" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-149/advisory.json", "detail_path": "advisories/ZDI-17-149", "id": "ZDI-17-149", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader ePub Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-149/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4516", "zdi_id": "ZDI-17-149" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-148/advisory.json", "detail_path": "advisories/ZDI-17-148", "id": "ZDI-17-148", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader openDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-148/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4509", "zdi_id": "ZDI-17-148" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-147/advisory.json", "detail_path": "advisories/ZDI-17-147", "id": "ZDI-17-147", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader Field deleteItemAt Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-147/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4508", "zdi_id": "ZDI-17-147" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-146/advisory.json", "detail_path": "advisories/ZDI-17-146", "id": "ZDI-17-146", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader PDB Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-146/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4479", "zdi_id": "ZDI-17-146" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-145/advisory.json", "detail_path": "advisories/ZDI-17-145", "id": "ZDI-17-145", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-145/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4478", "zdi_id": "ZDI-17-145" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-144/advisory.json", "detail_path": "advisories/ZDI-17-144", "id": "ZDI-17-144", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-144/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4475", "zdi_id": "ZDI-17-144" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-143/advisory.json", "detail_path": "advisories/ZDI-17-143", "id": "ZDI-17-143", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader execMenuItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-143/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4464", "zdi_id": "ZDI-17-143" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-142/advisory.json", "detail_path": "advisories/ZDI-17-142", "id": "ZDI-17-142", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader execMenuItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-142/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4463", "zdi_id": "ZDI-17-142" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-141/advisory.json", "detail_path": "advisories/ZDI-17-141", "id": "ZDI-17-141", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader execMenuItem Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-141/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4462", "zdi_id": "ZDI-17-141" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-140/advisory.json", "detail_path": "advisories/ZDI-17-140", "id": "ZDI-17-140", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-140/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4458", "zdi_id": "ZDI-17-140" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-139/advisory.json", "detail_path": "advisories/ZDI-17-139", "id": "ZDI-17-139", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader ePub Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-139/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4423", "zdi_id": "ZDI-17-139" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-138/advisory.json", "detail_path": "advisories/ZDI-17-138", "id": "ZDI-17-138", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader XFA Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-138/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4330", "zdi_id": "ZDI-17-138" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-137/advisory.json", "detail_path": "advisories/ZDI-17-137", "id": "ZDI-17-137", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader Pattern Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-137/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4354", "zdi_id": "ZDI-17-137" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-136/advisory.json", "detail_path": "advisories/ZDI-17-136", "id": "ZDI-17-136", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader Xref Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-136/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4353", "zdi_id": "ZDI-17-136" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-135/advisory.json", "detail_path": "advisories/ZDI-17-135", "id": "ZDI-17-135", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-135/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4365", "zdi_id": "ZDI-17-135" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-134/advisory.json", "detail_path": "advisories/ZDI-17-134", "id": "ZDI-17-134", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-134/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4364", "zdi_id": "ZDI-17-134" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-133/advisory.json", "detail_path": "advisories/ZDI-17-133", "id": "ZDI-17-133", "kind": "published", "published_date": "2017-03-09", "status": "published", "title": "Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-133/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4363", "zdi_id": "ZDI-17-133" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be by...", "detail_json": "/data/advisories/ZDI-17-132/advisory.json", "detail_path": "advisories/ZDI-17-132", "id": "ZDI-17-132", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise displayName_get SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-132/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4408", "zdi_id": "ZDI-17-132" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be by...", "detail_json": "/data/advisories/ZDI-17-131/advisory.json", "detail_path": "advisories/ZDI-17-131", "id": "ZDI-17-131", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise count_ad_members SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-131/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4409", "zdi_id": "ZDI-17-131" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-130/advisory.json", "detail_path": "advisories/ZDI-17-130", "id": "ZDI-17-130", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise restartService Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-130/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4410", "zdi_id": "ZDI-17-130" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-129/advisory.json", "detail_path": "advisories/ZDI-17-129", "id": "ZDI-17-129", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise rollback Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-129/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4411", "zdi_id": "ZDI-17-129" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be by...", "detail_json": "/data/advisories/ZDI-17-128/advisory.json", "detail_path": "advisories/ZDI-17-128", "id": "ZDI-17-128", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise get_device_info SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-128/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4412", "zdi_id": "ZDI-17-128" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-127/advisory.json", "detail_path": "advisories/ZDI-17-127", "id": "ZDI-17-127", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise get_replacement Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-127/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4404", "zdi_id": "ZDI-17-127" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-126/advisory.json", "detail_path": "advisories/ZDI-17-126", "id": "ZDI-17-126", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise license Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-126/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4403", "zdi_id": "ZDI-17-126" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be by...", "detail_json": "/data/advisories/ZDI-17-125/advisory.json", "detail_path": "advisories/ZDI-17-125", "id": "ZDI-17-125", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise get_nic_device SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-125/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4402", "zdi_id": "ZDI-17-125" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-124/advisory.json", "detail_path": "advisories/ZDI-17-124", "id": "ZDI-17-124", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise reconnect_nfs_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-124/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4401", "zdi_id": "ZDI-17-124" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-123/advisory.json", "detail_path": "advisories/ZDI-17-123", "id": "ZDI-17-123", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise reconnect_iscsi_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-123/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4400", "zdi_id": "ZDI-17-123" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-122/advisory.json", "detail_path": "advisories/ZDI-17-122", "id": "ZDI-17-122", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise reconnect_local_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-122/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4399", "zdi_id": "ZDI-17-122" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-121/advisory.json", "detail_path": "advisories/ZDI-17-121", "id": "ZDI-17-121", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise mount_local_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-121/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4398", "zdi_id": "ZDI-17-121" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-120/advisory.json", "detail_path": "advisories/ZDI-17-120", "id": "ZDI-17-120", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise mount_iscsi_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-120/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4397", "zdi_id": "ZDI-17-120" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-119/advisory.json", "detail_path": "advisories/ZDI-17-119", "id": "ZDI-17-119", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise replace_local_disk Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-119/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4396", "zdi_id": "ZDI-17-119" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-118/advisory.json", "detail_path": "advisories/ZDI-17-118", "id": "ZDI-17-118", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise dead_local_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-118/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4394", "zdi_id": "ZDI-17-118" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-117/advisory.json", "detail_path": "advisories/ZDI-17-117", "id": "ZDI-17-117", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise dead_iscsi_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-117/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4393", "zdi_id": "ZDI-17-117" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-116/advisory.json", "detail_path": "advisories/ZDI-17-116", "id": "ZDI-17-116", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise discovery_iscsi_device Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-116/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4392", "zdi_id": "ZDI-17-116" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-115/advisory.json", "detail_path": "advisories/ZDI-17-115", "id": "ZDI-17-115", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise save_local_config Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-115/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4391", "zdi_id": "ZDI-17-115" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-114/advisory.json", "detail_path": "advisories/ZDI-17-114", "id": "ZDI-17-114", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise save_iscsi_config Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-114/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4390", "zdi_id": "ZDI-17-114" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within check_nfs_server_status. The iss...", "detail_json": "/data/advisories/ZDI-17-113/advisory.json", "detail_path": "advisories/ZDI-17-113", "id": "ZDI-17-113", "kind": "published", "published_date": "2017-03-01", "status": "published", "title": "Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-113/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4389", "zdi_id": "ZDI-17-113" }, { "cve": "CVE-2017-5177", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VIPA Automation WinPLC7. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of TCP packets. The software...", "detail_json": "/data/advisories/ZDI-17-112/advisory.json", "detail_path": "advisories/ZDI-17-112", "id": "ZDI-17-112", "kind": "published", "published_date": "2017-02-28", "status": "published", "title": "VIPA Automation WinPLC7 recv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-112/", "vendor": "VIPA", "vendor_url": null, "zdi_can": "ZDI-CAN-3721", "zdi_id": "ZDI-17-112" }, { "cve": "CVE-2017-2939", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-111/advisory.json", "detail_path": "advisories/ZDI-17-111", "id": "ZDI-17-111", "kind": "published", "published_date": "2017-02-16", "status": "published", "title": "Adobe Acrobat Reader DC Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-111/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3920", "zdi_id": "ZDI-17-111" }, { "cve": "CVE-2017-2994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-110/advisory.json", "detail_path": "advisories/ZDI-17-110", "id": "ZDI-17-110", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Flash Player MediaPlayer Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4370", "zdi_id": "ZDI-17-110" }, { "cve": "CVE-2017-2995", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-109/advisory.json", "detail_path": "advisories/ZDI-17-109", "id": "ZDI-17-109", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-109/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4371", "zdi_id": "ZDI-17-109" }, { "cve": "CVE-2017-2976", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-108/advisory.json", "detail_path": "advisories/ZDI-17-108", "id": "ZDI-17-108", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-108/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3984", "zdi_id": "ZDI-17-108" }, { "cve": "CVE-2017-2975", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-107/advisory.json", "detail_path": "advisories/ZDI-17-107", "id": "ZDI-17-107", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-107/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3983", "zdi_id": "ZDI-17-107" }, { "cve": "CVE-2017-2974", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-106/advisory.json", "detail_path": "advisories/ZDI-17-106", "id": "ZDI-17-106", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-106/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3982", "zdi_id": "ZDI-17-106" }, { "cve": "CVE-2017-2981", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-105/advisory.json", "detail_path": "advisories/ZDI-17-105", "id": "ZDI-17-105", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-105/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3981", "zdi_id": "ZDI-17-105" }, { "cve": "CVE-2017-2978", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-104/advisory.json", "detail_path": "advisories/ZDI-17-104", "id": "ZDI-17-104", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-104/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3980", "zdi_id": "ZDI-17-104" }, { "cve": "CVE-2017-2979", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-103/advisory.json", "detail_path": "advisories/ZDI-17-103", "id": "ZDI-17-103", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions FlateDecode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-103/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3978", "zdi_id": "ZDI-17-103" }, { "cve": "CVE-2017-2977", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-17-102/advisory.json", "detail_path": "advisories/ZDI-17-102", "id": "ZDI-17-102", "kind": "published", "published_date": "2017-02-14", "status": "published", "title": "Adobe Digital Editions FlateDecode Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-102/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3977", "zdi_id": "ZDI-17-102" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-101/advisory.json", "detail_path": "advisories/ZDI-17-101", "id": "ZDI-17-101", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager cgiRedAlertStatusTracking SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-101/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4345", "zdi_id": "ZDI-17-101" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-100/advisory.json", "detail_path": "advisories/ZDI-17-100", "id": "ZDI-17-100", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet NotificationMethodResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-100/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4214", "zdi_id": "ZDI-17-100" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-099/advisory.json", "detail_path": "advisories/ZDI-17-099", "id": "ZDI-17-099", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_Result XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-099/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4173", "zdi_id": "ZDI-17-099" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-098/advisory.json", "detail_path": "advisories/ZDI-17-098", "id": "ZDI-17-098", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-098/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4172", "zdi_id": "ZDI-17-098" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-097/advisory.json", "detail_path": "advisories/ZDI-17-097", "id": "ZDI-17-097", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet HighRiskDetectionResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-097/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4171", "zdi_id": "ZDI-17-097" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-096/advisory.json", "detail_path": "advisories/ZDI-17-096", "id": "ZDI-17-096", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-096/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4170", "zdi_id": "ZDI-17-096" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-095/advisory.json", "detail_path": "advisories/ZDI-17-095", "id": "ZDI-17-095", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet StealthProgramFoundResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-095/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4169", "zdi_id": "ZDI-17-095" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-094/advisory.json", "detail_path": "advisories/ZDI-17-094", "id": "ZDI-17-094", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet SHA1DenyDetectionResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-094/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4168", "zdi_id": "ZDI-17-094" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-093/advisory.json", "detail_path": "advisories/ZDI-17-093", "id": "ZDI-17-093", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet CorrelatedIncidentResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-093/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4167", "zdi_id": "ZDI-17-093" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-092/advisory.json", "detail_path": "advisories/ZDI-17-092", "id": "ZDI-17-092", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet DLPIncidentScheduleSummaryResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-092/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4165", "zdi_id": "ZDI-17-092" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-091/advisory.json", "detail_path": "advisories/ZDI-17-091", "id": "ZDI-17-091", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet VirtualAnalysisDetectionResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-091/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4164", "zdi_id": "ZDI-17-091" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-090/advisory.json", "detail_path": "advisories/ZDI-17-090", "id": "ZDI-17-090", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet KnownAttackDetectionResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-090/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4163", "zdi_id": "ZDI-17-090" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-089/advisory.json", "detail_path": "advisories/ZDI-17-089", "id": "ZDI-17-089", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet SuspiciousThreat parameters SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-089/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4162", "zdi_id": "ZDI-17-089" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-088/advisory.json", "detail_path": "advisories/ZDI-17-088", "id": "ZDI-17-088", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-088/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4161", "zdi_id": "ZDI-17-088" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-087/advisory.json", "detail_path": "advisories/ZDI-17-087", "id": "ZDI-17-087", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet EmailMessageDetected parameters SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-087/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4159", "zdi_id": "ZDI-17-087" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-086/advisory.json", "detail_path": "advisories/ZDI-17-086", "id": "ZDI-17-086", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet CnC parameters SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-086/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4160", "zdi_id": "ZDI-17-086" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-085/advisory.json", "detail_path": "advisories/ZDI-17-085", "id": "ZDI-17-085", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet ThreatSentToWatchlistResult SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-085/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4156", "zdi_id": "ZDI-17-085" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-084/advisory.json", "detail_path": "advisories/ZDI-17-084", "id": "ZDI-17-084", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-084/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4158", "zdi_id": "ZDI-17-084" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-083/advisory.json", "detail_path": "advisories/ZDI-17-083", "id": "ZDI-17-083", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProductTree_Table XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-083/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4157", "zdi_id": "ZDI-17-083" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-082/advisory.json", "detail_path": "advisories/ZDI-17-082", "id": "ZDI-17-082", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet IDTB_ Parameters SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-082/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4153", "zdi_id": "ZDI-17-082" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-081/advisory.json", "detail_path": "advisories/ZDI-17-081", "id": "ZDI-17-081", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet IDTB_GroupName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-081/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4152", "zdi_id": "ZDI-17-081" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-080/advisory.json", "detail_path": "advisories/ZDI-17-080", "id": "ZDI-17-080", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager TreeUserControl_process_tree_event XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-080/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4151", "zdi_id": "ZDI-17-080" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-079/advisory.json", "detail_path": "advisories/ZDI-17-079", "id": "ZDI-17-079", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProductTree XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-079/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4150", "zdi_id": "ZDI-17-079" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-078/advisory.json", "detail_path": "advisories/ZDI-17-078", "id": "ZDI-17-078", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager CCGIServlet IDCB_SuspiciousThreat SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-078/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4149", "zdi_id": "ZDI-17-078" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-077/advisory.json", "detail_path": "advisories/ZDI-17-077", "id": "ZDI-17-077", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProductTree_RightWindow XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-077/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4148", "zdi_id": "ZDI-17-077" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-076/advisory.json", "detail_path": "advisories/ZDI-17-076", "id": "ZDI-17-076", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProductTree_LeftWindow XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-076/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4147", "zdi_id": "ZDI-17-076" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-075/advisory.json", "detail_path": "advisories/ZDI-17-075", "id": "ZDI-17-075", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager DeploymentPlan_Event_Handler XML External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-075/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4140", "zdi_id": "ZDI-17-075" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed....", "detail_json": "/data/advisories/ZDI-17-074/advisory.json", "detail_path": "advisories/ZDI-17-074", "id": "ZDI-17-074", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager ProgressReportCGI SQL Injection Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-074/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4113", "zdi_id": "ZDI-17-074" }, { "cve": null, "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spec...", "detail_json": "/data/advisories/ZDI-17-073/advisory.json", "detail_path": "advisories/ZDI-17-073", "id": "ZDI-17-073", "kind": "published", "published_date": "2017-09-22", "status": "published", "title": "Trend Micro Control Manager cgiCMUIDispatcher Login Token SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-073/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4114", "zdi_id": "ZDI-17-073" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old_SP1's dlp_policy.php scri...", "detail_json": "/data/advisories/ZDI-17-072/advisory.json", "detail_path": "advisories/ZDI-17-072", "id": "ZDI-17-072", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-072/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3996", "zdi_id": "ZDI-17-072" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old's dlp_policy.php script....", "detail_json": "/data/advisories/ZDI-17-071/advisory.json", "detail_path": "advisories/ZDI-17-071", "id": "ZDI-17-071", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-071/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3997", "zdi_id": "ZDI-17-071" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's dlp_policy.php script. The...", "detail_json": "/data/advisories/ZDI-17-070/advisory.json", "detail_path": "advisories/ZDI-17-070", "id": "ZDI-17-070", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-070/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3998", "zdi_id": "ZDI-17-070" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old_SP1's modDLPViolationCntd...", "detail_json": "/data/advisories/ZDI-17-069/advisory.json", "detail_path": "advisories/ZDI-17-069", "id": "ZDI-17-069", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-069/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3999", "zdi_id": "ZDI-17-069" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old's modDLPViolationCnt_dril...", "detail_json": "/data/advisories/ZDI-17-068/advisory.json", "detail_path": "advisories/ZDI-17-068", "id": "ZDI-17-068", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-068/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4000", "zdi_id": "ZDI-17-068" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's modDLPViolationCnt_drildown...", "detail_json": "/data/advisories/ZDI-17-067/advisory.json", "detail_path": "advisories/ZDI-17-067", "id": "ZDI-17-067", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-067/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4001", "zdi_id": "ZDI-17-067" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old_SP1's modDLPTemplateMatch...", "detail_json": "/data/advisories/ZDI-17-066/advisory.json", "detail_path": "advisories/ZDI-17-066", "id": "ZDI-17-066", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-066/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4002", "zdi_id": "ZDI-17-066" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget_old's modDLPTemplateMatch_dri...", "detail_json": "/data/advisories/ZDI-17-065/advisory.json", "detail_path": "advisories/ZDI-17-065", "id": "ZDI-17-065", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-065/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4003", "zdi_id": "ZDI-17-065" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's modDLPTemplateMatch_drildow...", "detail_json": "/data/advisories/ZDI-17-064/advisory.json", "detail_path": "advisories/ZDI-17-064", "id": "ZDI-17-064", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-064/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4004", "zdi_id": "ZDI-17-064" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's importFile.php script. The...", "detail_json": "/data/advisories/ZDI-17-063/advisory.json", "detail_path": "advisories/ZDI-17-063", "id": "ZDI-17-063", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-063/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4005", "zdi_id": "ZDI-17-063" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgets_new's download.php s...", "detail_json": "/data/advisories/ZDI-17-062/advisory.json", "detail_path": "advisories/ZDI-17-062", "id": "ZDI-17-062", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-062/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4006", "zdi_id": "ZDI-17-062" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's download.php script...", "detail_json": "/data/advisories/ZDI-17-061/advisory.json", "detail_path": "advisories/ZDI-17-061", "id": "ZDI-17-061", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-061/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4007", "zdi_id": "ZDI-17-061" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the importFile.php script. The issue...", "detail_json": "/data/advisories/ZDI-17-060/advisory.json", "detail_path": "advisories/ZDI-17-060", "id": "ZDI-17-060", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-060/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-4008", "zdi_id": "ZDI-17-060" }, { "cve": "CVE-2016-8341", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the param parameter in getdata...", "detail_json": "/data/advisories/ZDI-17-059/advisory.json", "detail_path": "advisories/ZDI-17-059", "id": "ZDI-17-059", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Ecava IntegraXor getdata param SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-059/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3824", "zdi_id": "ZDI-17-059" }, { "cve": "CVE-2016-8341", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter in getdata r...", "detail_json": "/data/advisories/ZDI-17-058/advisory.json", "detail_path": "advisories/ZDI-17-058", "id": "ZDI-17-058", "kind": "published", "published_date": "2017-02-07", "status": "published", "title": "Ecava IntegraXor getdata name SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-058/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3849", "zdi_id": "ZDI-17-058" }, { "cve": "CVE-2017-3289", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-057/advisory.json", "detail_path": "advisories/ZDI-17-057", "id": "ZDI-17-057", "kind": "published", "published_date": "2017-01-24", "status": "published", "title": "Oracle Java Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-057/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-4018", "zdi_id": "ZDI-17-057" }, { "cve": "CVE-2017-3272", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-17-056/advisory.json", "detail_path": "advisories/ZDI-17-056", "id": "ZDI-17-056", "kind": "published", "published_date": "2017-01-24", "status": "published", "title": "Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-056/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3834", "zdi_id": "ZDI-17-056" }, { "cve": "CVE-2017-3248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java ob...", "detail_json": "/data/advisories/ZDI-17-055/advisory.json", "detail_path": "advisories/ZDI-17-055", "id": "ZDI-17-055", "kind": "published", "published_date": "2017-01-24", "status": "published", "title": "Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-055/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3826", "zdi_id": "ZDI-17-055" }, { "cve": "CVE-2017-2354", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-054/advisory.json", "detail_path": "advisories/ZDI-17-054", "id": "ZDI-17-054", "kind": "published", "published_date": "2017-01-24", "status": "published", "title": "Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-054/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4121", "zdi_id": "ZDI-17-054" }, { "cve": "CVE-2016-2123", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NDR data. The issue results from the lack...", "detail_json": "/data/advisories/ZDI-17-053/advisory.json", "detail_path": "advisories/ZDI-17-053", "id": "ZDI-17-053", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-053/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-3995", "zdi_id": "ZDI-17-053" }, { "cve": "CVE-2016-8207", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Brocade Network Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CliMonitorReportsServlet ser...", "detail_json": "/data/advisories/ZDI-17-052/advisory.json", "detail_path": "advisories/ZDI-17-052", "id": "ZDI-17-052", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Brocade Network Advisor CliMonitorReportServlet Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-052/", "vendor": "Brocade", "vendor_url": null, "zdi_can": "ZDI-CAN-4026", "zdi_id": "ZDI-17-052" }, { "cve": "CVE-2016-8206", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Brocade Network Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SoftwareImageUpload servlet. The iss...", "detail_json": "/data/advisories/ZDI-17-051/advisory.json", "detail_path": "advisories/ZDI-17-051", "id": "ZDI-17-051", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Brocade Network Advisor SoftwareImageUpload Directory Traversal Arbitrary File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-051/", "vendor": "Brocade", "vendor_url": null, "zdi_can": "ZDI-CAN-4025", "zdi_id": "ZDI-17-051" }, { "cve": "CVE-2016-8205", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Brocade Network Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DashboardFileReceiveServlet servlet....", "detail_json": "/data/advisories/ZDI-17-050/advisory.json", "detail_path": "advisories/ZDI-17-050", "id": "ZDI-17-050", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Brocade Network Advisor DashboardFileReceiveServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-050/", "vendor": "Brocade", "vendor_url": null, "zdi_can": "ZDI-CAN-4024", "zdi_id": "ZDI-17-050" }, { "cve": "CVE-2016-8204", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Brocade Network Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileReceiveServlet servlet. The issu...", "detail_json": "/data/advisories/ZDI-17-049/advisory.json", "detail_path": "advisories/ZDI-17-049", "id": "ZDI-17-049", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Brocade Network Advisor FileReceiveServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-049/", "vendor": "Brocade", "vendor_url": null, "zdi_can": "ZDI-CAN-4023", "zdi_id": "ZDI-17-049" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-048/advisory.json", "detail_path": "advisories/ZDI-17-048", "id": "ZDI-17-048", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Bitdefender Internet Security NSIS Entries Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-048/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4358", "zdi_id": "ZDI-17-048" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-047/advisory.json", "detail_path": "advisories/ZDI-17-047", "id": "ZDI-17-047", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Bitdefender Internet Security NSIS Pages Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-047/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4357", "zdi_id": "ZDI-17-047" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-17-046/advisory.json", "detail_path": "advisories/ZDI-17-046", "id": "ZDI-17-046", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Bitdefender Internet Security SIS Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-046/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4356", "zdi_id": "ZDI-17-046" }, { "cve": "CVE-2017-2970", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-045/advisory.json", "detail_path": "advisories/ZDI-17-045", "id": "ZDI-17-045", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Adobe Reader DC XSLT apply-templates Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-045/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4182", "zdi_id": "ZDI-17-045" }, { "cve": "CVE-2016-6814", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on implementation. The specific fl...", "detail_json": "/data/advisories/ZDI-17-044/advisory.json", "detail_path": "advisories/ZDI-17-044", "id": "ZDI-17-044", "kind": "published", "published_date": "2017-12-27", "status": "published", "title": "Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-044/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-3936", "zdi_id": "ZDI-17-044" }, { "cve": "CVE-2017-5154, CVE-2017-5152", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within updateTempla...", "detail_json": "/data/advisories/ZDI-17-043/advisory.json", "detail_path": "advisories/ZDI-17-043", "id": "ZDI-17-043", "kind": "published", "published_date": "2017-01-12", "status": "published", "title": "Advantech WebAccess updateTemplate SQL Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-043/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3679", "zdi_id": "ZDI-17-043" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-17-042/advisory.json", "detail_path": "advisories/ZDI-17-042", "id": "ZDI-17-042", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit PhantomPDF ConvertToPDF TIFF Parsing Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-042/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4327", "zdi_id": "ZDI-17-042" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-041/advisory.json", "detail_path": "advisories/ZDI-17-041", "id": "ZDI-17-041", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-041/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4252", "zdi_id": "ZDI-17-041" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-040/advisory.json", "detail_path": "advisories/ZDI-17-040", "id": "ZDI-17-040", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-040/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4251", "zdi_id": "ZDI-17-040" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-17-039/advisory.json", "detail_path": "advisories/ZDI-17-039", "id": "ZDI-17-039", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit PhantomPDF ConvertToPDF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-039/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4250", "zdi_id": "ZDI-17-039" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-038/advisory.json", "detail_path": "advisories/ZDI-17-038", "id": "ZDI-17-038", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-038/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4249", "zdi_id": "ZDI-17-038" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-037/advisory.json", "detail_path": "advisories/ZDI-17-037", "id": "ZDI-17-037", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-037/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4248", "zdi_id": "ZDI-17-037" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-036/advisory.json", "detail_path": "advisories/ZDI-17-036", "id": "ZDI-17-036", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-036/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4247", "zdi_id": "ZDI-17-036" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-035/advisory.json", "detail_path": "advisories/ZDI-17-035", "id": "ZDI-17-035", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-035/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4246", "zdi_id": "ZDI-17-035" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-034/advisory.json", "detail_path": "advisories/ZDI-17-034", "id": "ZDI-17-034", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader alert Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-034/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4245", "zdi_id": "ZDI-17-034" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-033/advisory.json", "detail_path": "advisories/ZDI-17-033", "id": "ZDI-17-033", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-033/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4323", "zdi_id": "ZDI-17-033" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-17-032/advisory.json", "detail_path": "advisories/ZDI-17-032", "id": "ZDI-17-032", "kind": "published", "published_date": "2017-01-11", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-032/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4322", "zdi_id": "ZDI-17-032" }, { "cve": "CVE-2017-2967", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-031/advisory.json", "detail_path": "advisories/ZDI-17-031", "id": "ZDI-17-031", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XFA template Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-031/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4317", "zdi_id": "ZDI-17-031" }, { "cve": "CVE-2017-2966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-030/advisory.json", "detail_path": "advisories/ZDI-17-030", "id": "ZDI-17-030", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-030/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4305", "zdi_id": "ZDI-17-030" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-029/advisory.json", "detail_path": "advisories/ZDI-17-029", "id": "ZDI-17-029", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT call-template Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-029/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4185", "zdi_id": "ZDI-17-029" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-028/advisory.json", "detail_path": "advisories/ZDI-17-028", "id": "ZDI-17-028", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT element Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-028/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4180", "zdi_id": "ZDI-17-028" }, { "cve": "CVE-2017-2963", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-027/advisory.json", "detail_path": "advisories/ZDI-17-027", "id": "ZDI-17-027", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-027/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4308", "zdi_id": "ZDI-17-027" }, { "cve": "CVE-2017-2962", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-026/advisory.json", "detail_path": "advisories/ZDI-17-026", "id": "ZDI-17-026", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT lang Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-026/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4213", "zdi_id": "ZDI-17-026" }, { "cve": "CVE-2017-2961", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-025/advisory.json", "detail_path": "advisories/ZDI-17-025", "id": "ZDI-17-025", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Acrobat Reader DC XFA Field Font Size Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-025/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4209", "zdi_id": "ZDI-17-025" }, { "cve": "CVE-2017-2960", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-024/advisory.json", "detail_path": "advisories/ZDI-17-024", "id": "ZDI-17-024", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-024/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4208", "zdi_id": "ZDI-17-024" }, { "cve": "CVE-2017-2959", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-023/advisory.json", "detail_path": "advisories/ZDI-17-023", "id": "ZDI-17-023", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-023/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4200", "zdi_id": "ZDI-17-023" }, { "cve": "CVE-2017-2951", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-022/advisory.json", "detail_path": "advisories/ZDI-17-022", "id": "ZDI-17-022", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XFA hyphenation Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-022/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4126", "zdi_id": "ZDI-17-022" }, { "cve": "CVE-2017-2950", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-021/advisory.json", "detail_path": "advisories/ZDI-17-021", "id": "ZDI-17-021", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XFA Layout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-021/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4125", "zdi_id": "ZDI-17-021" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-020/advisory.json", "detail_path": "advisories/ZDI-17-020", "id": "ZDI-17-020", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT decimal-format Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-020/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4197", "zdi_id": "ZDI-17-020" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-019/advisory.json", "detail_path": "advisories/ZDI-17-019", "id": "ZDI-17-019", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT namespace-alias Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-019/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4198", "zdi_id": "ZDI-17-019" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-018/advisory.json", "detail_path": "advisories/ZDI-17-018", "id": "ZDI-17-018", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT processing-instruction Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-018/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4196", "zdi_id": "ZDI-17-018" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-017/advisory.json", "detail_path": "advisories/ZDI-17-017", "id": "ZDI-17-017", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT function-available Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-017/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4195", "zdi_id": "ZDI-17-017" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-016/advisory.json", "detail_path": "advisories/ZDI-17-016", "id": "ZDI-17-016", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT sort Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-016/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4183", "zdi_id": "ZDI-17-016" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-015/advisory.json", "detail_path": "advisories/ZDI-17-015", "id": "ZDI-17-015", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT key Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-015/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4181", "zdi_id": "ZDI-17-015" }, { "cve": "CVE-2017-2964", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-17-014/advisory.json", "detail_path": "advisories/ZDI-17-014", "id": "ZDI-17-014", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-014/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4309", "zdi_id": "ZDI-17-014" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-013/advisory.json", "detail_path": "advisories/ZDI-17-013", "id": "ZDI-17-013", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT key Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-013/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4199", "zdi_id": "ZDI-17-013" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-012/advisory.json", "detail_path": "advisories/ZDI-17-012", "id": "ZDI-17-012", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT attribute Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-012/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4179", "zdi_id": "ZDI-17-012" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-011/advisory.json", "detail_path": "advisories/ZDI-17-011", "id": "ZDI-17-011", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT attribute-set Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-011/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4190", "zdi_id": "ZDI-17-011" }, { "cve": "CVE-2017-2965", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-17-010/advisory.json", "detail_path": "advisories/ZDI-17-010", "id": "ZDI-17-010", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-010/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4307", "zdi_id": "ZDI-17-010" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-009/advisory.json", "detail_path": "advisories/ZDI-17-009", "id": "ZDI-17-009", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT format-number Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-009/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4184", "zdi_id": "ZDI-17-009" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-008/advisory.json", "detail_path": "advisories/ZDI-17-008", "id": "ZDI-17-008", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT output Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-008/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4186", "zdi_id": "ZDI-17-008" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-007/advisory.json", "detail_path": "advisories/ZDI-17-007", "id": "ZDI-17-007", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT variable Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-007/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4189", "zdi_id": "ZDI-17-007" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-006/advisory.json", "detail_path": "advisories/ZDI-17-006", "id": "ZDI-17-006", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT system-property Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-006/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4187", "zdi_id": "ZDI-17-006" }, { "cve": "CVE-2017-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-005/advisory.json", "detail_path": "advisories/ZDI-17-005", "id": "ZDI-17-005", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC XSLT element-available Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-005/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4188", "zdi_id": "ZDI-17-005" }, { "cve": "CVE-2017-2946", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-004/advisory.json", "detail_path": "advisories/ZDI-17-004", "id": "ZDI-17-004", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-004/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4193", "zdi_id": "ZDI-17-004" }, { "cve": "CVE-2017-2946", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-17-003/advisory.json", "detail_path": "advisories/ZDI-17-003", "id": "ZDI-17-003", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-003/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4192", "zdi_id": "ZDI-17-003" }, { "cve": "CVE-2017-2941", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-17-002/advisory.json", "detail_path": "advisories/ZDI-17-002", "id": "ZDI-17-002", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Adobe Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-002/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4012", "zdi_id": "ZDI-17-002" }, { "cve": "CVE-2016-8519", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wsExecut...", "detail_json": "/data/advisories/ZDI-17-001/advisory.json", "detail_path": "advisories/ZDI-17-001", "id": "ZDI-17-001", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Hewlett Packard Enterprise Operations Orchestration Backwards Compatibility Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-001/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3836", "zdi_id": "ZDI-17-001" }, { "cve": "CVE-2016-10403", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-700/advisory.json", "detail_path": "advisories/ZDI-16-700", "id": "ZDI-16-700", "kind": "published", "published_date": "2017-08-23", "status": "published", "title": "Google Chrome PDFium JPEG Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-700/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3655", "zdi_id": "ZDI-16-700" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-699/advisory.json", "detail_path": "advisories/ZDI-16-699", "id": "ZDI-16-699", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security Lyme SFX Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-699/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4177", "zdi_id": "ZDI-16-699" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-698/advisory.json", "detail_path": "advisories/ZDI-16-698", "id": "ZDI-16-698", "kind": "published", "published_date": "2017-08-11", "status": "published", "title": "Bitdefender Internet Security AutoIt v2 Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-698/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4175", "zdi_id": "ZDI-16-698" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-697/advisory.json", "detail_path": "advisories/ZDI-16-697", "id": "ZDI-16-697", "kind": "published", "published_date": "2017-08-01", "status": "published", "title": "Bitdefender Internet Security AutoIt v3 Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-697/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-4176", "zdi_id": "ZDI-16-697" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication validation mechanism of the use...", "detail_json": "/data/advisories/ZDI-16-696/advisory.json", "detail_path": "advisories/ZDI-16-696", "id": "ZDI-16-696", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 list_mac_address Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-696/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3873", "zdi_id": "ZDI-16-696" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the ARRIS VAP2500....", "detail_json": "/data/advisories/ZDI-16-695/advisory.json", "detail_path": "advisories/ZDI-16-695", "id": "ZDI-16-695", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 Default Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-695/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3872", "zdi_id": "ZDI-16-695" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the cmb_macaddrfilter parameter pr...", "detail_json": "/data/advisories/ZDI-16-694/advisory.json", "detail_path": "advisories/ZDI-16-694", "id": "ZDI-16-694", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 list_mac_address cmb_macaddrfilter Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-694/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3871", "zdi_id": "ZDI-16-694" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the macaddr parameter provided to...", "detail_json": "/data/advisories/ZDI-16-693/advisory.json", "detail_path": "advisories/ZDI-16-693", "id": "ZDI-16-693", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 list_mac_address macaddr Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-693/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3870", "zdi_id": "ZDI-16-693" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the parameters provided to the tools_c...", "detail_json": "/data/advisories/ZDI-16-692/advisory.json", "detail_path": "advisories/ZDI-16-692", "id": "ZDI-16-692", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 tools_command Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-692/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3869", "zdi_id": "ZDI-16-692" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the various txt_mac parameters provide...", "detail_json": "/data/advisories/ZDI-16-691/advisory.json", "detail_path": "advisories/ZDI-16-691", "id": "ZDI-16-691", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 config_wds Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-691/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3868", "zdi_id": "ZDI-16-691" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the various txt_mac parameters provide...", "detail_json": "/data/advisories/ZDI-16-690/advisory.json", "detail_path": "advisories/ZDI-16-690", "id": "ZDI-16-690", "kind": "published", "published_date": "2017-06-26", "status": "published", "title": "ARRIS VAP2500 assoc_table Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-690/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-3867", "zdi_id": "ZDI-16-690" }, { "cve": "CVE-2016-7202", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-689/advisory.json", "detail_path": "advisories/ZDI-16-689", "id": "ZDI-16-689", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Microsoft Internet Explorer Array.splice Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-689/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4319", "zdi_id": "ZDI-16-689" }, { "cve": "CVE-2016-7603", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-16-688/advisory.json", "detail_path": "advisories/ZDI-16-688", "id": "ZDI-16-688", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Apple OS X CoreStorage Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-688/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3877", "zdi_id": "ZDI-16-688" }, { "cve": "CVE-2016-7714, CVE-2016-7625", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-16-687/advisory.json", "detail_path": "advisories/ZDI-16-687", "id": "ZDI-16-687", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Apple OS X IOReportUserClient Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-687/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3856", "zdi_id": "ZDI-16-687" }, { "cve": "CVE-2016-7620", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-16-686/advisory.json", "detail_path": "advisories/ZDI-16-686", "id": "ZDI-16-686", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Apple OS X IOSurface Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-686/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3855", "zdi_id": "ZDI-16-686" }, { "cve": "CVE-2016-7624", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The s...", "detail_json": "/data/advisories/ZDI-16-685/advisory.json", "detail_path": "advisories/ZDI-16-685", "id": "ZDI-16-685", "kind": "published", "published_date": "2017-06-21", "status": "published", "title": "Apple OS X IOCommandQueue Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-685/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3854", "zdi_id": "ZDI-16-685" }, { "cve": "CVE-2016-4263", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-684/advisory.json", "detail_path": "advisories/ZDI-16-684", "id": "ZDI-16-684", "kind": "published", "published_date": "2017-06-13", "status": "published", "title": "Adobe Digital Editions PDF FlateDecode Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-684/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3664", "zdi_id": "ZDI-16-684" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vuln...", "detail_json": "/data/advisories/ZDI-16-683/advisory.json", "detail_path": "advisories/ZDI-16-683", "id": "ZDI-16-683", "kind": "published", "published_date": "2017-06-02", "status": "published", "title": "Check Point ZoneAlarm Extreme Security vsdatant Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-683/", "vendor": "Check Point", "vendor_url": null, "zdi_can": "ZDI-CAN-3760", "zdi_id": "ZDI-16-683" }, { "cve": "CVE-2016-7081", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-16-682/advisory.json", "detail_path": "advisories/ZDI-16-682", "id": "ZDI-16-682", "kind": "published", "published_date": "2017-06-02", "status": "published", "title": "ThinPrint TPClnt/TPView Heap-based Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-682/", "vendor": "ThinPrint", "vendor_url": null, "zdi_can": "ZDI-CAN-3783", "zdi_id": "ZDI-16-682" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to elevate their privileges on vulnerable installations of Avast Free Antivirus. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the 0x82ac0170 IOCTL by the aswSnx...", "detail_json": "/data/advisories/ZDI-16-681/advisory.json", "detail_path": "advisories/ZDI-16-681", "id": "ZDI-16-681", "kind": "published", "published_date": "2017-05-11", "status": "published", "title": "Avast Free Antivirus aswSnx Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-681/", "vendor": "Avast", "vendor_url": null, "zdi_can": "ZDI-CAN-3712", "zdi_id": "ZDI-16-681" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-680/advisory.json", "detail_path": "advisories/ZDI-16-680", "id": "ZDI-16-680", "kind": "published", "published_date": "2017-04-06", "status": "published", "title": "Microsoft Skype DLL Planting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-680/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3577", "zdi_id": "ZDI-16-680" }, { "cve": "CVE-2016-7630", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must connect to a WiFi access point. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-16-679/advisory.json", "detail_path": "advisories/ZDI-16-679", "id": "ZDI-16-679", "kind": "published", "published_date": "2017-03-31", "status": "published", "title": "Apple iOS legacy-diagnostics Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-679/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3954", "zdi_id": "ZDI-16-679" }, { "cve": "CVE-2016-7878", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-678/advisory.json", "detail_path": "advisories/ZDI-16-678", "id": "ZDI-16-678", "kind": "published", "published_date": "2017-02-13", "status": "published", "title": "Adobe Flash Player PSDKEventDispatcher Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-678/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4332", "zdi_id": "ZDI-16-678" }, { "cve": "CVE-2016-7297", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-16-677/advisory.json", "detail_path": "advisories/ZDI-16-677", "id": "ZDI-16-677", "kind": "published", "published_date": "2017-01-20", "status": "published", "title": "Microsoft Windows JavaScript Array.concat Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-677/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4331", "zdi_id": "ZDI-16-677" }, { "cve": "CVE-2016-3375", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-16-676/advisory.json", "detail_path": "advisories/ZDI-16-676", "id": "ZDI-16-676", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-676/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4009", "zdi_id": "ZDI-16-676" }, { "cve": "CVE-2016-3375", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-16-675/advisory.json", "detail_path": "advisories/ZDI-16-675", "id": "ZDI-16-675", "kind": "published", "published_date": "2017-01-10", "status": "published", "title": "Microsoft Windows ADO Recordset GetRows Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-675/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3956", "zdi_id": "ZDI-16-675" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-674/advisory.json", "detail_path": "advisories/ZDI-16-674", "id": "ZDI-16-674", "kind": "published", "published_date": "2016-12-26", "status": "published", "title": "BitTorrent API Cross-Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-674/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-4050", "zdi_id": "ZDI-16-674" }, { "cve": "CVE-2016-2837", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-673/advisory.json", "detail_path": "advisories/ZDI-16-673", "id": "ZDI-16-673", "kind": "published", "published_date": "2016-12-19", "status": "published", "title": "Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-673/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-3766", "zdi_id": "ZDI-16-673" }, { "cve": "CVE-2016-8377", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PLC WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-16-672/advisory.json", "detail_path": "advisories/ZDI-16-672", "id": "ZDI-16-672", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Fatek Automation PLC WinProladder Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-672/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3705", "zdi_id": "ZDI-16-672" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos XG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the filter parameter provided to...", "detail_json": "/data/advisories/ZDI-16-671/advisory.json", "detail_path": "advisories/ZDI-16-671", "id": "ZDI-16-671", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Sophos XG Firewall Controller filter SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-671/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-3745", "zdi_id": "ZDI-16-671" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-16-670/advisory.json", "detail_path": "advisories/ZDI-16-670", "id": "ZDI-16-670", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-670/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-3809", "zdi_id": "ZDI-16-670" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-669/advisory.json", "detail_path": "advisories/ZDI-16-669", "id": "ZDI-16-669", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-669/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3595", "zdi_id": "ZDI-16-669" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-668/advisory.json", "detail_path": "advisories/ZDI-16-668", "id": "ZDI-16-668", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-668/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3593", "zdi_id": "ZDI-16-668" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-667/advisory.json", "detail_path": "advisories/ZDI-16-667", "id": "ZDI-16-667", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-667/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3573", "zdi_id": "ZDI-16-667" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-666/advisory.json", "detail_path": "advisories/ZDI-16-666", "id": "ZDI-16-666", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-666/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3526", "zdi_id": "ZDI-16-666" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-665/advisory.json", "detail_path": "advisories/ZDI-16-665", "id": "ZDI-16-665", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-665/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3525", "zdi_id": "ZDI-16-665" }, { "cve": null, "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-664/advisory.json", "detail_path": "advisories/ZDI-16-664", "id": "ZDI-16-664", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-664/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-3527", "zdi_id": "ZDI-16-664" }, { "cve": "CVE-2016-5802", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-16-663/advisory.json", "detail_path": "advisories/ZDI-16-663", "id": "ZDI-16-663", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation PMSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-663/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3935", "zdi_id": "ZDI-16-663" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-662/advisory.json", "detail_path": "advisories/ZDI-16-662", "id": "ZDI-16-662", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation ISPSoft dvl File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-662/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-4016", "zdi_id": "ZDI-16-662" }, { "cve": "CVE-2016-5805", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-661/advisory.json", "detail_path": "advisories/ZDI-16-661", "id": "ZDI-16-661", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-661/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3915", "zdi_id": "ZDI-16-661" }, { "cve": "CVE-2016-5802", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-660/advisory.json", "detail_path": "advisories/ZDI-16-660", "id": "ZDI-16-660", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-660/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3914", "zdi_id": "ZDI-16-660" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-659/advisory.json", "detail_path": "advisories/ZDI-16-659", "id": "ZDI-16-659", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation ISPSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-659/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3916", "zdi_id": "ZDI-16-659" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-658/advisory.json", "detail_path": "advisories/ZDI-16-658", "id": "ZDI-16-658", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft dvp File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-658/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3913", "zdi_id": "ZDI-16-658" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-657/advisory.json", "detail_path": "advisories/ZDI-16-657", "id": "ZDI-16-657", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-657/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3912", "zdi_id": "ZDI-16-657" }, { "cve": "CVE-2016-5805", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-656/advisory.json", "detail_path": "advisories/ZDI-16-656", "id": "ZDI-16-656", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-656/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3911", "zdi_id": "ZDI-16-656" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-655/advisory.json", "detail_path": "advisories/ZDI-16-655", "id": "ZDI-16-655", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation ISPSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-655/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3910", "zdi_id": "ZDI-16-655" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-654/advisory.json", "detail_path": "advisories/ZDI-16-654", "id": "ZDI-16-654", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft LAD File Reading Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-654/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3931", "zdi_id": "ZDI-16-654" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-653/advisory.json", "detail_path": "advisories/ZDI-16-653", "id": "ZDI-16-653", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft LAD File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-653/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3930", "zdi_id": "ZDI-16-653" }, { "cve": "CVE-2016-5802", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-652/advisory.json", "detail_path": "advisories/ZDI-16-652", "id": "ZDI-16-652", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft SFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-652/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3861", "zdi_id": "ZDI-16-652" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-651/advisory.json", "detail_path": "advisories/ZDI-16-651", "id": "ZDI-16-651", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation ISPSoft dvp File Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-651/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3909", "zdi_id": "ZDI-16-651" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-650/advisory.json", "detail_path": "advisories/ZDI-16-650", "id": "ZDI-16-650", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft Bit Data File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-650/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3860", "zdi_id": "ZDI-16-650" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-649/advisory.json", "detail_path": "advisories/ZDI-16-649", "id": "ZDI-16-649", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft Register Data File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-649/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3859", "zdi_id": "ZDI-16-649" }, { "cve": "CVE-2016-5805", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-648/advisory.json", "detail_path": "advisories/ZDI-16-648", "id": "ZDI-16-648", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft DVP File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-648/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3865", "zdi_id": "ZDI-16-648" }, { "cve": "CVE-2016-5802", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-647/advisory.json", "detail_path": "advisories/ZDI-16-647", "id": "ZDI-16-647", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft DVP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-647/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3858", "zdi_id": "ZDI-16-647" }, { "cve": "CVE-2016-5802", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-16-646/advisory.json", "detail_path": "advisories/ZDI-16-646", "id": "ZDI-16-646", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Delta Industrial Automation WPLSoft Heap Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-646/", "vendor": "Delta Industrial Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3587", "zdi_id": "ZDI-16-646" }, { "cve": "CVE-2016-7272", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file or folder...", "detail_json": "/data/advisories/ZDI-16-645/advisory.json", "detail_path": "advisories/ZDI-16-645", "id": "ZDI-16-645", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Microsoft Windows Icon File Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4051", "zdi_id": "ZDI-16-645" }, { "cve": "CVE-2016-7617", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-644/advisory.json", "detail_path": "advisories/ZDI-16-644", "id": "ZDI-16-644", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X AppleBroadcomBluetoothHostController Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-644/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4019", "zdi_id": "ZDI-16-644" }, { "cve": "CVE-2016-7602", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-16-643/advisory.json", "detail_path": "advisories/ZDI-16-643", "id": "ZDI-16-643", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X AppleIntelFramebufferAzul Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-643/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3985", "zdi_id": "ZDI-16-643" }, { "cve": "CVE-2016-7609", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-642/advisory.json", "detail_path": "advisories/ZDI-16-642", "id": "ZDI-16-642", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X AppleGraphicsPowerManagement Null Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-642/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3864", "zdi_id": "ZDI-16-642" }, { "cve": "CVE-2016-7582", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-641/advisory.json", "detail_path": "advisories/ZDI-16-641", "id": "ZDI-16-641", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X IntelHD5000 IGAccelResource Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-641/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3823", "zdi_id": "ZDI-16-641" }, { "cve": "CVE-2016-4638", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-640/advisory.json", "detail_path": "advisories/ZDI-16-640", "id": "ZDI-16-640", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X WindowServer _XSetApplicationBindingsForWorkspaces Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-640/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3775", "zdi_id": "ZDI-16-640" }, { "cve": "CVE-2016-4638", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-639/advisory.json", "detail_path": "advisories/ZDI-16-639", "id": "ZDI-16-639", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X WindowServer _XSetDictionaryForCurrentSession Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-639/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3773", "zdi_id": "ZDI-16-639" }, { "cve": "CVE-2016-4640", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-638/advisory.json", "detail_path": "advisories/ZDI-16-638", "id": "ZDI-16-638", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X WindowServer _XRegisterCursorWithData Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-638/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3770", "zdi_id": "ZDI-16-638" }, { "cve": "CVE-2016-1818", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-637/advisory.json", "detail_path": "advisories/ZDI-16-637", "id": "ZDI-16-637", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Apple OS X AppleIntelHD5000Graphics Null Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-637/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3677", "zdi_id": "ZDI-16-637" }, { "cve": "CVE-2016-7888", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-16-636/advisory.json", "detail_path": "advisories/ZDI-16-636", "id": "ZDI-16-636", "kind": "published", "published_date": "2016-12-15", "status": "published", "title": "Adobe Digital Editions FlateDecode Out-of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-636/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3923", "zdi_id": "ZDI-16-636" }, { "cve": "CVE-2016-5796", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of query requ...", "detail_json": "/data/advisories/ZDI-16-635/advisory.json", "detail_path": "advisories/ZDI-16-635", "id": "ZDI-16-635", "kind": "published", "published_date": "2016-12-14", "status": "published", "title": "Fatek Automation Communication Server Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-635/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3681", "zdi_id": "ZDI-16-635" }, { "cve": "CVE-2016-5798", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-634/advisory.json", "detail_path": "advisories/ZDI-16-634", "id": "ZDI-16-634", "kind": "published", "published_date": "2016-12-14", "status": "published", "title": "Fatek Automation FvDesigner Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-634/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3676", "zdi_id": "ZDI-16-634" }, { "cve": "CVE-2016-7616", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-633/advisory.json", "detail_path": "advisories/ZDI-16-633", "id": "ZDI-16-633", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Apple OS X IOKit Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-633/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3992", "zdi_id": "ZDI-16-633" }, { "cve": "CVE-2016-7611", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-632/advisory.json", "detail_path": "advisories/ZDI-16-632", "id": "ZDI-16-632", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Apple Safari HTMLLabelElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-632/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3953", "zdi_id": "ZDI-16-632" }, { "cve": "CVE-2016-7610", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-631/advisory.json", "detail_path": "advisories/ZDI-16-631", "id": "ZDI-16-631", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-631/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-4010", "zdi_id": "ZDI-16-631" }, { "cve": "CVE-2016-9351", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servle...", "detail_json": "/data/advisories/ZDI-16-630/advisory.json", "detail_path": "advisories/ZDI-16-630", "id": "ZDI-16-630", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Advantech SUSIAccess Server UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-630/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3876", "zdi_id": "ZDI-16-630" }, { "cve": "CVE-2016-9353", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Advantech SUSIAccess Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within encryption and storage of the administrator pa...", "detail_json": "/data/advisories/ZDI-16-629/advisory.json", "detail_path": "advisories/ZDI-16-629", "id": "ZDI-16-629", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Advantech SUSIAccess Server Static Encryption Key Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-629/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3987", "zdi_id": "ZDI-16-629" }, { "cve": "CVE-2016-9349", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech SUSIAccess Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of downloadCSV.js...", "detail_json": "/data/advisories/ZDI-16-628/advisory.json", "detail_path": "advisories/ZDI-16-628", "id": "ZDI-16-628", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Advantech SUSIAccess Server downloadCSV file Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-628/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3831", "zdi_id": "ZDI-16-628" }, { "cve": "CVE-2016-7871", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-627/advisory.json", "detail_path": "advisories/ZDI-16-627", "id": "ZDI-16-627", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player Worker Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-627/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4046", "zdi_id": "ZDI-16-627" }, { "cve": "CVE-2016-7872", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-626/advisory.json", "detail_path": "advisories/ZDI-16-626", "id": "ZDI-16-626", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash MovieClip swapDepth Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-626/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4041", "zdi_id": "ZDI-16-626" }, { "cve": "CVE-2016-7868", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-625/advisory.json", "detail_path": "advisories/ZDI-16-625", "id": "ZDI-16-625", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player RegExp THEN Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-625/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3991", "zdi_id": "ZDI-16-625" }, { "cve": "CVE-2016-7869", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-624/advisory.json", "detail_path": "advisories/ZDI-16-624", "id": "ZDI-16-624", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player RegExp PRUNE Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-624/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3958", "zdi_id": "ZDI-16-624" }, { "cve": "CVE-2016-7870", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-623/advisory.json", "detail_path": "advisories/ZDI-16-623", "id": "ZDI-16-623", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player RegExp SKIP Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-623/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3959", "zdi_id": "ZDI-16-623" }, { "cve": "CVE-2016-7867", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-622/advisory.json", "detail_path": "advisories/ZDI-16-622", "id": "ZDI-16-622", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player RegExp MARK Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-622/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3990", "zdi_id": "ZDI-16-622" }, { "cve": "CVE-2016-7875", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-621/advisory.json", "detail_path": "advisories/ZDI-16-621", "id": "ZDI-16-621", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash Player BitmapData Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-621/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4124", "zdi_id": "ZDI-16-621" }, { "cve": "CVE-2016-7878", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-620/advisory.json", "detail_path": "advisories/ZDI-16-620", "id": "ZDI-16-620", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash PSDK Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-620/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4123", "zdi_id": "ZDI-16-620" }, { "cve": "CVE-2016-7879", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-619/advisory.json", "detail_path": "advisories/ZDI-16-619", "id": "ZDI-16-619", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Adobe Flash NetConnection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-619/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4129", "zdi_id": "ZDI-16-619" }, { "cve": "CVE-2016-5765", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Attachmate Host Access Management and Security Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-16-618/advisory.json", "detail_path": "advisories/ZDI-16-618", "id": "ZDI-16-618", "kind": "published", "published_date": "2016-12-13", "status": "published", "title": "Attachmate Host Access Management and Security Server PassThru Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-618/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-4022", "zdi_id": "ZDI-16-618" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL Universal Management Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ImagePreviewServle...", "detail_json": "/data/advisories/ZDI-16-617/advisory.json", "detail_path": "advisories/ZDI-16-617", "id": "ZDI-16-617", "kind": "published", "published_date": "2016-12-02", "status": "published", "title": "Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-617/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-3748", "zdi_id": "ZDI-16-617" }, { "cve": "CVE-2016-8511", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed RPCSer...", "detail_json": "/data/advisories/ZDI-16-616/advisory.json", "detail_path": "advisories/ZDI-16-616", "id": "ZDI-16-616", "kind": "published", "published_date": "2016-11-30", "status": "published", "title": "Hewlett Packard Enterprise Network Automation RPCServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-616/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3729", "zdi_id": "ZDI-16-616" }, { "cve": "CVE-2016-8360", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of requests to the web server. A crafted...", "detail_json": "/data/advisories/ZDI-16-615/advisory.json", "detail_path": "advisories/ZDI-16-615", "id": "ZDI-16-615", "kind": "published", "published_date": "2016-11-23", "status": "published", "title": "Moxa SoftCMS AspWebServer URL Processing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-615/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-4032", "zdi_id": "ZDI-16-615" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-614/advisory.json", "detail_path": "advisories/ZDI-16-614", "id": "ZDI-16-614", "kind": "published", "published_date": "2016-11-22", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-614/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4060", "zdi_id": "ZDI-16-614" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-613/advisory.json", "detail_path": "advisories/ZDI-16-613", "id": "ZDI-16-613", "kind": "published", "published_date": "2016-11-22", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-613/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4061", "zdi_id": "ZDI-16-613" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-612/advisory.json", "detail_path": "advisories/ZDI-16-612", "id": "ZDI-16-612", "kind": "published", "published_date": "2016-11-22", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-612/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4062", "zdi_id": "ZDI-16-612" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-611/advisory.json", "detail_path": "advisories/ZDI-16-611", "id": "ZDI-16-611", "kind": "published", "published_date": "2016-11-22", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-611/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4063", "zdi_id": "ZDI-16-611" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-610/advisory.json", "detail_path": "advisories/ZDI-16-610", "id": "ZDI-16-610", "kind": "published", "published_date": "2016-11-22", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-610/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4064", "zdi_id": "ZDI-16-610" }, { "cve": "CVE-2016-4709", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-609/advisory.json", "detail_path": "advisories/ZDI-16-609", "id": "ZDI-16-609", "kind": "published", "published_date": "2016-11-15", "status": "published", "title": "Apple OS X WindowServer _XSetPerUserConfigurationData Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-609/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3772", "zdi_id": "ZDI-16-609" }, { "cve": "CVE-2016-4710", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-608/advisory.json", "detail_path": "advisories/ZDI-16-608", "id": "ZDI-16-608", "kind": "published", "published_date": "2016-11-15", "status": "published", "title": "Apple OS X WindowServer _XSetPreferencesForWorkspaces Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-608/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3774", "zdi_id": "ZDI-16-608" }, { "cve": "CVE-2016-9164", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the...", "detail_json": "/data/advisories/ZDI-16-607/advisory.json", "detail_path": "advisories/ZDI-16-607", "id": "ZDI-16-607", "kind": "published", "published_date": "2016-11-09", "status": "published", "title": "CA Unified Infrastructure Management diag Path Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-607/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-3710", "zdi_id": "ZDI-16-607" }, { "cve": "CVE-2016-9165", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose session information on vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the get...", "detail_json": "/data/advisories/ZDI-16-606/advisory.json", "detail_path": "advisories/ZDI-16-606", "id": "ZDI-16-606", "kind": "published", "published_date": "2016-11-09", "status": "published", "title": "CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-606/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-3708", "zdi_id": "ZDI-16-606" }, { "cve": "CVE-2016-5803", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the...", "detail_json": "/data/advisories/ZDI-16-605/advisory.json", "detail_path": "advisories/ZDI-16-605", "id": "ZDI-16-605", "kind": "published", "published_date": "2016-11-09", "status": "published", "title": "CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-605/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-3711", "zdi_id": "ZDI-16-605" }, { "cve": "CVE-2016-8364", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBHsoftec SoftPLC. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of packets by the service liste...", "detail_json": "/data/advisories/ZDI-16-604/advisory.json", "detail_path": "advisories/ZDI-16-604", "id": "ZDI-16-604", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-604/", "vendor": "IBHsoftec", "vendor_url": null, "zdi_can": "ZDI-CAN-3832", "zdi_id": "ZDI-16-604" }, { "cve": "CVE-2016-7862", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-603/advisory.json", "detail_path": "advisories/ZDI-16-603", "id": "ZDI-16-603", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash MovieClip constructor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-603/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4047", "zdi_id": "ZDI-16-603" }, { "cve": "CVE-2016-7859", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-602/advisory.json", "detail_path": "advisories/ZDI-16-602", "id": "ZDI-16-602", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-602/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4040", "zdi_id": "ZDI-16-602" }, { "cve": "CVE-2016-7860", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-601/advisory.json", "detail_path": "advisories/ZDI-16-601", "id": "ZDI-16-601", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash AdvertisingMetadata Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-601/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4048", "zdi_id": "ZDI-16-601" }, { "cve": "CVE-2016-7861", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-600/advisory.json", "detail_path": "advisories/ZDI-16-600", "id": "ZDI-16-600", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash Player Metadata Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-600/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4049", "zdi_id": "ZDI-16-600" }, { "cve": "CVE-2016-7863", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-599/advisory.json", "detail_path": "advisories/ZDI-16-599", "id": "ZDI-16-599", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash TextField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-599/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4044", "zdi_id": "ZDI-16-599" }, { "cve": "CVE-2016-7865", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-598/advisory.json", "detail_path": "advisories/ZDI-16-598", "id": "ZDI-16-598", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-598/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4042", "zdi_id": "ZDI-16-598" }, { "cve": "CVE-2016-7864", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-597/advisory.json", "detail_path": "advisories/ZDI-16-597", "id": "ZDI-16-597", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash Selection setFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-597/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4043", "zdi_id": "ZDI-16-597" }, { "cve": "CVE-2016-7857", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-596/advisory.json", "detail_path": "advisories/ZDI-16-596", "id": "ZDI-16-596", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash AVSegmentedSource Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-596/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4015", "zdi_id": "ZDI-16-596" }, { "cve": "CVE-2016-7858", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-595/advisory.json", "detail_path": "advisories/ZDI-16-595", "id": "ZDI-16-595", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-595/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3986", "zdi_id": "ZDI-16-595" }, { "cve": "CVE-2016-7246", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-16-594/advisory.json", "detail_path": "advisories/ZDI-16-594", "id": "ZDI-16-594", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Microsoft Windows NtUserMagSetContextInformation Kernel State Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-594/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4020", "zdi_id": "ZDI-16-594" }, { "cve": "CVE-2016-7202", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-593/advisory.json", "detail_path": "advisories/ZDI-16-593", "id": "ZDI-16-593", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Microsoft Windows JavaScript reverse Method Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-593/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-4031", "zdi_id": "ZDI-16-593" }, { "cve": "CVE-2016-7215", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...", "detail_json": "/data/advisories/ZDI-16-592/advisory.json", "detail_path": "advisories/ZDI-16-592", "id": "ZDI-16-592", "kind": "published", "published_date": "2016-11-08", "status": "published", "title": "Microsoft Windows win32k.sys Bitmap Null Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-592/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3924", "zdi_id": "ZDI-16-592" }, { "cve": "CVE-2016-6938", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-591/advisory.json", "detail_path": "advisories/ZDI-16-591", "id": "ZDI-16-591", "kind": "published", "published_date": "2016-11-04", "status": "published", "title": "Adobe Reader DC XObject stream Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-591/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3842", "zdi_id": "ZDI-16-591" }, { "cve": "CVE-2016-4677", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-590/advisory.json", "detail_path": "advisories/ZDI-16-590", "id": "ZDI-16-590", "kind": "published", "published_date": "2016-11-04", "status": "published", "title": "Apple Safari JavaScriptCore Array Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-590/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3875", "zdi_id": "ZDI-16-590" }, { "cve": "CVE-2016-4678", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-589/advisory.json", "detail_path": "advisories/ZDI-16-589", "id": "ZDI-16-589", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Apple OS X AppleSMC smcHandleYPCEvent Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-589/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3908", "zdi_id": "ZDI-16-589" }, { "cve": "CVE-2016-4396", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handli...", "detail_json": "/data/advisories/ZDI-16-588/advisory.json", "detail_path": "advisories/ZDI-16-588", "id": "ZDI-16-588", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Hewlett Packard Enterprise System Management Homepage SSO TKN Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-588/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3730", "zdi_id": "ZDI-16-588" }, { "cve": "CVE-2016-4395", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handli...", "detail_json": "/data/advisories/ZDI-16-587/advisory.json", "detail_path": "advisories/ZDI-16-587", "id": "ZDI-16-587", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Hewlett Packard Enterprise System Management Homepage SetSMHData Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-587/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3722", "zdi_id": "ZDI-16-587" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-586/advisory.json", "detail_path": "advisories/ZDI-16-586", "id": "ZDI-16-586", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-586/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4036", "zdi_id": "ZDI-16-586" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-585/advisory.json", "detail_path": "advisories/ZDI-16-585", "id": "ZDI-16-585", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-585/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4035", "zdi_id": "ZDI-16-585" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-584/advisory.json", "detail_path": "advisories/ZDI-16-584", "id": "ZDI-16-584", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-584/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4034", "zdi_id": "ZDI-16-584" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-583/advisory.json", "detail_path": "advisories/ZDI-16-583", "id": "ZDI-16-583", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-583/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4029", "zdi_id": "ZDI-16-583" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-582/advisory.json", "detail_path": "advisories/ZDI-16-582", "id": "ZDI-16-582", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JBIG2 Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-582/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4028", "zdi_id": "ZDI-16-582" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-581/advisory.json", "detail_path": "advisories/ZDI-16-581", "id": "ZDI-16-581", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPXDecode filters Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-581/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-4027", "zdi_id": "ZDI-16-581" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-580/advisory.json", "detail_path": "advisories/ZDI-16-580", "id": "ZDI-16-580", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-580/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3952", "zdi_id": "ZDI-16-580" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-579/advisory.json", "detail_path": "advisories/ZDI-16-579", "id": "ZDI-16-579", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-579/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3951", "zdi_id": "ZDI-16-579" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-578/advisory.json", "detail_path": "advisories/ZDI-16-578", "id": "ZDI-16-578", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-578/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3950", "zdi_id": "ZDI-16-578" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-577/advisory.json", "detail_path": "advisories/ZDI-16-577", "id": "ZDI-16-577", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-577/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3955", "zdi_id": "ZDI-16-577" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-576/advisory.json", "detail_path": "advisories/ZDI-16-576", "id": "ZDI-16-576", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-576/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3949", "zdi_id": "ZDI-16-576" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-575/advisory.json", "detail_path": "advisories/ZDI-16-575", "id": "ZDI-16-575", "kind": "published", "published_date": "2016-11-02", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-575/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3948", "zdi_id": "ZDI-16-575" }, { "cve": "CVE-2016-6937", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-574/advisory.json", "detail_path": "advisories/ZDI-16-574", "id": "ZDI-16-574", "kind": "published", "published_date": "2016-11-01", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-574/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3838", "zdi_id": "ZDI-16-574" }, { "cve": "CVE-2016-7854", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-573/advisory.json", "detail_path": "advisories/ZDI-16-573", "id": "ZDI-16-573", "kind": "published", "published_date": "2016-11-01", "status": "published", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-573/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-4038", "zdi_id": "ZDI-16-573" }, { "cve": "CVE-2016-5535", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of Apache Commons DiskFileItem. It is po...", "detail_json": "/data/advisories/ZDI-16-572/advisory.json", "detail_path": "advisories/ZDI-16-572", "id": "ZDI-16-572", "kind": "published", "published_date": "2016-11-01", "status": "published", "title": "Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-572/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3591", "zdi_id": "ZDI-16-572" }, { "cve": "CVE-2016-5568", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-571/advisory.json", "detail_path": "advisories/ZDI-16-571", "id": "ZDI-16-571", "kind": "published", "published_date": "2016-11-01", "status": "published", "title": "Oracle Java Runtime Environment java.awt.Menu Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-571/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3812", "zdi_id": "ZDI-16-571" }, { "cve": "CVE-2016-1000031", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain J...", "detail_json": "/data/advisories/ZDI-16-570/advisory.json", "detail_path": "advisories/ZDI-16-570", "id": "ZDI-16-570", "kind": "published", "published_date": "2016-10-17", "status": "published", "title": "Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-570/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-3837", "zdi_id": "ZDI-16-570" }, { "cve": "CVE-2016-6987", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-569/advisory.json", "detail_path": "advisories/ZDI-16-569", "id": "ZDI-16-569", "kind": "published", "published_date": "2016-10-12", "status": "published", "title": "Adobe Flash Accessibility sendEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3989", "zdi_id": "ZDI-16-569" }, { "cve": "CVE-2016-6986", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-568/advisory.json", "detail_path": "advisories/ZDI-16-568", "id": "ZDI-16-568", "kind": "published", "published_date": "2016-10-12", "status": "published", "title": "Adobe Flash SWF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-568/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3957", "zdi_id": "ZDI-16-568" }, { "cve": "CVE-2016-6975", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-567/advisory.json", "detail_path": "advisories/ZDI-16-567", "id": "ZDI-16-567", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing copy-of Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-567/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3943", "zdi_id": "ZDI-16-567" }, { "cve": "CVE-2016-6972", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-566/advisory.json", "detail_path": "advisories/ZDI-16-566", "id": "ZDI-16-566", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing key Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-566/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3946", "zdi_id": "ZDI-16-566" }, { "cve": "CVE-2016-6941", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-565/advisory.json", "detail_path": "advisories/ZDI-16-565", "id": "ZDI-16-565", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information DIsclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-565/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3740", "zdi_id": "ZDI-16-565" }, { "cve": "CVE-2016-6940", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-564/advisory.json", "detail_path": "advisories/ZDI-16-564", "id": "ZDI-16-564", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC PRC Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3724", "zdi_id": "ZDI-16-564" }, { "cve": "CVE-2016-6969", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-563/advisory.json", "detail_path": "advisories/ZDI-16-563", "id": "ZDI-16-563", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing sort Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-563/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3961", "zdi_id": "ZDI-16-563" }, { "cve": "CVE-2016-6973", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-562/advisory.json", "detail_path": "advisories/ZDI-16-562", "id": "ZDI-16-562", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing sort Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-562/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3939", "zdi_id": "ZDI-16-562" }, { "cve": "CVE-2016-6971", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-561/advisory.json", "detail_path": "advisories/ZDI-16-561", "id": "ZDI-16-561", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Acrobat Pro DC XObject stream Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-561/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3816", "zdi_id": "ZDI-16-561" }, { "cve": "CVE-2016-6953", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-560/advisory.json", "detail_path": "advisories/ZDI-16-560", "id": "ZDI-16-560", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Acrobat Reader DC XFA FormSubform Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-560/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3926", "zdi_id": "ZDI-16-560" }, { "cve": "CVE-2016-6952", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-559/advisory.json", "detail_path": "advisories/ZDI-16-559", "id": "ZDI-16-559", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Acrobat Reader DC XFA CPDField Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-559/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3921", "zdi_id": "ZDI-16-559" }, { "cve": "CVE-2016-6951", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-558/advisory.json", "detail_path": "advisories/ZDI-16-558", "id": "ZDI-16-558", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Acrobat Reader DC XFA template Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-558/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3925", "zdi_id": "ZDI-16-558" }, { "cve": "CVE-2016-6950", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-557/advisory.json", "detail_path": "advisories/ZDI-16-557", "id": "ZDI-16-557", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Acrobat Reader DC XFA exclGroup Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-557/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3927", "zdi_id": "ZDI-16-557" }, { "cve": "CVE-2016-6988", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-556/advisory.json", "detail_path": "advisories/ZDI-16-556", "id": "ZDI-16-556", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XFA AFDriver Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-556/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3850", "zdi_id": "ZDI-16-556" }, { "cve": "CVE-2016-6947", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-555/advisory.json", "detail_path": "advisories/ZDI-16-555", "id": "ZDI-16-555", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XFA forms Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-555/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3846", "zdi_id": "ZDI-16-555" }, { "cve": "CVE-2016-6946", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-554/advisory.json", "detail_path": "advisories/ZDI-16-554", "id": "ZDI-16-554", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XFA maxChars Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-554/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3845", "zdi_id": "ZDI-16-554" }, { "cve": "CVE-2016-6942", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-553/advisory.json", "detail_path": "advisories/ZDI-16-553", "id": "ZDI-16-553", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XFA Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-553/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3753", "zdi_id": "ZDI-16-553" }, { "cve": "CVE-2016-6968", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-552/advisory.json", "detail_path": "advisories/ZDI-16-552", "id": "ZDI-16-552", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing key Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-552/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3968", "zdi_id": "ZDI-16-552" }, { "cve": "CVE-2016-6967", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-551/advisory.json", "detail_path": "advisories/ZDI-16-551", "id": "ZDI-16-551", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing variable Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-551/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3969", "zdi_id": "ZDI-16-551" }, { "cve": "CVE-2016-6966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-550/advisory.json", "detail_path": "advisories/ZDI-16-550", "id": "ZDI-16-550", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing for-each Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-550/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3942", "zdi_id": "ZDI-16-550" }, { "cve": "CVE-2016-6965", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-549/advisory.json", "detail_path": "advisories/ZDI-16-549", "id": "ZDI-16-549", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing number Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-549/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3962", "zdi_id": "ZDI-16-549" }, { "cve": "CVE-2016-6964", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-548/advisory.json", "detail_path": "advisories/ZDI-16-548", "id": "ZDI-16-548", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing for-each Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-548/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3964", "zdi_id": "ZDI-16-548" }, { "cve": "CVE-2016-6963", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-547/advisory.json", "detail_path": "advisories/ZDI-16-547", "id": "ZDI-16-547", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing apply-templates Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-547/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3966", "zdi_id": "ZDI-16-547" }, { "cve": "CVE-2016-6962", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-546/advisory.json", "detail_path": "advisories/ZDI-16-546", "id": "ZDI-16-546", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing choose Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-546/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3967", "zdi_id": "ZDI-16-546" }, { "cve": "CVE-2016-6961", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-545/advisory.json", "detail_path": "advisories/ZDI-16-545", "id": "ZDI-16-545", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing copy-of Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-545/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3965", "zdi_id": "ZDI-16-545" }, { "cve": "CVE-2016-6979", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-544/advisory.json", "detail_path": "advisories/ZDI-16-544", "id": "ZDI-16-544", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing if Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-544/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3963", "zdi_id": "ZDI-16-544" }, { "cve": "CVE-2016-6977", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-543/advisory.json", "detail_path": "advisories/ZDI-16-543", "id": "ZDI-16-543", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing choose Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-543/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3945", "zdi_id": "ZDI-16-543" }, { "cve": "CVE-2016-6976", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-542/advisory.json", "detail_path": "advisories/ZDI-16-542", "id": "ZDI-16-542", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing variable Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-542/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3947", "zdi_id": "ZDI-16-542" }, { "cve": "CVE-2016-6974", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-541/advisory.json", "detail_path": "advisories/ZDI-16-541", "id": "ZDI-16-541", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing if Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-541/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3941", "zdi_id": "ZDI-16-541" }, { "cve": "CVE-2016-6960", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-540/advisory.json", "detail_path": "advisories/ZDI-16-540", "id": "ZDI-16-540", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing apply-templates Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-540/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3944", "zdi_id": "ZDI-16-540" }, { "cve": "CVE-2016-6959", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-539/advisory.json", "detail_path": "advisories/ZDI-16-539", "id": "ZDI-16-539", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing number Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-539/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3940", "zdi_id": "ZDI-16-539" }, { "cve": "CVE-2016-6978", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-538/advisory.json", "detail_path": "advisories/ZDI-16-538", "id": "ZDI-16-538", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Reader DC XSLT Parsing value-of Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-538/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3938", "zdi_id": "ZDI-16-538" }, { "cve": "CVE-2016-6945", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-537/advisory.json", "detail_path": "advisories/ZDI-16-537", "id": "ZDI-16-537", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Acrobat Pro DC SaveAs Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-537/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3851", "zdi_id": "ZDI-16-537" }, { "cve": "CVE-2016-6944", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-536/advisory.json", "detail_path": "advisories/ZDI-16-536", "id": "ZDI-16-536", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Adobe Acrobat Reader DC Search Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-536/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3825", "zdi_id": "ZDI-16-536" }, { "cve": "CVE-2016-3386", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-535/advisory.json", "detail_path": "advisories/ZDI-16-535", "id": "ZDI-16-535", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-535/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3928", "zdi_id": "ZDI-16-535" }, { "cve": "CVE-2016-3384", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-534/advisory.json", "detail_path": "advisories/ZDI-16-534", "id": "ZDI-16-534", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Microsoft Internet Explorer s_DestroyMetaCallback Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-534/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3922", "zdi_id": "ZDI-16-534" }, { "cve": "CVE-2016-3383", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-533/advisory.json", "detail_path": "advisories/ZDI-16-533", "id": "ZDI-16-533", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Microsoft Internet Explorer Table Layout Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-533/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3857", "zdi_id": "ZDI-16-533" }, { "cve": "CVE-2016-3382", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge and Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-16-532/advisory.json", "detail_path": "advisories/ZDI-16-532", "id": "ZDI-16-532", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "Microsoft Edge JavaScript eval Function Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-532/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3866", "zdi_id": "ZDI-16-532" }, { "cve": "CVE-2016-7087", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Horizon View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loggerBean service. The loadConfig metho...", "detail_json": "/data/advisories/ZDI-16-531/advisory.json", "detail_path": "advisories/ZDI-16-531", "id": "ZDI-16-531", "kind": "published", "published_date": "2016-10-11", "status": "published", "title": "VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-531/", "vendor": "VMware", "vendor_url": null, "zdi_can": "ZDI-CAN-3714", "zdi_id": "ZDI-16-531" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability....", "detail_json": "/data/advisories/ZDI-16-530/advisory.json", "detail_path": "advisories/ZDI-16-530", "id": "ZDI-16-530", "kind": "published", "published_date": "2016-10-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc Kernel Driver Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-530/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3827", "zdi_id": "ZDI-16-530" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili...", "detail_json": "/data/advisories/ZDI-16-529/advisory.json", "detail_path": "advisories/ZDI-16-529", "id": "ZDI-16-529", "kind": "published", "published_date": "2016-10-06", "status": "published", "title": "Trend Micro Maximum Security tmnciesc driver Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-529/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3843", "zdi_id": "ZDI-16-529" }, { "cve": "CVE-2016-6980", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-528/advisory.json", "detail_path": "advisories/ZDI-16-528", "id": "ZDI-16-528", "kind": "published", "published_date": "2016-09-27", "status": "published", "title": "Adobe Digital Editions ePub Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-528/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3979", "zdi_id": "ZDI-16-528" }, { "cve": "CVE-2016-4768", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-527/advisory.json", "detail_path": "advisories/ZDI-16-527", "id": "ZDI-16-527", "kind": "published", "published_date": "2016-09-27", "status": "published", "title": "Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-527/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3852", "zdi_id": "ZDI-16-527" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-526/advisory.json", "detail_path": "advisories/ZDI-16-526", "id": "ZDI-16-526", "kind": "published", "published_date": "2016-09-21", "status": "published", "title": "(0Day) Google Chrome Protocol Handler Logic Error Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-526/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3625", "zdi_id": "ZDI-16-526" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-16-525/advisory.json", "detail_path": "advisories/ZDI-16-525", "id": "ZDI-16-525", "kind": "published", "published_date": "2016-09-21", "status": "published", "title": "(0Day) Fatek Automation PM Designer Heap Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-525/", "vendor": "Fatek Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3586", "zdi_id": "ZDI-16-525" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-524/advisory.json", "detail_path": "advisories/ZDI-16-524", "id": "ZDI-16-524", "kind": "published", "published_date": "2016-09-21", "status": "published", "title": "Google Chrome Logic Error Safe Browsing Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-524/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3624", "zdi_id": "ZDI-16-524" }, { "cve": "CVE-2016-4385", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI reg...", "detail_json": "/data/advisories/ZDI-16-523/advisory.json", "detail_path": "advisories/ZDI-16-523", "id": "ZDI-16-523", "kind": "published", "published_date": "2016-09-21", "status": "published", "title": "Hewlett Packard Enterprise Network Automation RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-523/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3728", "zdi_id": "ZDI-16-523" }, { "cve": "CVE-2016-4727", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-16-522/advisory.json", "detail_path": "advisories/ZDI-16-522", "id": "ZDI-16-522", "kind": "published", "published_date": "2016-09-20", "status": "published", "title": "Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-522/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3814", "zdi_id": "ZDI-16-522" }, { "cve": "CVE-2016-4697", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...", "detail_json": "/data/advisories/ZDI-16-521/advisory.json", "detail_path": "advisories/ZDI-16-521", "id": "ZDI-16-521", "kind": "published", "published_date": "2016-09-20", "status": "published", "title": "Apple OS X AppleHSSPIHIDDriver Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-521/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3822", "zdi_id": "ZDI-16-521" }, { "cve": "CVE-2016-4700", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-520/advisory.json", "detail_path": "advisories/ZDI-16-520", "id": "ZDI-16-520", "kind": "published", "published_date": "2016-09-20", "status": "published", "title": "Apple OS X AppleUpstreamUserClient Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-520/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3715", "zdi_id": "ZDI-16-520" }, { "cve": "CVE-2016-4699", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-519/advisory.json", "detail_path": "advisories/ZDI-16-519", "id": "ZDI-16-519", "kind": "published", "published_date": "2016-09-20", "status": "published", "title": "Apple OS X AudioAUUC Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-519/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3716", "zdi_id": "ZDI-16-519" }, { "cve": "CVE-2016-5814", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation RSLogix Micro Starter Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-16-518/advisory.json", "detail_path": "advisories/ZDI-16-518", "id": "ZDI-16-518", "kind": "published", "published_date": "2016-09-19", "status": "published", "title": "Rockwell Automation RSLogix Micro Starter Lite Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-518/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-3793", "zdi_id": "ZDI-16-518" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logcheck fun...", "detail_json": "/data/advisories/ZDI-16-517/advisory.json", "detail_path": "advisories/ZDI-16-517", "id": "ZDI-16-517", "kind": "published", "published_date": "2016-09-19", "status": "published", "title": "AlienVault Unified Security Management Remote Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-517/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-3976", "zdi_id": "ZDI-16-517" }, { "cve": "CVE-2016-4276", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-516/advisory.json", "detail_path": "advisories/ZDI-16-516", "id": "ZDI-16-516", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Adobe Flash SWF Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-516/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3848", "zdi_id": "ZDI-16-516" }, { "cve": "CVE-2016-4279", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-515/advisory.json", "detail_path": "advisories/ZDI-16-515", "id": "ZDI-16-515", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Adobe Flash TextFormat Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-515/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3862", "zdi_id": "ZDI-16-515" }, { "cve": "CVE-2016-3377", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-514/advisory.json", "detail_path": "advisories/ZDI-16-514", "id": "ZDI-16-514", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Windows JavaScript map Method Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-514/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3932", "zdi_id": "ZDI-16-514" }, { "cve": "CVE-2016-3247", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-513/advisory.json", "detail_path": "advisories/ZDI-16-513", "id": "ZDI-16-513", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Edge CSS white-space Property Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-513/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3874", "zdi_id": "ZDI-16-513" }, { "cve": "CVE-2016-3376", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-16-512/advisory.json", "detail_path": "advisories/ZDI-16-512", "id": "ZDI-16-512", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Windows MSXML IDispatch Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-512/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3821", "zdi_id": "ZDI-16-512" }, { "cve": "CVE-2016-3295", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-511/advisory.json", "detail_path": "advisories/ZDI-16-511", "id": "ZDI-16-511", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Edge CTreePos Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-511/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3792", "zdi_id": "ZDI-16-511" }, { "cve": "CVE-2016-3292", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escape from the Enhanced Protected Mode sandbox on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope...", "detail_json": "/data/advisories/ZDI-16-510/advisory.json", "detail_path": "advisories/ZDI-16-510", "id": "ZDI-16-510", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-510/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3788", "zdi_id": "ZDI-16-510" }, { "cve": "CVE-2016-3294", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-509/advisory.json", "detail_path": "advisories/ZDI-16-509", "id": "ZDI-16-509", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-509/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3782", "zdi_id": "ZDI-16-509" }, { "cve": "CVE-2016-3365", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-508/advisory.json", "detail_path": "advisories/ZDI-16-508", "id": "ZDI-16-508", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Office Excel Art Data Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-508/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3781", "zdi_id": "ZDI-16-508" }, { "cve": "CVE-2016-3354", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-507/advisory.json", "detail_path": "advisories/ZDI-16-507", "id": "ZDI-16-507", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Windows NtGdiQueryFonts Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-507/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3756", "zdi_id": "ZDI-16-507" }, { "cve": "CVE-2016-3353", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. An attac...", "detail_json": "/data/advisories/ZDI-16-506/advisory.json", "detail_path": "advisories/ZDI-16-506", "id": "ZDI-16-506", "kind": "published", "published_date": "2016-09-16", "status": "published", "title": "Microsoft Windows .URL File Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-506/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3570", "zdi_id": "ZDI-16-506" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists when handling get_directive_kdb....", "detail_json": "/data/advisories/ZDI-16-505/advisory.json", "detail_path": "advisories/ZDI-16-505", "id": "ZDI-16-505", "kind": "published", "published_date": "2016-09-08", "status": "published", "title": "AlienVault Unified Security Management get_directive_kdb directive_id SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-505/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-3742", "zdi_id": "ZDI-16-505" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within multiple PHP scripts in A...", "detail_json": "/data/advisories/ZDI-16-504/advisory.json", "detail_path": "advisories/ZDI-16-504", "id": "ZDI-16-504", "kind": "published", "published_date": "2016-09-08", "status": "published", "title": "AlienVault Unified Security Management Multiple PHP Scripts Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-504/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-3704", "zdi_id": "ZDI-16-504" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Bitdefender Antivirus Plus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-16-503/advisory.json", "detail_path": "advisories/ZDI-16-503", "id": "ZDI-16-503", "kind": "published", "published_date": "2016-09-01", "status": "published", "title": "Bitdefender Antivirus Plus bdfwfpf Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-503/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-3749", "zdi_id": "ZDI-16-503" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Bitdefender Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-16-502/advisory.json", "detail_path": "advisories/ZDI-16-502", "id": "ZDI-16-502", "kind": "published", "published_date": "2016-09-01", "status": "published", "title": "Bitdefender Antivirus Plus avc3 Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-502/", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-3829", "zdi_id": "ZDI-16-502" }, { "cve": "CVE-2016-5161", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-501/advisory.json", "detail_path": "advisories/ZDI-16-501", "id": "ZDI-16-501", "kind": "published", "published_date": "2016-09-01", "status": "published", "title": "Google Chrome StylePropertySerializer Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-501/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3840", "zdi_id": "ZDI-16-501" }, { "cve": null, "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-500/advisory.json", "detail_path": "advisories/ZDI-16-500", "id": "ZDI-16-500", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Joyent SmartOS dtrace Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-500/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3690", "zdi_id": "ZDI-16-500" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-499/advisory.json", "detail_path": "advisories/ZDI-16-499", "id": "ZDI-16-499", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Joyent SmartOS dtrace Zone Escape Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-499/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3689", "zdi_id": "ZDI-16-499" }, { "cve": null, "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-498/advisory.json", "detail_path": "advisories/ZDI-16-498", "id": "ZDI-16-498", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Joyent SmartOS dtrace Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-498/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3688", "zdi_id": "ZDI-16-498" }, { "cve": "CVE-2016-1820", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-497/advisory.json", "detail_path": "advisories/ZDI-16-497", "id": "ZDI-16-497", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Apple OS X AppleHDA Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-497/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3596", "zdi_id": "ZDI-16-497" }, { "cve": "CVE-2016-4648", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the DspFun...", "detail_json": "/data/advisories/ZDI-16-496/advisory.json", "detail_path": "advisories/ZDI-16-496", "id": "ZDI-16-496", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-496/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3598", "zdi_id": "ZDI-16-496" }, { "cve": "CVE-2016-1808", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHDIX...", "detail_json": "/data/advisories/ZDI-16-495/advisory.json", "detail_path": "advisories/ZDI-16-495", "id": "ZDI-16-495", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-495/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3558", "zdi_id": "ZDI-16-495" }, { "cve": "CVE-2016-4650", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHIDF...", "detail_json": "/data/advisories/ZDI-16-494/advisory.json", "detail_path": "advisories/ZDI-16-494", "id": "ZDI-16-494", "kind": "published", "published_date": "2016-08-29", "status": "published", "title": "Apple OS X IOHIDFamily Heap Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-494/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3554", "zdi_id": "ZDI-16-494" }, { "cve": "CVE-2016-4270", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-493/advisory.json", "detail_path": "advisories/ZDI-16-493", "id": "ZDI-16-493", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC Font stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-493/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3817", "zdi_id": "ZDI-16-493" }, { "cve": "CVE-2016-4268", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-492/advisory.json", "detail_path": "advisories/ZDI-16-492", "id": "ZDI-16-492", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC Font stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-492/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3789", "zdi_id": "ZDI-16-492" }, { "cve": "CVE-2016-4269", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-491/advisory.json", "detail_path": "advisories/ZDI-16-491", "id": "ZDI-16-491", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-491/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3830", "zdi_id": "ZDI-16-491" }, { "cve": "CVE-2016-4267", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-490/advisory.json", "detail_path": "advisories/ZDI-16-490", "id": "ZDI-16-490", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-490/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3841", "zdi_id": "ZDI-16-490" }, { "cve": "CVE-2016-4266", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-489/advisory.json", "detail_path": "advisories/ZDI-16-489", "id": "ZDI-16-489", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-489/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3835", "zdi_id": "ZDI-16-489" }, { "cve": "CVE-2016-4265", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-488/advisory.json", "detail_path": "advisories/ZDI-16-488", "id": "ZDI-16-488", "kind": "published", "published_date": "2016-08-24", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-488/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3839", "zdi_id": "ZDI-16-488" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of AVG Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-487/advisory.json", "detail_path": "advisories/ZDI-16-487", "id": "ZDI-16-487", "kind": "published", "published_date": "2016-08-19", "status": "published", "title": "AVG Internet Security avgtdix.sys Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-487/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-3761", "zdi_id": "ZDI-16-487" }, { "cve": "CVE-2016-4622", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-486/advisory.json", "detail_path": "advisories/ZDI-16-486", "id": "ZDI-16-486", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "Apple Safari Array.splice Out-Of-Bounds Access Remote Code Execuction Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-486/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3674", "zdi_id": "ZDI-16-486" }, { "cve": "CVE-2016-4622", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-485/advisory.json", "detail_path": "advisories/ZDI-16-485", "id": "ZDI-16-485", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "Apple Safari Array.slice Out-Of-Bounds Access Remote Code Execuction Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-485/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3673", "zdi_id": "ZDI-16-485" }, { "cve": null, "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of AVG Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-484/advisory.json", "detail_path": "advisories/ZDI-16-484", "id": "ZDI-16-484", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "AVG Internet Security avgtdix.sys Kernel Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-484/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-3733", "zdi_id": "ZDI-16-484" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of AVG Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-483/advisory.json", "detail_path": "advisories/ZDI-16-483", "id": "ZDI-16-483", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "AVG Internet Security avgidsdriverx.sys Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-483/", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-3732", "zdi_id": "ZDI-16-483" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ActiveMQ Broker service that is ins...", "detail_json": "/data/advisories/ZDI-16-482/advisory.json", "detail_path": "advisories/ZDI-16-482", "id": "ZDI-16-482", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-482/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-3549", "zdi_id": "ZDI-16-482" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ActiveMQ Broker service that is ins...", "detail_json": "/data/advisories/ZDI-16-481/advisory.json", "detail_path": "advisories/ZDI-16-481", "id": "ZDI-16-481", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-481/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-3550", "zdi_id": "ZDI-16-481" }, { "cve": null, "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete files of their choosing from systems running vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ActiveMQ...", "detail_json": "/data/advisories/ZDI-16-480/advisory.json", "detail_path": "advisories/ZDI-16-480", "id": "ZDI-16-480", "kind": "published", "published_date": "2016-08-18", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service DELETE Method Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-480/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-3548", "zdi_id": "ZDI-16-480" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate their privilege to system administrator on vulnerable installations of ABB DataManagerPro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v...", "detail_json": "/data/advisories/ZDI-16-479/advisory.json", "detail_path": "advisories/ZDI-16-479", "id": "ZDI-16-479", "kind": "published", "published_date": "2016-08-17", "status": "published", "title": "(0Day) ABB DataManagerPro File Permissions Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-479/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-3500", "zdi_id": "ZDI-16-479" }, { "cve": "CVE-2016-6486", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Siemens SINEMA Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the product. The executabl...", "detail_json": "/data/advisories/ZDI-16-478/advisory.json", "detail_path": "advisories/ZDI-16-478", "id": "ZDI-16-478", "kind": "published", "published_date": "2016-08-17", "status": "published", "title": "Siemens SINEMA Server Insecure File Permissions Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-478/", "vendor": "Siemens", "vendor_url": null, "zdi_can": "ZDI-CAN-3662", "zdi_id": "ZDI-16-478" }, { "cve": "CVE-2016-3191", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-16-477/advisory.json", "detail_path": "advisories/ZDI-16-477", "id": "ZDI-16-477", "kind": "published", "published_date": "2016-08-17", "status": "published", "title": "PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-477/", "vendor": "PCRE", "vendor_url": null, "zdi_can": "ZDI-CAN-3542", "zdi_id": "ZDI-16-477" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-476/advisory.json", "detail_path": "advisories/ZDI-16-476", "id": "ZDI-16-476", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-476/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3918", "zdi_id": "ZDI-16-476" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-475/advisory.json", "detail_path": "advisories/ZDI-16-475", "id": "ZDI-16-475", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-475/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3903", "zdi_id": "ZDI-16-475" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-474/advisory.json", "detail_path": "advisories/ZDI-16-474", "id": "ZDI-16-474", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-474/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3902", "zdi_id": "ZDI-16-474" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-473/advisory.json", "detail_path": "advisories/ZDI-16-473", "id": "ZDI-16-473", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-473/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3901", "zdi_id": "ZDI-16-473" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-472/advisory.json", "detail_path": "advisories/ZDI-16-472", "id": "ZDI-16-472", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-472/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3900", "zdi_id": "ZDI-16-472" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-471/advisory.json", "detail_path": "advisories/ZDI-16-471", "id": "ZDI-16-471", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-471/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3899", "zdi_id": "ZDI-16-471" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-470/advisory.json", "detail_path": "advisories/ZDI-16-470", "id": "ZDI-16-470", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-470/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3898", "zdi_id": "ZDI-16-470" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-469/advisory.json", "detail_path": "advisories/ZDI-16-469", "id": "ZDI-16-469", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-469/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3929", "zdi_id": "ZDI-16-469" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-468/advisory.json", "detail_path": "advisories/ZDI-16-468", "id": "ZDI-16-468", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-468/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3919", "zdi_id": "ZDI-16-468" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-467/advisory.json", "detail_path": "advisories/ZDI-16-467", "id": "ZDI-16-467", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-467/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3891", "zdi_id": "ZDI-16-467" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-466/advisory.json", "detail_path": "advisories/ZDI-16-466", "id": "ZDI-16-466", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Joyent Smart Data Center Docker API Zone Escape Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-466/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3701", "zdi_id": "ZDI-16-466" }, { "cve": null, "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the dtra...", "detail_json": "/data/advisories/ZDI-16-465/advisory.json", "detail_path": "advisories/ZDI-16-465", "id": "ZDI-16-465", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Joyent SmartOS dtrace Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-465/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3531", "zdi_id": "ZDI-16-465" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the dt...", "detail_json": "/data/advisories/ZDI-16-464/advisory.json", "detail_path": "advisories/ZDI-16-464", "id": "ZDI-16-464", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Joyent SmartOS dtrace Zone Escape Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-464/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3532", "zdi_id": "ZDI-16-464" }, { "cve": "CVE-2016-5792", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getcaminfo.asp script. When parsing the VWID el...", "detail_json": "/data/advisories/ZDI-16-463/advisory.json", "detail_path": "advisories/ZDI-16-463", "id": "ZDI-16-463", "kind": "published", "published_date": "2016-08-10", "status": "published", "title": "Moxa SoftCMS getcaminfo SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-463/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-3757", "zdi_id": "ZDI-16-463" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within task_controller.php. The url par...", "detail_json": "/data/advisories/ZDI-16-462/advisory.json", "detail_path": "advisories/ZDI-16-462", "id": "ZDI-16-462", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager task_controller Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-462/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3709", "zdi_id": "ZDI-16-462" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQuery_SelectView.aspx. The...", "detail_json": "/data/advisories/ZDI-16-461/advisory.json", "detail_path": "advisories/ZDI-16-461", "id": "ZDI-16-461", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-461/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3641", "zdi_id": "ZDI-16-461" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQuery_SelectView.aspx. The...", "detail_json": "/data/advisories/ZDI-16-460/advisory.json", "detail_path": "advisories/ZDI-16-460", "id": "ZDI-16-460", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-460/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3640", "zdi_id": "ZDI-16-460" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within DeploymentPlan_Event_Handler.asp...", "detail_json": "/data/advisories/ZDI-16-459/advisory.json", "detail_path": "advisories/ZDI-16-459", "id": "ZDI-16-459", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager DeploymentPlan_Event_Handler External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-459/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3639", "zdi_id": "ZDI-16-459" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within ProductTree.aspx. The issue lies...", "detail_json": "/data/advisories/ZDI-16-458/advisory.json", "detail_path": "advisories/ZDI-16-458", "id": "ZDI-16-458", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager ProductTree External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-458/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3638", "zdi_id": "ZDI-16-458" }, { "cve": null, "cvss": 4.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within TreeUserControl_process_tree_eve...", "detail_json": "/data/advisories/ZDI-16-457/advisory.json", "detail_path": "advisories/ZDI-16-457", "id": "ZDI-16-457", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager TreeUserControl_process_tree_event External Entity Processing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-457/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3637", "zdi_id": "ZDI-16-457" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQuery_CustomProfiles.aspx. The issu...", "detail_json": "/data/advisories/ZDI-16-456/advisory.json", "detail_path": "advisories/ZDI-16-456", "id": "ZDI-16-456", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager AdHocQuery_CustomProfiles SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-456/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3636", "zdi_id": "ZDI-16-456" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within cgiCMUIDispatcher.exe. The issue lies in...", "detail_json": "/data/advisories/ZDI-16-455/advisory.json", "detail_path": "advisories/ZDI-16-455", "id": "ZDI-16-455", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Trend Micro Control Manager cgiCMUIDispatcher SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-455/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3635", "zdi_id": "ZDI-16-455" }, { "cve": "CVE-2016-3289", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-454/advisory.json", "detail_path": "advisories/ZDI-16-454", "id": "ZDI-16-454", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Internet Explorer CAnchor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-454/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3777", "zdi_id": "ZDI-16-454" }, { "cve": "CVE-2016-3308", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-453/advisory.json", "detail_path": "advisories/ZDI-16-453", "id": "ZDI-16-453", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Access Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-453/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3767", "zdi_id": "ZDI-16-453" }, { "cve": "CVE-2016-3326", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-452/advisory.json", "detail_path": "advisories/ZDI-16-452", "id": "ZDI-16-452", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-452/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3751", "zdi_id": "ZDI-16-452" }, { "cve": "CVE-2016-3318", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-451/advisory.json", "detail_path": "advisories/ZDI-16-451", "id": "ZDI-16-451", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Office Word RTF JPEG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-451/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3743", "zdi_id": "ZDI-16-451" }, { "cve": "CVE-2016-3322", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-450/advisory.json", "detail_path": "advisories/ZDI-16-450", "id": "ZDI-16-450", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Internet Explorer CACPCache Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-450/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3741", "zdi_id": "ZDI-16-450" }, { "cve": "CVE-2016-3309", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-449/advisory.json", "detail_path": "advisories/ZDI-16-449", "id": "ZDI-16-449", "kind": "published", "published_date": "2016-08-09", "status": "published", "title": "Microsoft Windows win32k RGNOBJ Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-449/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3702", "zdi_id": "ZDI-16-449" }, { "cve": "CVE-2016-3587", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-448/advisory.json", "detail_path": "advisories/ZDI-16-448", "id": "ZDI-16-448", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle Java MethodHandle Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-448/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3695", "zdi_id": "ZDI-16-448" }, { "cve": "CVE-2016-3606", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-447/advisory.json", "detail_path": "advisories/ZDI-16-447", "id": "ZDI-16-447", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-447/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3720", "zdi_id": "ZDI-16-447" }, { "cve": "CVE-2016-3598", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-446/advisory.json", "detail_path": "advisories/ZDI-16-446", "id": "ZDI-16-446", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-446/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3719", "zdi_id": "ZDI-16-446" }, { "cve": "CVE-2016-3610", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-445/advisory.json", "detail_path": "advisories/ZDI-16-445", "id": "ZDI-16-445", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-445/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3787", "zdi_id": "ZDI-16-445" }, { "cve": "CVE-2016-3499", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The PartItem class in WebLogic FileUpload allows remote attackers to write to ar...", "detail_json": "/data/advisories/ZDI-16-444/advisory.json", "detail_path": "advisories/ZDI-16-444", "id": "ZDI-16-444", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle WebLogic PartItem Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-444/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3511", "zdi_id": "ZDI-16-444" }, { "cve": "CVE-2016-3510", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists in the use of JBoss Interceptors library. By sending a...", "detail_json": "/data/advisories/ZDI-16-443/advisory.json", "detail_path": "advisories/ZDI-16-443", "id": "ZDI-16-443", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle WebLogic JBoss Interceptors Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-443/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3497", "zdi_id": "ZDI-16-443" }, { "cve": "CVE-2016-3607", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Glassfish Server. Authentication is not required to exploit this vulnerability. The PartItem class allows remote attackers to write to arbitrary files v...", "detail_json": "/data/advisories/ZDI-16-442/advisory.json", "detail_path": "advisories/ZDI-16-442", "id": "ZDI-16-442", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-442/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3510", "zdi_id": "ZDI-16-442" }, { "cve": "CVE-2016-3586", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of JtaTransactionManager. It is possible...", "detail_json": "/data/advisories/ZDI-16-441/advisory.json", "detail_path": "advisories/ZDI-16-441", "id": "ZDI-16-441", "kind": "published", "published_date": "2016-07-21", "status": "published", "title": "Oracle WebLogic JtaTransactionManager Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-441/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3588", "zdi_id": "ZDI-16-441" }, { "cve": "CVE-2016-4529", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMachine HVAC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-16-440/advisory.json", "detail_path": "advisories/ZDI-16-440", "id": "ZDI-16-440", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Schneider Electric SoMachine HVAC AxEditGrid ActiveX Control SetDataIntf Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-440/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3581", "zdi_id": "ZDI-16-440" }, { "cve": "CVE-2016-4646", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-439/advisory.json", "detail_path": "advisories/ZDI-16-439", "id": "ZDI-16-439", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X ACMP4AACBaseDecoder Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-439/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3718", "zdi_id": "ZDI-16-439" }, { "cve": "CVE-2016-4647", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-438/advisory.json", "detail_path": "advisories/ZDI-16-438", "id": "ZDI-16-438", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-438/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3694", "zdi_id": "ZDI-16-438" }, { "cve": "CVE-2016-4647", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-437/advisory.json", "detail_path": "advisories/ZDI-16-437", "id": "ZDI-16-437", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-437/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3693", "zdi_id": "ZDI-16-437" }, { "cve": "CVE-2016-4653", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-436/advisory.json", "detail_path": "advisories/ZDI-16-436", "id": "ZDI-16-436", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X IOPMrootDomain Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-436/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3654", "zdi_id": "ZDI-16-436" }, { "cve": "CVE-2016-4640", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-435/advisory.json", "detail_path": "advisories/ZDI-16-435", "id": "ZDI-16-435", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X WindowServer Heap-Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-435/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3769", "zdi_id": "ZDI-16-435" }, { "cve": "CVE-2016-4633", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-434/advisory.json", "detail_path": "advisories/ZDI-16-434", "id": "ZDI-16-434", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X AppleIntelBDWGraphics Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-434/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3687", "zdi_id": "ZDI-16-434" }, { "cve": "CVE-2016-4641", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-433/advisory.json", "detail_path": "advisories/ZDI-16-433", "id": "ZDI-16-433", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X WindowServer Type Confusion Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-433/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3768", "zdi_id": "ZDI-16-433" }, { "cve": "CVE-2016-4652", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-16-432/advisory.json", "detail_path": "advisories/ZDI-16-432", "id": "ZDI-16-432", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X WindowServer _XFlushRegion Out-Of-Bounds Read Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-432/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3771", "zdi_id": "ZDI-16-432" }, { "cve": "CVE-2016-4639", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-431/advisory.json", "detail_path": "advisories/ZDI-16-431", "id": "ZDI-16-431", "kind": "published", "published_date": "2016-07-20", "status": "published", "title": "Apple OS X WindowServer Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-431/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3776", "zdi_id": "ZDI-16-431" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-430/advisory.json", "detail_path": "advisories/ZDI-16-430", "id": "ZDI-16-430", "kind": "published", "published_date": "2016-07-18", "status": "published", "title": "Foxit Reader ConvertToPDF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-430/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3562", "zdi_id": "ZDI-16-430" }, { "cve": "CVE-2016-5810", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within upAdminPg.asp. One project administrator...", "detail_json": "/data/advisories/ZDI-16-429/advisory.json", "detail_path": "advisories/ZDI-16-429", "id": "ZDI-16-429", "kind": "published", "published_date": "2016-07-18", "status": "published", "title": "Advantech WebAccess upAdminPg Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-429/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3746", "zdi_id": "ZDI-16-429" }, { "cve": "CVE-2016-4224", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-428/advisory.json", "detail_path": "advisories/ZDI-16-428", "id": "ZDI-16-428", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Flash DeleteRangeTimelineOperation Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-428/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3820", "zdi_id": "ZDI-16-428" }, { "cve": "CVE-2016-4225", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-427/advisory.json", "detail_path": "advisories/ZDI-16-427", "id": "ZDI-16-427", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Flash AdBreakPlacement Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-427/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3819", "zdi_id": "ZDI-16-427" }, { "cve": "CVE-2016-4174", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-426/advisory.json", "detail_path": "advisories/ZDI-16-426", "id": "ZDI-16-426", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Flash StyleSheet Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-426/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3744", "zdi_id": "ZDI-16-426" }, { "cve": "CVE-2016-4222", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-425/advisory.json", "detail_path": "advisories/ZDI-16-425", "id": "ZDI-16-425", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Flash PrintJob printAsBitmap Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-425/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3780", "zdi_id": "ZDI-16-425" }, { "cve": "CVE-2016-4223", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-424/advisory.json", "detail_path": "advisories/ZDI-16-424", "id": "ZDI-16-424", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Flash AdTimelineItem Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-424/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3818", "zdi_id": "ZDI-16-424" }, { "cve": "CVE-2016-4191", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-423/advisory.json", "detail_path": "advisories/ZDI-16-423", "id": "ZDI-16-423", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-423/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3656", "zdi_id": "ZDI-16-423" }, { "cve": "CVE-2016-4198", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-422/advisory.json", "detail_path": "advisories/ZDI-16-422", "id": "ZDI-16-422", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC XSLT value-of Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-422/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3731", "zdi_id": "ZDI-16-422" }, { "cve": "CVE-2016-4251", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-421/advisory.json", "detail_path": "advisories/ZDI-16-421", "id": "ZDI-16-421", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-421/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3805", "zdi_id": "ZDI-16-421" }, { "cve": "CVE-2016-4255", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-420/advisory.json", "detail_path": "advisories/ZDI-16-420", "id": "ZDI-16-420", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-420/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3663", "zdi_id": "ZDI-16-420" }, { "cve": "CVE-2016-4200", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-419/advisory.json", "detail_path": "advisories/ZDI-16-419", "id": "ZDI-16-419", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC copy-of XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-419/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3737", "zdi_id": "ZDI-16-419" }, { "cve": "CVE-2016-4195", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-418/advisory.json", "detail_path": "advisories/ZDI-16-418", "id": "ZDI-16-418", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC choose XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-418/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3736", "zdi_id": "ZDI-16-418" }, { "cve": "CVE-2016-4199", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-417/advisory.json", "detail_path": "advisories/ZDI-16-417", "id": "ZDI-16-417", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC for-each XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3738", "zdi_id": "ZDI-16-417" }, { "cve": "CVE-2016-4196", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-416/advisory.json", "detail_path": "advisories/ZDI-16-416", "id": "ZDI-16-416", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC if XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3735", "zdi_id": "ZDI-16-416" }, { "cve": "CVE-2016-4197", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-415/advisory.json", "detail_path": "advisories/ZDI-16-415", "id": "ZDI-16-415", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC apply-templates XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-415/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3734", "zdi_id": "ZDI-16-415" }, { "cve": "CVE-2016-4202", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-414/advisory.json", "detail_path": "advisories/ZDI-16-414", "id": "ZDI-16-414", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Adobe Reader DC number XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-414/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3762", "zdi_id": "ZDI-16-414" }, { "cve": "CVE-2016-3271", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-413/advisory.json", "detail_path": "advisories/ZDI-16-413", "id": "ZDI-16-413", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Microsoft Chakra ArrayBuffer.transfer Uninitialized Buffer Information Leak Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-413/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3750", "zdi_id": "ZDI-16-413" }, { "cve": "CVE-2016-3264", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnera...", "detail_json": "/data/advisories/ZDI-16-412/advisory.json", "detail_path": "advisories/ZDI-16-412", "id": "ZDI-16-412", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Microsoft Edge CGeolocationManager Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-412/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3747", "zdi_id": "ZDI-16-412" }, { "cve": "CVE-2016-3246", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to corrupt memory on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-16-411/advisory.json", "detail_path": "advisories/ZDI-16-411", "id": "ZDI-16-411", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Microsoft Edge InjectHtmlStream Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-411/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3691", "zdi_id": "ZDI-16-411" }, { "cve": "CVE-2016-3242", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-410/advisory.json", "detail_path": "advisories/ZDI-16-410", "id": "ZDI-16-410", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-410/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3668", "zdi_id": "ZDI-16-410" }, { "cve": "CVE-2016-3241", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-409/advisory.json", "detail_path": "advisories/ZDI-16-409", "id": "ZDI-16-409", "kind": "published", "published_date": "2016-07-12", "status": "published", "title": "Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3667", "zdi_id": "ZDI-16-409" }, { "cve": "CVE-2016-4509", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-408/advisory.json", "detail_path": "advisories/ZDI-16-408", "id": "ZDI-16-408", "kind": "published", "published_date": "2016-07-07", "status": "published", "title": "Eaton ELCSoft Heap Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-408/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-3675", "zdi_id": "ZDI-16-408" }, { "cve": "CVE-2016-4512", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of network TCP requests by ELCSimul...", "detail_json": "/data/advisories/ZDI-16-407/advisory.json", "detail_path": "advisories/ZDI-16-407", "id": "ZDI-16-407", "kind": "published", "published_date": "2017-08-07", "status": "published", "title": "Eaton ELCSoft ELCSimulator Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-407/", "vendor": "Eaton", "vendor_url": null, "zdi_can": "ZDI-CAN-3697", "zdi_id": "ZDI-16-407" }, { "cve": "CVE-2016-1605", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Novell NetIQ Sentinel Server. Authentication is required to exploit this vulnerability but it can be bypassed using a separate flaw within the LogonF...", "detail_json": "/data/advisories/ZDI-16-406/advisory.json", "detail_path": "advisories/ZDI-16-406", "id": "ZDI-16-406", "kind": "published", "published_date": "2016-07-07", "status": "published", "title": "Novell NetIQ Sentinel Server ReportViewServlet fileName Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-406/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-3717", "zdi_id": "ZDI-16-406" }, { "cve": "CVE-2016-4523", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Wireless Application Protocol...", "detail_json": "/data/advisories/ZDI-16-405/advisory.json", "detail_path": "advisories/ZDI-16-405", "id": "ZDI-16-405", "kind": "published", "published_date": "2016-07-01", "status": "published", "title": "Trihedral VTScada Path Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-405/", "vendor": "Trihedral Engineering Ltd", "vendor_url": null, "zdi_can": "ZDI-CAN-3575", "zdi_id": "ZDI-16-405" }, { "cve": "CVE-2016-4510", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Wireless Application Protocol...", "detail_json": "/data/advisories/ZDI-16-404/advisory.json", "detail_path": "advisories/ZDI-16-404", "id": "ZDI-16-404", "kind": "published", "published_date": "2016-07-01", "status": "published", "title": "Trihedral VTScada Filter Bypass Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-404/", "vendor": "Trihedral Engineering Ltd", "vendor_url": null, "zdi_can": "ZDI-CAN-3512", "zdi_id": "ZDI-16-404" }, { "cve": "CVE-2016-4532", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Wireless Application P...", "detail_json": "/data/advisories/ZDI-16-403/advisory.json", "detail_path": "advisories/ZDI-16-403", "id": "ZDI-16-403", "kind": "published", "published_date": "2016-07-01", "status": "published", "title": "Trihedral VTScada Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-403/", "vendor": "Trihedral Engineering Ltd", "vendor_url": null, "zdi_can": "ZDI-CAN-3513", "zdi_id": "ZDI-16-403" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-402/advisory.json", "detail_path": "advisories/ZDI-16-402", "id": "ZDI-16-402", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-402/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3815", "zdi_id": "ZDI-16-402" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-401/advisory.json", "detail_path": "advisories/ZDI-16-401", "id": "ZDI-16-401", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-401/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3807", "zdi_id": "ZDI-16-401" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-400/advisory.json", "detail_path": "advisories/ZDI-16-400", "id": "ZDI-16-400", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-400/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3806", "zdi_id": "ZDI-16-400" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-399/advisory.json", "detail_path": "advisories/ZDI-16-399", "id": "ZDI-16-399", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-399/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3763", "zdi_id": "ZDI-16-399" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-398/advisory.json", "detail_path": "advisories/ZDI-16-398", "id": "ZDI-16-398", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-398/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3739", "zdi_id": "ZDI-16-398" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-397/advisory.json", "detail_path": "advisories/ZDI-16-397", "id": "ZDI-16-397", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-397/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3698", "zdi_id": "ZDI-16-397" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-396/advisory.json", "detail_path": "advisories/ZDI-16-396", "id": "ZDI-16-396", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader exportData Restrictions Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-396/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3700", "zdi_id": "ZDI-16-396" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-395/advisory.json", "detail_path": "advisories/ZDI-16-395", "id": "ZDI-16-395", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader Safe Mode Bypass Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-395/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3659", "zdi_id": "ZDI-16-395" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-394/advisory.json", "detail_path": "advisories/ZDI-16-394", "id": "ZDI-16-394", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-394/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3671", "zdi_id": "ZDI-16-394" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-393/advisory.json", "detail_path": "advisories/ZDI-16-393", "id": "ZDI-16-393", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader Pattern Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-393/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3686", "zdi_id": "ZDI-16-393" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-392/advisory.json", "detail_path": "advisories/ZDI-16-392", "id": "ZDI-16-392", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-392/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3680", "zdi_id": "ZDI-16-392" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-391/advisory.json", "detail_path": "advisories/ZDI-16-391", "id": "ZDI-16-391", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Foxit Reader GoToR action Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-391/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3657", "zdi_id": "ZDI-16-391" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-390/advisory.json", "detail_path": "advisories/ZDI-16-390", "id": "ZDI-16-390", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio PLC Type Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-390/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3332", "zdi_id": "ZDI-16-390" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-389/advisory.json", "detail_path": "advisories/ZDI-16-389", "id": "ZDI-16-389", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio CommSet Port Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-389/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3340", "zdi_id": "ZDI-16-389" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-388/advisory.json", "detail_path": "advisories/ZDI-16-388", "id": "ZDI-16-388", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio Address Name Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-388/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3341", "zdi_id": "ZDI-16-388" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-387/advisory.json", "detail_path": "advisories/ZDI-16-387", "id": "ZDI-16-387", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio ScreenInfo ScrnName Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-387/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3350", "zdi_id": "ZDI-16-387" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-386/advisory.json", "detail_path": "advisories/ZDI-16-386", "id": "ZDI-16-386", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio String Content Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-386/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3351", "zdi_id": "ZDI-16-386" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-385/advisory.json", "detail_path": "advisories/ZDI-16-385", "id": "ZDI-16-385", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet EnterTime Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-385/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3349", "zdi_id": "ZDI-16-385" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-384/advisory.json", "detail_path": "advisories/ZDI-16-384", "id": "ZDI-16-384", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet ScrIDWordAddr Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-384/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3348", "zdi_id": "ZDI-16-384" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-383/advisory.json", "detail_path": "advisories/ZDI-16-383", "id": "ZDI-16-383", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet PowerEnterTime Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-383/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3347", "zdi_id": "ZDI-16-383" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-382/advisory.json", "detail_path": "advisories/ZDI-16-382", "id": "ZDI-16-382", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio ScreenInfo ScrnFile Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-382/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3342", "zdi_id": "ZDI-16-382" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-381/advisory.json", "detail_path": "advisories/ZDI-16-381", "id": "ZDI-16-381", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet HMINAME Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-381/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3343", "zdi_id": "ZDI-16-381" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-380/advisory.json", "detail_path": "advisories/ZDI-16-380", "id": "ZDI-16-380", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet BgOnOffBitAddr Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-380/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3344", "zdi_id": "ZDI-16-380" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-379/advisory.json", "detail_path": "advisories/ZDI-16-379", "id": "ZDI-16-379", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio BaseSet CurScrIdAddr Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-379/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3345", "zdi_id": "ZDI-16-379" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-378/advisory.json", "detail_path": "advisories/ZDI-16-378", "id": "ZDI-16-378", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio HmiSet Style Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-378/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3346", "zdi_id": "ZDI-16-378" }, { "cve": null, "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-377/advisory.json", "detail_path": "advisories/ZDI-16-377", "id": "ZDI-16-377", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "(0Day) WECON LeviStudio HmiSet Type Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-377/", "vendor": "WECON", "vendor_url": null, "zdi_can": "ZDI-CAN-3445", "zdi_id": "ZDI-16-377" }, { "cve": "CVE-2016-3443", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak arbitrary information on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-376/advisory.json", "detail_path": "advisories/ZDI-16-376", "id": "ZDI-16-376", "kind": "published", "published_date": "2016-06-29", "status": "published", "title": "Oracle Java Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-376/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3467", "zdi_id": "ZDI-16-376" }, { "cve": "CVE-2016-4519", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-375/advisory.json", "detail_path": "advisories/ZDI-16-375", "id": "ZDI-16-375", "kind": "published", "published_date": "2016-06-24", "status": "published", "title": "Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-375/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-3713", "zdi_id": "ZDI-16-375" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RulesMetaData's addNewRu...", "detail_json": "/data/advisories/ZDI-16-374/advisory.json", "detail_path": "advisories/ZDI-16-374", "id": "ZDI-16-374", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Server RulesMetaData addNewRule SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-374/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3398", "zdi_id": "ZDI-16-374" }, { "cve": "CVE-2016-5840", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability. The specific flaw exists within hotfix_upload.cgi. The vulnerability is c...", "detail_json": "/data/advisories/ZDI-16-373/advisory.json", "detail_path": "advisories/ZDI-16-373", "id": "ZDI-16-373", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-373/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3567", "zdi_id": "ZDI-16-373" }, { "cve": "CVE-2016-3231", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Diagnostics Hub Standard Collector. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...", "detail_json": "/data/advisories/ZDI-16-372/advisory.json", "detail_path": "advisories/ZDI-16-372", "id": "ZDI-16-372", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "(Pwn2Own) Microsoft Windows Diagnostics Hub Standard Collector Directory Traversal Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-372/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3622", "zdi_id": "ZDI-16-372" }, { "cve": "CVE-2016-3222", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-371/advisory.json", "detail_path": "advisories/ZDI-16-371", "id": "ZDI-16-371", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "Microsoft Edge CBaseScriptable PrivateQueryInterface Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-371/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3665", "zdi_id": "ZDI-16-371" }, { "cve": "CVE-2016-3215", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-16-370/advisory.json", "detail_path": "advisories/ZDI-16-370", "id": "ZDI-16-370", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "Microsoft Windows PDF Library JPEG2000 COD Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-370/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3810", "zdi_id": "ZDI-16-370" }, { "cve": "CVE-2016-3203", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-16-369/advisory.json", "detail_path": "advisories/ZDI-16-369", "id": "ZDI-16-369", "kind": "published", "published_date": "2016-06-22", "status": "published", "title": "Microsoft Windows PDF Library AES Encryption Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-369/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3811", "zdi_id": "ZDI-16-369" }, { "cve": "CVE-2016-3199", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-368/advisory.json", "detail_path": "advisories/ZDI-16-368", "id": "ZDI-16-368", "kind": "published", "published_date": "2016-06-16", "status": "published", "title": "Microsoft Edge JavaScript map Method Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-368/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3651", "zdi_id": "ZDI-16-368" }, { "cve": "CVE-2016-3199", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-367/advisory.json", "detail_path": "advisories/ZDI-16-367", "id": "ZDI-16-367", "kind": "published", "published_date": "2016-06-16", "status": "published", "title": "Microsoft Edge JavaScript filter Method Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-367/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3650", "zdi_id": "ZDI-16-367" }, { "cve": "CVE-2016-3211", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-366/advisory.json", "detail_path": "advisories/ZDI-16-366", "id": "ZDI-16-366", "kind": "published", "published_date": "2016-06-16", "status": "published", "title": "Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-366/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3539", "zdi_id": "ZDI-16-366" }, { "cve": "CVE-2016-0200", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-365/advisory.json", "detail_path": "advisories/ZDI-16-365", "id": "ZDI-16-365", "kind": "published", "published_date": "2016-06-15", "status": "published", "title": "Microsoft Internet Explorer s_DestroyLinkCallback Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-365/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3666", "zdi_id": "ZDI-16-365" }, { "cve": "CVE-2016-4360", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the import_csv functionali...", "detail_json": "/data/advisories/ZDI-16-364/advisory.json", "detail_path": "advisories/ZDI-16-364", "id": "ZDI-16-364", "kind": "published", "published_date": "2016-06-03", "status": "published", "title": "Hewlett Packard Enterprise LoadRunner Virtual Table Server import_csv Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-364/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3555", "zdi_id": "ZDI-16-364" }, { "cve": "CVE-2016-4359", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within mchan.dll when constructin...", "detail_json": "/data/advisories/ZDI-16-363/advisory.json", "detail_path": "advisories/ZDI-16-363", "id": "ZDI-16-363", "kind": "published", "published_date": "2016-06-03", "status": "published", "title": "Hewlett Packard Enterprise LoadRunner Shared Memory Name Construction Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-363/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3516", "zdi_id": "ZDI-16-363" }, { "cve": "CVE-2016-4800", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eclipse Jetty. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the ContextHandler class restricts access...", "detail_json": "/data/advisories/ZDI-16-362/advisory.json", "detail_path": "advisories/ZDI-16-362", "id": "ZDI-16-362", "kind": "published", "published_date": "2016-06-03", "status": "published", "title": "Eclipse Jetty Protected Resource Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-362/", "vendor": "Eclipse", "vendor_url": null, "zdi_can": "ZDI-CAN-3707", "zdi_id": "ZDI-16-362" }, { "cve": "CVE-2016-1796", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-16-361/advisory.json", "detail_path": "advisories/ZDI-16-361", "id": "ZDI-16-361", "kind": "published", "published_date": "2016-05-27", "status": "published", "title": "(Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-361/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3605", "zdi_id": "ZDI-16-361" }, { "cve": "CVE-2016-1797", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sandbox policy for the fontd process. The issue l...", "detail_json": "/data/advisories/ZDI-16-360/advisory.json", "detail_path": "advisories/ZDI-16-360", "id": "ZDI-16-360", "kind": "published", "published_date": "2016-05-27", "status": "published", "title": "(Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-360/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3606", "zdi_id": "ZDI-16-360" }, { "cve": "CVE-2016-1094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-359/advisory.json", "detail_path": "advisories/ZDI-16-359", "id": "ZDI-16-359", "kind": "published", "published_date": "2016-05-26", "status": "published", "title": "Adobe Reader DC FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-359/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3699", "zdi_id": "ZDI-16-359" }, { "cve": "CVE-2016-1804", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-358/advisory.json", "detail_path": "advisories/ZDI-16-358", "id": "ZDI-16-358", "kind": "published", "published_date": "2016-05-26", "status": "published", "title": "(Pwn2Own) Apple OS X WindowServer Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-358/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3611", "zdi_id": "ZDI-16-358" }, { "cve": "CVE-2016-3088", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Authentication may or may not be required to exploit this vulnerability, according to how the product has been configured. The specific flaw e...", "detail_json": "/data/advisories/ZDI-16-357/advisory.json", "detail_path": "advisories/ZDI-16-357", "id": "ZDI-16-357", "kind": "published", "published_date": "2016-05-24", "status": "published", "title": "Apache ActiveMQ MOVE Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-357/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-3600", "zdi_id": "ZDI-16-357" }, { "cve": "CVE-2016-3088", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Authentication may or may not be required to exploit this vulnerability, depending on how the product has been configured. The specific flaw e...", "detail_json": "/data/advisories/ZDI-16-356/advisory.json", "detail_path": "advisories/ZDI-16-356", "id": "ZDI-16-356", "kind": "published", "published_date": "2016-05-24", "status": "published", "title": "Apache ActiveMQ Fileserver File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-356/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-3696", "zdi_id": "ZDI-16-356" }, { "cve": "CVE-2016-0186", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-355/advisory.json", "detail_path": "advisories/ZDI-16-355", "id": "ZDI-16-355", "kind": "published", "published_date": "2016-05-24", "status": "published", "title": "Microsoft Edge JavaScript unshift Method Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-355/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3660", "zdi_id": "ZDI-16-355" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-354/advisory.json", "detail_path": "advisories/ZDI-16-354", "id": "ZDI-16-354", "kind": "published", "published_date": "2016-05-24", "status": "published", "title": "(0Day) ActivePDF Toolkit ImageToPDF IAT Overwrite Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-354/", "vendor": "ActivePDF", "vendor_url": null, "zdi_can": "ZDI-CAN-3123", "zdi_id": "ZDI-16-354" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-353/advisory.json", "detail_path": "advisories/ZDI-16-353", "id": "ZDI-16-353", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "BitTorrent API Cross Site Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-353/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-3544", "zdi_id": "ZDI-16-353" }, { "cve": "CVE-2016-1859", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-352/advisory.json", "detail_path": "advisories/ZDI-16-352", "id": "ZDI-16-352", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "(Pwn2Own) Apple Safari GraphicsContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-352/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3610", "zdi_id": "ZDI-16-352" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing...", "detail_json": "/data/advisories/ZDI-16-351/advisory.json", "detail_path": "advisories/ZDI-16-351", "id": "ZDI-16-351", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance domains Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-351/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3355", "zdi_id": "ZDI-16-351" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the /rest/wmi_d...", "detail_json": "/data/advisories/ZDI-16-350/advisory.json", "detail_path": "advisories/ZDI-16-350", "id": "ZDI-16-350", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance wmi_domain_controllers Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-350/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3514", "zdi_id": "ZDI-16-350" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing...", "detail_json": "/data/advisories/ZDI-16-349/advisory.json", "detail_path": "advisories/ZDI-16-349", "id": "ZDI-16-349", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance testConfiguration Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-349/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3338", "zdi_id": "ZDI-16-349" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security. Authentication is required to exploit this vulnerability. The specific flaw exists within the ManagePatches servlet. The vu...", "detail_json": "/data/advisories/ZDI-16-348/advisory.json", "detail_path": "advisories/ZDI-16-348", "id": "ZDI-16-348", "kind": "published", "published_date": "2016-05-20", "status": "published", "title": "Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-348/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3566", "zdi_id": "ZDI-16-348" }, { "cve": "CVE-2016-1820", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-347/advisory.json", "detail_path": "advisories/ZDI-16-347", "id": "ZDI-16-347", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "Apple OS X IOAudioFamily Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-347/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3603", "zdi_id": "ZDI-16-347" }, { "cve": "CVE-2016-1806", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-346/advisory.json", "detail_path": "advisories/ZDI-16-346", "id": "ZDI-16-346", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "(Pwn2Own) Apple OS X SubmitDiagInfo Arbitrary Directory Creation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-346/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3607", "zdi_id": "ZDI-16-346" }, { "cve": "CVE-2016-1815", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-345/advisory.json", "detail_path": "advisories/ZDI-16-345", "id": "ZDI-16-345", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "(Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-345/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3620", "zdi_id": "ZDI-16-345" }, { "cve": "CVE-2016-1826", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-344/advisory.json", "detail_path": "advisories/ZDI-16-344", "id": "ZDI-16-344", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "Apple OS X DTrace Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-344/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3564", "zdi_id": "ZDI-16-344" }, { "cve": "CVE-2016-1857", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-343/advisory.json", "detail_path": "advisories/ZDI-16-343", "id": "ZDI-16-343", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "(Pwn2Own) Apple Safari ArrayStorage DFG Optimization Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-343/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3619", "zdi_id": "ZDI-16-343" }, { "cve": "CVE-2016-1856", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-342/advisory.json", "detail_path": "advisories/ZDI-16-342", "id": "ZDI-16-342", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "(Pwn2Own) Apple Safari TextTrack Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-342/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3604", "zdi_id": "ZDI-16-342" }, { "cve": "CVE-2016-1854", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-341/advisory.json", "detail_path": "advisories/ZDI-16-341", "id": "ZDI-16-341", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "Apple Safari DataCue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-341/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3576", "zdi_id": "ZDI-16-341" }, { "cve": "CVE-2016-1817", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-340/advisory.json", "detail_path": "advisories/ZDI-16-340", "id": "ZDI-16-340", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-340/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3536", "zdi_id": "ZDI-16-340" }, { "cve": "CVE-2016-1803", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within CoreCaptur...", "detail_json": "/data/advisories/ZDI-16-339/advisory.json", "detail_path": "advisories/ZDI-16-339", "id": "ZDI-16-339", "kind": "published", "published_date": "2016-05-19", "status": "published", "title": "Apple OS X IOKit CoreCaptureResponder Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-339/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3565", "zdi_id": "ZDI-16-339" }, { "cve": "CVE-2016-0186", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-338/advisory.json", "detail_path": "advisories/ZDI-16-338", "id": "ZDI-16-338", "kind": "published", "published_date": "2016-05-18", "status": "published", "title": "Microsoft Edge JavaScript shift Method Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-338/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3658", "zdi_id": "ZDI-16-338" }, { "cve": "CVE-2016-4496", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-337/advisory.json", "detail_path": "advisories/ZDI-16-337", "id": "ZDI-16-337", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro SCTASK Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-337/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3538", "zdi_id": "ZDI-16-337" }, { "cve": "CVE-2016-4496", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-336/advisory.json", "detail_path": "advisories/ZDI-16-336", "id": "ZDI-16-336", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro SelectFCS Array Indexing Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-336/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3502", "zdi_id": "ZDI-16-336" }, { "cve": "CVE-2016-4496", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-335/advisory.json", "detail_path": "advisories/ZDI-16-335", "id": "ZDI-16-335", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro ReleaseBuffer Integer Overflow Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-335/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3503", "zdi_id": "ZDI-16-335" }, { "cve": "CVE-2016-4497", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-334/advisory.json", "detail_path": "advisories/ZDI-16-334", "id": "ZDI-16-334", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-334/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3504", "zdi_id": "ZDI-16-334" }, { "cve": "CVE-2016-4496", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-333/advisory.json", "detail_path": "advisories/ZDI-16-333", "id": "ZDI-16-333", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro createLoadContent Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-333/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3505", "zdi_id": "ZDI-16-333" }, { "cve": "CVE-2016-4498", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-332/advisory.json", "detail_path": "advisories/ZDI-16-332", "id": "ZDI-16-332", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro CPlcSetting::Load Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-332/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3456", "zdi_id": "ZDI-16-332" }, { "cve": "CVE-2016-4499", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-331/advisory.json", "detail_path": "advisories/ZDI-16-331", "id": "ZDI-16-331", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro GetBlock Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-331/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3501", "zdi_id": "ZDI-16-331" }, { "cve": "CVE-2016-4499", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-330/advisory.json", "detail_path": "advisories/ZDI-16-330", "id": "ZDI-16-330", "kind": "published", "published_date": "2016-05-11", "status": "published", "title": "Panasonic FPWIN Pro OPNISAMX Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-330/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-3446", "zdi_id": "ZDI-16-330" }, { "cve": "CVE-2016-1095", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-329/advisory.json", "detail_path": "advisories/ZDI-16-329", "id": "ZDI-16-329", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-of-Bounds Read Information DIsclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-329/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3633", "zdi_id": "ZDI-16-329" }, { "cve": "CVE-2016-1094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-328/advisory.json", "detail_path": "advisories/ZDI-16-328", "id": "ZDI-16-328", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-328/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3602", "zdi_id": "ZDI-16-328" }, { "cve": "CVE-2016-1080", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-327/advisory.json", "detail_path": "advisories/ZDI-16-327", "id": "ZDI-16-327", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion TIFF TAGTYPE Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-327/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3571", "zdi_id": "ZDI-16-327" }, { "cve": "CVE-2016-1079", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-16-326/advisory.json", "detail_path": "advisories/ZDI-16-326", "id": "ZDI-16-326", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC app.removeToolButton Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-326/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3569", "zdi_id": "ZDI-16-326" }, { "cve": "CVE-2016-1078", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-325/advisory.json", "detail_path": "advisories/ZDI-16-325", "id": "ZDI-16-325", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC JPEG2000 ihdr Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-325/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3540", "zdi_id": "ZDI-16-325" }, { "cve": "CVE-2016-1076", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-324/advisory.json", "detail_path": "advisories/ZDI-16-324", "id": "ZDI-16-324", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-324/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3557", "zdi_id": "ZDI-16-324" }, { "cve": "CVE-2016-1075", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-323/advisory.json", "detail_path": "advisories/ZDI-16-323", "id": "ZDI-16-323", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XObject Image Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-323/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3520", "zdi_id": "ZDI-16-323" }, { "cve": "CVE-2016-1074", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-322/advisory.json", "detail_path": "advisories/ZDI-16-322", "id": "ZDI-16-322", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC U3D Parsing Out-Of-Bound Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-322/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3522", "zdi_id": "ZDI-16-322" }, { "cve": "CVE-2016-1073", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-321/advisory.json", "detail_path": "advisories/ZDI-16-321", "id": "ZDI-16-321", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-321/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3508", "zdi_id": "ZDI-16-321" }, { "cve": "CVE-2016-1072", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-16-320/advisory.json", "detail_path": "advisories/ZDI-16-320", "id": "ZDI-16-320", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA Page Array Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-320/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3507", "zdi_id": "ZDI-16-320" }, { "cve": "CVE-2016-1071", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-319/advisory.json", "detail_path": "advisories/ZDI-16-319", "id": "ZDI-16-319", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC U3D Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-319/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3541", "zdi_id": "ZDI-16-319" }, { "cve": "CVE-2016-1070", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-318/advisory.json", "detail_path": "advisories/ZDI-16-318", "id": "ZDI-16-318", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Share For Comments Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-318/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3534", "zdi_id": "ZDI-16-318" }, { "cve": "CVE-2016-1069", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-317/advisory.json", "detail_path": "advisories/ZDI-16-317", "id": "ZDI-16-317", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Calculate field action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-317/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3523", "zdi_id": "ZDI-16-317" }, { "cve": "CVE-2016-1068", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-316/advisory.json", "detail_path": "advisories/ZDI-16-316", "id": "ZDI-16-316", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Text field Validate action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-316/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3527", "zdi_id": "ZDI-16-316" }, { "cve": "CVE-2016-1067", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-315/advisory.json", "detail_path": "advisories/ZDI-16-315", "id": "ZDI-16-315", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC ComboBox field Format action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-315/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3524", "zdi_id": "ZDI-16-315" }, { "cve": "CVE-2016-1766", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-314/advisory.json", "detail_path": "advisories/ZDI-16-314", "id": "ZDI-16-314", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Apple iOS MDM Profile Signing Bypass", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-314/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3429", "zdi_id": "ZDI-16-314" }, { "cve": "CVE-2016-1066", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-313/advisory.json", "detail_path": "advisories/ZDI-16-313", "id": "ZDI-16-313", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC ListBox Selection Change action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-313/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3519", "zdi_id": "ZDI-16-313" }, { "cve": "CVE-2016-1065", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-16-312/advisory.json", "detail_path": "advisories/ZDI-16-312", "id": "ZDI-16-312", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-312/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3517", "zdi_id": "ZDI-16-312" }, { "cve": "CVE-2016-1063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-311/advisory.json", "detail_path": "advisories/ZDI-16-311", "id": "ZDI-16-311", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-311/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3410", "zdi_id": "ZDI-16-311" }, { "cve": "CVE-2016-1062", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-16-310/advisory.json", "detail_path": "advisories/ZDI-16-310", "id": "ZDI-16-310", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC WillClose JavaScript API Restrictions Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-310/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3491", "zdi_id": "ZDI-16-310" }, { "cve": "CVE-2016-1061", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-309/advisory.json", "detail_path": "advisories/ZDI-16-309", "id": "ZDI-16-309", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC Global setPersistent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-309/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3494", "zdi_id": "ZDI-16-309" }, { "cve": "CVE-2016-1060", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-308/advisory.json", "detail_path": "advisories/ZDI-16-308", "id": "ZDI-16-308", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC MenuEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-308/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3483", "zdi_id": "ZDI-16-308" }, { "cve": "CVE-2016-1059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-307/advisory.json", "detail_path": "advisories/ZDI-16-307", "id": "ZDI-16-307", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC ExtendScript ScriptProxy Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-307/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3485", "zdi_id": "ZDI-16-307" }, { "cve": "CVE-2016-1058", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-306/advisory.json", "detail_path": "advisories/ZDI-16-306", "id": "ZDI-16-306", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC ToolEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-306/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3486", "zdi_id": "ZDI-16-306" }, { "cve": "CVE-2016-1057", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-305/advisory.json", "detail_path": "advisories/ZDI-16-305", "id": "ZDI-16-305", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC ScrollWheelEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-305/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3484", "zdi_id": "ZDI-16-305" }, { "cve": "CVE-2016-1056", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-304/advisory.json", "detail_path": "advisories/ZDI-16-304", "id": "ZDI-16-304", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC RenderEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-304/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3482", "zdi_id": "ZDI-16-304" }, { "cve": "CVE-2016-1055", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-303/advisory.json", "detail_path": "advisories/ZDI-16-303", "id": "ZDI-16-303", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC execDialog Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-303/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3477", "zdi_id": "ZDI-16-303" }, { "cve": "CVE-2016-1054", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-302/advisory.json", "detail_path": "advisories/ZDI-16-302", "id": "ZDI-16-302", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC WillSave OCG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-302/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3479", "zdi_id": "ZDI-16-302" }, { "cve": "CVE-2016-1053", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-301/advisory.json", "detail_path": "advisories/ZDI-16-301", "id": "ZDI-16-301", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC listbox value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-301/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3478", "zdi_id": "ZDI-16-301" }, { "cve": "CVE-2016-1052", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-300/advisory.json", "detail_path": "advisories/ZDI-16-300", "id": "ZDI-16-300", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC fillColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-300/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3476", "zdi_id": "ZDI-16-300" }, { "cve": "CVE-2016-1051", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat DC Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-299/advisory.json", "detail_path": "advisories/ZDI-16-299", "id": "ZDI-16-299", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC WillSave Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-299/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3475", "zdi_id": "ZDI-16-299" }, { "cve": "CVE-2016-1050", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-298/advisory.json", "detail_path": "advisories/ZDI-16-298", "id": "ZDI-16-298", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Close Page Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-298/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3474", "zdi_id": "ZDI-16-298" }, { "cve": "CVE-2016-1049", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-297/advisory.json", "detail_path": "advisories/ZDI-16-297", "id": "ZDI-16-297", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA preOpen Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-297/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3480", "zdi_id": "ZDI-16-297" }, { "cve": "CVE-2016-1048", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-296/advisory.json", "detail_path": "advisories/ZDI-16-296", "id": "ZDI-16-296", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA Page prePrint Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-296/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3481", "zdi_id": "ZDI-16-296" }, { "cve": "CVE-2016-1047", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-295/advisory.json", "detail_path": "advisories/ZDI-16-295", "id": "ZDI-16-295", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Pro DC Signature signatureSetSeed Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-295/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3487", "zdi_id": "ZDI-16-295" }, { "cve": "CVE-2016-1046", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-294/advisory.json", "detail_path": "advisories/ZDI-16-294", "id": "ZDI-16-294", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA prePrint Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-294/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3464", "zdi_id": "ZDI-16-294" }, { "cve": "CVE-2016-1045", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-293/advisory.json", "detail_path": "advisories/ZDI-16-293", "id": "ZDI-16-293", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFAFormInstanceManager Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-293/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3451", "zdi_id": "ZDI-16-293" }, { "cve": "CVE-2016-1038", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-292/advisory.json", "detail_path": "advisories/ZDI-16-292", "id": "ZDI-16-292", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewSecurityDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-292/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3424", "zdi_id": "ZDI-16-292" }, { "cve": "CVE-2016-1044", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-291/advisory.json", "detail_path": "advisories/ZDI-16-291", "id": "ZDI-16-291", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewIfOfflineDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-291/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3423", "zdi_id": "ZDI-16-291" }, { "cve": "CVE-2016-1039", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-290/advisory.json", "detail_path": "advisories/ZDI-16-290", "id": "ZDI-16-290", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewCloseDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-290/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3426", "zdi_id": "ZDI-16-290" }, { "cve": "CVE-2016-1040", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC.User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-289/advisory.json", "detail_path": "advisories/ZDI-16-289", "id": "ZDI-16-289", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC Net.HTTP.runTaskSet Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-289/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3428", "zdi_id": "ZDI-16-289" }, { "cve": "CVE-2016-1041", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-288/advisory.json", "detail_path": "advisories/ZDI-16-288", "id": "ZDI-16-288", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC ANAuthenticateResource Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-288/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3427", "zdi_id": "ZDI-16-288" }, { "cve": "CVE-2016-1042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-287/advisory.json", "detail_path": "advisories/ZDI-16-287", "id": "ZDI-16-287", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC ANProxyAuthenticateResource Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-287/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3425", "zdi_id": "ZDI-16-287" }, { "cve": "CVE-2016-1043", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-286/advisory.json", "detail_path": "advisories/ZDI-16-286", "id": "ZDI-16-286", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Reader DC XFA FormCalc replace Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-286/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3414", "zdi_id": "ZDI-16-286" }, { "cve": "CVE-2016-1117", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling URL's passed to app.launchURL....", "detail_json": "/data/advisories/ZDI-16-285/advisory.json", "detail_path": "advisories/ZDI-16-285", "id": "ZDI-16-285", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Adobe Acrobat Reader DC app.launchURL Command Execution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-285/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3365", "zdi_id": "ZDI-16-285" }, { "cve": "CVE-2016-0176", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-284/advisory.json", "detail_path": "advisories/ZDI-16-284", "id": "ZDI-16-284", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows dxgkrnl Kernel Driver Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3627", "zdi_id": "ZDI-16-284" }, { "cve": "CVE-2016-0193", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-283/advisory.json", "detail_path": "advisories/ZDI-16-283", "id": "ZDI-16-283", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge JavaScript fill Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-283/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3626", "zdi_id": "ZDI-16-283" }, { "cve": "CVE-2016-0191", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-282/advisory.json", "detail_path": "advisories/ZDI-16-282", "id": "ZDI-16-282", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Edge JavaScript concat Method Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-282/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3621", "zdi_id": "ZDI-16-282" }, { "cve": "CVE-2016-0175", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-281/advisory.json", "detail_path": "advisories/ZDI-16-281", "id": "ZDI-16-281", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows PFFOBJ::bDeleteLoadRef Font Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-281/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3618", "zdi_id": "ZDI-16-281" }, { "cve": "CVE-2016-0174", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-280/advisory.json", "detail_path": "advisories/ZDI-16-280", "id": "ZDI-16-280", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtGdiGetEmbUFI Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-280/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3617", "zdi_id": "ZDI-16-280" }, { "cve": "CVE-2016-0173", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-279/advisory.json", "detail_path": "advisories/ZDI-16-279", "id": "ZDI-16-279", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows win32kfull.sys Surface Object Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-279/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3615", "zdi_id": "ZDI-16-279" }, { "cve": "CVE-2016-0196", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-278/advisory.json", "detail_path": "advisories/ZDI-16-278", "id": "ZDI-16-278", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "(Pwn2Own) Microsoft Windows xxxEndDeferWindowPosEx Window Use-After-Free Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-278/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3609", "zdi_id": "ZDI-16-278" }, { "cve": "CVE-2016-0185", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-16-277/advisory.json", "detail_path": "advisories/ZDI-16-277", "id": "ZDI-16-277", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Microsoft Windows Media Center .MCL File Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-277/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3568", "zdi_id": "ZDI-16-277" }, { "cve": "CVE-2016-0192", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-276/advisory.json", "detail_path": "advisories/ZDI-16-276", "id": "ZDI-16-276", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Microsoft Internet Explorer AcquireLineBoxBuilderForLayout Null Array Base Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-276/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3509", "zdi_id": "ZDI-16-276" }, { "cve": "CVE-2016-0194", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Microsoft Internet Explorer and disclose file contents. User interaction is required to exploit this vulnerability in that the target must...", "detail_json": "/data/advisories/ZDI-16-275/advisory.json", "detail_path": "advisories/ZDI-16-275", "id": "ZDI-16-275", "kind": "published", "published_date": "2016-05-10", "status": "published", "title": "Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-275/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3506", "zdi_id": "ZDI-16-275" }, { "cve": null, "cvss": 3.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the dtra...", "detail_json": "/data/advisories/ZDI-16-274/advisory.json", "detail_path": "advisories/ZDI-16-274", "id": "ZDI-16-274", "kind": "published", "published_date": "2016-05-04", "status": "published", "title": "Joyent SmartOS dtrace Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-274/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3533", "zdi_id": "ZDI-16-274" }, { "cve": "CVE-2016-1111", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-273/advisory.json", "detail_path": "advisories/ZDI-16-273", "id": "ZDI-16-273", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-273/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3431", "zdi_id": "ZDI-16-273" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-272/advisory.json", "detail_path": "advisories/ZDI-16-272", "id": "ZDI-16-272", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-272/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3379", "zdi_id": "ZDI-16-272" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-271/advisory.json", "detail_path": "advisories/ZDI-16-271", "id": "ZDI-16-271", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-271/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3394", "zdi_id": "ZDI-16-271" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-270/advisory.json", "detail_path": "advisories/ZDI-16-270", "id": "ZDI-16-270", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module FileActionAssignmentServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-270/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3396", "zdi_id": "ZDI-16-270" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-269/advisory.json", "detail_path": "advisories/ZDI-16-269", "id": "ZDI-16-269", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-269/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3397", "zdi_id": "ZDI-16-269" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-268/advisory.json", "detail_path": "advisories/ZDI-16-268", "id": "ZDI-16-268", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-268/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3399", "zdi_id": "ZDI-16-268" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-267/advisory.json", "detail_path": "advisories/ZDI-16-267", "id": "ZDI-16-267", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module BackupMetaData BexDriveUsageSummaryServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-267/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3376", "zdi_id": "ZDI-16-267" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-266/advisory.json", "detail_path": "advisories/ZDI-16-266", "id": "ZDI-16-266", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-266/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3377", "zdi_id": "ZDI-16-266" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-265/advisory.json", "detail_path": "advisories/ZDI-16-265", "id": "ZDI-16-265", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-265/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3378", "zdi_id": "ZDI-16-265" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-264/advisory.json", "detail_path": "advisories/ZDI-16-264", "id": "ZDI-16-264", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-264/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3380", "zdi_id": "ZDI-16-264" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-263/advisory.json", "detail_path": "advisories/ZDI-16-263", "id": "ZDI-16-263", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-263/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3381", "zdi_id": "ZDI-16-263" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-262/advisory.json", "detail_path": "advisories/ZDI-16-262", "id": "ZDI-16-262", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-262/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3382", "zdi_id": "ZDI-16-262" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-261/advisory.json", "detail_path": "advisories/ZDI-16-261", "id": "ZDI-16-261", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module NbuErrorMessageServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-261/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3383", "zdi_id": "ZDI-16-261" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-260/advisory.json", "detail_path": "advisories/ZDI-16-260", "id": "ZDI-16-260", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-260/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3384", "zdi_id": "ZDI-16-260" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-259/advisory.json", "detail_path": "advisories/ZDI-16-259", "id": "ZDI-16-259", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module QuantumMonitorServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-259/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3385", "zdi_id": "ZDI-16-259" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-258/advisory.json", "detail_path": "advisories/ZDI-16-258", "id": "ZDI-16-258", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module DuplicateFilesServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-258/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3386", "zdi_id": "ZDI-16-258" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-257/advisory.json", "detail_path": "advisories/ZDI-16-257", "id": "ZDI-16-257", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-257/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3387", "zdi_id": "ZDI-16-257" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-256/advisory.json", "detail_path": "advisories/ZDI-16-256", "id": "ZDI-16-256", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-256/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3388", "zdi_id": "ZDI-16-256" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-255/advisory.json", "detail_path": "advisories/ZDI-16-255", "id": "ZDI-16-255", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module BackupAssociationServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-255/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3389", "zdi_id": "ZDI-16-255" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-254/advisory.json", "detail_path": "advisories/ZDI-16-254", "id": "ZDI-16-254", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module BackupAssociationServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-254/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3390", "zdi_id": "ZDI-16-254" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-253/advisory.json", "detail_path": "advisories/ZDI-16-253", "id": "ZDI-16-253", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module BackupExceptionsServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-253/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3391", "zdi_id": "ZDI-16-253" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-252/advisory.json", "detail_path": "advisories/ZDI-16-252", "id": "ZDI-16-252", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module ProcessesServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-252/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3392", "zdi_id": "ZDI-16-252" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-251/advisory.json", "detail_path": "advisories/ZDI-16-251", "id": "ZDI-16-251", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-251/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3393", "zdi_id": "ZDI-16-251" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-250/advisory.json", "detail_path": "advisories/ZDI-16-250", "id": "ZDI-16-250", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-250/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3395", "zdi_id": "ZDI-16-250" }, { "cve": "CVE-2016-4350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing o...", "detail_json": "/data/advisories/ZDI-16-249/advisory.json", "detail_path": "advisories/ZDI-16-249", "id": "ZDI-16-249", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-249/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3400", "zdi_id": "ZDI-16-249" }, { "cve": "CVE-2016-4351", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Email Encryption Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication function...", "detail_json": "/data/advisories/ZDI-16-248/advisory.json", "detail_path": "advisories/ZDI-16-248", "id": "ZDI-16-248", "kind": "published", "published_date": "2016-04-28", "status": "published", "title": "Trend Micro Mail Encryption Gateway SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-248/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-3547", "zdi_id": "ZDI-16-248" }, { "cve": "CVE-2016-2007", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which lis...", "detail_json": "/data/advisories/ZDI-16-247/advisory.json", "detail_path": "advisories/ZDI-16-247", "id": "ZDI-16-247", "kind": "published", "published_date": "2016-04-27", "status": "published", "title": "Hewlett Packard Enterprise Data Protector EXEC_SCRIPT Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-247/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3354", "zdi_id": "ZDI-16-247" }, { "cve": "CVE-2016-2006", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which lis...", "detail_json": "/data/advisories/ZDI-16-246/advisory.json", "detail_path": "advisories/ZDI-16-246", "id": "ZDI-16-246", "kind": "published", "published_date": "2016-04-27", "status": "published", "title": "Hewlett Packard Enterprise Data Protector EXEC_BAR Domain Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-246/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3353", "zdi_id": "ZDI-16-246" }, { "cve": "CVE-2016-2005", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which lis...", "detail_json": "/data/advisories/ZDI-16-245/advisory.json", "detail_path": "advisories/ZDI-16-245", "id": "ZDI-16-245", "kind": "published", "published_date": "2016-04-27", "status": "published", "title": "Hewlett Packard Enterprise Data Protector EXEC_BAR User Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-245/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3352", "zdi_id": "ZDI-16-245" }, { "cve": "CVE-2016-2002", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Vertica. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validateAdminConfig handl...", "detail_json": "/data/advisories/ZDI-16-244/advisory.json", "detail_path": "advisories/ZDI-16-244", "id": "ZDI-16-244", "kind": "published", "published_date": "2016-04-15", "status": "published", "title": "Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-244/", "vendor": "Hewlett Packard Enterprise", "vendor_url": null, "zdi_can": "ZDI-CAN-3417", "zdi_id": "ZDI-16-244" }, { "cve": "CVE-2016-1651", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-243/advisory.json", "detail_path": "advisories/ZDI-16-243", "id": "ZDI-16-243", "kind": "published", "published_date": "2016-04-15", "status": "published", "title": "Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-243/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3594", "zdi_id": "ZDI-16-243" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-242/advisory.json", "detail_path": "advisories/ZDI-16-242", "id": "ZDI-16-242", "kind": "published", "published_date": "2016-04-14", "status": "published", "title": "(0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-242/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3402", "zdi_id": "ZDI-16-242" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-241/advisory.json", "detail_path": "advisories/ZDI-16-241", "id": "ZDI-16-241", "kind": "published", "published_date": "2016-04-14", "status": "published", "title": "(0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-241/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3401", "zdi_id": "ZDI-16-241" }, { "cve": "CVE-2016-2299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batch report requests. The vulnerab...", "detail_json": "/data/advisories/ZDI-16-240/advisory.json", "detail_path": "advisories/ZDI-16-240", "id": "ZDI-16-240", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Ecava IntegraXor Report batch SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-240/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3322", "zdi_id": "ZDI-16-240" }, { "cve": "CVE-2016-2299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batchlist report requests. The vuln...", "detail_json": "/data/advisories/ZDI-16-239/advisory.json", "detail_path": "advisories/ZDI-16-239", "id": "ZDI-16-239", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Ecava IntegraXor Report batchlist SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-239/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3321", "zdi_id": "ZDI-16-239" }, { "cve": "CVE-2016-2299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summary report requests. The vulner...", "detail_json": "/data/advisories/ZDI-16-238/advisory.json", "detail_path": "advisories/ZDI-16-238", "id": "ZDI-16-238", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Ecava IntegraXor Report summary SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-238/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3320", "zdi_id": "ZDI-16-238" }, { "cve": "CVE-2016-2299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of save report requests. The vulnerabi...", "detail_json": "/data/advisories/ZDI-16-237/advisory.json", "detail_path": "advisories/ZDI-16-237", "id": "ZDI-16-237", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Ecava IntegraXor Report save SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-237/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3326", "zdi_id": "ZDI-16-237" }, { "cve": "CVE-2016-2299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summary_opt report requests. The vu...", "detail_json": "/data/advisories/ZDI-16-236/advisory.json", "detail_path": "advisories/ZDI-16-236", "id": "ZDI-16-236", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Ecava IntegraXor Report summary_opt SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-236/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-3325", "zdi_id": "ZDI-16-236" }, { "cve": "CVE-2016-1034", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Creative Cloud. Authentication is not required to exploit this vulnerability. The application exposes a services that listens on a random TCP port. The l...", "detail_json": "/data/advisories/ZDI-16-235/advisory.json", "detail_path": "advisories/ZDI-16-235", "id": "ZDI-16-235", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Adobe Creative Cloud Node.js Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-235/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3543", "zdi_id": "ZDI-16-235" }, { "cve": "CVE-2016-0148", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious dir...", "detail_json": "/data/advisories/ZDI-16-234/advisory.json", "detail_path": "advisories/ZDI-16-234", "id": "ZDI-16-234", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft .NET Framework mscoreei DLL Planting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-234/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3578", "zdi_id": "ZDI-16-234" }, { "cve": "CVE-2016-0158", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary script code into arbitrary domains on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-16-233/advisory.json", "detail_path": "advisories/ZDI-16-233", "id": "ZDI-16-233", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft Edge Proxy Object Universal Cross Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-233/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3529", "zdi_id": "ZDI-16-233" }, { "cve": "CVE-2016-0157", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnera...", "detail_json": "/data/advisories/ZDI-16-232/advisory.json", "detail_path": "advisories/ZDI-16-232", "id": "ZDI-16-232", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft Edge keyframes Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-232/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3471", "zdi_id": "ZDI-16-232" }, { "cve": "CVE-2016-0159", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-231/advisory.json", "detail_path": "advisories/ZDI-16-231", "id": "ZDI-16-231", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-231/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3422", "zdi_id": "ZDI-16-231" }, { "cve": "CVE-2016-0166", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-230/advisory.json", "detail_path": "advisories/ZDI-16-230", "id": "ZDI-16-230", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft Internet Explorer CMediaEngine Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-230/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3404", "zdi_id": "ZDI-16-230" }, { "cve": "CVE-2015-6065", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-229/advisory.json", "detail_path": "advisories/ZDI-16-229", "id": "ZDI-16-229", "kind": "published", "published_date": "2016-04-12", "status": "published", "title": "Microsoft Internet Explorer CAttrValue Double-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-229/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3366", "zdi_id": "ZDI-16-229" }, { "cve": "CVE-2016-1018", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-228/advisory.json", "detail_path": "advisories/ZDI-16-228", "id": "ZDI-16-228", "kind": "published", "published_date": "2016-04-08", "status": "published", "title": "(Pwn2Own) Adobe Flash JPEG-XR Parsing Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-228/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3616", "zdi_id": "ZDI-16-228" }, { "cve": "CVE-2016-1015", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-227/advisory.json", "detail_path": "advisories/ZDI-16-227", "id": "ZDI-16-227", "kind": "published", "published_date": "2016-04-08", "status": "published", "title": "(Pwn2Own) Adobe Flash AS2 NetConnection Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-227/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3608", "zdi_id": "ZDI-16-227" }, { "cve": "CVE-2016-1016", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-226/advisory.json", "detail_path": "advisories/ZDI-16-226", "id": "ZDI-16-226", "kind": "published", "published_date": "2016-04-08", "status": "published", "title": "(Pwn2Own) Adobe Flash AS2 Transform matrix Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-226/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3613", "zdi_id": "ZDI-16-226" }, { "cve": "CVE-2016-1017", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-225/advisory.json", "detail_path": "advisories/ZDI-16-225", "id": "ZDI-16-225", "kind": "published", "published_date": "2016-04-08", "status": "published", "title": "(Pwn2Own) Adobe Flash AS2 LoadVars decode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-225/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3614", "zdi_id": "ZDI-16-225" }, { "cve": "CVE-2016-1649", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-224/advisory.json", "detail_path": "advisories/ZDI-16-224", "id": "ZDI-16-224", "kind": "published", "published_date": "2016-04-08", "status": "published", "title": "Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-224/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3623", "zdi_id": "ZDI-16-224" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HID Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discoveryd service. The issue lies in the failure t...", "detail_json": "/data/advisories/ZDI-16-223/advisory.json", "detail_path": "advisories/ZDI-16-223", "id": "ZDI-16-223", "kind": "published", "published_date": "2016-03-28", "status": "published", "title": "HID VertX/Edge discoveryd Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-223/", "vendor": "HID", "vendor_url": null, "zdi_can": "ZDI-CAN-3177", "zdi_id": "ZDI-16-223" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-16-222/advisory.json", "detail_path": "advisories/ZDI-16-222", "id": "ZDI-16-222", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader Fields Format Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-222/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3406", "zdi_id": "ZDI-16-222" }, { "cve": "CVE-2016-4059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-221/advisory.json", "detail_path": "advisories/ZDI-16-221", "id": "ZDI-16-221", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-221/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3572", "zdi_id": "ZDI-16-221" }, { "cve": "CVE-2016-4063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-220/advisory.json", "detail_path": "advisories/ZDI-16-220", "id": "ZDI-16-220", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader Revision Number Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-220/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3551", "zdi_id": "ZDI-16-220" }, { "cve": "CVE-2016-4063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-219/advisory.json", "detail_path": "advisories/ZDI-16-219", "id": "ZDI-16-219", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader Revision Number Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-219/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3552", "zdi_id": "ZDI-16-219" }, { "cve": "CVE-2016-4065", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-218/advisory.json", "detail_path": "advisories/ZDI-16-218", "id": "ZDI-16-218", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-218/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3560", "zdi_id": "ZDI-16-218" }, { "cve": "CVE-2016-4065", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-217/advisory.json", "detail_path": "advisories/ZDI-16-217", "id": "ZDI-16-217", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-217/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3559", "zdi_id": "ZDI-16-217" }, { "cve": "CVE-2016-4065", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-216/advisory.json", "detail_path": "advisories/ZDI-16-216", "id": "ZDI-16-216", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader ConvertToPDF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-216/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3561", "zdi_id": "ZDI-16-216" }, { "cve": "CVE-2016-4064", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-215/advisory.json", "detail_path": "advisories/ZDI-16-215", "id": "ZDI-16-215", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader XFA remerge Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-215/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3521", "zdi_id": "ZDI-16-215" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-214/advisory.json", "detail_path": "advisories/ZDI-16-214", "id": "ZDI-16-214", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit PhantomPDF ListBox value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-214/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3537", "zdi_id": "ZDI-16-214" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-213/advisory.json", "detail_path": "advisories/ZDI-16-213", "id": "ZDI-16-213", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader XFA preOpen Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-213/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3518", "zdi_id": "ZDI-16-213" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-212/advisory.json", "detail_path": "advisories/ZDI-16-212", "id": "ZDI-16-212", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit PhantomPDF Signature field Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-212/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3528", "zdi_id": "ZDI-16-212" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-211/advisory.json", "detail_path": "advisories/ZDI-16-211", "id": "ZDI-16-211", "kind": "published", "published_date": "2016-03-23", "status": "published", "title": "Foxit Reader XFA Page prePrint Event Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-211/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3498", "zdi_id": "ZDI-16-211" }, { "cve": "CVE-2016-0226", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-16-210/advisory.json", "detail_path": "advisories/ZDI-16-210", "id": "ZDI-16-210", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "IBM Informix portmap Service Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-210/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3459", "zdi_id": "ZDI-16-210" }, { "cve": "CVE-2016-0226", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-16-209/advisory.json", "detail_path": "advisories/ZDI-16-209", "id": "ZDI-16-209", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "IBM Informix nsrexecd Service Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-209/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3458", "zdi_id": "ZDI-16-209" }, { "cve": "CVE-2016-0226", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-16-208/advisory.json", "detail_path": "advisories/ZDI-16-208", "id": "ZDI-16-208", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "IBM Informix nsrd Service Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-208/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3457", "zdi_id": "ZDI-16-208" }, { "cve": "CVE-2016-1753", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGeneralM...", "detail_json": "/data/advisories/ZDI-16-207/advisory.json", "detail_path": "advisories/ZDI-16-207", "id": "ZDI-16-207", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X IOGeneralMemoryDescriptor Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-207/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3315", "zdi_id": "ZDI-16-207" }, { "cve": "CVE-2016-1749", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-16-206/advisory.json", "detail_path": "advisories/ZDI-16-206", "id": "ZDI-16-206", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X IOUSBInterfaceUserClient Out-Of-Bounds Indexing Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-206/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3530", "zdi_id": "ZDI-16-206" }, { "cve": "CVE-2016-1747", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGraphics...", "detail_json": "/data/advisories/ZDI-16-205/advisory.json", "detail_path": "advisories/ZDI-16-205", "id": "ZDI-16-205", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X IOGraphicsFamily Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-205/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3453", "zdi_id": "ZDI-16-205" }, { "cve": "CVE-2016-1775", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-204/advisory.json", "detail_path": "advisories/ZDI-16-204", "id": "ZDI-16-204", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X TTF bdat Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-204/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3448", "zdi_id": "ZDI-16-204" }, { "cve": "CVE-2016-1761", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-203/advisory.json", "detail_path": "advisories/ZDI-16-203", "id": "ZDI-16-203", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X XML Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-203/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3420", "zdi_id": "ZDI-16-203" }, { "cve": "CVE-2016-1746", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGraphics...", "detail_json": "/data/advisories/ZDI-16-202/advisory.json", "detail_path": "advisories/ZDI-16-202", "id": "ZDI-16-202", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X IOGraphicsFamily Untrusted Pointer Dereference Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-202/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3489", "zdi_id": "ZDI-16-202" }, { "cve": "CVE-2016-1740", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-16-201/advisory.json", "detail_path": "advisories/ZDI-16-201", "id": "ZDI-16-201", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple OS X PDF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-201/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3460", "zdi_id": "ZDI-16-201" }, { "cve": "CVE-2016-1778", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-200/advisory.json", "detail_path": "advisories/ZDI-16-200", "id": "ZDI-16-200", "kind": "published", "published_date": "2016-03-22", "status": "published", "title": "Apple Safari Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-200/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3449", "zdi_id": "ZDI-16-200" }, { "cve": "CVE-2016-1961", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-199/advisory.json", "detail_path": "advisories/ZDI-16-199", "id": "ZDI-16-199", "kind": "published", "published_date": "2016-03-11", "status": "published", "title": "Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-199/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-3574", "zdi_id": "ZDI-16-199" }, { "cve": "CVE-2016-1960", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-198/advisory.json", "detail_path": "advisories/ZDI-16-198", "id": "ZDI-16-198", "kind": "published", "published_date": "2016-03-11", "status": "published", "title": "Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-198/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-3545", "zdi_id": "ZDI-16-198" }, { "cve": "CVE-2016-1645", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-197/advisory.json", "detail_path": "advisories/ZDI-16-197", "id": "ZDI-16-197", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Google Chrome Pdfium JPEG2000 Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-197/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3563", "zdi_id": "ZDI-16-197" }, { "cve": "CVE-2016-0095", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-196/advisory.json", "detail_path": "advisories/ZDI-16-196", "id": "ZDI-16-196", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Microsoft Windows CreateWindowStation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-196/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3589", "zdi_id": "ZDI-16-196" }, { "cve": null, "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create an invisible browser window on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-16-195/advisory.json", "detail_path": "advisories/ZDI-16-195", "id": "ZDI-16-195", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Microsoft Internet Explorer Hidden Browser Window Restriction Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-195/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2916", "zdi_id": "ZDI-16-195" }, { "cve": "CVE-2016-0994", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-194/advisory.json", "detail_path": "advisories/ZDI-16-194", "id": "ZDI-16-194", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Adobe Flash AS2 actionCallMethod Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-194/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3469", "zdi_id": "ZDI-16-194" }, { "cve": "CVE-2016-0996", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-193/advisory.json", "detail_path": "advisories/ZDI-16-193", "id": "ZDI-16-193", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Adobe Flash setInterval Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-193/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3546", "zdi_id": "ZDI-16-193" }, { "cve": "CVE-2016-1005", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-192/advisory.json", "detail_path": "advisories/ZDI-16-192", "id": "ZDI-16-192", "kind": "published", "published_date": "2016-03-10", "status": "published", "title": "Adobe Flash MPEG-4 Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-192/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3413", "zdi_id": "ZDI-16-192" }, { "cve": "CVE-2016-1009", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-191/advisory.json", "detail_path": "advisories/ZDI-16-191", "id": "ZDI-16-191", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Adobe Reader Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-191/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3253", "zdi_id": "ZDI-16-191" }, { "cve": "CVE-2016-1008", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-16-190/advisory.json", "detail_path": "advisories/ZDI-16-190", "id": "ZDI-16-190", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Adobe Acrobat Pro DC DLL Planting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-190/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3111", "zdi_id": "ZDI-16-190" }, { "cve": "CVE-2016-1007", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-189/advisory.json", "detail_path": "advisories/ZDI-16-189", "id": "ZDI-16-189", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Adobe Reader DC Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-189/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3022", "zdi_id": "ZDI-16-189" }, { "cve": "CVE-2016-0112", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose memory contents on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-188/advisory.json", "detail_path": "advisories/ZDI-16-188", "id": "ZDI-16-188", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer setAttribute Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-188/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3492", "zdi_id": "ZDI-16-188" }, { "cve": "CVE-2016-0114", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-187/advisory.json", "detail_path": "advisories/ZDI-16-187", "id": "ZDI-16-187", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer Input Range Control Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-187/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3499", "zdi_id": "ZDI-16-187" }, { "cve": "CVE-2016-0113", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-186/advisory.json", "detail_path": "advisories/ZDI-16-186", "id": "ZDI-16-186", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer CTravelEntry Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-186/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3472", "zdi_id": "ZDI-16-186" }, { "cve": "CVE-2016-0112", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-185/advisory.json", "detail_path": "advisories/ZDI-16-185", "id": "ZDI-16-185", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3488", "zdi_id": "ZDI-16-185" }, { "cve": "CVE-2016-0109", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-184/advisory.json", "detail_path": "advisories/ZDI-16-184", "id": "ZDI-16-184", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer SNeighborPosition Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3473", "zdi_id": "ZDI-16-184" }, { "cve": "CVE-2016-0107", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-183/advisory.json", "detail_path": "advisories/ZDI-16-183", "id": "ZDI-16-183", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3421", "zdi_id": "ZDI-16-183" }, { "cve": "CVE-2016-0091", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-182/advisory.json", "detail_path": "advisories/ZDI-16-182", "id": "ZDI-16-182", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Windows OleLoadPicture Bitmap Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3433", "zdi_id": "ZDI-16-182" }, { "cve": "CVE-2016-0092", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-181/advisory.json", "detail_path": "advisories/ZDI-16-181", "id": "ZDI-16-181", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Windows OleLoadPicture Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3367", "zdi_id": "ZDI-16-181" }, { "cve": "CVE-2016-0106", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-16-180/advisory.json", "detail_path": "advisories/ZDI-16-180", "id": "ZDI-16-180", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer CDataset RemoveItem Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3455", "zdi_id": "ZDI-16-180" }, { "cve": "CVE-2016-0106", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-16-179/advisory.json", "detail_path": "advisories/ZDI-16-179", "id": "ZDI-16-179", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Internet Explorer CDataset SetItem Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3419", "zdi_id": "ZDI-16-179" }, { "cve": "CVE-2016-0123", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnera...", "detail_json": "/data/advisories/ZDI-16-178/advisory.json", "detail_path": "advisories/ZDI-16-178", "id": "ZDI-16-178", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Edge GetLineBoxForReuse Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-178/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3411", "zdi_id": "ZDI-16-178" }, { "cve": "CVE-2016-0118", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-177/advisory.json", "detail_path": "advisories/ZDI-16-177", "id": "ZDI-16-177", "kind": "published", "published_date": "2016-03-08", "status": "published", "title": "Microsoft Edge CAsyncTpWorker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-177/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3408", "zdi_id": "ZDI-16-177" }, { "cve": "CVE-2016-2536", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-176/advisory.json", "detail_path": "advisories/ZDI-16-176", "id": "ZDI-16-176", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-176/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2975", "zdi_id": "ZDI-16-176" }, { "cve": "CVE-2016-2536", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-175/advisory.json", "detail_path": "advisories/ZDI-16-175", "id": "ZDI-16-175", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-175/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2979", "zdi_id": "ZDI-16-175" }, { "cve": "CVE-2016-2536", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-174/advisory.json", "detail_path": "advisories/ZDI-16-174", "id": "ZDI-16-174", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-174/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2976", "zdi_id": "ZDI-16-174" }, { "cve": "CVE-2016-2536", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-16-173/advisory.json", "detail_path": "advisories/ZDI-16-173", "id": "ZDI-16-173", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-173/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2974", "zdi_id": "ZDI-16-173" }, { "cve": "CVE-2016-1628", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-172/advisory.json", "detail_path": "advisories/ZDI-16-172", "id": "ZDI-16-172", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-172/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3447", "zdi_id": "ZDI-16-172" }, { "cve": "CVE-2016-1626", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-171/advisory.json", "detail_path": "advisories/ZDI-16-171", "id": "ZDI-16-171", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-171/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-3432", "zdi_id": "ZDI-16-171" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Joyent SmartOS. An attacker must be logged in as a user on the system in order to execute the attack. The specific flaw exists within the handling of an SS Exception....", "detail_json": "/data/advisories/ZDI-16-170/advisory.json", "detail_path": "advisories/ZDI-16-170", "id": "ZDI-16-170", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "Joyent SmartOS Linux Zone Escape SS Exception Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-170/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3364", "zdi_id": "ZDI-16-170" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-169/advisory.json", "detail_path": "advisories/ZDI-16-169", "id": "ZDI-16-169", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "Joyent SmartOS dtrace Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-169/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3284", "zdi_id": "ZDI-16-169" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-16-168/advisory.json", "detail_path": "advisories/ZDI-16-168", "id": "ZDI-16-168", "kind": "published", "published_date": "2016-02-18", "status": "published", "title": "Joyent SmartOS dtrace Zone Escape Integer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-168/", "vendor": "Joyent", "vendor_url": null, "zdi_can": "ZDI-CAN-3263", "zdi_id": "ZDI-16-168" }, { "cve": "CVE-2015-5970", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By provi...", "detail_json": "/data/advisories/ZDI-16-167/advisory.json", "detail_path": "advisories/ZDI-16-167", "id": "ZDI-16-167", "kind": "published", "published_date": "2016-02-11", "status": "published", "title": "Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-167/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-3136", "zdi_id": "ZDI-16-167" }, { "cve": "CVE-2016-0063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-166/advisory.json", "detail_path": "advisories/ZDI-16-166", "id": "ZDI-16-166", "kind": "published", "published_date": "2016-02-10", "status": "published", "title": "Microsoft Internet Explorer DOMImplementation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-166/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3403", "zdi_id": "ZDI-16-166" }, { "cve": "CVE-2016-0060", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnera...", "detail_json": "/data/advisories/ZDI-16-165/advisory.json", "detail_path": "advisories/ZDI-16-165", "id": "ZDI-16-165", "kind": "published", "published_date": "2016-02-10", "status": "published", "title": "Microsoft Edge Text Node Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-165/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3368", "zdi_id": "ZDI-16-165" }, { "cve": "CVE-2016-2396", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web a...", "detail_json": "/data/advisories/ZDI-16-164/advisory.json", "detail_path": "advisories/ZDI-16-164", "id": "ZDI-16-164", "kind": "published", "published_date": "2016-02-10", "status": "published", "title": "Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-164/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-3037", "zdi_id": "ZDI-16-164" }, { "cve": "CVE-2016-2397", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cliserver implementatio...", "detail_json": "/data/advisories/ZDI-16-163/advisory.json", "detail_path": "advisories/ZDI-16-163", "id": "ZDI-16-163", "kind": "published", "published_date": "2016-02-10", "status": "published", "title": "Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-163/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-3137", "zdi_id": "ZDI-16-163" }, { "cve": "CVE-2016-0061", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-162/advisory.json", "detail_path": "advisories/ZDI-16-162", "id": "ZDI-16-162", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-162/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3375", "zdi_id": "ZDI-16-162" }, { "cve": "CVE-2016-0973", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-161/advisory.json", "detail_path": "advisories/ZDI-16-161", "id": "ZDI-16-161", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Adobe Flash URLRequest Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-161/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3430", "zdi_id": "ZDI-16-161" }, { "cve": "CVE-2016-0975", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-160/advisory.json", "detail_path": "advisories/ZDI-16-160", "id": "ZDI-16-160", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Adobe Flash instanceof Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-160/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3452", "zdi_id": "ZDI-16-160" }, { "cve": "CVE-2016-0060", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-159/advisory.json", "detail_path": "advisories/ZDI-16-159", "id": "ZDI-16-159", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-159/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3405", "zdi_id": "ZDI-16-159" }, { "cve": "CVE-2016-0062", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-158/advisory.json", "detail_path": "advisories/ZDI-16-158", "id": "ZDI-16-158", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Microsoft Internet Explorer CACPWrap Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-158/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3374", "zdi_id": "ZDI-16-158" }, { "cve": "CVE-2016-0072", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-16-157/advisory.json", "detail_path": "advisories/ZDI-16-157", "id": "ZDI-16-157", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Microsoft Internet Explorer CSVGAnimatedAngle Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-157/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3297", "zdi_id": "ZDI-16-157" }, { "cve": "CVE-2016-0046", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-156/advisory.json", "detail_path": "advisories/ZDI-16-156", "id": "ZDI-16-156", "kind": "published", "published_date": "2016-02-09", "status": "published", "title": "Microsoft Reader Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-156/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3252", "zdi_id": "ZDI-16-156" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local users to elevate to administrator status on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-155/advisory.json", "detail_path": "advisories/ZDI-16-155", "id": "ZDI-16-155", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess Local Escalation Of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-155/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3333", "zdi_id": "ZDI-16-155" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7F IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-154/advisory.json", "detail_path": "advisories/ZDI-16-154", "id": "ZDI-16-154", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-154/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3159", "zdi_id": "ZDI-16-154" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5239 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-153/advisory.json", "detail_path": "advisories/ZDI-16-153", "id": "ZDI-16-153", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess datacore Service datacore.exe ScadaNodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-153/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3187", "zdi_id": "ZDI-16-153" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C75 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-152/advisory.json", "detail_path": "advisories/ZDI-16-152", "id": "ZDI-16-152", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-152/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3165", "zdi_id": "ZDI-16-152" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-151/advisory.json", "detail_path": "advisories/ZDI-16-151", "id": "ZDI-16-151", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-151/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3156", "zdi_id": "ZDI-16-151" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C76 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-150/advisory.json", "detail_path": "advisories/ZDI-16-150", "id": "ZDI-16-150", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-150/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3164", "zdi_id": "ZDI-16-150" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-149/advisory.json", "detail_path": "advisories/ZDI-16-149", "id": "ZDI-16-149", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-149/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3158", "zdi_id": "ZDI-16-149" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C71 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-148/advisory.json", "detail_path": "advisories/ZDI-16-148", "id": "ZDI-16-148", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-148/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3171", "zdi_id": "ZDI-16-148" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C71 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-147/advisory.json", "detail_path": "advisories/ZDI-16-147", "id": "ZDI-16-147", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-147/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3170", "zdi_id": "ZDI-16-147" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-146/advisory.json", "detail_path": "advisories/ZDI-16-146", "id": "ZDI-16-146", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-146/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3155", "zdi_id": "ZDI-16-146" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C83 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-145/advisory.json", "detail_path": "advisories/ZDI-16-145", "id": "ZDI-16-145", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-145/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3161", "zdi_id": "ZDI-16-145" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-144/advisory.json", "detail_path": "advisories/ZDI-16-144", "id": "ZDI-16-144", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-144/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3157", "zdi_id": "ZDI-16-144" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7B IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-143/advisory.json", "detail_path": "advisories/ZDI-16-143", "id": "ZDI-16-143", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-143/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3151", "zdi_id": "ZDI-16-143" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C79 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-142/advisory.json", "detail_path": "advisories/ZDI-16-142", "id": "ZDI-16-142", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-142/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3247", "zdi_id": "ZDI-16-142" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C6D IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-141/advisory.json", "detail_path": "advisories/ZDI-16-141", "id": "ZDI-16-141", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll TagName memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-141/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3169", "zdi_id": "ZDI-16-141" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C74 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-140/advisory.json", "detail_path": "advisories/ZDI-16-140", "id": "ZDI-16-140", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-140/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3168", "zdi_id": "ZDI-16-140" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7D IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-139/advisory.json", "detail_path": "advisories/ZDI-16-139", "id": "ZDI-16-139", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-139/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3162", "zdi_id": "ZDI-16-139" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7B IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-138/advisory.json", "detail_path": "advisories/ZDI-16-138", "id": "ZDI-16-138", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-138/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3249", "zdi_id": "ZDI-16-138" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C76 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-137/advisory.json", "detail_path": "advisories/ZDI-16-137", "id": "ZDI-16-137", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-137/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3166", "zdi_id": "ZDI-16-137" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C76 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-136/advisory.json", "detail_path": "advisories/ZDI-16-136", "id": "ZDI-16-136", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-136/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3163", "zdi_id": "ZDI-16-136" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C79 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-135/advisory.json", "detail_path": "advisories/ZDI-16-135", "id": "ZDI-16-135", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-135/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3248", "zdi_id": "ZDI-16-135" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C74 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-134/advisory.json", "detail_path": "advisories/ZDI-16-134", "id": "ZDI-16-134", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-134/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3167", "zdi_id": "ZDI-16-134" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7E IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-133/advisory.json", "detail_path": "advisories/ZDI-16-133", "id": "ZDI-16-133", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-133/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3160", "zdi_id": "ZDI-16-133" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-132/advisory.json", "detail_path": "advisories/ZDI-16-132", "id": "ZDI-16-132", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service viewdll1.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-132/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3154", "zdi_id": "ZDI-16-132" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5208 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-131/advisory.json", "detail_path": "advisories/ZDI-16-131", "id": "ZDI-16-131", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess datacore Service datacore.exe strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-131/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3181", "zdi_id": "ZDI-16-131" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7C IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-130/advisory.json", "detail_path": "advisories/ZDI-16-130", "id": "ZDI-16-130", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-130/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3153", "zdi_id": "ZDI-16-130" }, { "cve": "CVE-2016-0854", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient...", "detail_json": "/data/advisories/ZDI-16-129/advisory.json", "detail_path": "advisories/ZDI-16-129", "id": "ZDI-16-129", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer saveGeneralFile Arbitrary File Creation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-129/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3128", "zdi_id": "ZDI-16-129" }, { "cve": "CVE-2016-0854", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient...", "detail_json": "/data/advisories/ZDI-16-128/advisory.json", "detail_path": "advisories/ZDI-16-128", "id": "ZDI-16-128", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer ImageUploadHandler Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-128/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3126", "zdi_id": "ZDI-16-128" }, { "cve": "CVE-2016-0854", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient...", "detail_json": "/data/advisories/ZDI-16-127/advisory.json", "detail_path": "advisories/ZDI-16-127", "id": "ZDI-16-127", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer FileUploadHandler Unrestricted File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-127/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3127", "zdi_id": "ZDI-16-127" }, { "cve": "CVE-2016-0855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. In...", "detail_json": "/data/advisories/ZDI-16-126/advisory.json", "detail_path": "advisories/ZDI-16-126", "id": "ZDI-16-126", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer openWidget Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-126/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3133", "zdi_id": "ZDI-16-126" }, { "cve": "CVE-2016-0855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insuffici...", "detail_json": "/data/advisories/ZDI-16-125/advisory.json", "detail_path": "advisories/ZDI-16-125", "id": "ZDI-16-125", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer renameFolder Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-125/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3129", "zdi_id": "ZDI-16-125" }, { "cve": "CVE-2016-0855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insuffici...", "detail_json": "/data/advisories/ZDI-16-124/advisory.json", "detail_path": "advisories/ZDI-16-124", "id": "ZDI-16-124", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer removeFolder Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-124/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3130", "zdi_id": "ZDI-16-124" }, { "cve": "CVE-2016-0855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insuffici...", "detail_json": "/data/advisories/ZDI-16-123/advisory.json", "detail_path": "advisories/ZDI-16-123", "id": "ZDI-16-123", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer addFolder Directory Traversal Arbitrary File Deletion Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-123/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3131", "zdi_id": "ZDI-16-123" }, { "cve": "CVE-2016-0855", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insuffici...", "detail_json": "/data/advisories/ZDI-16-122/advisory.json", "detail_path": "advisories/ZDI-16-122", "id": "ZDI-16-122", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess Dashboard Viewer removeFile Directory Traversal Arbitrary File Deletion Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-122/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3132", "zdi_id": "ZDI-16-122" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-121/advisory.json", "detail_path": "advisories/ZDI-16-121", "id": "ZDI-16-121", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe AlarmMessage strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-121/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3178", "zdi_id": "ZDI-16-121" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-120/advisory.json", "detail_path": "advisories/ZDI-16-120", "id": "ZDI-16-120", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe AlarmMessage sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-120/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3179", "zdi_id": "ZDI-16-120" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-119/advisory.json", "detail_path": "advisories/ZDI-16-119", "id": "ZDI-16-119", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe AlarmMessage strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-119/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3180", "zdi_id": "ZDI-16-119" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523E IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-118/advisory.json", "detail_path": "advisories/ZDI-16-118", "id": "ZDI-16-118", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-118/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3182", "zdi_id": "ZDI-16-118" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523B IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-117/advisory.json", "detail_path": "advisories/ZDI-16-117", "id": "ZDI-16-117", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-117/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3183", "zdi_id": "ZDI-16-117" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523D IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-116/advisory.json", "detail_path": "advisories/ZDI-16-116", "id": "ZDI-16-116", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-116/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3184", "zdi_id": "ZDI-16-116" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523D IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-115/advisory.json", "detail_path": "advisories/ZDI-16-115", "id": "ZDI-16-115", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-115/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3185", "zdi_id": "ZDI-16-115" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523C IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-114/advisory.json", "detail_path": "advisories/ZDI-16-114", "id": "ZDI-16-114", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-114/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3186", "zdi_id": "ZDI-16-114" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x523A IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-113/advisory.json", "detail_path": "advisories/ZDI-16-113", "id": "ZDI-16-113", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-113/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3188", "zdi_id": "ZDI-16-113" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5226 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-112/advisory.json", "detail_path": "advisories/ZDI-16-112", "id": "ZDI-16-112", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-112/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3189", "zdi_id": "ZDI-16-112" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x521D IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-111/advisory.json", "detail_path": "advisories/ZDI-16-111", "id": "ZDI-16-111", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-111/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3190", "zdi_id": "ZDI-16-111" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x521D IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-110/advisory.json", "detail_path": "advisories/ZDI-16-110", "id": "ZDI-16-110", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-110/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3191", "zdi_id": "ZDI-16-110" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x521D IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-109/advisory.json", "detail_path": "advisories/ZDI-16-109", "id": "ZDI-16-109", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-109/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3192", "zdi_id": "ZDI-16-109" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5218 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-108/advisory.json", "detail_path": "advisories/ZDI-16-108", "id": "ZDI-16-108", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-108/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3193", "zdi_id": "ZDI-16-108" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x7920 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-107/advisory.json", "detail_path": "advisories/ZDI-16-107", "id": "ZDI-16-107", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-107/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3194", "zdi_id": "ZDI-16-107" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x7920 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-106/advisory.json", "detail_path": "advisories/ZDI-16-106", "id": "ZDI-16-106", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-106/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3195", "zdi_id": "ZDI-16-106" }, { "cve": "CVE-2016-0858", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x7920 IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-105/advisory.json", "detail_path": "advisories/ZDI-16-105", "id": "ZDI-16-105", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe strcpy Shared Virtual Memory Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-105/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3196", "zdi_id": "ZDI-16-105" }, { "cve": "CVE-2016-0859", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-104/advisory.json", "detail_path": "advisories/ZDI-16-104", "id": "ZDI-16-104", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe ExtDataSize Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-104/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3197", "zdi_id": "ZDI-16-104" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-103/advisory.json", "detail_path": "advisories/ZDI-16-103", "id": "ZDI-16-103", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Path strcat Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-103/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3198", "zdi_id": "ZDI-16-103" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-102/advisory.json", "detail_path": "advisories/ZDI-16-102", "id": "ZDI-16-102", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Path strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-102/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3199", "zdi_id": "ZDI-16-102" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Ke...", "detail_json": "/data/advisories/ZDI-16-101/advisory.json", "detail_path": "advisories/ZDI-16-101", "id": "ZDI-16-101", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess datacore Service datacore.exe Path strcat Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-101/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3200", "zdi_id": "ZDI-16-101" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280A IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-100/advisory.json", "detail_path": "advisories/ZDI-16-100", "id": "ZDI-16-100", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll TagGroup strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-100/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3201", "zdi_id": "ZDI-16-100" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280A IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-099/advisory.json", "detail_path": "advisories/ZDI-16-099", "id": "ZDI-16-099", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll TagGroup strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-099/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3202", "zdi_id": "ZDI-16-099" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280B IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-098/advisory.json", "detail_path": "advisories/ZDI-16-098", "id": "ZDI-16-098", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll TagGroup strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-098/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3203", "zdi_id": "ZDI-16-098" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280B IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-097/advisory.json", "detail_path": "advisories/ZDI-16-097", "id": "ZDI-16-097", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewDll.dll TagGroup strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-097/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3204", "zdi_id": "ZDI-16-097" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280B IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-096/advisory.json", "detail_path": "advisories/ZDI-16-096", "id": "ZDI-16-096", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewDll.dll TagGroup strcat Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-096/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3205", "zdi_id": "ZDI-16-096" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x280B IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-095/advisory.json", "detail_path": "advisories/ZDI-16-095", "id": "ZDI-16-095", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll TagGroup strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-095/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3206", "zdi_id": "ZDI-16-095" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2790 IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-094/advisory.json", "detail_path": "advisories/ZDI-16-094", "id": "ZDI-16-094", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-094/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3207", "zdi_id": "ZDI-16-094" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x278E IOCTL in the Dr...", "detail_json": "/data/advisories/ZDI-16-093/advisory.json", "detail_path": "advisories/ZDI-16-093", "id": "ZDI-16-093", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-093/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3208", "zdi_id": "ZDI-16-093" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2794 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-092/advisory.json", "detail_path": "advisories/ZDI-16-092", "id": "ZDI-16-092", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-092/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3209", "zdi_id": "ZDI-16-092" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-091/advisory.json", "detail_path": "advisories/ZDI-16-091", "id": "ZDI-16-091", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-091/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3210", "zdi_id": "ZDI-16-091" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-090/advisory.json", "detail_path": "advisories/ZDI-16-090", "id": "ZDI-16-090", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-090/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3211", "zdi_id": "ZDI-16-090" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-089/advisory.json", "detail_path": "advisories/ZDI-16-089", "id": "ZDI-16-089", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-089/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3212", "zdi_id": "ZDI-16-089" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-088/advisory.json", "detail_path": "advisories/ZDI-16-088", "id": "ZDI-16-088", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-088/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3213", "zdi_id": "ZDI-16-088" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-087/advisory.json", "detail_path": "advisories/ZDI-16-087", "id": "ZDI-16-087", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-087/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3214", "zdi_id": "ZDI-16-087" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x272F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-086/advisory.json", "detail_path": "advisories/ZDI-16-086", "id": "ZDI-16-086", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-086/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3215", "zdi_id": "ZDI-16-086" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27B3 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-085/advisory.json", "detail_path": "advisories/ZDI-16-085", "id": "ZDI-16-085", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-085/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3216", "zdi_id": "ZDI-16-085" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27B2 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-084/advisory.json", "detail_path": "advisories/ZDI-16-084", "id": "ZDI-16-084", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-084/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3217", "zdi_id": "ZDI-16-084" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27B1 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-083/advisory.json", "detail_path": "advisories/ZDI-16-083", "id": "ZDI-16-083", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-083/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3218", "zdi_id": "ZDI-16-083" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27B0 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-082/advisory.json", "detail_path": "advisories/ZDI-16-082", "id": "ZDI-16-082", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-082/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3219", "zdi_id": "ZDI-16-082" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2731 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-081/advisory.json", "detail_path": "advisories/ZDI-16-081", "id": "ZDI-16-081", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-081/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3220", "zdi_id": "ZDI-16-081" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27AA IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-080/advisory.json", "detail_path": "advisories/ZDI-16-080", "id": "ZDI-16-080", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll TagName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-080/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3221", "zdi_id": "ZDI-16-080" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27A7 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-079/advisory.json", "detail_path": "advisories/ZDI-16-079", "id": "ZDI-16-079", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-079/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3222", "zdi_id": "ZDI-16-079" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2795 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-078/advisory.json", "detail_path": "advisories/ZDI-16-078", "id": "ZDI-16-078", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-078/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3223", "zdi_id": "ZDI-16-078" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x278F IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-077/advisory.json", "detail_path": "advisories/ZDI-16-077", "id": "ZDI-16-077", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-077/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3224", "zdi_id": "ZDI-16-077" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2789 IOCTL in the Vi...", "detail_json": "/data/advisories/ZDI-16-076/advisory.json", "detail_path": "advisories/ZDI-16-076", "id": "ZDI-16-076", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service ViewSrv.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-076/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3225", "zdi_id": "ZDI-16-076" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1117B IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-075/advisory.json", "detail_path": "advisories/ZDI-16-075", "id": "ZDI-16-075", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-075/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3226", "zdi_id": "ZDI-16-075" }, { "cve": "CVE-2016-0860", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11172 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-074/advisory.json", "detail_path": "advisories/ZDI-16-074", "id": "ZDI-16-074", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll memcpy Globals Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-074/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3227", "zdi_id": "ZDI-16-074" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1117B IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-073/advisory.json", "detail_path": "advisories/ZDI-16-073", "id": "ZDI-16-073", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-073/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3228", "zdi_id": "ZDI-16-073" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11366 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-072/advisory.json", "detail_path": "advisories/ZDI-16-072", "id": "ZDI-16-072", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll Backup RPC Hostname strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-072/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3229", "zdi_id": "ZDI-16-072" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11366 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-071/advisory.json", "detail_path": "advisories/ZDI-16-071", "id": "ZDI-16-071", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-071/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3230", "zdi_id": "ZDI-16-071" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11366 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-070/advisory.json", "detail_path": "advisories/ZDI-16-070", "id": "ZDI-16-070", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll Primary RPC Hostname strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-070/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3231", "zdi_id": "ZDI-16-070" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11368 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-069/advisory.json", "detail_path": "advisories/ZDI-16-069", "id": "ZDI-16-069", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll NewPointValue strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-069/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3232", "zdi_id": "ZDI-16-069" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-068/advisory.json", "detail_path": "advisories/ZDI-16-068", "id": "ZDI-16-068", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-068/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3233", "zdi_id": "ZDI-16-068" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-067/advisory.json", "detail_path": "advisories/ZDI-16-067", "id": "ZDI-16-067", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll Backup RPC Hostname strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-067/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3234", "zdi_id": "ZDI-16-067" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-066/advisory.json", "detail_path": "advisories/ZDI-16-066", "id": "ZDI-16-066", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-066/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3235", "zdi_id": "ZDI-16-066" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-065/advisory.json", "detail_path": "advisories/ZDI-16-065", "id": "ZDI-16-065", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-065/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3236", "zdi_id": "ZDI-16-065" }, { "cve": "CVE-2016-0857", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-064/advisory.json", "detail_path": "advisories/ZDI-16-064", "id": "ZDI-16-064", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-064/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3237", "zdi_id": "ZDI-16-064" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-063/advisory.json", "detail_path": "advisories/ZDI-16-063", "id": "ZDI-16-063", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-063/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3238", "zdi_id": "ZDI-16-063" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-062/advisory.json", "detail_path": "advisories/ZDI-16-062", "id": "ZDI-16-062", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-062/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3239", "zdi_id": "ZDI-16-062" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11178 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-061/advisory.json", "detail_path": "advisories/ZDI-16-061", "id": "ZDI-16-061", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-061/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3240", "zdi_id": "ZDI-16-061" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-060/advisory.json", "detail_path": "advisories/ZDI-16-060", "id": "ZDI-16-060", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll HostName/ProjectName/NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-060/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3241", "zdi_id": "ZDI-16-060" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11184 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-059/advisory.json", "detail_path": "advisories/ZDI-16-059", "id": "ZDI-16-059", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll ProjectName strcat Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-059/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3242", "zdi_id": "ZDI-16-059" }, { "cve": "CVE-2016-0860", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11173 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-058/advisory.json", "detail_path": "advisories/ZDI-16-058", "id": "ZDI-16-058", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll ProjectName strcpy Globals Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-058/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3243", "zdi_id": "ZDI-16-058" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11177 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-057/advisory.json", "detail_path": "advisories/ZDI-16-057", "id": "ZDI-16-057", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll ProjectName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-057/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3244", "zdi_id": "ZDI-16-057" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1136A IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-056/advisory.json", "detail_path": "advisories/ZDI-16-056", "id": "ZDI-16-056", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-056/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3245", "zdi_id": "ZDI-16-056" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11369 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-055/advisory.json", "detail_path": "advisories/ZDI-16-055", "id": "ZDI-16-055", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwpAlarm.dll sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-055/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3246", "zdi_id": "ZDI-16-055" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C7C IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-054/advisory.json", "detail_path": "advisories/ZDI-16-054", "id": "ZDI-16-054", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service WaDBS.dll TagName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-054/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3152", "zdi_id": "ZDI-16-054" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x138B4 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-053/advisory.json", "detail_path": "advisories/ZDI-16-053", "id": "ZDI-16-053", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwBASScdDl.dll TargetHost strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-053/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3172", "zdi_id": "ZDI-16-053" }, { "cve": "CVE-2016-0851", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13881 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-052/advisory.json", "detail_path": "advisories/ZDI-16-052", "id": "ZDI-16-052", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwOpcSvc.dll sprintf Uncontrolled Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-052/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3173", "zdi_id": "ZDI-16-052" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13895 IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-051/advisory.json", "detail_path": "advisories/ZDI-16-051", "id": "ZDI-16-051", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwOpcSvc.dll WindowName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-051/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3175", "zdi_id": "ZDI-16-051" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1389F IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-050/advisory.json", "detail_path": "advisories/ZDI-16-050", "id": "ZDI-16-050", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwOpcSvc.dll WindowName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-050/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3174", "zdi_id": "ZDI-16-050" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1388C IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-049/advisory.json", "detail_path": "advisories/ZDI-16-049", "id": "ZDI-16-049", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwOpcSvc.dll WindowName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-049/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3150", "zdi_id": "ZDI-16-049" }, { "cve": "CVE-2016-0856", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x1388B IOCTL in the B...", "detail_json": "/data/advisories/ZDI-16-048/advisory.json", "detail_path": "advisories/ZDI-16-048", "id": "ZDI-16-048", "kind": "published", "published_date": "2016-02-05", "status": "published", "title": "Advantech WebAccess webvrpcs Service BwOpcSvc.dll WindowName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-048/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-3149", "zdi_id": "ZDI-16-048" }, { "cve": "CVE-2016-0491", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is in the UploadFileAction servlet. By providing a...", "detail_json": "/data/advisories/ZDI-16-047/advisory.json", "detail_path": "advisories/ZDI-16-047", "id": "ZDI-16-047", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-047/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3302", "zdi_id": "ZDI-16-047" }, { "cve": "CVE-2016-0485", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-046/advisory.json", "detail_path": "advisories/ZDI-16-046", "id": "ZDI-16-046", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-046/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3307", "zdi_id": "ZDI-16-046" }, { "cve": "CVE-2016-0476", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By pro...", "detail_json": "/data/advisories/ZDI-16-045/advisory.json", "detail_path": "advisories/ZDI-16-045", "id": "ZDI-16-045", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-045/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3300", "zdi_id": "ZDI-16-045" }, { "cve": "CVE-2016-0481", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-044/advisory.json", "detail_path": "advisories/ZDI-16-044", "id": "ZDI-16-044", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-044/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3304", "zdi_id": "ZDI-16-044" }, { "cve": "CVE-2016-0480", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-043/advisory.json", "detail_path": "advisories/ZDI-16-043", "id": "ZDI-16-043", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-043/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3305", "zdi_id": "ZDI-16-043" }, { "cve": "CVE-2016-0492", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl() function. This function has a list of URI entries which do not require auth...", "detail_json": "/data/advisories/ZDI-16-042/advisory.json", "detail_path": "advisories/ZDI-16-042", "id": "ZDI-16-042", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-042/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3339", "zdi_id": "ZDI-16-042" }, { "cve": "CVE-2016-0477", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By pro...", "detail_json": "/data/advisories/ZDI-16-041/advisory.json", "detail_path": "advisories/ZDI-16-041", "id": "ZDI-16-041", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-041/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3301", "zdi_id": "ZDI-16-041" }, { "cve": "CVE-2016-0486", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-040/advisory.json", "detail_path": "advisories/ZDI-16-040", "id": "ZDI-16-040", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-040/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3308", "zdi_id": "ZDI-16-040" }, { "cve": "CVE-2016-0490", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By p...", "detail_json": "/data/advisories/ZDI-16-039/advisory.json", "detail_path": "advisories/ZDI-16-039", "id": "ZDI-16-039", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-039/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3306", "zdi_id": "ZDI-16-039" }, { "cve": "CVE-2016-0489", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is exposed by the ActionServlet servlet. In the Re...", "detail_json": "/data/advisories/ZDI-16-038/advisory.json", "detail_path": "advisories/ZDI-16-038", "id": "ZDI-16-038", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite ReportImage tempfilename Parameter Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-038/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3323", "zdi_id": "ZDI-16-038" }, { "cve": "CVE-2016-0482", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-037/advisory.json", "detail_path": "advisories/ZDI-16-037", "id": "ZDI-16-037", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-037/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3303", "zdi_id": "ZDI-16-037" }, { "cve": "CVE-2016-0478", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By pro...", "detail_json": "/data/advisories/ZDI-16-036/advisory.json", "detail_path": "advisories/ZDI-16-036", "id": "ZDI-16-036", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet scriptName Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-036/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3299", "zdi_id": "ZDI-16-036" }, { "cve": "CVE-2016-0488", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl() function used for the admin pages. This function has a list of URI entries...", "detail_json": "/data/advisories/ZDI-16-035/advisory.json", "detail_path": "advisories/ZDI-16-035", "id": "ZDI-16-035", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-035/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3324", "zdi_id": "ZDI-16-035" }, { "cve": "CVE-2016-0484", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet...", "detail_json": "/data/advisories/ZDI-16-034/advisory.json", "detail_path": "advisories/ZDI-16-034", "id": "ZDI-16-034", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-034/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3309", "zdi_id": "ZDI-16-034" }, { "cve": "CVE-2016-0487", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the ActionServlet servlet. The process method for this servlet will bypass authentication if t...", "detail_json": "/data/advisories/ZDI-16-033/advisory.json", "detail_path": "advisories/ZDI-16-033", "id": "ZDI-16-033", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Application Testing Suite Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-033/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3356", "zdi_id": "ZDI-16-033" }, { "cve": "CVE-2016-0483", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-16-032/advisory.json", "detail_path": "advisories/ZDI-16-032", "id": "ZDI-16-032", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Oracle Java readImage Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-032/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3282", "zdi_id": "ZDI-16-032" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-031/advisory.json", "detail_path": "advisories/ZDI-16-031", "id": "ZDI-16-031", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader ConvertToPDF Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-031/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3274", "zdi_id": "ZDI-16-031" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-030/advisory.json", "detail_path": "advisories/ZDI-16-030", "id": "ZDI-16-030", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader JBIG2 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-030/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3409", "zdi_id": "ZDI-16-030" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-029/advisory.json", "detail_path": "advisories/ZDI-16-029", "id": "ZDI-16-029", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-029/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3251", "zdi_id": "ZDI-16-029" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-028/advisory.json", "detail_path": "advisories/ZDI-16-028", "id": "ZDI-16-028", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader XFA FormCalc replace Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-028/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3407", "zdi_id": "ZDI-16-028" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-027/advisory.json", "detail_path": "advisories/ZDI-16-027", "id": "ZDI-16-027", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-027/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3470", "zdi_id": "ZDI-16-027" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-026/advisory.json", "detail_path": "advisories/ZDI-16-026", "id": "ZDI-16-026", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit PhantomPDF WillClose Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-026/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3493", "zdi_id": "ZDI-16-026" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-025/advisory.json", "detail_path": "advisories/ZDI-16-025", "id": "ZDI-16-025", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader Global setPersistent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-025/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3495", "zdi_id": "ZDI-16-025" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-024/advisory.json", "detail_path": "advisories/ZDI-16-024", "id": "ZDI-16-024", "kind": "published", "published_date": "2016-01-25", "status": "published", "title": "Foxit Reader Font Parsing Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-024/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3465", "zdi_id": "ZDI-16-024" }, { "cve": "CVE-2016-0452", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GoldenGate mgr process, which listens on T...", "detail_json": "/data/advisories/ZDI-16-023/advisory.json", "detail_path": "advisories/ZDI-16-023", "id": "ZDI-16-023", "kind": "published", "published_date": "2016-01-22", "status": "published", "title": "Oracle GoldenGate Veridata File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-023/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3041", "zdi_id": "ZDI-16-023" }, { "cve": "CVE-2016-0451", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GoldenGate mgr process, which listens on T...", "detail_json": "/data/advisories/ZDI-16-022/advisory.json", "detail_path": "advisories/ZDI-16-022", "id": "ZDI-16-022", "kind": "published", "published_date": "2016-01-22", "status": "published", "title": "Oracle GoldenGate File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-022/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3040", "zdi_id": "ZDI-16-022" }, { "cve": "CVE-2016-0450", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial condition on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GoldenGate mgr process, which listens on...", "detail_json": "/data/advisories/ZDI-16-021/advisory.json", "detail_path": "advisories/ZDI-16-021", "id": "ZDI-16-021", "kind": "published", "published_date": "2016-01-22", "status": "published", "title": "Oracle GoldenGate Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-021/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3039", "zdi_id": "ZDI-16-021" }, { "cve": "CVE-2016-1718", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOAccelera...", "detail_json": "/data/advisories/ZDI-16-020/advisory.json", "detail_path": "advisories/ZDI-16-020", "id": "ZDI-16-020", "kind": "published", "published_date": "2016-01-22", "status": "published", "title": "Apple OS X IOAcceleratorFamily2 Out-Of-Bounds Indexing Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-020/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3316", "zdi_id": "ZDI-16-020" }, { "cve": "CVE-2016-0003", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-019/advisory.json", "detail_path": "advisories/ZDI-16-019", "id": "ZDI-16-019", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Microsoft Edge TextData Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3329", "zdi_id": "ZDI-16-019" }, { "cve": "CVE-2016-0020", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-16-018/advisory.json", "detail_path": "advisories/ZDI-16-018", "id": "ZDI-16-018", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3330", "zdi_id": "ZDI-16-018" }, { "cve": "CVE-2016-0935", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-16-017/advisory.json", "detail_path": "advisories/ZDI-16-017", "id": "ZDI-16-017", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader Graphics State Parameter Dictionary Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-017/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3273", "zdi_id": "ZDI-16-017" }, { "cve": "CVE-2016-0934", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-016/advisory.json", "detail_path": "advisories/ZDI-16-016", "id": "ZDI-16-016", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader DC AGM Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-016/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3250", "zdi_id": "ZDI-16-016" }, { "cve": "CVE-2016-0939", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-015/advisory.json", "detail_path": "advisories/ZDI-16-015", "id": "ZDI-16-015", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Acrobat Reader DC Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-015/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3264", "zdi_id": "ZDI-16-015" }, { "cve": "CVE-2016-0936", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-014/advisory.json", "detail_path": "advisories/ZDI-16-014", "id": "ZDI-16-014", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader JPEG2000 Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-014/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3254", "zdi_id": "ZDI-16-014" }, { "cve": "CVE-2016-0938", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-013/advisory.json", "detail_path": "advisories/ZDI-16-013", "id": "ZDI-16-013", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader DC Forms Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-013/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3265", "zdi_id": "ZDI-16-013" }, { "cve": "CVE-2016-0943", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-16-012/advisory.json", "detail_path": "advisories/ZDI-16-012", "id": "ZDI-16-012", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader DC Global Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-012/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3362", "zdi_id": "ZDI-16-012" }, { "cve": "CVE-2016-0937", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-011/advisory.json", "detail_path": "advisories/ZDI-16-011", "id": "ZDI-16-011", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Acrobat Pro DC OCG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-011/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3312", "zdi_id": "ZDI-16-011" }, { "cve": "CVE-2016-0941", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-010/advisory.json", "detail_path": "advisories/ZDI-16-010", "id": "ZDI-16-010", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Acrobat Reader DC Search Query Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-010/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3336", "zdi_id": "ZDI-16-010" }, { "cve": "CVE-2016-0931", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-16-009/advisory.json", "detail_path": "advisories/ZDI-16-009", "id": "ZDI-16-009", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Reader DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-009/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3021", "zdi_id": "ZDI-16-009" }, { "cve": "CVE-2016-0932", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-16-008/advisory.json", "detail_path": "advisories/ZDI-16-008", "id": "ZDI-16-008", "kind": "published", "published_date": "2016-01-12", "status": "published", "title": "Adobe Acrobat Reader DC Doc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-008/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3074", "zdi_id": "ZDI-16-008" }, { "cve": "CVE-2016-1715", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of McAfee Application Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-16-007/advisory.json", "detail_path": "advisories/ZDI-16-007", "id": "ZDI-16-007", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "McAfee Application Control Kernel Driver Memory Corruption Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-007/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-3285", "zdi_id": "ZDI-16-007" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-006/advisory.json", "detail_path": "advisories/ZDI-16-006", "id": "ZDI-16-006", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "(0Day) Proface GP-Pro EX D-Script Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-006/", "vendor": "Proface", "vendor_url": null, "zdi_can": "ZDI-CAN-2990", "zdi_id": "ZDI-16-006" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-005/advisory.json", "detail_path": "advisories/ZDI-16-005", "id": "ZDI-16-005", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "(0Day) Proface GP-Pro EX Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-005/", "vendor": "Proface", "vendor_url": null, "zdi_can": "ZDI-CAN-2959", "zdi_id": "ZDI-16-005" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-004/advisory.json", "detail_path": "advisories/ZDI-16-004", "id": "ZDI-16-004", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "(0Day) Proface GP-Pro EX Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-004/", "vendor": "Proface", "vendor_url": null, "zdi_can": "ZDI-CAN-2946", "zdi_id": "ZDI-16-004" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-16-003/advisory.json", "detail_path": "advisories/ZDI-16-003", "id": "ZDI-16-003", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "(0Day) Proface GP-Pro EX Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-003/", "vendor": "Proface", "vendor_url": null, "zdi_can": "ZDI-CAN-2945", "zdi_id": "ZDI-16-003" }, { "cve": "CVE-2015-7092", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-16-002/advisory.json", "detail_path": "advisories/ZDI-16-002", "id": "ZDI-16-002", "kind": "published", "published_date": "2016-01-08", "status": "published", "title": "Apple QuickTime ID3 Tag Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-002/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3337", "zdi_id": "ZDI-16-002" }, { "cve": "CVE-2015-7939", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-16-001/advisory.json", "detail_path": "advisories/ZDI-16-001", "id": "ZDI-16-001", "kind": "published", "published_date": "2016-01-06", "status": "published", "title": "Unitronics VisiLogic OPLC IDE File Parsing Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-16-001/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2905", "zdi_id": "ZDI-16-001" }, { "cve": "CVE-2015-8416", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-666/advisory.json", "detail_path": "advisories/ZDI-15-666", "id": "ZDI-15-666", "kind": "published", "published_date": "2016-06-03", "status": "published", "title": "Adobe Flash TextBlock releaseLineCreationData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-666/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3450", "zdi_id": "ZDI-15-666" }, { "cve": "CVE-2015-8823", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-665/advisory.json", "detail_path": "advisories/ZDI-15-665", "id": "ZDI-15-665", "kind": "published", "published_date": "2016-04-15", "status": "published", "title": "Adobe Flash TextField text Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-665/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3357", "zdi_id": "ZDI-15-665" }, { "cve": "CVE-2015-8822", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-664/advisory.json", "detail_path": "advisories/ZDI-15-664", "id": "ZDI-15-664", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-664/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3434", "zdi_id": "ZDI-15-664" }, { "cve": "CVE-2015-8821", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-663/advisory.json", "detail_path": "advisories/ZDI-15-663", "id": "ZDI-15-663", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-663/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3438", "zdi_id": "ZDI-15-663" }, { "cve": "CVE-2015-8658", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-662/advisory.json", "detail_path": "advisories/ZDI-15-662", "id": "ZDI-15-662", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Parsing Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-662/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3439", "zdi_id": "ZDI-15-662" }, { "cve": "CVE-2015-8820", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-661/advisory.json", "detail_path": "advisories/ZDI-15-661", "id": "ZDI-15-661", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-661/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3437", "zdi_id": "ZDI-15-661" }, { "cve": "CVE-2015-8657", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-660/advisory.json", "detail_path": "advisories/ZDI-15-660", "id": "ZDI-15-660", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-660/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3435", "zdi_id": "ZDI-15-660" }, { "cve": "CVE-2015-8656", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-659/advisory.json", "detail_path": "advisories/ZDI-15-659", "id": "ZDI-15-659", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-659/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3436", "zdi_id": "ZDI-15-659" }, { "cve": "CVE-2015-8654", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-658/advisory.json", "detail_path": "advisories/ZDI-15-658", "id": "ZDI-15-658", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG-4 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-658/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3415", "zdi_id": "ZDI-15-658" }, { "cve": "CVE-2015-8653", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-657/advisory.json", "detail_path": "advisories/ZDI-15-657", "id": "ZDI-15-657", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG-4 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-657/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3412", "zdi_id": "ZDI-15-657" }, { "cve": "CVE-2015-8652", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-656/advisory.json", "detail_path": "advisories/ZDI-15-656", "id": "ZDI-15-656", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG-4 Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-656/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3416", "zdi_id": "ZDI-15-656" }, { "cve": "CVE-2015-8655", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-655/advisory.json", "detail_path": "advisories/ZDI-15-655", "id": "ZDI-15-655", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Adobe Flash MPEG-4 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-655/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3418", "zdi_id": "ZDI-15-655" }, { "cve": "CVE-2015-6065", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-654/advisory.json", "detail_path": "advisories/ZDI-15-654", "id": "ZDI-15-654", "kind": "published", "published_date": "2016-03-02", "status": "published", "title": "Microsoft Internet Explorer CFontFace Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-654/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3373", "zdi_id": "ZDI-15-654" }, { "cve": "CVE-2015-8649", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-653/advisory.json", "detail_path": "advisories/ZDI-15-653", "id": "ZDI-15-653", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash Object hasOwnProperty Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-653/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3443", "zdi_id": "ZDI-15-653" }, { "cve": "CVE-2015-8648", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-652/advisory.json", "detail_path": "advisories/ZDI-15-652", "id": "ZDI-15-652", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash MovieClip setMask Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-652/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3442", "zdi_id": "ZDI-15-652" }, { "cve": "CVE-2015-8650", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-651/advisory.json", "detail_path": "advisories/ZDI-15-651", "id": "ZDI-15-651", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash LoadVars decode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-651/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3444", "zdi_id": "ZDI-15-651" }, { "cve": "CVE-2015-8647", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-650/advisory.json", "detail_path": "advisories/ZDI-15-650", "id": "ZDI-15-650", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash MovieClip attachMovie Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-650/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3441", "zdi_id": "ZDI-15-650" }, { "cve": "CVE-2015-8639", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-649/advisory.json", "detail_path": "advisories/ZDI-15-649", "id": "ZDI-15-649", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash MovieClip hitTest Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-649/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3371", "zdi_id": "ZDI-15-649" }, { "cve": "CVE-2015-8638", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-648/advisory.json", "detail_path": "advisories/ZDI-15-648", "id": "ZDI-15-648", "kind": "published", "published_date": "2015-12-29", "status": "published", "title": "Adobe Flash MovieClip getBounds Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-648/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3372", "zdi_id": "ZDI-15-648" }, { "cve": "CVE-2015-6083", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-647/advisory.json", "detail_path": "advisories/ZDI-15-647", "id": "ZDI-15-647", "kind": "published", "published_date": "2015-12-23", "status": "published", "title": "Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-647/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3298", "zdi_id": "ZDI-15-647" }, { "cve": "CVE-2015-4509", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-646/advisory.json", "detail_path": "advisories/ZDI-15-646", "id": "ZDI-15-646", "kind": "published", "published_date": "2015-12-18", "status": "published", "title": "Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-646/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-3176", "zdi_id": "ZDI-15-646" }, { "cve": "CVE-2015-6159", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-645/advisory.json", "detail_path": "advisories/ZDI-15-645", "id": "ZDI-15-645", "kind": "published", "published_date": "2015-12-17", "status": "published", "title": "Microsoft Internet Explorer TextBlock Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-645/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3440", "zdi_id": "ZDI-15-645" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-644/advisory.json", "detail_path": "advisories/ZDI-15-644", "id": "ZDI-15-644", "kind": "published", "published_date": "2015-12-16", "status": "published", "title": "Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-644/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3097", "zdi_id": "ZDI-15-644" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-643/advisory.json", "detail_path": "advisories/ZDI-15-643", "id": "ZDI-15-643", "kind": "published", "published_date": "2015-12-16", "status": "published", "title": "Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-643/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3311", "zdi_id": "ZDI-15-643" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-642/advisory.json", "detail_path": "advisories/ZDI-15-642", "id": "ZDI-15-642", "kind": "published", "published_date": "2015-12-16", "status": "published", "title": "Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-642/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3313", "zdi_id": "ZDI-15-642" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-641/advisory.json", "detail_path": "advisories/ZDI-15-641", "id": "ZDI-15-641", "kind": "published", "published_date": "2015-12-16", "status": "published", "title": "Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-641/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3310", "zdi_id": "ZDI-15-641" }, { "cve": "CVE-2015-8843", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Foxit Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FoxitCloudUpdateService service. An attacker can tri...", "detail_json": "/data/advisories/ZDI-15-640/advisory.json", "detail_path": "advisories/ZDI-15-640", "id": "ZDI-15-640", "kind": "published", "published_date": "2015-12-15", "status": "published", "title": "Foxit FoxitCloudUpdateService Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-640/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3286", "zdi_id": "ZDI-15-640" }, { "cve": "CVE-2016-0035", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-639/advisory.json", "detail_path": "advisories/ZDI-15-639", "id": "ZDI-15-639", "kind": "published", "published_date": "2015-12-14", "status": "published", "title": "(0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-639/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3269", "zdi_id": "ZDI-15-639" }, { "cve": "CVE-2015-8581", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EjbObjectInputStream which accepts and deserial...", "detail_json": "/data/advisories/ZDI-15-638/advisory.json", "detail_path": "advisories/ZDI-15-638", "id": "ZDI-15-638", "kind": "published", "published_date": "2015-12-14", "status": "published", "title": "(0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-638/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-2929", "zdi_id": "ZDI-15-638" }, { "cve": "CVE-2015-8458", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-637/advisory.json", "detail_path": "advisories/ZDI-15-637", "id": "ZDI-15-637", "kind": "published", "published_date": "2015-12-14", "status": "published", "title": "Adobe Reader DC AGM Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-637/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3019", "zdi_id": "ZDI-15-637" }, { "cve": "CVE-2015-8457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-636/advisory.json", "detail_path": "advisories/ZDI-15-636", "id": "ZDI-15-636", "kind": "published", "published_date": "2015-12-10", "status": "published", "title": "Adobe Flash HLS Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-636/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3331", "zdi_id": "ZDI-15-636" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-635/advisory.json", "detail_path": "advisories/ZDI-15-635", "id": "ZDI-15-635", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control SetTabbedTextEx Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-635/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3095", "zdi_id": "ZDI-15-635" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-634/advisory.json", "detail_path": "advisories/ZDI-15-634", "id": "ZDI-15-634", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control SetValidationRule Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-634/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3093", "zdi_id": "ZDI-15-634" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-633/advisory.json", "detail_path": "advisories/ZDI-15-633", "id": "ZDI-15-633", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control Attach Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-633/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3092", "zdi_id": "ZDI-15-633" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-632/advisory.json", "detail_path": "advisories/ZDI-15-632", "id": "ZDI-15-632", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control ObjCreatePolygon Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-632/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3078", "zdi_id": "ZDI-15-632" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-631/advisory.json", "detail_path": "advisories/ZDI-15-631", "id": "ZDI-15-631", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control DefinedNameLocal Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-631/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3077", "zdi_id": "ZDI-15-631" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-630/advisory.json", "detail_path": "advisories/ZDI-15-630", "id": "ZDI-15-630", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control DefinedName Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-630/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3076", "zdi_id": "ZDI-15-630" }, { "cve": "CVE-2015-8561", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-629/advisory.json", "detail_path": "advisories/ZDI-15-629", "id": "ZDI-15-629", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control CopyRangeEx Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-629/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3054", "zdi_id": "ZDI-15-629" }, { "cve": "CVE-2015-8561", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-628/advisory.json", "detail_path": "advisories/ZDI-15-628", "id": "ZDI-15-628", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control AttachToSS Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-628/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3053", "zdi_id": "ZDI-15-628" }, { "cve": "CVE-2015-8561", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-627/advisory.json", "detail_path": "advisories/ZDI-15-627", "id": "ZDI-15-627", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control CopyRange/SwapTables Methods Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-627/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3055", "zdi_id": "ZDI-15-627" }, { "cve": "CVE-2015-8561", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-626/advisory.json", "detail_path": "advisories/ZDI-15-626", "id": "ZDI-15-626", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control CopyAll Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-626/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3056", "zdi_id": "ZDI-15-626" }, { "cve": "CVE-2015-7918", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-625/advisory.json", "detail_path": "advisories/ZDI-15-625", "id": "ZDI-15-625", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Schneider Electric ProClima F1BookView ActiveX Control ODBCPrepareEx Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-625/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-3094", "zdi_id": "ZDI-15-625" }, { "cve": "CVE-2015-7830", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-15-624/advisory.json", "detail_path": "advisories/ZDI-15-624", "id": "ZDI-15-624", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-624/", "vendor": "Wireshark", "vendor_url": null, "zdi_can": "ZDI-CAN-3139", "zdi_id": "ZDI-15-624" }, { "cve": "CVE-2015-8580", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-15-623/advisory.json", "detail_path": "advisories/ZDI-15-623", "id": "ZDI-15-623", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Foxit PhantomPDF App Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-623/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3072", "zdi_id": "ZDI-15-623" }, { "cve": "CVE-2015-8580", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-15-622/advisory.json", "detail_path": "advisories/ZDI-15-622", "id": "ZDI-15-622", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Foxit PhantomPDF Print Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-622/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3075", "zdi_id": "ZDI-15-622" }, { "cve": "CVE-2015-8570", "cvss": 7.4, "cvss_vector": null, "description_snippet": "This vulnerability allows domain users to reset arbitrary account passwords on vulnerable installations of Lepide Active Directory Self Service. No user interaction is required to exploit this vulnerability. The specific flaw exists within processing of the p...", "detail_json": "/data/advisories/ZDI-15-621/advisory.json", "detail_path": "advisories/ZDI-15-621", "id": "ZDI-15-621", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Lepide Active Directory Self Service Arbitrary User Password Change Domain Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-621/", "vendor": "Lepide", "vendor_url": null, "zdi_can": "ZDI-CAN-3001", "zdi_id": "ZDI-15-621" }, { "cve": "CVE-2015-8572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-620/advisory.json", "detail_path": "advisories/ZDI-15-620", "id": "ZDI-15-620", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review GIF GlobalColorTable Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-620/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2844", "zdi_id": "ZDI-15-620" }, { "cve": "CVE-2015-8572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-619/advisory.json", "detail_path": "advisories/ZDI-15-619", "id": "ZDI-15-619", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review GIF DataSubBlock Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-619/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2762", "zdi_id": "ZDI-15-619" }, { "cve": "CVE-2015-8572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-618/advisory.json", "detail_path": "advisories/ZDI-15-618", "id": "ZDI-15-618", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review PCX Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-618/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2924", "zdi_id": "ZDI-15-618" }, { "cve": "CVE-2015-8571", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-617/advisory.json", "detail_path": "advisories/ZDI-15-617", "id": "ZDI-15-617", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review BMP biClrUsed Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-617/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2925", "zdi_id": "ZDI-15-617" }, { "cve": "CVE-2015-8572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-616/advisory.json", "detail_path": "advisories/ZDI-15-616", "id": "ZDI-15-616", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review FLI RLE Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-616/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2926", "zdi_id": "ZDI-15-616" }, { "cve": "CVE-2015-8572", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-615/advisory.json", "detail_path": "advisories/ZDI-15-615", "id": "ZDI-15-615", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Autodesk Design Review BMP RLE Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-615/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2927", "zdi_id": "ZDI-15-615" }, { "cve": "CVE-2015-8453", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-614/advisory.json", "detail_path": "advisories/ZDI-15-614", "id": "ZDI-15-614", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash JIT Spray ASLR/DEP Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-614/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2217", "zdi_id": "ZDI-15-614" }, { "cve": "CVE-2015-8450", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-613/advisory.json", "detail_path": "advisories/ZDI-15-613", "id": "ZDI-15-613", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 TextField filters Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-613/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3255", "zdi_id": "ZDI-15-613" }, { "cve": "CVE-2015-8449", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-612/advisory.json", "detail_path": "advisories/ZDI-15-612", "id": "ZDI-15-612", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 MovieClip lineTo Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-612/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3257", "zdi_id": "ZDI-15-612" }, { "cve": "CVE-2015-8448", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-611/advisory.json", "detail_path": "advisories/ZDI-15-611", "id": "ZDI-15-611", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 DisplacementMapFilter mapBitmap Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-611/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3259", "zdi_id": "ZDI-15-611" }, { "cve": "CVE-2015-8447", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-610/advisory.json", "detail_path": "advisories/ZDI-15-610", "id": "ZDI-15-610", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 Color setTransform Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-610/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3277", "zdi_id": "ZDI-15-610" }, { "cve": "CVE-2015-8446", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-609/advisory.json", "detail_path": "advisories/ZDI-15-609", "id": "ZDI-15-609", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash MP3 ID3 COMM Tag Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-609/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3262", "zdi_id": "ZDI-15-609" }, { "cve": "CVE-2015-8445", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-608/advisory.json", "detail_path": "advisories/ZDI-15-608", "id": "ZDI-15-608", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS3 ShaderParameter Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-608/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3258", "zdi_id": "ZDI-15-608" }, { "cve": "CVE-2015-8442", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-607/advisory.json", "detail_path": "advisories/ZDI-15-607", "id": "ZDI-15-607", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 MovieClip filters Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-607/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3292", "zdi_id": "ZDI-15-607" }, { "cve": "CVE-2015-8439", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-606/advisory.json", "detail_path": "advisories/ZDI-15-606", "id": "ZDI-15-606", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 SharedObject getRemote Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-606/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3328", "zdi_id": "ZDI-15-606" }, { "cve": "CVE-2015-8438", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-605/advisory.json", "detail_path": "advisories/ZDI-15-605", "id": "ZDI-15-605", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 XML toString Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-605/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3317", "zdi_id": "ZDI-15-605" }, { "cve": "CVE-2015-8437", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-604/advisory.json", "detail_path": "advisories/ZDI-15-604", "id": "ZDI-15-604", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash AS2 Selection setFocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-604/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3359", "zdi_id": "ZDI-15-604" }, { "cve": "CVE-2015-8436", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-603/advisory.json", "detail_path": "advisories/ZDI-15-603", "id": "ZDI-15-603", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash PrintJob addPage Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-603/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3358", "zdi_id": "ZDI-15-603" }, { "cve": "CVE-2015-8050", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerabil...", "detail_json": "/data/advisories/ZDI-15-602/advisory.json", "detail_path": "advisories/ZDI-15-602", "id": "ZDI-15-602", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash MovieClip beginGradientFill Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-602/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3370", "zdi_id": "ZDI-15-602" }, { "cve": "CVE-2015-8049", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-601/advisory.json", "detail_path": "advisories/ZDI-15-601", "id": "ZDI-15-601", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Adobe Flash TextField autoSize Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-601/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3369", "zdi_id": "ZDI-15-601" }, { "cve": "CVE-2015-6134", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code in applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to...", "detail_json": "/data/advisories/ZDI-15-600/advisory.json", "detail_path": "advisories/ZDI-15-600", "id": "ZDI-15-600", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows JScript External Object Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-600/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3335", "zdi_id": "ZDI-15-600" }, { "cve": "CVE-2015-6151", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-599/advisory.json", "detail_path": "advisories/ZDI-15-599", "id": "ZDI-15-599", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CSelectTracker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-599/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3283", "zdi_id": "ZDI-15-599" }, { "cve": "CVE-2015-6147", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-598/advisory.json", "detail_path": "advisories/ZDI-15-598", "id": "ZDI-15-598", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-598/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3148", "zdi_id": "ZDI-15-598" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-597/advisory.json", "detail_path": "advisories/ZDI-15-597", "id": "ZDI-15-597", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript StrComp Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-597/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3145", "zdi_id": "ZDI-15-597" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-596/advisory.json", "detail_path": "advisories/ZDI-15-596", "id": "ZDI-15-596", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript Split Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-596/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3144", "zdi_id": "ZDI-15-596" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-595/advisory.json", "detail_path": "advisories/ZDI-15-595", "id": "ZDI-15-595", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript Replace Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-595/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3143", "zdi_id": "ZDI-15-595" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-594/advisory.json", "detail_path": "advisories/ZDI-15-594", "id": "ZDI-15-594", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript InStr/InStrRev Functions Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-594/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3142", "zdi_id": "ZDI-15-594" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-593/advisory.json", "detail_path": "advisories/ZDI-15-593", "id": "ZDI-15-593", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript InStrB Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-593/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3141", "zdi_id": "ZDI-15-593" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-592/advisory.json", "detail_path": "advisories/ZDI-15-592", "id": "ZDI-15-592", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-592/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3140", "zdi_id": "ZDI-15-592" }, { "cve": "CVE-2015-6136", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-591/advisory.json", "detail_path": "advisories/ZDI-15-591", "id": "ZDI-15-591", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript Join Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-591/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3121", "zdi_id": "ZDI-15-591" }, { "cve": "CVE-2015-6150", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-590/advisory.json", "detail_path": "advisories/ZDI-15-590", "id": "ZDI-15-590", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CTableLayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-590/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3146", "zdi_id": "ZDI-15-590" }, { "cve": "CVE-2015-6149", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-589/advisory.json", "detail_path": "advisories/ZDI-15-589", "id": "ZDI-15-589", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CTableCell colspan Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-589/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3147", "zdi_id": "ZDI-15-589" }, { "cve": "CVE-2015-6148", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-588/advisory.json", "detail_path": "advisories/ZDI-15-588", "id": "ZDI-15-588", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CBGsound Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-588/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3261", "zdi_id": "ZDI-15-588" }, { "cve": "CVE-2015-6142", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-587/advisory.json", "detail_path": "advisories/ZDI-15-587", "id": "ZDI-15-587", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-587/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3319", "zdi_id": "ZDI-15-587" }, { "cve": "CVE-2015-6135", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is r...", "detail_json": "/data/advisories/ZDI-15-586/advisory.json", "detail_path": "advisories/ZDI-15-586", "id": "ZDI-15-586", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-586/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3318", "zdi_id": "ZDI-15-586" }, { "cve": "CVE-2015-6141", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-585/advisory.json", "detail_path": "advisories/ZDI-15-585", "id": "ZDI-15-585", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CStylesheet Rules Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-585/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3296", "zdi_id": "ZDI-15-585" }, { "cve": "CVE-2015-6143", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-584/advisory.json", "detail_path": "advisories/ZDI-15-584", "id": "ZDI-15-584", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-584/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3287", "zdi_id": "ZDI-15-584" }, { "cve": "CVE-2015-6168", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnera...", "detail_json": "/data/advisories/ZDI-15-583/advisory.json", "detail_path": "advisories/ZDI-15-583", "id": "ZDI-15-583", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Edge CAttrArray Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-583/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3281", "zdi_id": "ZDI-15-583" }, { "cve": "CVE-2015-6160", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-582/advisory.json", "detail_path": "advisories/ZDI-15-582", "id": "ZDI-15-582", "kind": "published", "published_date": "2015-12-08", "status": "published", "title": "Microsoft Internet Explorer Mutation Observer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-582/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3124", "zdi_id": "ZDI-15-582" }, { "cve": "CVE-2015-6857", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which liste...", "detail_json": "/data/advisories/ZDI-15-581/advisory.json", "detail_path": "advisories/ZDI-15-581", "id": "ZDI-15-581", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-581/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-3138", "zdi_id": "ZDI-15-581" }, { "cve": "CVE-2015-6478", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-15-580/advisory.json", "detail_path": "advisories/ZDI-15-580", "id": "ZDI-15-580", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics VisiLogic OPLC IDE TeeChart.ChartGrid.5 ActiveX Control ColWidths Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-580/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2918", "zdi_id": "ZDI-15-580" }, { "cve": "CVE-2015-6478", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-15-579/advisory.json", "detail_path": "advisories/ZDI-15-579", "id": "ZDI-15-579", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics VisiLogic OPLC IDE TeeChart.ChartGridNavigator.5 ActiveX Control GridLink Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-579/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2919", "zdi_id": "ZDI-15-579" }, { "cve": "CVE-2015-6478", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-15-578/advisory.json", "detail_path": "advisories/ZDI-15-578", "id": "ZDI-15-578", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics VisiLogic OPLC IDE TChart.ITChart ActiveX Control RemoveSeries Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-578/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2910", "zdi_id": "ZDI-15-578" }, { "cve": "CVE-2015-6478", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-15-577/advisory.json", "detail_path": "advisories/ZDI-15-577", "id": "ZDI-15-577", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics VisiLogic OPLC IDE TeePreviewer.ITeePreviewer ActiveX Control ChartLink Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-577/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2911", "zdi_id": "ZDI-15-577" }, { "cve": "CVE-2015-7905", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...", "detail_json": "/data/advisories/ZDI-15-576/advisory.json", "detail_path": "advisories/ZDI-15-576", "id": "ZDI-15-576", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE IPWorksSSL.HTTPS.1 ActiveX Control PostDataB/FirewallDataB Properties Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-576/", "vendor": "Unitronics, Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2965", "zdi_id": "ZDI-15-576" }, { "cve": "CVE-2015-7905", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-575/advisory.json", "detail_path": "advisories/ZDI-15-575", "id": "ZDI-15-575", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics UniDownloader IPWorksSSL.HTTPS.1 ActiveX Control SSLCertHandle Property Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-575/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2930", "zdi_id": "ZDI-15-575" }, { "cve": "CVE-2015-7905", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-574/advisory.json", "detail_path": "advisories/ZDI-15-574", "id": "ZDI-15-574", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE IPWorksSSL.HTTPS.1 ActiveX Control WinSockPath Property Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-574/", "vendor": "Unitronics, Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2964", "zdi_id": "ZDI-15-574" }, { "cve": "CVE-2015-6478", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE . User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-15-573/advisory.json", "detail_path": "advisories/ZDI-15-573", "id": "ZDI-15-573", "kind": "published", "published_date": "2015-12-02", "status": "published", "title": "Unitronics VisiLogic OPLC IDE TeeCommander.ITeeCommander ActiveX Control ChartLink Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-573/", "vendor": "Unitronics", "vendor_url": null, "zdi_can": "ZDI-CAN-2904", "zdi_id": "ZDI-15-573" }, { "cve": "CVE-2015-7913", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to elevate privileges on vulnerable installations of Tibbo AggreGate SCADA/HMI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-572/advisory.json", "detail_path": "advisories/ZDI-15-572", "id": "ZDI-15-572", "kind": "published", "published_date": "2015-11-20", "status": "published", "title": "Tibbo AggreGate SCADA/HMI Apache Axis AdminService Arbitrary Class Instantiation Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-572/", "vendor": "Tibbo", "vendor_url": null, "zdi_can": "ZDI-CAN-3135", "zdi_id": "ZDI-15-572" }, { "cve": "CVE-2015-7912", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tibbo AggreGate SCADA/HMI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Windows service \"AggreGate Server...", "detail_json": "/data/advisories/ZDI-15-571/advisory.json", "detail_path": "advisories/ZDI-15-571", "id": "ZDI-15-571", "kind": "published", "published_date": "2015-11-20", "status": "published", "title": "Tibbo AggreGate SCADA/HMI Server Service uploadDirectory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-571/", "vendor": "Tibbo", "vendor_url": null, "zdi_can": "ZDI-CAN-3134", "zdi_id": "ZDI-15-571" }, { "cve": "CVE-2015-7036", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-15-570/advisory.json", "detail_path": "advisories/ZDI-15-570", "id": "ZDI-15-570", "kind": "published", "published_date": "2015-11-18", "status": "published", "title": "SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-570/", "vendor": "SQLite", "vendor_url": null, "zdi_can": "ZDI-CAN-2888", "zdi_id": "ZDI-15-570" }, { "cve": "CVE-2015-6696", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-569/advisory.json", "detail_path": "advisories/ZDI-15-569", "id": "ZDI-15-569", "kind": "published", "published_date": "2015-11-16", "status": "published", "title": "Adobe Reader DC AGM Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-569/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3002", "zdi_id": "ZDI-15-569" }, { "cve": "CVE-2015-1767", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-568/advisory.json", "detail_path": "advisories/ZDI-15-568", "id": "ZDI-15-568", "kind": "published", "published_date": "2015-11-12", "status": "published", "title": "Microsoft Internet Explorer TreeWalker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-568/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3024", "zdi_id": "ZDI-15-568" }, { "cve": "CVE-2015-7657", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-567/advisory.json", "detail_path": "advisories/ZDI-15-567", "id": "ZDI-15-567", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 actionCallMethod Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-567/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3295", "zdi_id": "ZDI-15-567" }, { "cve": "CVE-2015-7659", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-566/advisory.json", "detail_path": "advisories/ZDI-15-566", "id": "ZDI-15-566", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 NetConnection Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-566/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3294", "zdi_id": "ZDI-15-566" }, { "cve": "CVE-2015-7660", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-565/advisory.json", "detail_path": "advisories/ZDI-15-565", "id": "ZDI-15-565", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 MovieClip setMask Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-565/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3291", "zdi_id": "ZDI-15-565" }, { "cve": "CVE-2015-7661", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-564/advisory.json", "detail_path": "advisories/ZDI-15-564", "id": "ZDI-15-564", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 MovieClip getBounds Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-564/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3290", "zdi_id": "ZDI-15-564" }, { "cve": "CVE-2015-8042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-563/advisory.json", "detail_path": "advisories/ZDI-15-563", "id": "ZDI-15-563", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 Sound loadSound Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-563/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3289", "zdi_id": "ZDI-15-563" }, { "cve": "CVE-2015-7658", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-562/advisory.json", "detail_path": "advisories/ZDI-15-562", "id": "ZDI-15-562", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 actionInstanceOf Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-562/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3288", "zdi_id": "ZDI-15-562" }, { "cve": "CVE-2015-7653", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-561/advisory.json", "detail_path": "advisories/ZDI-15-561", "id": "ZDI-15-561", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 MovieClip globalToLocal Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-561/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3279", "zdi_id": "ZDI-15-561" }, { "cve": "CVE-2015-7654", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-560/advisory.json", "detail_path": "advisories/ZDI-15-560", "id": "ZDI-15-560", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 Sound attachSound Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-560/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3278", "zdi_id": "ZDI-15-560" }, { "cve": "CVE-2015-7655", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-559/advisory.json", "detail_path": "advisories/ZDI-15-559", "id": "ZDI-15-559", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 actionExtends Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-559/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3276", "zdi_id": "ZDI-15-559" }, { "cve": "CVE-2015-7656", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-558/advisory.json", "detail_path": "advisories/ZDI-15-558", "id": "ZDI-15-558", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 actionImplementsOp Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-558/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3275", "zdi_id": "ZDI-15-558" }, { "cve": "CVE-2015-7652", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-557/advisory.json", "detail_path": "advisories/ZDI-15-557", "id": "ZDI-15-557", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 TextField gridFitType Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-557/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3256", "zdi_id": "ZDI-15-557" }, { "cve": "CVE-2015-7651", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-556/advisory.json", "detail_path": "advisories/ZDI-15-556", "id": "ZDI-15-556", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Adobe Flash AS2 DefineFunction Invalid Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-556/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3107", "zdi_id": "ZDI-15-556" }, { "cve": "CVE-2015-8220", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds DameWare Mini Remote Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-15-555/advisory.json", "detail_path": "advisories/ZDI-15-555", "id": "ZDI-15-555", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "SolarWinds DameWare Mini Remote Control URI Handler Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-555/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-3125", "zdi_id": "ZDI-15-555" }, { "cve": "CVE-2015-7820", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, whic...", "detail_json": "/data/advisories/ZDI-15-554/advisory.json", "detail_path": "advisories/ZDI-15-554", "id": "ZDI-15-554", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-554/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3011", "zdi_id": "ZDI-15-554" }, { "cve": "CVE-2015-7817", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, whic...", "detail_json": "/data/advisories/ZDI-15-553/advisory.json", "detail_path": "advisories/ZDI-15-553", "id": "ZDI-15-553", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "IBM System Networking Switch Center FileReader.jsp Directory Traversal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-553/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3012", "zdi_id": "ZDI-15-553" }, { "cve": "CVE-2015-7819", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that...", "detail_json": "/data/advisories/ZDI-15-552/advisory.json", "detail_path": "advisories/ZDI-15-552", "id": "ZDI-15-552", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "IBM System Networking Switch Center DB Service Remote Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-552/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3010", "zdi_id": "ZDI-15-552" }, { "cve": "CVE-2015-7818", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web...", "detail_json": "/data/advisories/ZDI-15-551/advisory.json", "detail_path": "advisories/ZDI-15-551", "id": "ZDI-15-551", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "IBM System Networking Switch Center Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-551/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-3008", "zdi_id": "ZDI-15-551" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the voice-servlet's playAudioFile.jsp. The method...", "detail_json": "/data/advisories/ZDI-15-550/advisory.json", "detail_path": "advisories/ZDI-15-550", "id": "ZDI-15-550", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Oracle Beehive prepareAudioToPlay Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-550/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-3004", "zdi_id": "ZDI-15-550" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-forward Python dae...", "detail_json": "/data/advisories/ZDI-15-549/advisory.json", "detail_path": "advisories/ZDI-15-549", "id": "ZDI-15-549", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-549/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2992", "zdi_id": "ZDI-15-549" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of...", "detail_json": "/data/advisories/ZDI-15-548/advisory.json", "detail_path": "advisories/ZDI-15-548", "id": "ZDI-15-548", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "AlienVault Unified Security Management Local Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-548/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-3020", "zdi_id": "ZDI-15-548" }, { "cve": "CVE-2015-6086", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-15-547/advisory.json", "detail_path": "advisories/ZDI-15-547", "id": "ZDI-15-547", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer CDOMStringDataList::InitFromString Out-Of-Bounds Indexing Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-547/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3122", "zdi_id": "ZDI-15-547" }, { "cve": "CVE-2015-6094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-546/advisory.json", "detail_path": "advisories/ZDI-15-546", "id": "ZDI-15-546", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-546/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3270", "zdi_id": "ZDI-15-546" }, { "cve": "CVE-2015-6051", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-545/advisory.json", "detail_path": "advisories/ZDI-15-545", "id": "ZDI-15-545", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-545/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3272", "zdi_id": "ZDI-15-545" }, { "cve": "CVE-2015-6081", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-544/advisory.json", "detail_path": "advisories/ZDI-15-544", "id": "ZDI-15-544", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer CTableLayout Out-Of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-544/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3116", "zdi_id": "ZDI-15-544" }, { "cve": "CVE-2015-6038", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-543/advisory.json", "detail_path": "advisories/ZDI-15-543", "id": "ZDI-15-543", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Office Excel Binary Worksheet Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-543/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3109", "zdi_id": "ZDI-15-543" }, { "cve": "CVE-2015-6077", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-542/advisory.json", "detail_path": "advisories/ZDI-15-542", "id": "ZDI-15-542", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer CTsfTextStore Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-542/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3099", "zdi_id": "ZDI-15-542" }, { "cve": "CVE-2015-6076", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-541/advisory.json", "detail_path": "advisories/ZDI-15-541", "id": "ZDI-15-541", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer htmlFor Attribute Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-541/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3114", "zdi_id": "ZDI-15-541" }, { "cve": "CVE-2015-6075", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-540/advisory.json", "detail_path": "advisories/ZDI-15-540", "id": "ZDI-15-540", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer URLIMGCTX Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-540/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3113", "zdi_id": "ZDI-15-540" }, { "cve": "CVE-2015-6093", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-539/advisory.json", "detail_path": "advisories/ZDI-15-539", "id": "ZDI-15-539", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Office Word TTF Size Miscalculation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-539/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3102", "zdi_id": "ZDI-15-539" }, { "cve": "CVE-2015-6064", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-538/advisory.json", "detail_path": "advisories/ZDI-15-538", "id": "ZDI-15-538", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Internet Explorer COptionElement::InvalidateDataListAncestorCollections Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-538/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2915", "zdi_id": "ZDI-15-538" }, { "cve": "CVE-2015-6055", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is re...", "detail_json": "/data/advisories/ZDI-15-537/advisory.json", "detail_path": "advisories/ZDI-15-537", "id": "ZDI-15-537", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Windows VBScript Join Function Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-537/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3327", "zdi_id": "ZDI-15-537" }, { "cve": "CVE-2015-2367", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-536/advisory.json", "detail_path": "advisories/ZDI-15-536", "id": "ZDI-15-536", "kind": "published", "published_date": "2015-11-10", "status": "published", "title": "Microsoft Windows NtUserDisableProcessWindowFiltering Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-536/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2933", "zdi_id": "ZDI-15-536" }, { "cve": "CVE-2015-6867", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Vertica. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vertica-udx-zygote process, which li...", "detail_json": "/data/advisories/ZDI-15-535/advisory.json", "detail_path": "advisories/ZDI-15-535", "id": "ZDI-15-535", "kind": "published", "published_date": "2015-11-02", "status": "published", "title": "Hewlett-Packard Vertica Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-535/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2914", "zdi_id": "ZDI-15-535" }, { "cve": "CVE-2015-7650", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-15-534/advisory.json", "detail_path": "advisories/ZDI-15-534", "id": "ZDI-15-534", "kind": "published", "published_date": "2015-11-02", "status": "published", "title": "Adobe Acrobat Reader DC CMAP Table Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-534/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3334", "zdi_id": "ZDI-15-534" }, { "cve": "CVE-2015-6978", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-533/advisory.json", "detail_path": "advisories/ZDI-15-533", "id": "ZDI-15-533", "kind": "published", "published_date": "2015-10-21", "status": "published", "title": "Apple Safari TTF Out-Of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-533/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-3268", "zdi_id": "ZDI-15-533" }, { "cve": "CVE-2015-8029", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-532/advisory.json", "detail_path": "advisories/ZDI-15-532", "id": "ZDI-15-532", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer Filmbox document Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-532/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2978", "zdi_id": "ZDI-15-532" }, { "cve": "CVE-2015-8028", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-531/advisory.json", "detail_path": "advisories/ZDI-15-531", "id": "ZDI-15-531", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer Flic Animation Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-531/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2977", "zdi_id": "ZDI-15-531" }, { "cve": "CVE-2015-8030", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-530/advisory.json", "detail_path": "advisories/ZDI-15-530", "id": "ZDI-15-530", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer FBX Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-530/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2984", "zdi_id": "ZDI-15-530" }, { "cve": "CVE-2015-8030", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-529/advisory.json", "detail_path": "advisories/ZDI-15-529", "id": "ZDI-15-529", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer JPEG2000 Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-529/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2988", "zdi_id": "ZDI-15-529" }, { "cve": "CVE-2015-8030", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-528/advisory.json", "detail_path": "advisories/ZDI-15-528", "id": "ZDI-15-528", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer LWO Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-528/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2985", "zdi_id": "ZDI-15-528" }, { "cve": "CVE-2015-8030", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-527/advisory.json", "detail_path": "advisories/ZDI-15-527", "id": "ZDI-15-527", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer U3D Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-527/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2986", "zdi_id": "ZDI-15-527" }, { "cve": "CVE-2015-8028", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-526/advisory.json", "detail_path": "advisories/ZDI-15-526", "id": "ZDI-15-526", "kind": "published", "published_date": "2015-10-20", "status": "published", "title": "SAP 3D Visual Enterprise Viewer 3DM Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-526/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2987", "zdi_id": "ZDI-15-526" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-525/advisory.json", "detail_path": "advisories/ZDI-15-525", "id": "ZDI-15-525", "kind": "published", "published_date": "2015-10-19", "status": "published", "title": "Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-525/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3266", "zdi_id": "ZDI-15-525" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-524/advisory.json", "detail_path": "advisories/ZDI-15-524", "id": "ZDI-15-524", "kind": "published", "published_date": "2015-10-19", "status": "published", "title": "Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-524/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-3267", "zdi_id": "ZDI-15-524" }, { "cve": "CVE-2015-6045", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-523/advisory.json", "detail_path": "advisories/ZDI-15-523", "id": "ZDI-15-523", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Internet Explorer empty-cells Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-523/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3119", "zdi_id": "ZDI-15-523" }, { "cve": "CVE-2015-6047", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that...", "detail_json": "/data/advisories/ZDI-15-522/advisory.json", "detail_path": "advisories/ZDI-15-522", "id": "ZDI-15-522", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-522/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3042", "zdi_id": "ZDI-15-522" }, { "cve": "CVE-2015-6055", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is re...", "detail_json": "/data/advisories/ZDI-15-521/advisory.json", "detail_path": "advisories/ZDI-15-521", "id": "ZDI-15-521", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-521/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3115", "zdi_id": "ZDI-15-521" }, { "cve": "CVE-2015-6042", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-520/advisory.json", "detail_path": "advisories/ZDI-15-520", "id": "ZDI-15-520", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Internet Explorer CWindow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-520/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3106", "zdi_id": "ZDI-15-520" }, { "cve": "CVE-2015-2557", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-519/advisory.json", "detail_path": "advisories/ZDI-15-519", "id": "ZDI-15-519", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Office Visio UML Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-519/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3096", "zdi_id": "ZDI-15-519" }, { "cve": "CVE-2015-6053", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose the contents of arbitrary memory locations on applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. Us...", "detail_json": "/data/advisories/ZDI-15-518/advisory.json", "detail_path": "advisories/ZDI-15-518", "id": "ZDI-15-518", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Windows JScript ArrayBuffer.slice Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-518/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3045", "zdi_id": "ZDI-15-518" }, { "cve": "CVE-2015-2555", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-517/advisory.json", "detail_path": "advisories/ZDI-15-517", "id": "ZDI-15-517", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Office Excel calculatedColumnFormula Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-517/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3014", "zdi_id": "ZDI-15-517" }, { "cve": "CVE-2015-2558", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-516/advisory.json", "detail_path": "advisories/ZDI-15-516", "id": "ZDI-15-516", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Office Excel fileVersion Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-516/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3038", "zdi_id": "ZDI-15-516" }, { "cve": "CVE-2015-2482", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vuln...", "detail_json": "/data/advisories/ZDI-15-515/advisory.json", "detail_path": "advisories/ZDI-15-515", "id": "ZDI-15-515", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-515/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2899", "zdi_id": "ZDI-15-515" }, { "cve": "CVE-2015-7629", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-514/advisory.json", "detail_path": "advisories/ZDI-15-514", "id": "ZDI-15-514", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Flash TextFormat tabStops Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-514/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2960", "zdi_id": "ZDI-15-514" }, { "cve": "CVE-2015-7631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-513/advisory.json", "detail_path": "advisories/ZDI-15-513", "id": "ZDI-15-513", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Flash TextLine validity Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-513/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3108", "zdi_id": "ZDI-15-513" }, { "cve": "CVE-2015-7632", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-512/advisory.json", "detail_path": "advisories/ZDI-15-512", "id": "ZDI-15-512", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Flash Loader loadBytes Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-512/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3112", "zdi_id": "ZDI-15-512" }, { "cve": "CVE-2015-7643", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-511/advisory.json", "detail_path": "advisories/ZDI-15-511", "id": "ZDI-15-511", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Flash AS2 Video deblocking Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-511/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3293", "zdi_id": "ZDI-15-511" }, { "cve": "CVE-2015-7623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-510/advisory.json", "detail_path": "advisories/ZDI-15-510", "id": "ZDI-15-510", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANAuthenticateResource Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-510/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3117", "zdi_id": "ZDI-15-510" }, { "cve": "CVE-2015-7614", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling URL's passed to app.launchURL....", "detail_json": "/data/advisories/ZDI-15-509/advisory.json", "detail_path": "advisories/ZDI-15-509", "id": "ZDI-15-509", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC app.launchURL Command Execution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-509/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3103", "zdi_id": "ZDI-15-509" }, { "cve": "CVE-2015-7621", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-508/advisory.json", "detail_path": "advisories/ZDI-15-508", "id": "ZDI-15-508", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC U3D Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-508/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3101", "zdi_id": "ZDI-15-508" }, { "cve": "CVE-2015-6716", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-507/advisory.json", "detail_path": "advisories/ZDI-15-507", "id": "ZDI-15-507", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendForFormDistribution Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-507/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3091", "zdi_id": "ZDI-15-507" }, { "cve": "CVE-2015-6720", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-506/advisory.json", "detail_path": "advisories/ZDI-15-506", "id": "ZDI-15-506", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANRunSharedReviewEmailStep Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-506/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3090", "zdi_id": "ZDI-15-506" }, { "cve": "CVE-2015-6725", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-505/advisory.json", "detail_path": "advisories/ZDI-15-505", "id": "ZDI-15-505", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendForSharedReview Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-505/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3089", "zdi_id": "ZDI-15-505" }, { "cve": "CVE-2015-6719", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-504/advisory.json", "detail_path": "advisories/ZDI-15-504", "id": "ZDI-15-504", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewCloseDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-504/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3088", "zdi_id": "ZDI-15-504" }, { "cve": "CVE-2015-6718", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-503/advisory.json", "detail_path": "advisories/ZDI-15-503", "id": "ZDI-15-503", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewIfOfflineDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-503/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3087", "zdi_id": "ZDI-15-503" }, { "cve": "CVE-2015-6721", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-502/advisory.json", "detail_path": "advisories/ZDI-15-502", "id": "ZDI-15-502", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewSecurityDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-502/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3086", "zdi_id": "ZDI-15-502" }, { "cve": "CVE-2015-6722", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-501/advisory.json", "detail_path": "advisories/ZDI-15-501", "id": "ZDI-15-501", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBSharedReviewStatusDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-501/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3085", "zdi_id": "ZDI-15-501" }, { "cve": "CVE-2015-7619", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-500/advisory.json", "detail_path": "advisories/ZDI-15-500", "id": "ZDI-15-500", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANShareFile2 Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-500/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3084", "zdi_id": "ZDI-15-500" }, { "cve": "CVE-2015-6717", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-499/advisory.json", "detail_path": "advisories/ZDI-15-499", "id": "ZDI-15-499", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC DynamicAnnotStore Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-499/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3083", "zdi_id": "ZDI-15-499" }, { "cve": "CVE-2015-7618", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-498/advisory.json", "detail_path": "advisories/ZDI-15-498", "id": "ZDI-15-498", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBAutoConfigCommentRepository Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-498/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3082", "zdi_id": "ZDI-15-498" }, { "cve": "CVE-2015-6723", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-497/advisory.json", "detail_path": "advisories/ZDI-15-497", "id": "ZDI-15-497", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANTrustPropagateAll Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-497/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3081", "zdi_id": "ZDI-15-497" }, { "cve": "CVE-2015-7620", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-496/advisory.json", "detail_path": "advisories/ZDI-15-496", "id": "ZDI-15-496", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendForBrowserReview Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-496/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3080", "zdi_id": "ZDI-15-496" }, { "cve": "CVE-2015-6724", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-495/advisory.json", "detail_path": "advisories/ZDI-15-495", "id": "ZDI-15-495", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendForApproval Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-495/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3079", "zdi_id": "ZDI-15-495" }, { "cve": "CVE-2015-7616", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-494/advisory.json", "detail_path": "advisories/ZDI-15-494", "id": "ZDI-15-494", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANVerifyComments Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-494/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3073", "zdi_id": "ZDI-15-494" }, { "cve": "CVE-2015-7615", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-15-493/advisory.json", "detail_path": "advisories/ZDI-15-493", "id": "ZDI-15-493", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC Media SaveAs Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-493/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3069", "zdi_id": "ZDI-15-493" }, { "cve": "CVE-2015-7617", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-15-492/advisory.json", "detail_path": "advisories/ZDI-15-492", "id": "ZDI-15-492", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC EScript Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-492/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3068", "zdi_id": "ZDI-15-492" }, { "cve": "CVE-2015-6715", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-491/advisory.json", "detail_path": "advisories/ZDI-15-491", "id": "ZDI-15-491", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC apply Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-491/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3067", "zdi_id": "ZDI-15-491" }, { "cve": "CVE-2015-6714", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-490/advisory.json", "detail_path": "advisories/ZDI-15-490", "id": "ZDI-15-490", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC bind Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-490/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3066", "zdi_id": "ZDI-15-490" }, { "cve": "CVE-2015-6713", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-489/advisory.json", "detail_path": "advisories/ZDI-15-489", "id": "ZDI-15-489", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC call Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-489/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3065", "zdi_id": "ZDI-15-489" }, { "cve": "CVE-2015-6712", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-488/advisory.json", "detail_path": "advisories/ZDI-15-488", "id": "ZDI-15-488", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendApprovalToAuthorEnabled Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-488/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3063", "zdi_id": "ZDI-15-488" }, { "cve": "CVE-2015-6710", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-487/advisory.json", "detail_path": "advisories/ZDI-15-487", "id": "ZDI-15-487", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBBBRInit Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-487/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3062", "zdi_id": "ZDI-15-487" }, { "cve": "CVE-2015-6709", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-486/advisory.json", "detail_path": "advisories/ZDI-15-486", "id": "ZDI-15-486", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC CBBBRInvite Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-486/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3061", "zdi_id": "ZDI-15-486" }, { "cve": "CVE-2015-6711", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-485/advisory.json", "detail_path": "advisories/ZDI-15-485", "id": "ZDI-15-485", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC DoIdentityDialog Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-485/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3060", "zdi_id": "ZDI-15-485" }, { "cve": "CVE-2015-6708", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-484/advisory.json", "detail_path": "advisories/ZDI-15-484", "id": "ZDI-15-484", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANStartApproval Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-484/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3059", "zdi_id": "ZDI-15-484" }, { "cve": "CVE-2015-6707", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-483/advisory.json", "detail_path": "advisories/ZDI-15-483", "id": "ZDI-15-483", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC ANSendForReview Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-483/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3058", "zdi_id": "ZDI-15-483" }, { "cve": "CVE-2015-6704", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-482/advisory.json", "detail_path": "advisories/ZDI-15-482", "id": "ZDI-15-482", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC animations Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-482/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3051", "zdi_id": "ZDI-15-482" }, { "cve": "CVE-2015-6703", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-481/advisory.json", "detail_path": "advisories/ZDI-15-481", "id": "ZDI-15-481", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC loadFlashMovie Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-481/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3050", "zdi_id": "ZDI-15-481" }, { "cve": "CVE-2015-6702", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-480/advisory.json", "detail_path": "advisories/ZDI-15-480", "id": "ZDI-15-480", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC createSquareMesh Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-480/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3049", "zdi_id": "ZDI-15-480" }, { "cve": "CVE-2015-6701", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-479/advisory.json", "detail_path": "advisories/ZDI-15-479", "id": "ZDI-15-479", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC ambientIlluminationColor Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-479/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3048", "zdi_id": "ZDI-15-479" }, { "cve": "CVE-2015-6700", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-478/advisory.json", "detail_path": "advisories/ZDI-15-478", "id": "ZDI-15-478", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC setBackground Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-478/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3047", "zdi_id": "ZDI-15-478" }, { "cve": "CVE-2015-6699", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-477/advisory.json", "detail_path": "advisories/ZDI-15-477", "id": "ZDI-15-477", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC addForegroundSprite Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-477/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3046", "zdi_id": "ZDI-15-477" }, { "cve": "CVE-2015-6698", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-476/advisory.json", "detail_path": "advisories/ZDI-15-476", "id": "ZDI-15-476", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader DC AcroForm Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-476/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3044", "zdi_id": "ZDI-15-476" }, { "cve": "CVE-2015-6697", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-475/advisory.json", "detail_path": "advisories/ZDI-15-475", "id": "ZDI-15-475", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Pro DC Color Object Address Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-475/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3036", "zdi_id": "ZDI-15-475" }, { "cve": "CVE-2015-6690", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-474/advisory.json", "detail_path": "advisories/ZDI-15-474", "id": "ZDI-15-474", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader popUpMenuEx Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-474/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3018", "zdi_id": "ZDI-15-474" }, { "cve": "CVE-2015-6693", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-15-473/advisory.json", "detail_path": "advisories/ZDI-15-473", "id": "ZDI-15-473", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Signature signatureSetSeed Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-473/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3017", "zdi_id": "ZDI-15-473" }, { "cve": "CVE-2015-6695", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-472/advisory.json", "detail_path": "advisories/ZDI-15-472", "id": "ZDI-15-472", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader listbox value Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-472/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3016", "zdi_id": "ZDI-15-472" }, { "cve": "CVE-2015-6694", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-471/advisory.json", "detail_path": "advisories/ZDI-15-471", "id": "ZDI-15-471", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader fillColor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-471/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3015", "zdi_id": "ZDI-15-471" }, { "cve": "CVE-2015-6689", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-470/advisory.json", "detail_path": "advisories/ZDI-15-470", "id": "ZDI-15-470", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Pro DC WillSave Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-470/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2998", "zdi_id": "ZDI-15-470" }, { "cve": "CVE-2015-6688", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-469/advisory.json", "detail_path": "advisories/ZDI-15-469", "id": "ZDI-15-469", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Pro DC WillSave OCG Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-469/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2997", "zdi_id": "ZDI-15-469" }, { "cve": "CVE-2015-5583", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose arbitrary PDF files on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-468/advisory.json", "detail_path": "advisories/ZDI-15-468", "id": "ZDI-15-468", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader Read Restrictions Bypass Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-468/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2893", "zdi_id": "ZDI-15-468" }, { "cve": "CVE-2015-6685", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-15-467/advisory.json", "detail_path": "advisories/ZDI-15-467", "id": "ZDI-15-467", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC Fields Format Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-467/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2816", "zdi_id": "ZDI-15-467" }, { "cve": "CVE-2015-6686", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-15-466/advisory.json", "detail_path": "advisories/ZDI-15-466", "id": "ZDI-15-466", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Acrobat Reader DC Fields Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-466/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2958", "zdi_id": "ZDI-15-466" }, { "cve": "CVE-2015-7829", "cvss": 1.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete arbitrary files on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-465/advisory.json", "detail_path": "advisories/ZDI-15-465", "id": "ZDI-15-465", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "Adobe Reader Arbitrary File Deletion Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-465/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2892", "zdi_id": "ZDI-15-465" }, { "cve": "CVE-2015-8040", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-464/advisory.json", "detail_path": "advisories/ZDI-15-464", "id": "ZDI-15-464", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "(0Day) Samsung SmartViewer CNC_Ctrl ActiveX Control rtsp_getdlsendtime Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-464/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2609", "zdi_id": "ZDI-15-464" }, { "cve": "CVE-2015-8039", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-463/advisory.json", "detail_path": "advisories/ZDI-15-463", "id": "ZDI-15-463", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "(0Day) Samsung SmartViewer STWAxConfigNVR SendCustomPacket Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-463/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2711", "zdi_id": "ZDI-15-463" }, { "cve": "CVE-2015-8039", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-462/advisory.json", "detail_path": "advisories/ZDI-15-462", "id": "ZDI-15-462", "kind": "published", "published_date": "2015-10-13", "status": "published", "title": "(0Day) Samsung SmartViewer STWAxConfig DVRSetupSave Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-462/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2710", "zdi_id": "ZDI-15-462" }, { "cve": "CVE-2015-7839", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within requests to /services/messagebr...", "detail_json": "/data/advisories/ZDI-15-461/advisory.json", "detail_path": "advisories/ZDI-15-461", "id": "ZDI-15-461", "kind": "published", "published_date": "2015-10-07", "status": "published", "title": "Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-461/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2730", "zdi_id": "ZDI-15-461" }, { "cve": "CVE-2015-7838", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ProcessFileUpload.jsp within the hand...", "detail_json": "/data/advisories/ZDI-15-460/advisory.json", "detail_path": "advisories/ZDI-15-460", "id": "ZDI-15-460", "kind": "published", "published_date": "2015-10-07", "status": "published", "title": "Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-460/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2731", "zdi_id": "ZDI-15-460" }, { "cve": "CVE-2015-2429", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-459/advisory.json", "detail_path": "advisories/ZDI-15-459", "id": "ZDI-15-459", "kind": "published", "published_date": "2015-10-07", "status": "published", "title": "Microsoft Internet Explorer CIERegistryHelper::SetSingleValue Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-459/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2941", "zdi_id": "ZDI-15-459" }, { "cve": "CVE-2015-2408", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-458/advisory.json", "detail_path": "advisories/ZDI-15-458", "id": "ZDI-15-458", "kind": "published", "published_date": "2015-10-07", "status": "published", "title": "Microsoft Internet Explorer CTitleElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-458/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2949", "zdi_id": "ZDI-15-458" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-15-457/advisory.json", "detail_path": "advisories/ZDI-15-457", "id": "ZDI-15-457", "kind": "published", "published_date": "2015-10-07", "status": "published", "title": "(Pwn2Own) Microsoft Windows secdrv.sys Uninitialized Buffer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-457/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2835", "zdi_id": "ZDI-15-457" }, { "cve": "CVE-2015-4479", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-456/advisory.json", "detail_path": "advisories/ZDI-15-456", "id": "ZDI-15-456", "kind": "published", "published_date": "2015-10-05", "status": "published", "title": "Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-456/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2966", "zdi_id": "ZDI-15-456" }, { "cve": "CVE-2015-2342", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the configuration of the JMX remote interface....", "detail_json": "/data/advisories/ZDI-15-455/advisory.json", "detail_path": "advisories/ZDI-15-455", "id": "ZDI-15-455", "kind": "published", "published_date": "2015-10-02", "status": "published", "title": "VMware vCenter Server JMX RMI Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-455/", "vendor": "VMware, Inc.", "vendor_url": null, "zdi_can": "ZDI-CAN-2763", "zdi_id": "ZDI-15-455" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung XNS ActiveX SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-15-454/advisory.json", "detail_path": "advisories/ZDI-15-454", "id": "ZDI-15-454", "kind": "published", "published_date": "2015-10-02", "status": "published", "title": "(0Day) Samsung XNS ActiveX SDK XnsSdkDevice Multiple Untrusted Pointer Dereference Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-454/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2533", "zdi_id": "ZDI-15-454" }, { "cve": "CVE-2015-6481", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class....", "detail_json": "/data/advisories/ZDI-15-453/advisory.json", "detail_path": "advisories/ZDI-15-453", "id": "ZDI-15-453", "kind": "published", "published_date": "2015-09-29", "status": "published", "title": "(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-453/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2529", "zdi_id": "ZDI-15-453" }, { "cve": "CVE-2015-6480", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MessageBrokerServlet serv...", "detail_json": "/data/advisories/ZDI-15-452/advisory.json", "detail_path": "advisories/ZDI-15-452", "id": "ZDI-15-452", "kind": "published", "published_date": "2015-09-29", "status": "published", "title": "(0Day) Moxa OnCell Central Manager Server MessageBrokerServlet Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-452/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2526", "zdi_id": "ZDI-15-452" }, { "cve": "CVE-2015-7374", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of InduSoft WebStudio. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Remote Agent service listening on TCP p...", "detail_json": "/data/advisories/ZDI-15-451/advisory.json", "detail_path": "advisories/ZDI-15-451", "id": "ZDI-15-451", "kind": "published", "published_date": "2015-09-28", "status": "published", "title": "InduSoft Web Studio Remote Agent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-451/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2649", "zdi_id": "ZDI-15-451" }, { "cve": "CVE-2015-6589", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, whic...", "detail_json": "/data/advisories/ZDI-15-450/advisory.json", "detail_path": "advisories/ZDI-15-450", "id": "ZDI-15-450", "kind": "published", "published_date": "2015-09-23", "status": "published", "title": "Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-450/", "vendor": "Kaseya", "vendor_url": null, "zdi_can": "ZDI-CAN-2841", "zdi_id": "ZDI-15-450" }, { "cve": "CVE-2015-6922", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, whic...", "detail_json": "/data/advisories/ZDI-15-449/advisory.json", "detail_path": "advisories/ZDI-15-449", "id": "ZDI-15-449", "kind": "published", "published_date": "2015-09-23", "status": "published", "title": "Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-449/", "vendor": "Kaseya", "vendor_url": null, "zdi_can": "ZDI-CAN-2840", "zdi_id": "ZDI-15-449" }, { "cve": "CVE-2015-6922", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service's han...", "detail_json": "/data/advisories/ZDI-15-448/advisory.json", "detail_path": "advisories/ZDI-15-448", "id": "ZDI-15-448", "kind": "published", "published_date": "2015-09-23", "status": "published", "title": "Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-448/", "vendor": "Kaseya", "vendor_url": null, "zdi_can": "ZDI-CAN-2754", "zdi_id": "ZDI-15-448" }, { "cve": "CVE-2015-5570", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-447/advisory.json", "detail_path": "advisories/ZDI-15-447", "id": "ZDI-15-447", "kind": "published", "published_date": "2015-09-21", "status": "published", "title": "Adobe Flash AVSegmentedSource setSubscribedTags Uninitialized Memory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-447/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3110", "zdi_id": "ZDI-15-447" }, { "cve": "CVE-2015-6678", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-446/advisory.json", "detail_path": "advisories/ZDI-15-446", "id": "ZDI-15-446", "kind": "published", "published_date": "2015-09-21", "status": "published", "title": "(Pwn2Own) Adobe Flash Player DefineText Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-446/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2817", "zdi_id": "ZDI-15-446" }, { "cve": "CVE-2015-7303", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP headers by the Upd...", "detail_json": "/data/advisories/ZDI-15-445/advisory.json", "detail_path": "advisories/ZDI-15-445", "id": "ZDI-15-445", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "(0Day) Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-445/", "vendor": "Avira", "vendor_url": null, "zdi_can": "ZDI-CAN-3118", "zdi_id": "ZDI-15-445" }, { "cve": "CVE-2015-5690, CVE-2015-5693", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the path processing for command URLs access...", "detail_json": "/data/advisories/ZDI-15-444/advisory.json", "detail_path": "advisories/ZDI-15-444", "id": "ZDI-15-444", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "Symantec Web Gateway Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-444/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-3057", "zdi_id": "ZDI-15-444" }, { "cve": "CVE-2015-5691, CVE-2015-5692", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific fla...", "detail_json": "/data/advisories/ZDI-15-443/advisory.json", "detail_path": "advisories/ZDI-15-443", "id": "ZDI-15-443", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-443/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-2917", "zdi_id": "ZDI-15-443" }, { "cve": "CVE-2015-6460", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CODESYS Gateway Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the 0x03f0 opcode. An att...", "detail_json": "/data/advisories/ZDI-15-442/advisory.json", "detail_path": "advisories/ZDI-15-442", "id": "ZDI-15-442", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "CODESYS Gateway Server Opcode 0x3f0 Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-442/", "vendor": "Codesys", "vendor_url": null, "zdi_can": "ZDI-CAN-2786", "zdi_id": "ZDI-15-442" }, { "cve": "CVE-2015-6460", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CODESYS Gateway Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the 0x3ef opcode. An atta...", "detail_json": "/data/advisories/ZDI-15-441/advisory.json", "detail_path": "advisories/ZDI-15-441", "id": "ZDI-15-441", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "CODESYS Gateway Server Opcode 0x3ef Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-441/", "vendor": "Codesys", "vendor_url": null, "zdi_can": "ZDI-CAN-2785", "zdi_id": "ZDI-15-441" }, { "cve": "CVE-2015-6456", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the Pul...", "detail_json": "/data/advisories/ZDI-15-440/advisory.json", "detail_path": "advisories/ZDI-15-440", "id": "ZDI-15-440", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "GE MDS PulseNET Hidden Support Account Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-440/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-2922", "zdi_id": "ZDI-15-440" }, { "cve": "CVE-2015-6459", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read and delete arbitrary files on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileDownloadServlet. By specifying...", "detail_json": "/data/advisories/ZDI-15-439/advisory.json", "detail_path": "advisories/ZDI-15-439", "id": "ZDI-15-439", "kind": "published", "published_date": "2015-09-16", "status": "published", "title": "GE MDS PulseNET FileDownloadServlet Directory Traversal Information Disclosure And Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-439/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-2906", "zdi_id": "ZDI-15-439" }, { "cve": "CVE-2014-3789", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EvalExpresssion method, which is available re...", "detail_json": "/data/advisories/ZDI-15-438/advisory.json", "detail_path": "advisories/ZDI-15-438", "id": "ZDI-15-438", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Cogent DataHub Gamma Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-438/", "vendor": "Cogent Real-Time Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-2981", "zdi_id": "ZDI-15-438" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-437/advisory.json", "detail_path": "advisories/ZDI-15-437", "id": "ZDI-15-437", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS VLCControl setUserInfoData strIP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-437/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2999", "zdi_id": "ZDI-15-437" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-436/advisory.json", "detail_path": "advisories/ZDI-15-436", "id": "ZDI-15-436", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS VLCPlugin ActiveX Control setUserInfoData strUserName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-436/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-3000", "zdi_id": "ZDI-15-436" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-435/advisory.json", "detail_path": "advisories/ZDI-15-435", "id": "ZDI-15-435", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 Open3 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-435/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2954", "zdi_id": "ZDI-15-435" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-434/advisory.json", "detail_path": "advisories/ZDI-15-434", "id": "ZDI-15-434", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 AudioRecord Method fullfilename Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-434/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2951", "zdi_id": "ZDI-15-434" }, { "cve": "CVE-2015-6458", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-433/advisory.json", "detail_path": "advisories/ZDI-15-433", "id": "ZDI-15-433", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 AudioRecord Method ip Argument Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-433/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2952", "zdi_id": "ZDI-15-433" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-432/advisory.json", "detail_path": "advisories/ZDI-15-432", "id": "ZDI-15-432", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 Open and Open2 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-432/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2950", "zdi_id": "ZDI-15-432" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-431/advisory.json", "detail_path": "advisories/ZDI-15-431", "id": "ZDI-15-431", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS IPCam.IPCam_Video_Render_Plugin.1 IVLCControl setRecordPrefix Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-431/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2955", "zdi_id": "ZDI-15-431" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-430/advisory.json", "detail_path": "advisories/ZDI-15-430", "id": "ZDI-15-430", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS IPCam.IPCam_Video_Render_Plugin.1 IVLCControl setStreamRecordData Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-430/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2956", "zdi_id": "ZDI-15-430" }, { "cve": "CVE-2015-6457", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-429/advisory.json", "detail_path": "advisories/ZDI-15-429", "id": "ZDI-15-429", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Moxa SoftCMS IPCam.IPCam_Video_Render_Plugin.1 IVLCControl setConfigPath Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-429/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2953", "zdi_id": "ZDI-15-429" }, { "cve": "CVE-2015-2541", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-428/advisory.json", "detail_path": "advisories/ZDI-15-428", "id": "ZDI-15-428", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-428/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3003", "zdi_id": "ZDI-15-428" }, { "cve": "CVE-2015-2501", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a use-after-free condition on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-15-427/advisory.json", "detail_path": "advisories/ZDI-15-427", "id": "ZDI-15-427", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer CImgTaskSvgDoc Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-427/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3025", "zdi_id": "ZDI-15-427" }, { "cve": "CVE-2015-2500", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-426/advisory.json", "detail_path": "advisories/ZDI-15-426", "id": "ZDI-15-426", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-426/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3007", "zdi_id": "ZDI-15-426" }, { "cve": "CVE-2015-2499", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-425/advisory.json", "detail_path": "advisories/ZDI-15-425", "id": "ZDI-15-425", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer CTableColCalc Out-Of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-425/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3006", "zdi_id": "ZDI-15-425" }, { "cve": "CVE-2015-2498", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-424/advisory.json", "detail_path": "advisories/ZDI-15-424", "id": "ZDI-15-424", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer CTableSectionRowsCollectionCacheItem Out-Of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-424/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-3034", "zdi_id": "ZDI-15-424" }, { "cve": "CVE-2015-2489", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-423/advisory.json", "detail_path": "advisories/ZDI-15-423", "id": "ZDI-15-423", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer ISettingsBroker Sandbox Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-423/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2939", "zdi_id": "ZDI-15-423" }, { "cve": "CVE-2015-2486", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-422/advisory.json", "detail_path": "advisories/ZDI-15-422", "id": "ZDI-15-422", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer mergeAttributes Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-422/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2971", "zdi_id": "ZDI-15-422" }, { "cve": "CVE-2015-2485", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-421/advisory.json", "detail_path": "advisories/ZDI-15-421", "id": "ZDI-15-421", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer Element ID Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-421/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2962", "zdi_id": "ZDI-15-421" }, { "cve": "CVE-2015-2487", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-420/advisory.json", "detail_path": "advisories/ZDI-15-420", "id": "ZDI-15-420", "kind": "published", "published_date": "2015-09-08", "status": "published", "title": "Microsoft Internet Explorer Embedded Windows Media Player Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-420/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2991", "zdi_id": "ZDI-15-420" }, { "cve": "CVE-2015-5689", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Ghost. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-419/advisory.json", "detail_path": "advisories/ZDI-15-419", "id": "ZDI-15-419", "kind": "published", "published_date": "2015-09-03", "status": "published", "title": "Symantec Ghost Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-419/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-2989", "zdi_id": "ZDI-15-419" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the edit_lf_process resource of the AccuRev Repr...", "detail_json": "/data/advisories/ZDI-15-418/advisory.json", "detail_path": "advisories/ZDI-15-418", "id": "ZDI-15-418", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server edit_lf_process Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-418/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3027", "zdi_id": "ZDI-15-418" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the edit_lf_get_data functionality of the AccuRev...", "detail_json": "/data/advisories/ZDI-15-417/advisory.json", "detail_path": "advisories/ZDI-15-417", "id": "ZDI-15-417", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server edit_lf_get_data Command lf Parameter Path Traversal Read Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-417/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3028", "zdi_id": "ZDI-15-417" }, { "cve": "CVE-2015-6946", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service_startup_doit functionality of the Re...", "detail_json": "/data/advisories/ZDI-15-416/advisory.json", "detail_path": "advisories/ZDI-15-416", "id": "ZDI-15-416", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server service_setup_doit Command Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-416/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3029", "zdi_id": "ZDI-15-416" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rlmswitch_process functionality of the Repri...", "detail_json": "/data/advisories/ZDI-15-415/advisory.json", "detail_path": "advisories/ZDI-15-415", "id": "ZDI-15-415", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Management Server Path Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-415/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3030", "zdi_id": "ZDI-15-415" }, { "cve": "CVE-2015-6946", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the activate_doit function of the service. The i...", "detail_json": "/data/advisories/ZDI-15-414/advisory.json", "detail_path": "advisories/ZDI-15-414", "id": "ZDI-15-414", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server activate_doit Command actserver Parameter Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-414/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3033", "zdi_id": "ZDI-15-414" }, { "cve": null, "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the diagonostic_doit command of the AccuRev R...", "detail_json": "/data/advisories/ZDI-15-413/advisory.json", "detail_path": "advisories/ZDI-15-413", "id": "ZDI-15-413", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server diagnostics_doit Command outputfile Parameter File Overwrite Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-413/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3031", "zdi_id": "ZDI-15-413" }, { "cve": "CVE-2015-6946", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a stack buffer overflow in the Reprise License Management service on installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the activa...", "detail_json": "/data/advisories/ZDI-15-412/advisory.json", "detail_path": "advisories/ZDI-15-412", "id": "ZDI-15-412", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev Reprise License Server activate_doit Command akey Parameter Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-412/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3032", "zdi_id": "ZDI-15-412" }, { "cve": null, "cvss": 8.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read or delete arbitrary files on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaws exist within implementation of the SaveContent functi...", "detail_json": "/data/advisories/ZDI-15-411/advisory.json", "detail_path": "advisories/ZDI-15-411", "id": "ZDI-15-411", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Borland AccuRev SaveContentServiceImpl Servlet Path Traversal Remote File Read And Deletion Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-411/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-3026", "zdi_id": "ZDI-15-411" }, { "cve": "CVE-2015-6948", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Corel WordPerfect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-410/advisory.json", "detail_path": "advisories/ZDI-15-410", "id": "ZDI-15-410", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) Corel WordPerfect Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-410/", "vendor": "Corel", "vendor_url": null, "zdi_can": "ZDI-CAN-3052", "zdi_id": "ZDI-15-410" }, { "cve": "CVE-2015-6949", "cvss": 7.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ASUS TM-1900. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP header parsing routine. The issue lies...", "detail_json": "/data/advisories/ZDI-15-409/advisory.json", "detail_path": "advisories/ZDI-15-409", "id": "ZDI-15-409", "kind": "published", "published_date": "2015-09-02", "status": "published", "title": "(0Day) ASUS TM-AC1900 httpd Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-409/", "vendor": "ASUS", "vendor_url": null, "zdi_can": "ZDI-CAN-3035", "zdi_id": "ZDI-15-409" }, { "cve": "CVE-2015-5426", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability could allow attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-408/advisory.json", "detail_path": "advisories/ZDI-15-408", "id": "ZDI-15-408", "kind": "published", "published_date": "2015-09-01", "status": "published", "title": "Hewlett-Packard LoadRunner Controller Scenario File Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-408/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2756", "zdi_id": "ZDI-15-408" }, { "cve": "CVE-2015-1830", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within ActiveMQ fileserver web application. By issuing...", "detail_json": "/data/advisories/ZDI-15-407/advisory.json", "detail_path": "advisories/ZDI-15-407", "id": "ZDI-15-407", "kind": "published", "published_date": "2015-08-31", "status": "published", "title": "Apache ActiveMQ RestFilter Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-407/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-3005", "zdi_id": "ZDI-15-407" }, { "cve": "CVE-2015-4497", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-406/advisory.json", "detail_path": "advisories/ZDI-15-406", "id": "ZDI-15-406", "kind": "published", "published_date": "2015-08-31", "status": "published", "title": "Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-406/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2938", "zdi_id": "ZDI-15-406" }, { "cve": "CVE-2015-5417", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-405/advisory.json", "detail_path": "advisories/ZDI-15-405", "id": "ZDI-15-405", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL GIF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-405/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2876", "zdi_id": "ZDI-15-405" }, { "cve": "CVE-2015-5420", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-404/advisory.json", "detail_path": "advisories/ZDI-15-404", "id": "ZDI-15-404", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL ODF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-404/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2880", "zdi_id": "ZDI-15-404" }, { "cve": "CVE-2015-5422", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-403/advisory.json", "detail_path": "advisories/ZDI-15-403", "id": "ZDI-15-403", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL AutoCAD Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-403/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2883", "zdi_id": "ZDI-15-403" }, { "cve": "CVE-2015-5419", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-402/advisory.json", "detail_path": "advisories/ZDI-15-402", "id": "ZDI-15-402", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL GIF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-402/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2879", "zdi_id": "ZDI-15-402" }, { "cve": "CVE-2015-5418", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-401/advisory.json", "detail_path": "advisories/ZDI-15-401", "id": "ZDI-15-401", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL GIF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-401/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2877", "zdi_id": "ZDI-15-401" }, { "cve": "CVE-2015-5421", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-400/advisory.json", "detail_path": "advisories/ZDI-15-400", "id": "ZDI-15-400", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL Lotus Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-400/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2881", "zdi_id": "ZDI-15-400" }, { "cve": "CVE-2015-5423", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-399/advisory.json", "detail_path": "advisories/ZDI-15-399", "id": "ZDI-15-399", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL HTML Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-399/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2884", "zdi_id": "ZDI-15-399" }, { "cve": "CVE-2015-5424", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-398/advisory.json", "detail_path": "advisories/ZDI-15-398", "id": "ZDI-15-398", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL DOCX Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-398/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2885", "zdi_id": "ZDI-15-398" }, { "cve": "CVE-2015-5416", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-397/advisory.json", "detail_path": "advisories/ZDI-15-397", "id": "ZDI-15-397", "kind": "published", "published_date": "2015-08-24", "status": "published", "title": "Hewlett-Packard KeyView IDOL GIF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-397/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2875", "zdi_id": "ZDI-15-397" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of uploaded files. The iss...", "detail_json": "/data/advisories/ZDI-15-396/advisory.json", "detail_path": "advisories/ZDI-15-396", "id": "ZDI-15-396", "kind": "published", "published_date": "2015-08-20", "status": "published", "title": "ManageEngine Service Desk File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-396/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2709", "zdi_id": "ZDI-15-396" }, { "cve": null, "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-395/advisory.json", "detail_path": "advisories/ZDI-15-395", "id": "ZDI-15-395", "kind": "published", "published_date": "2015-08-20", "status": "published", "title": "Foxit Reader GIF Conversion Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-395/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-2894", "zdi_id": "ZDI-15-395" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PHP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of invalid regular expressions. The issue lies...", "detail_json": "/data/advisories/ZDI-15-394/advisory.json", "detail_path": "advisories/ZDI-15-394", "id": "ZDI-15-394", "kind": "published", "published_date": "2015-08-17", "status": "published", "title": "PHP Regular Expression Uninitialized Pointer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-394/", "vendor": "PHP", "vendor_url": null, "zdi_can": "ZDI-CAN-2547", "zdi_id": "ZDI-15-394" }, { "cve": null, "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-393/advisory.json", "detail_path": "advisories/ZDI-15-393", "id": "ZDI-15-393", "kind": "published", "published_date": "2015-08-17", "status": "published", "title": "Foxit Reader TIFF Conversion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-393/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-2902", "zdi_id": "ZDI-15-393" }, { "cve": "CVE-2015-0986", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VPort ActiveX SDK PLUS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-392/advisory.json", "detail_path": "advisories/ZDI-15-392", "id": "ZDI-15-392", "kind": "published", "published_date": "2015-08-13", "status": "published", "title": "Moxa VPort ActiveX SDK PLUS GetClientReg Name Parameter Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-392/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2525", "zdi_id": "ZDI-15-392" }, { "cve": "CVE-2015-1000", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VPort ActiveX SDK PLUS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-391/advisory.json", "detail_path": "advisories/ZDI-15-391", "id": "ZDI-15-391", "kind": "published", "published_date": "2015-08-13", "status": "published", "title": "Moxa VPort ActiveX SDK PLUS GetClientReg Model Parameter Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-391/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2496", "zdi_id": "ZDI-15-391" }, { "cve": "CVE-2015-3799", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient. The specific flaw exists within the authentication o...", "detail_json": "/data/advisories/ZDI-15-390/advisory.json", "detail_path": "advisories/ZDI-15-390", "id": "ZDI-15-390", "kind": "published", "published_date": "2015-08-13", "status": "published", "title": "Apple OS X iCloud Account Authentication Elevation Of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-390/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2996", "zdi_id": "ZDI-15-390" }, { "cve": "CVE-2015-2452", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-389/advisory.json", "detail_path": "advisories/ZDI-15-389", "id": "ZDI-15-389", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer CStyleAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-389/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2972", "zdi_id": "ZDI-15-389" }, { "cve": "CVE-2015-2455", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-388/advisory.json", "detail_path": "advisories/ZDI-15-388", "id": "ZDI-15-388", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows TrueType Fonts Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-388/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2818", "zdi_id": "ZDI-15-388" }, { "cve": "CVE-2015-2435", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-387/advisory.json", "detail_path": "advisories/ZDI-15-387", "id": "ZDI-15-387", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "(Pwn2Own) Microsoft Windows TrueType Font Pool Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-387/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2824", "zdi_id": "ZDI-15-387" }, { "cve": "CVE-2015-2454", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Microsoft Internet Explorer User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-15-386/advisory.json", "detail_path": "advisories/ZDI-15-386", "id": "ZDI-15-386", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer HelpPane Sandbox Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-386/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2923", "zdi_id": "ZDI-15-386" }, { "cve": "CVE-2015-2451", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-385/advisory.json", "detail_path": "advisories/ZDI-15-385", "id": "ZDI-15-385", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-385/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2963", "zdi_id": "ZDI-15-385" }, { "cve": "CVE-2015-2450", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-384/advisory.json", "detail_path": "advisories/ZDI-15-384", "id": "ZDI-15-384", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-384/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2961", "zdi_id": "ZDI-15-384" }, { "cve": "CVE-2015-2448", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-383/advisory.json", "detail_path": "advisories/ZDI-15-383", "id": "ZDI-15-383", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer Array Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-383/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2944", "zdi_id": "ZDI-15-383" }, { "cve": "CVE-2015-2443", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-382/advisory.json", "detail_path": "advisories/ZDI-15-382", "id": "ZDI-15-382", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer stack Property Descriptor Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-382/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2909", "zdi_id": "ZDI-15-382" }, { "cve": "CVE-2015-2440", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...", "detail_json": "/data/advisories/ZDI-15-381/advisory.json", "detail_path": "advisories/ZDI-15-381", "id": "ZDI-15-381", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft MSXML generate-id Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-381/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2760", "zdi_id": "ZDI-15-381" }, { "cve": "CVE-2015-2429", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope...", "detail_json": "/data/advisories/ZDI-15-380/advisory.json", "detail_path": "advisories/ZDI-15-380", "id": "ZDI-15-380", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-380/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2921", "zdi_id": "ZDI-15-380" }, { "cve": "CVE-2015-2429", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-379/advisory.json", "detail_path": "advisories/ZDI-15-379", "id": "ZDI-15-379", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer Registry Link Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-379/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2758", "zdi_id": "ZDI-15-379" }, { "cve": "CVE-2015-2430", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-378/advisory.json", "detail_path": "advisories/ZDI-15-378", "id": "ZDI-15-378", "kind": "published", "published_date": "2015-08-11", "status": "published", "title": "Microsoft Internet Explorer Filesystem Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-378/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2727", "zdi_id": "ZDI-15-378" }, { "cve": "CVE-2015-1743", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape Enhanced Protected Mode on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-15-377/advisory.json", "detail_path": "advisories/ZDI-15-377", "id": "ZDI-15-377", "kind": "published", "published_date": "2015-08-10", "status": "published", "title": "Microsoft Internet Explorer add-on Installer Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-377/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2874", "zdi_id": "ZDI-15-377" }, { "cve": "CVE-2015-4934", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 819...", "detail_json": "/data/advisories/ZDI-15-376/advisory.json", "detail_path": "advisories/ZDI-15-376", "id": "ZDI-15-376", "kind": "published", "published_date": "2015-07-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-376/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2968", "zdi_id": "ZDI-15-376" }, { "cve": "CVE-2015-4931", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 411...", "detail_json": "/data/advisories/ZDI-15-375/advisory.json", "detail_path": "advisories/ZDI-15-375", "id": "ZDI-15-375", "kind": "published", "published_date": "2015-07-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-375/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2970", "zdi_id": "ZDI-15-375" }, { "cve": "CVE-2015-4933", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 136...", "detail_json": "/data/advisories/ZDI-15-374/advisory.json", "detail_path": "advisories/ZDI-15-374", "id": "ZDI-15-374", "kind": "published", "published_date": "2015-07-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-374/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2969", "zdi_id": "ZDI-15-374" }, { "cve": "CVE-2015-4932", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 136...", "detail_json": "/data/advisories/ZDI-15-373/advisory.json", "detail_path": "advisories/ZDI-15-373", "id": "ZDI-15-373", "kind": "published", "published_date": "2015-07-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-373/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2943", "zdi_id": "ZDI-15-373" }, { "cve": "CVE-2015-4935", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 475...", "detail_json": "/data/advisories/ZDI-15-372/advisory.json", "detail_path": "advisories/ZDI-15-372", "id": "ZDI-15-372", "kind": "published", "published_date": "2015-07-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-372/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2980", "zdi_id": "ZDI-15-372" }, { "cve": "CVE-2015-5107", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-371/advisory.json", "detail_path": "advisories/ZDI-15-371", "id": "ZDI-15-371", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "(Pwn2Own) Adobe Reader makeMeasurement Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-371/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3105", "zdi_id": "ZDI-15-371" }, { "cve": "CVE-2015-5106", "cvss": 6.6, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to elevate privileges on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs...", "detail_json": "/data/advisories/ZDI-15-370/advisory.json", "detail_path": "advisories/ZDI-15-370", "id": "ZDI-15-370", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "(Pwn2Own) Adobe Reader Portfolio Preview Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-370/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-3104", "zdi_id": "ZDI-15-370" }, { "cve": "CVE-2015-5109", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-369/advisory.json", "detail_path": "advisories/ZDI-15-369", "id": "ZDI-15-369", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "(Pwn2Own) Adobe Reader opendoc Broker Message Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-369/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2822", "zdi_id": "ZDI-15-369" }, { "cve": "CVE-2015-5110", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-368/advisory.json", "detail_path": "advisories/ZDI-15-368", "id": "ZDI-15-368", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "(Pwn2Own) Adobe Reader makeMeasurement Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-368/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2821", "zdi_id": "ZDI-15-368" }, { "cve": "CVE-2015-5685", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the l...", "detail_json": "/data/advisories/ZDI-15-367/advisory.json", "detail_path": "advisories/ZDI-15-367", "id": "ZDI-15-367", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-367/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2794", "zdi_id": "ZDI-15-367" }, { "cve": "CVE-2015-5685", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the l...", "detail_json": "/data/advisories/ZDI-15-366/advisory.json", "detail_path": "advisories/ZDI-15-366", "id": "ZDI-15-366", "kind": "published", "published_date": "2015-07-29", "status": "published", "title": "BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-366/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2793", "zdi_id": "ZDI-15-366" }, { "cve": "CVE-2015-3253", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Closure implementation which accepts and deser...", "detail_json": "/data/advisories/ZDI-15-365/advisory.json", "detail_path": "advisories/ZDI-15-365", "id": "ZDI-15-365", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-365/", "vendor": "Apache, Elastic", "vendor_url": null, "zdi_can": "ZDI-CAN-2947", "zdi_id": "ZDI-15-365" }, { "cve": "CVE-2015-7861", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hewlett-Packard Client Aut...", "detail_json": "/data/advisories/ZDI-15-364/advisory.json", "detail_path": "advisories/ZDI-15-364", "id": "ZDI-15-364", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) Hewlett-Packard Client Automation Agent Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-364/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-3013", "zdi_id": "ZDI-15-364" }, { "cve": "CVE-2015-7860", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hewlett-Packard Client Aut...", "detail_json": "/data/advisories/ZDI-15-363/advisory.json", "detail_path": "advisories/ZDI-15-363", "id": "ZDI-15-363", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) Hewlett-Packard Client Automation Agent Stack Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-363/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2928", "zdi_id": "ZDI-15-363" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-362/advisory.json", "detail_path": "advisories/ZDI-15-362", "id": "ZDI-15-362", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-362/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2695", "zdi_id": "ZDI-15-362" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-361/advisory.json", "detail_path": "advisories/ZDI-15-361", "id": "ZDI-15-361", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) Microsoft Internet Explorer CCurrentStyle Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-361/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2694", "zdi_id": "ZDI-15-361" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-360/advisory.json", "detail_path": "advisories/ZDI-15-360", "id": "ZDI-15-360", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-360/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2678", "zdi_id": "ZDI-15-360" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer, including on Windows Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...", "detail_json": "/data/advisories/ZDI-15-359/advisory.json", "detail_path": "advisories/ZDI-15-359", "id": "ZDI-15-359", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "(0Day) (Mobile Pwn2Own) Microsoft Internet Explorer CTableLayout::AddRow Out-Of-Bounds Memory Access Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-359/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2619", "zdi_id": "ZDI-15-359" }, { "cve": "CVE-2015-5474", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-15-358/advisory.json", "detail_path": "advisories/ZDI-15-358", "id": "ZDI-15-358", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "BitTorrent/uTorrent URI Protocol Command Line Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-358/", "vendor": "BitTorrent, BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2623", "zdi_id": "ZDI-15-358" }, { "cve": "CVE-2015-4745", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-15-357/advisory.json", "detail_path": "advisories/ZDI-15-357", "id": "ZDI-15-357", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server File Download Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-357/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2770", "zdi_id": "ZDI-15-357" }, { "cve": "CVE-2015-2603", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation and use of sessio...", "detail_json": "/data/advisories/ZDI-15-356/advisory.json", "detail_path": "advisories/ZDI-15-356", "id": "ZDI-15-356", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-356/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2771", "zdi_id": "ZDI-15-356" }, { "cve": "CVE-2015-2602", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-15-355/advisory.json", "detail_path": "advisories/ZDI-15-355", "id": "ZDI-15-355", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server UploadFileContent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-355/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2772", "zdi_id": "ZDI-15-355" }, { "cve": "CVE-2015-2604", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw...", "detail_json": "/data/advisories/ZDI-15-354/advisory.json", "detail_path": "advisories/ZDI-15-354", "id": "ZDI-15-354", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server CopyFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-354/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2773", "zdi_id": "ZDI-15-354" }, { "cve": "CVE-2015-2605", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw...", "detail_json": "/data/advisories/ZDI-15-353/advisory.json", "detail_path": "advisories/ZDI-15-353", "id": "ZDI-15-353", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server MoveFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-353/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2774", "zdi_id": "ZDI-15-353" }, { "cve": "CVE-2015-2606", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw...", "detail_json": "/data/advisories/ZDI-15-352/advisory.json", "detail_path": "advisories/ZDI-15-352", "id": "ZDI-15-352", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Oracle Endeca Information Discovery Integrator ETL Server RenameFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-352/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2775", "zdi_id": "ZDI-15-352" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWpsSt...", "detail_json": "/data/advisories/ZDI-15-351/advisory.json", "detail_path": "advisories/ZDI-15-351", "id": "ZDI-15-351", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formWpsStart pinCode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-351/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2639", "zdi_id": "ZDI-15-351" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWlanS...", "detail_json": "/data/advisories/ZDI-15-350/advisory.json", "detail_path": "advisories/ZDI-15-350", "id": "ZDI-15-350", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formWlanSetupWPS wps_enrolee_pin Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-350/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2640", "zdi_id": "ZDI-15-350" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWlanM...", "detail_json": "/data/advisories/ZDI-15-349/advisory.json", "detail_path": "advisories/ZDI-15-349", "id": "ZDI-15-349", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formWlanMP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-349/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2637", "zdi_id": "ZDI-15-349" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formBSSet...", "detail_json": "/data/advisories/ZDI-15-348/advisory.json", "detail_path": "advisories/ZDI-15-348", "id": "ZDI-15-348", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formBSSetSitesurvey Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-348/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2638", "zdi_id": "ZDI-15-348" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formHwSet...", "detail_json": "/data/advisories/ZDI-15-347/advisory.json", "detail_path": "advisories/ZDI-15-347", "id": "ZDI-15-347", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formHwSet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-347/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2636", "zdi_id": "ZDI-15-347" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formConne...", "detail_json": "/data/advisories/ZDI-15-346/advisory.json", "detail_path": "advisories/ZDI-15-346", "id": "ZDI-15-346", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formConnectionSetting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-346/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2635", "zdi_id": "ZDI-15-346" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formAccep...", "detail_json": "/data/advisories/ZDI-15-345/advisory.json", "detail_path": "advisories/ZDI-15-345", "id": "ZDI-15-345", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formAccept Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-345/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2634", "zdi_id": "ZDI-15-345" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formiNICW...", "detail_json": "/data/advisories/ZDI-15-344/advisory.json", "detail_path": "advisories/ZDI-15-344", "id": "ZDI-15-344", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formiNICWpsStart Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-344/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2633", "zdi_id": "ZDI-15-344" }, { "cve": "CVE-2015-5536", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formUSBSt...", "detail_json": "/data/advisories/ZDI-15-343/advisory.json", "detail_path": "advisories/ZDI-15-343", "id": "ZDI-15-343", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Belkin N300 Dual-Band Wi-Fi Range Extender formUSBStorage Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-343/", "vendor": "Belkin", "vendor_url": null, "zdi_can": "ZDI-CAN-2642", "zdi_id": "ZDI-15-343" }, { "cve": "CVE-2015-2402", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer running in either Protected Mode or Enhanced Protected Mode. User interaction is required to exploit this vulnerability in that the...", "detail_json": "/data/advisories/ZDI-15-342/advisory.json", "detail_path": "advisories/ZDI-15-342", "id": "ZDI-15-342", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Microsoft Internet Explorer EditWith Broker API Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-342/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2870", "zdi_id": "ZDI-15-342" }, { "cve": "CVE-2015-2383", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-341/advisory.json", "detail_path": "advisories/ZDI-15-341", "id": "ZDI-15-341", "kind": "published", "published_date": "2015-07-20", "status": "published", "title": "Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-341/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2868", "zdi_id": "ZDI-15-341" }, { "cve": "CVE-2015-0795", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetIQ Security Solutions for ISeries. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-15-340/advisory.json", "detail_path": "advisories/ZDI-15-340", "id": "ZDI-15-340", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "NetIQ Security Solutions for ISeries NetIQExecObject.NetIQExec.1 SafeShellExecute Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-340/", "vendor": "NetIQ", "vendor_url": null, "zdi_can": "ZDI-CAN-2699", "zdi_id": "ZDI-15-340" }, { "cve": "CVE-2015-2371", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code as SYSTEM on vulnerable installations of Microsoft Windows. An attacker must be logged in as a user on the system in order to execute the attack. The specific flaw exists within the behavior...", "detail_json": "/data/advisories/ZDI-15-339/advisory.json", "detail_path": "advisories/ZDI-15-339", "id": "ZDI-15-339", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "(Pwn2Own) Microsoft Windows Installer Local Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-339/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2827", "zdi_id": "ZDI-15-339" }, { "cve": "CVE-2015-1767", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-338/advisory.json", "detail_path": "advisories/ZDI-15-338", "id": "ZDI-15-338", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-338/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2913", "zdi_id": "ZDI-15-338" }, { "cve": "CVE-2015-2397", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-337/advisory.json", "detail_path": "advisories/ZDI-15-337", "id": "ZDI-15-337", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-337/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2912", "zdi_id": "ZDI-15-337" }, { "cve": "CVE-2015-1767", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-336/advisory.json", "detail_path": "advisories/ZDI-15-336", "id": "ZDI-15-336", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-336/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2903", "zdi_id": "ZDI-15-336" }, { "cve": "CVE-2015-2388", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-335/advisory.json", "detail_path": "advisories/ZDI-15-335", "id": "ZDI-15-335", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTableCell colspan Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-335/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2895", "zdi_id": "ZDI-15-335" }, { "cve": "CVE-2015-1767", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-334/advisory.json", "detail_path": "advisories/ZDI-15-334", "id": "ZDI-15-334", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-334/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2891", "zdi_id": "ZDI-15-334" }, { "cve": "CVE-2015-2406", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-333/advisory.json", "detail_path": "advisories/ZDI-15-333", "id": "ZDI-15-333", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-333/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2873", "zdi_id": "ZDI-15-333" }, { "cve": "CVE-2015-2404", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-332/advisory.json", "detail_path": "advisories/ZDI-15-332", "id": "ZDI-15-332", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer applet Element Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-332/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2869", "zdi_id": "ZDI-15-332" }, { "cve": "CVE-2015-2412", "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...", "detail_json": "/data/advisories/ZDI-15-331/advisory.json", "detail_path": "advisories/ZDI-15-331", "id": "ZDI-15-331", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-331/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2863", "zdi_id": "ZDI-15-331" }, { "cve": "CVE-2015-2397", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-330/advisory.json", "detail_path": "advisories/ZDI-15-330", "id": "ZDI-15-330", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-330/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2838", "zdi_id": "ZDI-15-330" }, { "cve": "CVE-2015-2403", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-329/advisory.json", "detail_path": "advisories/ZDI-15-329", "id": "ZDI-15-329", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer CTableLayout Out-of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-329/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2792", "zdi_id": "ZDI-15-329" }, { "cve": "CVE-2015-2375", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read freed memory on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-328/advisory.json", "detail_path": "advisories/ZDI-15-328", "id": "ZDI-15-328", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Office Excel table Tag Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-328/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2898", "zdi_id": "ZDI-15-328" }, { "cve": "CVE-2015-2377", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read freed memory on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-327/advisory.json", "detail_path": "advisories/ZDI-15-327", "id": "ZDI-15-327", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Office Excel Chart Object Use-After-Free Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-327/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2897", "zdi_id": "ZDI-15-327" }, { "cve": "CVE-2015-2376", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to corrupt heap memory on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-326/advisory.json", "detail_path": "advisories/ZDI-15-326", "id": "ZDI-15-326", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Office Excel pivotField Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-326/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2896", "zdi_id": "ZDI-15-326" }, { "cve": "CVE-2015-2368", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-325/advisory.json", "detail_path": "advisories/ZDI-15-325", "id": "ZDI-15-325", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Microsoft Internet Explorer DLL Planting Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-325/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2726", "zdi_id": "ZDI-15-325" }, { "cve": "CVE-2015-5114", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-324/advisory.json", "detail_path": "advisories/ZDI-15-324", "id": "ZDI-15-324", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Acrobat Pro Calculate field action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-324/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2728", "zdi_id": "ZDI-15-324" }, { "cve": "CVE-2015-5113", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-323/advisory.json", "detail_path": "advisories/ZDI-15-323", "id": "ZDI-15-323", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ComboBox field Format action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-323/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2757", "zdi_id": "ZDI-15-323" }, { "cve": "CVE-2015-5095", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-322/advisory.json", "detail_path": "advisories/ZDI-15-322", "id": "ZDI-15-322", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader Nested Events Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-322/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2886", "zdi_id": "ZDI-15-322" }, { "cve": "CVE-2015-5094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-321/advisory.json", "detail_path": "advisories/ZDI-15-321", "id": "ZDI-15-321", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ToolEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-321/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2887", "zdi_id": "ZDI-15-321" }, { "cve": "CVE-2015-5093", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-320/advisory.json", "detail_path": "advisories/ZDI-15-320", "id": "ZDI-15-320", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader makeMeasurement Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-320/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2843", "zdi_id": "ZDI-15-320" }, { "cve": "CVE-2015-4447", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-319/advisory.json", "detail_path": "advisories/ZDI-15-319", "id": "ZDI-15-319", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ANSendApprovalToAuthorEnabled Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-319/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2942", "zdi_id": "ZDI-15-319" }, { "cve": "CVE-2015-4441", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-318/advisory.json", "detail_path": "advisories/ZDI-15-318", "id": "ZDI-15-318", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader CBBBRInvite Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-318/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2993", "zdi_id": "ZDI-15-318" }, { "cve": "CVE-2015-4438", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-317/advisory.json", "detail_path": "advisories/ZDI-15-317", "id": "ZDI-15-317", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ANSendForReview Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-317/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2995", "zdi_id": "ZDI-15-317" }, { "cve": "CVE-2015-4435", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-316/advisory.json", "detail_path": "advisories/ZDI-15-316", "id": "ZDI-15-316", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Acrobat Reader ANStartApproval Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-316/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2994", "zdi_id": "ZDI-15-316" }, { "cve": "CVE-2015-5091", "cvss": 6.3, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to delete files on vulnerable installations of Adobe Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of junction points in AdobeARM.exe. A local attac...", "detail_json": "/data/advisories/ZDI-15-315/advisory.json", "detail_path": "advisories/ZDI-15-315", "id": "ZDI-15-315", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader AdobeARM Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-315/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2908", "zdi_id": "ZDI-15-315" }, { "cve": "CVE-2015-5090", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate privileges on vulnerable installations of Adobe Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ARMSvc service. An attacker can force the service to...", "detail_json": "/data/advisories/ZDI-15-314/advisory.json", "detail_path": "advisories/ZDI-15-314", "id": "ZDI-15-314", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ARMSvc Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-314/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2907", "zdi_id": "ZDI-15-314" }, { "cve": "CVE-2015-4445", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-313/advisory.json", "detail_path": "advisories/ZDI-15-313", "id": "ZDI-15-313", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader CBBBRInit Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-313/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2957", "zdi_id": "ZDI-15-313" }, { "cve": "CVE-2015-5115", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-312/advisory.json", "detail_path": "advisories/ZDI-15-312", "id": "ZDI-15-312", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Acrobat Pro Reports Save Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-312/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2693", "zdi_id": "ZDI-15-312" }, { "cve": "CVE-2015-5086", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-311/advisory.json", "detail_path": "advisories/ZDI-15-311", "id": "ZDI-15-311", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader JavaScript API Race Condition Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-311/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2935", "zdi_id": "ZDI-15-311" }, { "cve": "CVE-2015-5085", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-310/advisory.json", "detail_path": "advisories/ZDI-15-310", "id": "ZDI-15-310", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader Folder Level Scripts Unload Denial Of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-310/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2936", "zdi_id": "ZDI-15-310" }, { "cve": "CVE-2015-4452", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-309/advisory.json", "detail_path": "advisories/ZDI-15-309", "id": "ZDI-15-309", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader Folder Level Script Objects Overwrite Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-309/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2937", "zdi_id": "ZDI-15-309" }, { "cve": "CVE-2015-5111", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-308/advisory.json", "detail_path": "advisories/ZDI-15-308", "id": "ZDI-15-308", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader Text Field Format Action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-308/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2797", "zdi_id": "ZDI-15-308" }, { "cve": "CVE-2015-5102", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-307/advisory.json", "detail_path": "advisories/ZDI-15-307", "id": "ZDI-15-307", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader ScrollWheelEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-307/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2852", "zdi_id": "ZDI-15-307" }, { "cve": "CVE-2015-5104", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-306/advisory.json", "detail_path": "advisories/ZDI-15-306", "id": "ZDI-15-306", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader RenderEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-306/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2851", "zdi_id": "ZDI-15-306" }, { "cve": "CVE-2015-5103", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-305/advisory.json", "detail_path": "advisories/ZDI-15-305", "id": "ZDI-15-305", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader MenuEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-305/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2849", "zdi_id": "ZDI-15-305" }, { "cve": "CVE-2015-5101", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-304/advisory.json", "detail_path": "advisories/ZDI-15-304", "id": "ZDI-15-304", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader SelectionEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-304/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2850", "zdi_id": "ZDI-15-304" }, { "cve": "CVE-2015-5100", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-303/advisory.json", "detail_path": "advisories/ZDI-15-303", "id": "ZDI-15-303", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "Adobe Reader MouseEventHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-303/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2853", "zdi_id": "ZDI-15-303" }, { "cve": "CVE-2015-5108", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-15-302/advisory.json", "detail_path": "advisories/ZDI-15-302", "id": "ZDI-15-302", "kind": "published", "published_date": "2015-07-14", "status": "published", "title": "(Pwn2Own) Adobe Reader array_push_slowly Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-302/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2823", "zdi_id": "ZDI-15-302" }, { "cve": "CVE-2015-5473", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the AddDriverFileServlet servlet ex...", "detail_json": "/data/advisories/ZDI-15-301/advisory.json", "detail_path": "advisories/ZDI-15-301", "id": "ZDI-15-301", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru AddDriverFileServlet Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-301/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2586", "zdi_id": "ZDI-15-301" }, { "cve": "CVE-2015-5473", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the DriverFileUploadServlet servlet...", "detail_json": "/data/advisories/ZDI-15-300/advisory.json", "detail_path": "advisories/ZDI-15-300", "id": "ZDI-15-300", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru DriverFileUploadServlet Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-300/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2585", "zdi_id": "ZDI-15-300" }, { "cve": "CVE-2015-5473", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet ex...", "detail_json": "/data/advisories/ZDI-15-299/advisory.json", "detail_path": "advisories/ZDI-15-299", "id": "ZDI-15-299", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru FileUploadController Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-299/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2582", "zdi_id": "ZDI-15-299" }, { "cve": "CVE-2015-5473", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet ex...", "detail_json": "/data/advisories/ZDI-15-298/advisory.json", "detail_path": "advisories/ZDI-15-298", "id": "ZDI-15-298", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru FileUploadController Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-298/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2583", "zdi_id": "ZDI-15-298" }, { "cve": "CVE-2015-5473", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SyncThru. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet exposed by upl...", "detail_json": "/data/advisories/ZDI-15-297/advisory.json", "detail_path": "advisories/ZDI-15-297", "id": "ZDI-15-297", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru FileUploadController Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-297/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2584", "zdi_id": "ZDI-15-297" }, { "cve": "CVE-2015-5473", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the DriverFileUploadServlet servlet...", "detail_json": "/data/advisories/ZDI-15-296/advisory.json", "detail_path": "advisories/ZDI-15-296", "id": "ZDI-15-296", "kind": "published", "published_date": "2015-07-13", "status": "published", "title": "Samsung SyncThru UpdateDriverFileServlet Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-296/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2587", "zdi_id": "ZDI-15-296" }, { "cve": "CVE-2015-1743", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escape the Enhanced Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-295/advisory.json", "detail_path": "advisories/ZDI-15-295", "id": "ZDI-15-295", "kind": "published", "published_date": "2015-07-09", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-295/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2829", "zdi_id": "ZDI-15-295" }, { "cve": "CVE-2015-3125", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary data on vulnerable Adobe Flash installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Sound objects. A remote attacker can run a...", "detail_json": "/data/advisories/ZDI-15-294/advisory.json", "detail_path": "advisories/ZDI-15-294", "id": "ZDI-15-294", "kind": "published", "published_date": "2015-07-08", "status": "published", "title": "Adobe Flash Sound Universal Cross Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-294/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2872", "zdi_id": "ZDI-15-294" }, { "cve": "CVE-2015-3039", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-293/advisory.json", "detail_path": "advisories/ZDI-15-293", "id": "ZDI-15-293", "kind": "published", "published_date": "2015-07-08", "status": "published", "title": "Adobe Flash Player AS2 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-293/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2859", "zdi_id": "ZDI-15-293" }, { "cve": "CVE-2015-3669", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-292/advisory.json", "detail_path": "advisories/ZDI-15-292", "id": "ZDI-15-292", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime SGI Image File Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-292/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2948", "zdi_id": "ZDI-15-292" }, { "cve": "CVE-2015-3659", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-15-291/advisory.json", "detail_path": "advisories/ZDI-15-291", "id": "ZDI-15-291", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "SQLite Default Value Authorization Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-291/", "vendor": "SQLite", "vendor_url": null, "zdi_can": "ZDI-CAN-2901", "zdi_id": "ZDI-15-291" }, { "cve": "CVE-2015-3717", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-15-290/advisory.json", "detail_path": "advisories/ZDI-15-290", "id": "ZDI-15-290", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "SQLite printf Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-290/", "vendor": "SQLite", "vendor_url": null, "zdi_can": "ZDI-CAN-2889", "zdi_id": "ZDI-15-290" }, { "cve": "CVE-2015-3666", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-289/advisory.json", "detail_path": "advisories/ZDI-15-289", "id": "ZDI-15-289", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime code Atom Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-289/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2934", "zdi_id": "ZDI-15-289" }, { "cve": "CVE-2015-3711", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handl...", "detail_json": "/data/advisories/ZDI-15-288/advisory.json", "detail_path": "advisories/ZDI-15-288", "id": "ZDI-15-288", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple OS X NTFS Compression Block Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-288/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2815", "zdi_id": "ZDI-15-288" }, { "cve": "CVE-2015-3679", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-15-287/advisory.json", "detail_path": "advisories/ZDI-15-287", "id": "ZDI-15-287", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple OS X morx nSubtables Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-287/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2735", "zdi_id": "ZDI-15-287" }, { "cve": "CVE-2015-3677", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-15-286/advisory.json", "detail_path": "advisories/ZDI-15-286", "id": "ZDI-15-286", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple OS X LZVN DMG Information Disclosure Vulnerabillity", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-286/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2719", "zdi_id": "ZDI-15-286" }, { "cve": "CVE-2015-3723", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-15-285/advisory.json", "detail_path": "advisories/ZDI-15-285", "id": "ZDI-15-285", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple iOS ICC Profile curv Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-285/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2761", "zdi_id": "ZDI-15-285" }, { "cve": "CVE-2015-3680", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-15-284/advisory.json", "detail_path": "advisories/ZDI-15-284", "id": "ZDI-15-284", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple OS X DFont FOND Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-284/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2781", "zdi_id": "ZDI-15-284" }, { "cve": "CVE-2015-3690", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-15-283/advisory.json", "detail_path": "advisories/ZDI-15-283", "id": "ZDI-15-283", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple OS X GZIP DMG Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-283/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2782", "zdi_id": "ZDI-15-283" }, { "cve": "CVE-2015-3724", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-15-282/advisory.json", "detail_path": "advisories/ZDI-15-282", "id": "ZDI-15-282", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple iOS ICC Profile tag count Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-282/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2778", "zdi_id": "ZDI-15-282" }, { "cve": "CVE-2015-3727", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-15-281/advisory.json", "detail_path": "advisories/ZDI-15-281", "id": "ZDI-15-281", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-281/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-2900", "zdi_id": "ZDI-15-281" }, { "cve": "CVE-2015-3662", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-280/advisory.json", "detail_path": "advisories/ZDI-15-280", "id": "ZDI-15-280", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-280/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2723", "zdi_id": "ZDI-15-280" }, { "cve": "CVE-2015-3663", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-279/advisory.json", "detail_path": "advisories/ZDI-15-279", "id": "ZDI-15-279", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-279/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2685", "zdi_id": "ZDI-15-279" }, { "cve": "CVE-2015-3664", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-278/advisory.json", "detail_path": "advisories/ZDI-15-278", "id": "ZDI-15-278", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime alis Atom Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-278/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2700", "zdi_id": "ZDI-15-278" }, { "cve": "CVE-2015-3661", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-277/advisory.json", "detail_path": "advisories/ZDI-15-277", "id": "ZDI-15-277", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime SGI Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-277/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2589", "zdi_id": "ZDI-15-277" }, { "cve": "CVE-2015-3665", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-276/advisory.json", "detail_path": "advisories/ZDI-15-276", "id": "ZDI-15-276", "kind": "published", "published_date": "2015-07-01", "status": "published", "title": "Apple QuickTime Plugin Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-276/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2574", "zdi_id": "ZDI-15-276" }, { "cve": "CVE-2015-5371", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The i...", "detail_json": "/data/advisories/ZDI-15-275/advisory.json", "detail_path": "advisories/ZDI-15-275", "id": "ZDI-15-275", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "(0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-275/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2622", "zdi_id": "ZDI-15-275" }, { "cve": "CVE-2015-1986", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 130...", "detail_json": "/data/advisories/ZDI-15-274/advisory.json", "detail_path": "advisories/ZDI-15-274", "id": "ZDI-15-274", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-274/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2932", "zdi_id": "ZDI-15-274" }, { "cve": "CVE-2015-1953", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 133...", "detail_json": "/data/advisories/ZDI-15-273/advisory.json", "detail_path": "advisories/ZDI-15-273", "id": "ZDI-15-273", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-273/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2931", "zdi_id": "ZDI-15-273" }, { "cve": "CVE-2015-1938", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of opcode 1331. B...", "detail_json": "/data/advisories/ZDI-15-272/advisory.json", "detail_path": "advisories/ZDI-15-272", "id": "ZDI-15-272", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-272/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2766", "zdi_id": "ZDI-15-272" }, { "cve": "CVE-2015-1949", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of opcode 1330. B...", "detail_json": "/data/advisories/ZDI-15-271/advisory.json", "detail_path": "advisories/ZDI-15-271", "id": "ZDI-15-271", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1330 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-271/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2765", "zdi_id": "ZDI-15-271" }, { "cve": "CVE-2015-1948", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 136...", "detail_json": "/data/advisories/ZDI-15-270/advisory.json", "detail_path": "advisories/ZDI-15-270", "id": "ZDI-15-270", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1364 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-270/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2808", "zdi_id": "ZDI-15-270" }, { "cve": "CVE-2015-1942", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 133...", "detail_json": "/data/advisories/ZDI-15-269/advisory.json", "detail_path": "advisories/ZDI-15-269", "id": "ZDI-15-269", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1332 Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-269/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2807", "zdi_id": "ZDI-15-269" }, { "cve": "CVE-2015-1941", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of op...", "detail_json": "/data/advisories/ZDI-15-268/advisory.json", "detail_path": "advisories/ZDI-15-268", "id": "ZDI-15-268", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1329 Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-268/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2806", "zdi_id": "ZDI-15-268" }, { "cve": "CVE-2015-1924", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 1329. By s...", "detail_json": "/data/advisories/ZDI-15-267/advisory.json", "detail_path": "advisories/ZDI-15-267", "id": "ZDI-15-267", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1329 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-267/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2805", "zdi_id": "ZDI-15-267" }, { "cve": "CVE-2015-1925", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 133...", "detail_json": "/data/advisories/ZDI-15-266/advisory.json", "detail_path": "advisories/ZDI-15-266", "id": "ZDI-15-266", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1332 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-266/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2804", "zdi_id": "ZDI-15-266" }, { "cve": "CVE-2015-1930", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JOB_S_GetJobByUserFriend...", "detail_json": "/data/advisories/ZDI-15-265/advisory.json", "detail_path": "advisories/ZDI-15-265", "id": "ZDI-15-265", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server JOB_S_GetJobByUserFriendlyString Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-265/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2803", "zdi_id": "ZDI-15-265" }, { "cve": "CVE-2015-1923", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 133...", "detail_json": "/data/advisories/ZDI-15-264/advisory.json", "detail_path": "advisories/ZDI-15-264", "id": "ZDI-15-264", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1331 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-264/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2802", "zdi_id": "ZDI-15-264" }, { "cve": "CVE-2015-1929", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FXCLI_OraBR_Exec_Command...", "detail_json": "/data/advisories/ZDI-15-263/advisory.json", "detail_path": "advisories/ZDI-15-263", "id": "ZDI-15-263", "kind": "published", "published_date": "2015-06-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-263/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2801", "zdi_id": "ZDI-15-263" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default handling...", "detail_json": "/data/advisories/ZDI-15-262/advisory.json", "detail_path": "advisories/ZDI-15-262", "id": "ZDI-15-262", "kind": "published", "published_date": "2015-06-26", "status": "published", "title": "HP System Management Homepage Single Sign On Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-262/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2504", "zdi_id": "ZDI-15-262" }, { "cve": "CVE-2015-4648", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Security API. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-261/advisory.json", "detail_path": "advisories/ZDI-15-261", "id": "ZDI-15-261", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "Panasonic Security API SDK ipropsapivideo ActiveX Control MulticastAddr Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-261/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-2940", "zdi_id": "ZDI-15-261" }, { "cve": "CVE-2015-4647", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of the Panasonic Security API SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-15-260/advisory.json", "detail_path": "advisories/ZDI-15-260", "id": "ZDI-15-260", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "Panasonic Security API SDK Ipropsapi ActiveX Control FilePassword Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-260/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-2752", "zdi_id": "ZDI-15-260" }, { "cve": "CVE-2015-4647", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of the Panasonic Security API SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-15-259/advisory.json", "detail_path": "advisories/ZDI-15-259", "id": "ZDI-15-259", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "Panasonic Security API SDK Ipropsapi ActiveX Control GetInfoString Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-259/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-2753", "zdi_id": "ZDI-15-259" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-15-258/advisory.json", "detail_path": "advisories/ZDI-15-258", "id": "ZDI-15-258", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "(Pwn2Own) Apple OS X XSS Sandbox Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-258/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2837", "zdi_id": "ZDI-15-258" }, { "cve": "CVE-2015-4033", "cvss": 3.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to copy images from vulnerable installations of Samsung SBeam. User interaction is required to exploit this vulnerability in that the target must be within range of a hostile NFC transmitter. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-15-257/advisory.json", "detail_path": "advisories/ZDI-15-257", "id": "ZDI-15-257", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "(0Day) (Mobile Pwn2Own) Samsung SBeam Image Remote Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-257/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2614", "zdi_id": "ZDI-15-257" }, { "cve": "CVE-2015-4034", "cvss": 7.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Samsung Galaxy S5s. Authentication is not required to exploit this vulnerability. The specific flaw exists within the com.absolute.android.persistence.MethodSpec Class. The cre...", "detail_json": "/data/advisories/ZDI-15-256/advisory.json", "detail_path": "advisories/ZDI-15-256", "id": "ZDI-15-256", "kind": "published", "published_date": "2015-06-24", "status": "published", "title": "(0Day) (Mobile Pwn2Own) Samsung Galaxy S5 MethodSpec Deserialization of Untrusted Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-256/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2613", "zdi_id": "ZDI-15-256" }, { "cve": "CVE-2015-1622", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-255/advisory.json", "detail_path": "advisories/ZDI-15-255", "id": "ZDI-15-255", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer CListItemMarker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-255/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2767", "zdi_id": "ZDI-15-255" }, { "cve": "CVE-2015-1755", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-254/advisory.json", "detail_path": "advisories/ZDI-15-254", "id": "ZDI-15-254", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-254/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2842", "zdi_id": "ZDI-15-254" }, { "cve": "CVE-2015-1736", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-253/advisory.json", "detail_path": "advisories/ZDI-15-253", "id": "ZDI-15-253", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-253/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2813", "zdi_id": "ZDI-15-253" }, { "cve": "CVE-2015-1745", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-252/advisory.json", "detail_path": "advisories/ZDI-15-252", "id": "ZDI-15-252", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer mergeAttributes Uninitialized Data Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-252/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2828", "zdi_id": "ZDI-15-252" }, { "cve": "CVE-2015-1748", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-251/advisory.json", "detail_path": "advisories/ZDI-15-251", "id": "ZDI-15-251", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-251/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2832", "zdi_id": "ZDI-15-251" }, { "cve": "CVE-2015-1747", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-250/advisory.json", "detail_path": "advisories/ZDI-15-250", "id": "ZDI-15-250", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer DataView Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-250/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2831", "zdi_id": "ZDI-15-250" }, { "cve": "CVE-2015-1739", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to escape the Extended Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-249/advisory.json", "detail_path": "advisories/ZDI-15-249", "id": "ZDI-15-249", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer Add-On Installer EPM Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-249/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2796", "zdi_id": "ZDI-15-249" }, { "cve": null, "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-248/advisory.json", "detail_path": "advisories/ZDI-15-248", "id": "ZDI-15-248", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-248/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2787", "zdi_id": "ZDI-15-248" }, { "cve": "CVE-2015-1735", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-247/advisory.json", "detail_path": "advisories/ZDI-15-247", "id": "ZDI-15-247", "kind": "published", "published_date": "2015-06-11", "status": "published", "title": "Microsoft Internet Explorer hr Element Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-247/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2764", "zdi_id": "ZDI-15-247" }, { "cve": "CVE-2015-4060", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in W...", "detail_json": "/data/advisories/ZDI-15-246/advisory.json", "detail_path": "advisories/ZDI-15-246", "id": "ZDI-15-246", "kind": "published", "published_date": "2015-05-27", "status": "published", "title": "(0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-246/", "vendor": "Wavelink", "vendor_url": null, "zdi_can": "ZDI-CAN-2720", "zdi_id": "ZDI-15-246" }, { "cve": "CVE-2015-4059", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation License Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in License...", "detail_json": "/data/advisories/ZDI-15-245/advisory.json", "detail_path": "advisories/ZDI-15-245", "id": "ZDI-15-245", "kind": "published", "published_date": "2015-05-27", "status": "published", "title": "(0Day) Wavelink Emulation License Server LicenseServer.exe HTTP Request Headers Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-245/", "vendor": "Wavelink", "vendor_url": null, "zdi_can": "ZDI-CAN-2721", "zdi_id": "ZDI-15-245" }, { "cve": "CVE-2015-4069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getBackupPolicies method of t...", "detail_json": "/data/advisories/ZDI-15-244/advisory.json", "detail_path": "advisories/ZDI-15-244", "id": "ZDI-15-244", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Arcserve Unified Data Protection Management Service EdgeServiceImpl getBackupPolicies Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-244/", "vendor": "Arcserve", "vendor_url": null, "zdi_can": "ZDI-CAN-2866", "zdi_id": "ZDI-15-244" }, { "cve": "CVE-2015-4069", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getBackupPolicy method of the...", "detail_json": "/data/advisories/ZDI-15-243/advisory.json", "detail_path": "advisories/ZDI-15-243", "id": "ZDI-15-243", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Arcserve Unified Data Protection Management Service EdgeServiceImpl getBackupPolicy Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-243/", "vendor": "Arcserve", "vendor_url": null, "zdi_can": "ZDI-CAN-2862", "zdi_id": "ZDI-15-243" }, { "cve": "CVE-2015-4068", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exportServlet servlet. T...", "detail_json": "/data/advisories/ZDI-15-242/advisory.json", "detail_path": "advisories/ZDI-15-242", "id": "ZDI-15-242", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Arcserve Unified Data Protection Management Service exportServlet Directory Traversal Information Disclosure and Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-242/", "vendor": "Arcserve", "vendor_url": null, "zdi_can": "ZDI-CAN-2810", "zdi_id": "ZDI-15-242" }, { "cve": "CVE-2015-4068", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reportFileServlet. The i...", "detail_json": "/data/advisories/ZDI-15-241/advisory.json", "detail_path": "advisories/ZDI-15-241", "id": "ZDI-15-241", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Arcserve Unified Data Protection Management Service reportFileServlet Directory Traversal Information Disclosure and Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-241/", "vendor": "Arcserve", "vendor_url": null, "zdi_can": "ZDI-CAN-2809", "zdi_id": "ZDI-15-241" }, { "cve": "CVE-2015-4067", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libnv6 module. By manipulating a serial...", "detail_json": "/data/advisories/ZDI-15-240/advisory.json", "detail_path": "advisories/ZDI-15-240", "id": "ZDI-15-240", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-240/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-2606", "zdi_id": "ZDI-15-240" }, { "cve": "CVE-2015-2120", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not va...", "detail_json": "/data/advisories/ZDI-15-239/advisory.json", "detail_path": "advisories/ZDI-15-239", "id": "ZDI-15-239", "kind": "published", "published_date": "2015-05-26", "status": "published", "title": "Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-239/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2567", "zdi_id": "ZDI-15-239" }, { "cve": "CVE-2015-4032", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Developer tools. An attacker...", "detail_json": "/data/advisories/ZDI-15-238/advisory.json", "detail_path": "advisories/ZDI-15-238", "id": "ZDI-15-238", "kind": "published", "published_date": "2015-05-22", "status": "published", "title": "(0Day) Visual Mining NetCharts Server Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-238/", "vendor": "Visual Mining", "vendor_url": null, "zdi_can": "ZDI-CAN-2596", "zdi_id": "ZDI-15-238" }, { "cve": "CVE-2015-4031", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetChart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the development installation. The saveFil...", "detail_json": "/data/advisories/ZDI-15-237/advisory.json", "detail_path": "advisories/ZDI-15-237", "id": "ZDI-15-237", "kind": "published", "published_date": "2015-05-22", "status": "published", "title": "(0Day) Visual Mining NetCharts Server Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-237/", "vendor": "Visual Mining", "vendor_url": null, "zdi_can": "ZDI-CAN-2492", "zdi_id": "ZDI-15-237" }, { "cve": "CVE-2015-1251", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-236/advisory.json", "detail_path": "advisories/ZDI-15-236", "id": "ZDI-15-236", "kind": "published", "published_date": "2015-05-19", "status": "published", "title": "Google Chrome SpeechRecognitionClient Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-236/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2707", "zdi_id": "ZDI-15-236" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMGList method of the Co...", "detail_json": "/data/advisories/ZDI-15-235/advisory.json", "detail_path": "advisories/ZDI-15-235", "id": "ZDI-15-235", "kind": "published", "published_date": "2015-05-19", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-235/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2464", "zdi_id": "ZDI-15-235" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyncMonitors method of the...", "detail_json": "/data/advisories/ZDI-15-234/advisory.json", "detail_path": "advisories/ZDI-15-234", "id": "ZDI-15-234", "kind": "published", "published_date": "2015-05-19", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil SyncMonitors haid SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-234/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2463", "zdi_id": "ZDI-15-234" }, { "cve": "CVE-2015-4016", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute a denial of service attack on vulnerable installations of Valve Steam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Steam client detection protocol. By...", "detail_json": "/data/advisories/ZDI-15-233/advisory.json", "detail_path": "advisories/ZDI-15-233", "id": "ZDI-15-233", "kind": "published", "published_date": "2015-05-19", "status": "published", "title": "Valve Steam Client Detection Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-233/", "vendor": "Valve", "vendor_url": null, "zdi_can": "ZDI-CAN-2627", "zdi_id": "ZDI-15-233" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CustomerManagementAPI clas...", "detail_json": "/data/advisories/ZDI-15-232/advisory.json", "detail_path": "advisories/ZDI-15-232", "id": "ZDI-15-232", "kind": "published", "published_date": "2015-05-18", "status": "published", "title": "ManageEngine Applications Manager CustomerManagementAPI custId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-232/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2420", "zdi_id": "ZDI-15-232" }, { "cve": "CVE-2015-3990", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-15-231/advisory.json", "detail_path": "advisories/ZDI-15-231", "id": "ZDI-15-231", "kind": "published", "published_date": "2015-05-15", "status": "published", "title": "Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-231/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-2659", "zdi_id": "ZDI-15-231" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IT360UtilitiesServlet serv...", "detail_json": "/data/advisories/ZDI-15-230/advisory.json", "detail_path": "advisories/ZDI-15-230", "id": "ZDI-15-230", "kind": "published", "published_date": "2015-05-15", "status": "published", "title": "ManageEngine Applications Manager IT360UtilitiesServlet query SQL Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-230/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2419", "zdi_id": "ZDI-15-230" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DowntimeSchedulerServlet s...", "detail_json": "/data/advisories/ZDI-15-229/advisory.json", "detail_path": "advisories/ZDI-15-229", "id": "ZDI-15-229", "kind": "published", "published_date": "2015-05-15", "status": "published", "title": "ManageEngine Applications Manager DowntimeSchedulerServlet TASKID SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-229/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2422", "zdi_id": "ZDI-15-229" }, { "cve": "CVE-2015-1155", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-228/advisory.json", "detail_path": "advisories/ZDI-15-228", "id": "ZDI-15-228", "kind": "published", "published_date": "2015-05-15", "status": "published", "title": "Apple Safari file:// Redirection Sandbox Escape Vulnerabliity", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-228/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2783", "zdi_id": "ZDI-15-228" }, { "cve": "CVE-2015-0092", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-15-227/advisory.json", "detail_path": "advisories/ZDI-15-227", "id": "ZDI-15-227", "kind": "published", "published_date": "2015-05-15", "status": "published", "title": "Microsoft Windows Type 1 Font callother Opcode Heap Buffer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-227/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2795", "zdi_id": "ZDI-15-227" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the It360SPUtil class. The iss...", "detail_json": "/data/advisories/ZDI-15-226/advisory.json", "detail_path": "advisories/ZDI-15-226", "id": "ZDI-15-226", "kind": "published", "published_date": "2015-05-14", "status": "published", "title": "ManageEngine Applications Manager It360SPUtil resIds SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-226/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2423", "zdi_id": "ZDI-15-226" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APMAlertOperationsServlet servlet. Th...", "detail_json": "/data/advisories/ZDI-15-225/advisory.json", "detail_path": "advisories/ZDI-15-225", "id": "ZDI-15-225", "kind": "published", "published_date": "2015-05-14", "status": "published", "title": "ManageEngine OpManager APMAlertOperationsServlet source SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-225/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2461", "zdi_id": "ZDI-15-225" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AgentDetailsUtil servlet. The issue l...", "detail_json": "/data/advisories/ZDI-15-224/advisory.json", "detail_path": "advisories/ZDI-15-224", "id": "ZDI-15-224", "kind": "published", "published_date": "2015-05-14", "status": "published", "title": "ManageEngine OpManager AgentDetailsUtil agentKey SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-224/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2459", "zdi_id": "ZDI-15-224" }, { "cve": "CVE-2015-1717", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-223/advisory.json", "detail_path": "advisories/ZDI-15-223", "id": "ZDI-15-223", "kind": "published", "published_date": "2015-05-14", "status": "published", "title": "Microsoft Internet Explorer CTitleElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-223/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2812", "zdi_id": "ZDI-15-223" }, { "cve": "CVE-2015-1709", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-222/advisory.json", "detail_path": "advisories/ZDI-15-222", "id": "ZDI-15-222", "kind": "published", "published_date": "2015-05-14", "status": "published", "title": "Microsoft Internet Explorer Tree::TableGridBlock Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-222/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2855", "zdi_id": "ZDI-15-222" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NPMRequestHandler servlet. The issue...", "detail_json": "/data/advisories/ZDI-15-221/advisory.json", "detail_path": "advisories/ZDI-15-221", "id": "ZDI-15-221", "kind": "published", "published_date": "2015-05-13", "status": "published", "title": "ManageEngine OpManager NPMRequestHandler userName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-221/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2455", "zdi_id": "ZDI-15-221" }, { "cve": "CVE-2014-6037", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine EventLog Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadHandlerServlet servlet....", "detail_json": "/data/advisories/ZDI-15-220/advisory.json", "detail_path": "advisories/ZDI-15-220", "id": "ZDI-15-220", "kind": "published", "published_date": "2015-05-13", "status": "published", "title": "ManageEngine EventLog Analyzer UploadHandlerServlet File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-220/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2425", "zdi_id": "ZDI-15-220" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PatchScanServlet servlet. T...", "detail_json": "/data/advisories/ZDI-15-219/advisory.json", "detail_path": "advisories/ZDI-15-219", "id": "ZDI-15-219", "kind": "published", "published_date": "2015-05-13", "status": "published", "title": "ManageEngine Desktop Central MSP PatchScanServlet domainName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-219/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2449", "zdi_id": "ZDI-15-219" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DSStatusUpdateServlet servl...", "detail_json": "/data/advisories/ZDI-15-218/advisory.json", "detail_path": "advisories/ZDI-15-218", "id": "ZDI-15-218", "kind": "published", "published_date": "2015-05-13", "status": "published", "title": "ManageEngine Desktop Central MSP DSStatusUpdateServlet DomainName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-218/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2444", "zdi_id": "ZDI-15-218" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InventoryServlet servlet. T...", "detail_json": "/data/advisories/ZDI-15-217/advisory.json", "detail_path": "advisories/ZDI-15-217", "id": "ZDI-15-217", "kind": "published", "published_date": "2015-05-13", "status": "published", "title": "ManageEngine Desktop Central MSP InventoryServlet computer File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-217/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2446", "zdi_id": "ZDI-15-217" }, { "cve": "CVE-2015-3085", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-216/advisory.json", "detail_path": "advisories/ZDI-15-216", "id": "ZDI-15-216", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-216/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2820", "zdi_id": "ZDI-15-216" }, { "cve": "CVE-2015-3053", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-215/advisory.json", "detail_path": "advisories/ZDI-15-215", "id": "ZDI-15-215", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Pro Close page action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-215/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2724", "zdi_id": "ZDI-15-215" }, { "cve": "CVE-2015-3054", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-15-214/advisory.json", "detail_path": "advisories/ZDI-15-214", "id": "ZDI-15-214", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Pro WillSave document action Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-214/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2725", "zdi_id": "ZDI-15-214" }, { "cve": "CVE-2015-3055", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-213/advisory.json", "detail_path": "advisories/ZDI-15-213", "id": "ZDI-15-213", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader Fields Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-213/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2733", "zdi_id": "ZDI-15-213" }, { "cve": "CVE-2015-3059", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-212/advisory.json", "detail_path": "advisories/ZDI-15-212", "id": "ZDI-15-212", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader Text Annotations Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-212/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2715", "zdi_id": "ZDI-15-212" }, { "cve": "CVE-2015-3058", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak memory addresses from Spell.api on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-211/advisory.json", "detail_path": "advisories/ZDI-15-211", "id": "ZDI-15-211", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Pro Spell customDictionaryExport Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-211/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2706", "zdi_id": "ZDI-15-211" }, { "cve": "CVE-2015-3057", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-210/advisory.json", "detail_path": "advisories/ZDI-15-210", "id": "ZDI-15-210", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-210/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2713", "zdi_id": "ZDI-15-210" }, { "cve": "CVE-2015-3056", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-209/advisory.json", "detail_path": "advisories/ZDI-15-209", "id": "ZDI-15-209", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader Line Annotations Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-209/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2714", "zdi_id": "ZDI-15-209" }, { "cve": "CVE-2015-3060", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-208/advisory.json", "detail_path": "advisories/ZDI-15-208", "id": "ZDI-15-208", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader indexOfNextEssential Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-208/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2702", "zdi_id": "ZDI-15-208" }, { "cve": "CVE-2015-3062", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-207/advisory.json", "detail_path": "advisories/ZDI-15-207", "id": "ZDI-15-207", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader AFExactMatch Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-207/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2703", "zdi_id": "ZDI-15-207" }, { "cve": "CVE-2015-3061", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-206/advisory.json", "detail_path": "advisories/ZDI-15-206", "id": "ZDI-15-206", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader ANMatchString Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-206/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2704", "zdi_id": "ZDI-15-206" }, { "cve": "CVE-2015-3069", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-205/advisory.json", "detail_path": "advisories/ZDI-15-205", "id": "ZDI-15-205", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader AFSimple_Calculate Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-205/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2696", "zdi_id": "ZDI-15-205" }, { "cve": "CVE-2015-3064", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-204/advisory.json", "detail_path": "advisories/ZDI-15-204", "id": "ZDI-15-204", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader DynamicAnnotStore compete Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-204/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2698", "zdi_id": "ZDI-15-204" }, { "cve": "CVE-2015-3063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-203/advisory.json", "detail_path": "advisories/ZDI-15-203", "id": "ZDI-15-203", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader app.Monitors().select nonDocument Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-203/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2697", "zdi_id": "ZDI-15-203" }, { "cve": "CVE-2015-3068", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-202/advisory.json", "detail_path": "advisories/ZDI-15-202", "id": "ZDI-15-202", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader app.Monitors select Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-202/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2692", "zdi_id": "ZDI-15-202" }, { "cve": "CVE-2015-3067", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-201/advisory.json", "detail_path": "advisories/ZDI-15-201", "id": "ZDI-15-201", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader DynamicAnnotStore enumerate Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-201/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2691", "zdi_id": "ZDI-15-201" }, { "cve": "CVE-2015-3066", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-200/advisory.json", "detail_path": "advisories/ZDI-15-200", "id": "ZDI-15-200", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader SharedReviewDocCenterInitiator onError Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-200/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2690", "zdi_id": "ZDI-15-200" }, { "cve": "CVE-2015-3065", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-199/advisory.json", "detail_path": "advisories/ZDI-15-199", "id": "ZDI-15-199", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader Matrix2D transform Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-199/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2689", "zdi_id": "ZDI-15-199" }, { "cve": "CVE-2015-3074", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-198/advisory.json", "detail_path": "advisories/ZDI-15-198", "id": "ZDI-15-198", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader ScriptBridgeUtils Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-198/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2668", "zdi_id": "ZDI-15-198" }, { "cve": "CVE-2015-3073", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-197/advisory.json", "detail_path": "advisories/ZDI-15-197", "id": "ZDI-15-197", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-197/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2665", "zdi_id": "ZDI-15-197" }, { "cve": "CVE-2015-3072", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-196/advisory.json", "detail_path": "advisories/ZDI-15-196", "id": "ZDI-15-196", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader ADBCAnnotEnumerator Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-196/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2664", "zdi_id": "ZDI-15-196" }, { "cve": "CVE-2015-3071", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-195/advisory.json", "detail_path": "advisories/ZDI-15-195", "id": "ZDI-15-195", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Adobe Acrobat Reader WDAnnotEnumerator Javascript API Restrictions Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-195/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2663", "zdi_id": "ZDI-15-195" }, { "cve": "CVE-2015-1903", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatch...", "detail_json": "/data/advisories/ZDI-15-194/advisory.json", "detail_path": "advisories/ZDI-15-194", "id": "ZDI-15-194", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "IBM Lotus Domino BMP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-194/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2716", "zdi_id": "ZDI-15-194" }, { "cve": "CVE-2015-1902", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatch...", "detail_json": "/data/advisories/ZDI-15-193/advisory.json", "detail_path": "advisories/ZDI-15-193", "id": "ZDI-15-193", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "IBM Lotus Domino BMP Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-193/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2717", "zdi_id": "ZDI-15-193" }, { "cve": "CVE-2015-2121", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard Network Virtualization. Authentication is not required to exploit this vulnerability. The specific flaw exists because neither the HttpServlet no...", "detail_json": "/data/advisories/ZDI-15-192/advisory.json", "detail_path": "advisories/ZDI-15-192", "id": "ZDI-15-192", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Hewlett-Packard Network Virtualization Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-192/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2569", "zdi_id": "ZDI-15-192" }, { "cve": "CVE-2015-1681", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to cause a denial of service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit open a malicious directory or device. The s...", "detail_json": "/data/advisories/ZDI-15-191/advisory.json", "detail_path": "advisories/ZDI-15-191", "id": "ZDI-15-191", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows .MSC Stack Buffer Overflow Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-191/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2759", "zdi_id": "ZDI-15-191" }, { "cve": "CVE-2015-1676", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-190/advisory.json", "detail_path": "advisories/ZDI-15-190", "id": "ZDI-15-190", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows NtUserGetTitleBarInfo Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-190/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2845", "zdi_id": "ZDI-15-190" }, { "cve": "CVE-2015-1674", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-15-189/advisory.json", "detail_path": "advisories/ZDI-15-189", "id": "ZDI-15-189", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "(Pwn2Own) Microsoft Windows CNG Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-189/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2834", "zdi_id": "ZDI-15-189" }, { "cve": "CVE-2015-1680", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-188/advisory.json", "detail_path": "advisories/ZDI-15-188", "id": "ZDI-15-188", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows NtUserRealInternalGetMessage Stack Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-188/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2751", "zdi_id": "ZDI-15-188" }, { "cve": "CVE-2015-1679", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-187/advisory.json", "detail_path": "advisories/ZDI-15-187", "id": "ZDI-15-187", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows NtUserGetMessage Stack Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-187/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2750", "zdi_id": "ZDI-15-187" }, { "cve": "CVE-2015-1678", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-186/advisory.json", "detail_path": "advisories/ZDI-15-186", "id": "ZDI-15-186", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows NtUserGetComboBoxInfo Stack Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-186/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2594", "zdi_id": "ZDI-15-186" }, { "cve": "CVE-2015-1677", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-185/advisory.json", "detail_path": "advisories/ZDI-15-185", "id": "ZDI-15-185", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows NtUserGetScrollBarInfo Stack Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2591", "zdi_id": "ZDI-15-185" }, { "cve": "CVE-2015-1706", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-184/advisory.json", "detail_path": "advisories/ZDI-15-184", "id": "ZDI-15-184", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Internet Explorer CElement::DelMarkupPtr Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2780", "zdi_id": "ZDI-15-184" }, { "cve": "CVE-2015-1684", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vuln...", "detail_json": "/data/advisories/ZDI-15-183/advisory.json", "detail_path": "advisories/ZDI-15-183", "id": "ZDI-15-183", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Windows VBScript Regular Expression Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2791", "zdi_id": "ZDI-15-183" }, { "cve": "CVE-2015-1682", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-182/advisory.json", "detail_path": "advisories/ZDI-15-182", "id": "ZDI-15-182", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Word ptCount Element Uninitialized Memory Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2789", "zdi_id": "ZDI-15-182" }, { "cve": "CVE-2015-1714", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-181/advisory.json", "detail_path": "advisories/ZDI-15-181", "id": "ZDI-15-181", "kind": "published", "published_date": "2015-05-12", "status": "published", "title": "Microsoft Internet Explorer CTitleElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2790", "zdi_id": "ZDI-15-181" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet servlet....", "detail_json": "/data/advisories/ZDI-15-180/advisory.json", "detail_path": "advisories/ZDI-15-180", "id": "ZDI-15-180", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "ManageEngine Desktop Central MSP FileUploadServlet computerName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-180/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2441", "zdi_id": "ZDI-15-180" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateProbeUpgradeStatus servlet. The...", "detail_json": "/data/advisories/ZDI-15-179/advisory.json", "detail_path": "advisories/ZDI-15-179", "id": "ZDI-15-179", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "ManageEngine OpManager UpdateProbeUpgradeStatus probeName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-179/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2460", "zdi_id": "ZDI-15-179" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the enableDisableAlarmsAction...", "detail_json": "/data/advisories/ZDI-15-178/advisory.json", "detail_path": "advisories/ZDI-15-178", "id": "ZDI-15-178", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil enableDisableAlarmsAction resourceid SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-178/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2468", "zdi_id": "ZDI-15-178" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the moveSubGroup method of the...", "detail_json": "/data/advisories/ZDI-15-177/advisory.json", "detail_path": "advisories/ZDI-15-177", "id": "ZDI-15-177", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid/tohaid SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-177/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2467", "zdi_id": "ZDI-15-177" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the removeMonitorFrmMG method...", "detail_json": "/data/advisories/ZDI-15-176/advisory.json", "detail_path": "advisories/ZDI-15-176", "id": "ZDI-15-176", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil removeMonitorFrmMG haid SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-176/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2466", "zdi_id": "ZDI-15-176" }, { "cve": "CVE-2015-0538", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens...", "detail_json": "/data/advisories/ZDI-15-175/advisory.json", "detail_path": "advisories/ZDI-15-175", "id": "ZDI-15-175", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "EMC AutoStart ftAgent Multiple Opcode SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-175/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2854", "zdi_id": "ZDI-15-175" }, { "cve": "CVE-2015-0538", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens...", "detail_json": "/data/advisories/ZDI-15-174/advisory.json", "detail_path": "advisories/ZDI-15-174", "id": "ZDI-15-174", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "EMC AutoStart ftAgent Opcode 85 Subcode 33 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-174/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2800", "zdi_id": "ZDI-15-174" }, { "cve": "CVE-2015-0538", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens...", "detail_json": "/data/advisories/ZDI-15-173/advisory.json", "detail_path": "advisories/ZDI-15-173", "id": "ZDI-15-173", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "EMC AutoStart ftAgent Opcode 83 Subcode 22 SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-173/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2799", "zdi_id": "ZDI-15-173" }, { "cve": "CVE-2015-0538", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens...", "detail_json": "/data/advisories/ZDI-15-172/advisory.json", "detail_path": "advisories/ZDI-15-172", "id": "ZDI-15-172", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "EMC AutoStart ftAgent Opcode 20 Subcode 2219 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-172/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2858", "zdi_id": "ZDI-15-172" }, { "cve": "CVE-2015-0538", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens...", "detail_json": "/data/advisories/ZDI-15-171/advisory.json", "detail_path": "advisories/ZDI-15-171", "id": "ZDI-15-171", "kind": "published", "published_date": "2015-05-07", "status": "published", "title": "EMC AutoStart ftAgent Opcode 20 Subcode 2060 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-171/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2861", "zdi_id": "ZDI-15-171" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBUtil class. The issue li...", "detail_json": "/data/advisories/ZDI-15-170/advisory.json", "detail_path": "advisories/ZDI-15-170", "id": "ZDI-15-170", "kind": "published", "published_date": "2015-05-06", "status": "published", "title": "ManageEngine Applications Manager DBUtil port SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-170/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2470", "zdi_id": "ZDI-15-170" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMGDetails method of the...", "detail_json": "/data/advisories/ZDI-15-169/advisory.json", "detail_path": "advisories/ZDI-15-169", "id": "ZDI-15-169", "kind": "published", "published_date": "2015-05-06", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil getMGDetails groupId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-169/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2465", "zdi_id": "ZDI-15-169" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MaintenanceTaskAPIUtil cla...", "detail_json": "/data/advisories/ZDI-15-168/advisory.json", "detail_path": "advisories/ZDI-15-168", "id": "ZDI-15-168", "kind": "published", "published_date": "2015-05-06", "status": "published", "title": "ManageEngine Applications Manager MaintenanceTaskAPIUtil resourceid SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-168/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2469", "zdi_id": "ZDI-15-168" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IOSCheckInServlet servlet....", "detail_json": "/data/advisories/ZDI-15-167/advisory.json", "detail_path": "advisories/ZDI-15-167", "id": "ZDI-15-167", "kind": "published", "published_date": "2015-05-06", "status": "published", "title": "ManageEngine Desktop Central MSP IOSCheckInServlet UDID Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-167/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2471", "zdi_id": "ZDI-15-167" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getAdminMG method of the C...", "detail_json": "/data/advisories/ZDI-15-166/advisory.json", "detail_path": "advisories/ZDI-15-166", "id": "ZDI-15-166", "kind": "published", "published_date": "2015-05-06", "status": "published", "title": "ManageEngine Applications Manager CommonAPIUtil getAdminMG resId SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-166/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2472", "zdi_id": "ZDI-15-166" }, { "cve": "CVE-2015-1140", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-15-165/advisory.json", "detail_path": "advisories/ZDI-15-165", "id": "ZDI-15-165", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "Apple OS X IOHIDSecurePromptClient Untrusted Pointer Dereference Arbitrary Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-165/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2814", "zdi_id": "ZDI-15-165" }, { "cve": null, "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the multipartRequest servle...", "detail_json": "/data/advisories/ZDI-15-164/advisory.json", "detail_path": "advisories/ZDI-15-164", "id": "ZDI-15-164", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "ManageEngine OpManager MultipartRequestServlet fileName Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-164/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2440", "zdi_id": "ZDI-15-164" }, { "cve": "CVE-2014-5006", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MDMLogUploaderServlet servl...", "detail_json": "/data/advisories/ZDI-15-163/advisory.json", "detail_path": "advisories/ZDI-15-163", "id": "ZDI-15-163", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "ManageEngine Desktop Central MSP MDMLogUploaderServlet filename File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-163/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2442", "zdi_id": "ZDI-15-163" }, { "cve": "CVE-2014-7863", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the FailOverHelperServ...", "detail_json": "/data/advisories/ZDI-15-162/advisory.json", "detail_path": "advisories/ZDI-15-162", "id": "ZDI-15-162", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "ManageEngine Applications Manager FailOverHelperServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-162/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2427", "zdi_id": "ZDI-15-162" }, { "cve": "CVE-2015-3446", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlienVault framework...", "detail_json": "/data/advisories/ZDI-15-161/advisory.json", "detail_path": "advisories/ZDI-15-161", "id": "ZDI-15-161", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "AlienVault Unified Security Management Plugin Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-161/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2630", "zdi_id": "ZDI-15-161" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to transmit unencrypted traffic on the Amazon App Store. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. All the HTML content within...", "detail_json": "/data/advisories/ZDI-15-160/advisory.json", "detail_path": "advisories/ZDI-15-160", "id": "ZDI-15-160", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "(Mobile Pwn2Own) Amazon App Store HTTPS Downgrade Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-160/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-2618", "zdi_id": "ZDI-15-160" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-15-159/advisory.json", "detail_path": "advisories/ZDI-15-159", "id": "ZDI-15-159", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "(Mobile Pwn2Own) Amazon App Store JavaScript Bridge Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-159/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-2632", "zdi_id": "ZDI-15-159" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject scripts on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the search s...", "detail_json": "/data/advisories/ZDI-15-158/advisory.json", "detail_path": "advisories/ZDI-15-158", "id": "ZDI-15-158", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "(Mobile Pwn2Own) Amazon App Store Search String Cross-Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-158/", "vendor": "Amazon", "vendor_url": null, "zdi_can": "ZDI-CAN-2617", "zdi_id": "ZDI-15-158" }, { "cve": "CVE-2015-3435", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of...", "detail_json": "/data/advisories/ZDI-15-157/advisory.json", "detail_path": "advisories/ZDI-15-157", "id": "ZDI-15-157", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-157/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2338", "zdi_id": "ZDI-15-157" }, { "cve": "CVE-2015-3435", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of...", "detail_json": "/data/advisories/ZDI-15-156/advisory.json", "detail_path": "advisories/ZDI-15-156", "id": "ZDI-15-156", "kind": "published", "published_date": "2015-04-29", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-156/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2337", "zdi_id": "ZDI-15-156" }, { "cve": "CVE-2014-8361", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the...", "detail_json": "/data/advisories/ZDI-15-155/advisory.json", "detail_path": "advisories/ZDI-15-155", "id": "ZDI-15-155", "kind": "published", "published_date": "2015-04-24", "status": "published", "title": "(0Day) Realtek SDK miniigd AddPortMapping SOAP Action Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-155/", "vendor": "Realtek", "vendor_url": null, "zdi_can": "ZDI-CAN-2435", "zdi_id": "ZDI-15-155" }, { "cve": "CVE-2015-2117", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP TippingPoint SMS and vSMS. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component...", "detail_json": "/data/advisories/ZDI-15-154/advisory.json", "detail_path": "advisories/ZDI-15-154", "id": "ZDI-15-154", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "HP TippingPoint SMS and vSMS JBoss RMI Remote Code Execution Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-154/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2679", "zdi_id": "ZDI-15-154" }, { "cve": "CVE-2015-0786", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within ZENworks Preboot Policy Service, which listens o...", "detail_json": "/data/advisories/ZDI-15-153/advisory.json", "detail_path": "advisories/ZDI-15-153", "id": "ZDI-15-153", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-153/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2491", "zdi_id": "ZDI-15-153" }, { "cve": "CVE-2015-0785", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within com.novell.zenworks.inventory.rtr.actionclasses...", "detail_json": "/data/advisories/ZDI-15-152/advisory.json", "detail_path": "advisories/ZDI-15-152", "id": "ZDI-15-152", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks com.novell.zenworks.inventory.rtr.actionclasses.wcreports Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-152/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2578", "zdi_id": "ZDI-15-152" }, { "cve": "CVE-2015-0781", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the doPost method of the Rtrlet clas...", "detail_json": "/data/advisories/ZDI-15-151/advisory.json", "detail_path": "advisories/ZDI-15-151", "id": "ZDI-15-151", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks Rtrlet doPost Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-151/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2600", "zdi_id": "ZDI-15-151" }, { "cve": "CVE-2015-0783", "cvss": 3.5, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within the FileViewer class. The issue lies in the fai...", "detail_json": "/data/advisories/ZDI-15-150/advisory.json", "detail_path": "advisories/ZDI-15-150", "id": "ZDI-15-150", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks FileViewer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-150/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2577", "zdi_id": "ZDI-15-150" }, { "cve": "CVE-2015-0784", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to disclose Session ID's of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within Rtrlet.class. By sending a POST req...", "detail_json": "/data/advisories/ZDI-15-149/advisory.json", "detail_path": "advisories/ZDI-15-149", "id": "ZDI-15-149", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-149/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2579", "zdi_id": "ZDI-15-149" }, { "cve": "CVE-2015-0782", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScheduleQuery method of the schedule class....", "detail_json": "/data/advisories/ZDI-15-148/advisory.json", "detail_path": "advisories/ZDI-15-148", "id": "ZDI-15-148", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-148/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2576", "zdi_id": "ZDI-15-148" }, { "cve": "CVE-2015-0780", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResu...", "detail_json": "/data/advisories/ZDI-15-147/advisory.json", "detail_path": "advisories/ZDI-15-147", "id": "ZDI-15-147", "kind": "published", "published_date": "2015-04-22", "status": "published", "title": "Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-147/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2575", "zdi_id": "ZDI-15-147" }, { "cve": "CVE-2015-0495", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a we...", "detail_json": "/data/advisories/ZDI-15-146/advisory.json", "detail_path": "advisories/ZDI-15-146", "id": "ZDI-15-146", "kind": "published", "published_date": "2015-04-16", "status": "published", "title": "Oracle Endeca Tools and Frameworks Script.action Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-146/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2660", "zdi_id": "ZDI-15-146" }, { "cve": "CVE-2014-7866", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MigrateLEEData servlet. The issue lie...", "detail_json": "/data/advisories/ZDI-15-145/advisory.json", "detail_path": "advisories/ZDI-15-145", "id": "ZDI-15-145", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager MigrateLEEData fileName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-145/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2450", "zdi_id": "ZDI-15-145" }, { "cve": "CVE-2014-7866", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MigrateCentralData servlet. The issue...", "detail_json": "/data/advisories/ZDI-15-144/advisory.json", "detail_path": "advisories/ZDI-15-144", "id": "ZDI-15-144", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager MigrateCentralData zipFileName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-144/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2451", "zdi_id": "ZDI-15-144" }, { "cve": "CVE-2014-6034", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileCollector servlet. The issue lies...", "detail_json": "/data/advisories/ZDI-15-143/advisory.json", "detail_path": "advisories/ZDI-15-143", "id": "ZDI-15-143", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager FileCollector FILENAME File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-143/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2452", "zdi_id": "ZDI-15-143" }, { "cve": "CVE-2014-6035", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AgentDataHandler class. The issue lie...", "detail_json": "/data/advisories/ZDI-15-142/advisory.json", "detail_path": "advisories/ZDI-15-142", "id": "ZDI-15-142", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-142/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2454", "zdi_id": "ZDI-15-142" }, { "cve": "CVE-2014-7868", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DataComparisonServlet servlet. The is...", "detail_json": "/data/advisories/ZDI-15-141/advisory.json", "detail_path": "advisories/ZDI-15-141", "id": "ZDI-15-141", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager DataComparisionServlet query SQL Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-141/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2456", "zdi_id": "ZDI-15-141" }, { "cve": "CVE-2014-7868", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APMIntegBusinessViewHandler servlet....", "detail_json": "/data/advisories/ZDI-15-140/advisory.json", "detail_path": "advisories/ZDI-15-140", "id": "ZDI-15-140", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager APMIntegBusinessViewHandler allDevicesRemoved SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-140/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2457", "zdi_id": "ZDI-15-140" }, { "cve": "CVE-2014-7868", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APMIntegBusinessViewHandler servlet....", "detail_json": "/data/advisories/ZDI-15-139/advisory.json", "detail_path": "advisories/ZDI-15-139", "id": "ZDI-15-139", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine OpManager APMIntegBusinessViewHandler Delete SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-139/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2458", "zdi_id": "ZDI-15-139" }, { "cve": "CVE-2014-5445", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of input to the CReportPDFSer...", "detail_json": "/data/advisories/ZDI-15-138/advisory.json", "detail_path": "advisories/ZDI-15-138", "id": "ZDI-15-138", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-138/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2429", "zdi_id": "ZDI-15-138" }, { "cve": "CVE-2015-1234", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-137/advisory.json", "detail_path": "advisories/ZDI-15-137", "id": "ZDI-15-137", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "(Pwn2Own) Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-137/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2833", "zdi_id": "ZDI-15-137" }, { "cve": "CVE-2015-1659", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-136/advisory.json", "detail_path": "advisories/ZDI-15-136", "id": "ZDI-15-136", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer Layout::FlowBoxBuilder Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-136/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2669", "zdi_id": "ZDI-15-136" }, { "cve": "CVE-2015-0135", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatch...", "detail_json": "/data/advisories/ZDI-15-135/advisory.json", "detail_path": "advisories/ZDI-15-135", "id": "ZDI-15-135", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "IBM Lotus Domino GIF Integer Truncation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-135/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2718", "zdi_id": "ZDI-15-135" }, { "cve": "CVE-2015-0349", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-134/advisory.json", "detail_path": "advisories/ZDI-15-134", "id": "ZDI-15-134", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "(Pwn2Own) Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-134/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2819", "zdi_id": "ZDI-15-134" }, { "cve": "CVE-2015-0347", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-133/advisory.json", "detail_path": "advisories/ZDI-15-133", "id": "ZDI-15-133", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Adobe Flash Player AVSource Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-133/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2680", "zdi_id": "ZDI-15-133" }, { "cve": "CVE-2015-1650", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-132/advisory.json", "detail_path": "advisories/ZDI-15-132", "id": "ZDI-15-132", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Word Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-132/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2686", "zdi_id": "ZDI-15-132" }, { "cve": "CVE-2015-1652", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-131/advisory.json", "detail_path": "advisories/ZDI-15-131", "id": "ZDI-15-131", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CDocument Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-131/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2701", "zdi_id": "ZDI-15-131" }, { "cve": "CVE-2015-1667", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-130/advisory.json", "detail_path": "advisories/ZDI-15-130", "id": "ZDI-15-130", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CQuotes Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-130/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2687", "zdi_id": "ZDI-15-130" }, { "cve": "CVE-2015-1666", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-129/advisory.json", "detail_path": "advisories/ZDI-15-129", "id": "ZDI-15-129", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CMetaElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-129/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2683", "zdi_id": "ZDI-15-129" }, { "cve": "CVE-2015-1665", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-128/advisory.json", "detail_path": "advisories/ZDI-15-128", "id": "ZDI-15-128", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer Tree::TextData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-128/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2670", "zdi_id": "ZDI-15-128" }, { "cve": "CVE-2015-1661", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-127/advisory.json", "detail_path": "advisories/ZDI-15-127", "id": "ZDI-15-127", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CAutoRange::GetRangeTopLeft Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-127/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2677", "zdi_id": "ZDI-15-127" }, { "cve": "CVE-2015-1660", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-126/advisory.json", "detail_path": "advisories/ZDI-15-126", "id": "ZDI-15-126", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CBodyElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-126/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2675", "zdi_id": "ZDI-15-126" }, { "cve": "CVE-2015-1668", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-125/advisory.json", "detail_path": "advisories/ZDI-15-125", "id": "ZDI-15-125", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-125/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2672", "zdi_id": "ZDI-15-125" }, { "cve": "CVE-2015-1668", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-124/advisory.json", "detail_path": "advisories/ZDI-15-124", "id": "ZDI-15-124", "kind": "published", "published_date": "2015-04-15", "status": "published", "title": "Microsoft Internet Explorer CSVGMarkerElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-124/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2671", "zdi_id": "ZDI-15-124" }, { "cve": "CVE-2015-1069", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-123/advisory.json", "detail_path": "advisories/ZDI-15-123", "id": "ZDI-15-123", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "(Pwn2Own) Apple Safari Uninitialized Buffer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-123/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2836", "zdi_id": "ZDI-15-123" }, { "cve": "CVE-2015-1101", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-15-122/advisory.json", "detail_path": "advisories/ZDI-15-122", "id": "ZDI-15-122", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-122/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2682", "zdi_id": "ZDI-15-122" }, { "cve": "CVE-2015-1140", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-15-121/advisory.json", "detail_path": "advisories/ZDI-15-121", "id": "ZDI-15-121", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "Apple OS X IOKit IOHIDSecurePromptClient Heap Buffer Overflow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-121/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2676", "zdi_id": "ZDI-15-121" }, { "cve": "CVE-2015-1000", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-120/advisory.json", "detail_path": "advisories/ZDI-15-120", "id": "ZDI-15-120", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "Moxa SoftCMS SStreamVideo Activex Control OpenForIPCamTest Method Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-120/", "vendor": "Moxa", "vendor_url": null, "zdi_can": "ZDI-CAN-2519", "zdi_id": "ZDI-15-120" }, { "cve": "CVE-2015-0120", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CRYPTO_S_EncryptBufferToBuffer...", "detail_json": "/data/advisories/ZDI-15-119/advisory.json", "detail_path": "advisories/ZDI-15-119", "id": "ZDI-15-119", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "IBM Tivoli Storage Manager FastBack CRYPTO_S_EncryptBufferToBuffer Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-119/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2656", "zdi_id": "ZDI-15-119" }, { "cve": "CVE-2015-0119", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which lis...", "detail_json": "/data/advisories/ZDI-15-118/advisory.json", "detail_path": "advisories/ZDI-15-118", "id": "ZDI-15-118", "kind": "published", "published_date": "2015-04-08", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-118/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2667", "zdi_id": "ZDI-15-118" }, { "cve": "CVE-2015-0117", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within LDAP handling functionality which listens by default...", "detail_json": "/data/advisories/ZDI-15-117/advisory.json", "detail_path": "advisories/ZDI-15-117", "id": "ZDI-15-117", "kind": "published", "published_date": "2015-04-06", "status": "published", "title": "IBM Lotus Domino LDAP ModifyRequest add Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-117/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2666", "zdi_id": "ZDI-15-117" }, { "cve": "CVE-2015-0134", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nldap.exe component which listens by default on TCP...", "detail_json": "/data/advisories/ZDI-15-116/advisory.json", "detail_path": "advisories/ZDI-15-116", "id": "ZDI-15-116", "kind": "published", "published_date": "2015-04-06", "status": "published", "title": "IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-116/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2684", "zdi_id": "ZDI-15-116" }, { "cve": "CVE-2015-2846", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulner...", "detail_json": "/data/advisories/ZDI-15-115/advisory.json", "detail_path": "advisories/ZDI-15-115", "id": "ZDI-15-115", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-115/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2624", "zdi_id": "ZDI-15-115" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AndroidCheckInServlet servl...", "detail_json": "/data/advisories/ZDI-15-114/advisory.json", "detail_path": "advisories/ZDI-15-114", "id": "ZDI-15-114", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "ManageEngine Desktop Central MSP AndroidCheckInServlet UDID Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-114/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2448", "zdi_id": "ZDI-15-114" }, { "cve": "CVE-2014-6036", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MultipartRequestServlet servlet. The...", "detail_json": "/data/advisories/ZDI-15-113/advisory.json", "detail_path": "advisories/ZDI-15-113", "id": "ZDI-15-113", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-113/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2439", "zdi_id": "ZDI-15-113" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InventorySWMeteringServlet...", "detail_json": "/data/advisories/ZDI-15-112/advisory.json", "detail_path": "advisories/ZDI-15-112", "id": "ZDI-15-112", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "ManageEngine Desktop Central MSP InventorySWMeteringServlet domain File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-112/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2447", "zdi_id": "ZDI-15-112" }, { "cve": "CVE-2015-0666", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files, and bypass authentication, on a system with vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-15-111/advisory.json", "detail_path": "advisories/ZDI-15-111", "id": "ZDI-15-111", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "Cisco Data Center Network Manager FileServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-111/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-2573", "zdi_id": "ZDI-15-111" }, { "cve": "CVE-2015-0816", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-110/advisory.json", "detail_path": "advisories/ZDI-15-110", "id": "ZDI-15-110", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "(Pwn2Own) Mozilla Firefox resource: URL Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-110/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2826", "zdi_id": "ZDI-15-110" }, { "cve": "CVE-2015-0817", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-15-109/advisory.json", "detail_path": "advisories/ZDI-15-109", "id": "ZDI-15-109", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-109/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2830", "zdi_id": "ZDI-15-109" }, { "cve": "CVE-2015-0818", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-108/advisory.json", "detail_path": "advisories/ZDI-15-108", "id": "ZDI-15-108", "kind": "published", "published_date": "2015-04-03", "status": "published", "title": "(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-108/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2825", "zdi_id": "ZDI-15-108" }, { "cve": "CVE-2015-2284", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of client sess...", "detail_json": "/data/advisories/ZDI-15-107/advisory.json", "detail_path": "advisories/ZDI-15-107", "id": "ZDI-15-107", "kind": "published", "published_date": "2015-03-13", "status": "published", "title": "SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-107/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1999", "zdi_id": "ZDI-15-107" }, { "cve": "CVE-2015-0443", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-106/advisory.json", "detail_path": "advisories/ZDI-15-106", "id": "ZDI-15-106", "kind": "published", "published_date": "2015-03-13", "status": "published", "title": "(0Day) Oracle Data Quality LoaderWizard Module Unloading Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-106/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2502", "zdi_id": "ZDI-15-106" }, { "cve": "CVE-2015-0444", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-105/advisory.json", "detail_path": "advisories/ZDI-15-105", "id": "ZDI-15-105", "kind": "published", "published_date": "2015-03-13", "status": "published", "title": "(0Day) Oracle Data Quality LoaderWizard SetEntities Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-105/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2501", "zdi_id": "ZDI-15-105" }, { "cve": "CVE-2015-0445", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-104/advisory.json", "detail_path": "advisories/ZDI-15-104", "id": "ZDI-15-104", "kind": "published", "published_date": "2015-03-13", "status": "published", "title": "(0Day) Oracle Data Quality DscXB onloadstatechange Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-104/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2500", "zdi_id": "ZDI-15-104" }, { "cve": "CVE-2015-0446", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-15-103/advisory.json", "detail_path": "advisories/ZDI-15-103", "id": "ZDI-15-103", "kind": "published", "published_date": "2015-03-13", "status": "published", "title": "(0Day) Oracle Data Quality LoaderWizard DataPreview Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-103/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2499", "zdi_id": "ZDI-15-103" }, { "cve": "CVE-2015-0043", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-102/advisory.json", "detail_path": "advisories/ZDI-15-102", "id": "ZDI-15-102", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Microsoft Internet Explorer SVG marker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-102/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2736", "zdi_id": "ZDI-15-102" }, { "cve": "CVE-2014-7889", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS USB Line Display OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-15-101/advisory.json", "detail_path": "advisories/ZDI-15-101", "id": "ZDI-15-101", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS USB Line Display OPOS Drivers OPOSLineDisplay.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-101/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2511", "zdi_id": "ZDI-15-101" }, { "cve": "CVE-2014-7895", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-15-100/advisory.json", "detail_path": "advisories/ZDI-15-100", "id": "ZDI-15-100", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSCashDrawer.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-100/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2505", "zdi_id": "ZDI-15-100" }, { "cve": "CVE-2014-7893", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-15-099/advisory.json", "detail_path": "advisories/ZDI-15-099", "id": "ZDI-15-099", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSCheckScanner.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-099/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2507", "zdi_id": "ZDI-15-099" }, { "cve": "CVE-2014-7892", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Keyboard OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-098/advisory.json", "detail_path": "advisories/ZDI-15-098", "id": "ZDI-15-098", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Keyboard OPOS Drivers OPOSMSR.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-098/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2508", "zdi_id": "ZDI-15-098" }, { "cve": "CVE-2014-7888", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-15-097/advisory.json", "detail_path": "advisories/ZDI-15-097", "id": "ZDI-15-097", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSMICR.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-097/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2512", "zdi_id": "ZDI-15-097" }, { "cve": "CVE-2014-7894", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...", "detail_json": "/data/advisories/ZDI-15-096/advisory.json", "detail_path": "advisories/ZDI-15-096", "id": "ZDI-15-096", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSPOSPrinter.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-096/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2506", "zdi_id": "ZDI-15-096" }, { "cve": "CVE-2014-7891", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Keyboard OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-095/advisory.json", "detail_path": "advisories/ZDI-15-095", "id": "ZDI-15-095", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Keyboard OPOS Drivers OPOSPOSKeyboard.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-095/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2509", "zdi_id": "ZDI-15-095" }, { "cve": "CVE-2014-7890", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Keyboard OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-094/advisory.json", "detail_path": "advisories/ZDI-15-094", "id": "ZDI-15-094", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Hewlett-Packard POS Keyboard OPOS Drivers opostoneindicator.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-094/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2510", "zdi_id": "ZDI-15-094" }, { "cve": "CVE-2014-7912", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Android. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the DHCP options in a DHCP ACK pac...", "detail_json": "/data/advisories/ZDI-15-093/advisory.json", "detail_path": "advisories/ZDI-15-093", "id": "ZDI-15-093", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "(Mobile Pwn2Own) Google Android DHCP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-093/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2620", "zdi_id": "ZDI-15-093" }, { "cve": "CVE-2014-7914", "cvss": 4.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Android. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth application stack allowing for arbi...", "detail_json": "/data/advisories/ZDI-15-092/advisory.json", "detail_path": "advisories/ZDI-15-092", "id": "ZDI-15-092", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "(Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-092/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2616", "zdi_id": "ZDI-15-092" }, { "cve": "CVE-2014-9205", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MICROSYS PROMOTIC. Authentication is not required to exploit this vulnerability. The program blindly copies attacker-supplied data into a fixed-sized buffer wi...", "detail_json": "/data/advisories/ZDI-15-091/advisory.json", "detail_path": "advisories/ZDI-15-091", "id": "ZDI-15-091", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "MICROSYS PROMOTIC Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-091/", "vendor": "MICROSYS", "vendor_url": null, "zdi_can": "ZDI-CAN-2543", "zdi_id": "ZDI-15-091" }, { "cve": "CVE-2015-0982", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric DS-NVs. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-15-090/advisory.json", "detail_path": "advisories/ZDI-15-090", "id": "ZDI-15-090", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Schneider Electric DS-NVs Rvctl.RVControl.1 SetText Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-090/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2341", "zdi_id": "ZDI-15-090" }, { "cve": "CVE-2015-1230", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-089/advisory.json", "detail_path": "advisories/ZDI-15-089", "id": "ZDI-15-089", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-089/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2662", "zdi_id": "ZDI-15-089" }, { "cve": "CVE-2015-0085", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-088/advisory.json", "detail_path": "advisories/ZDI-15-088", "id": "ZDI-15-088", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-088/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2530", "zdi_id": "ZDI-15-088" }, { "cve": "CVE-2015-0341", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-087/advisory.json", "detail_path": "advisories/ZDI-15-087", "id": "ZDI-15-087", "kind": "published", "published_date": "2015-03-12", "status": "published", "title": "Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-087/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2610", "zdi_id": "ZDI-15-087" }, { "cve": "CVE-2015-0096", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious directory...", "detail_json": "/data/advisories/ZDI-15-086/advisory.json", "detail_path": "advisories/ZDI-15-086", "id": "ZDI-15-086", "kind": "published", "published_date": "2015-03-11", "status": "published", "title": "Microsoft Windows .LNK DLL Planting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-086/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2681", "zdi_id": "ZDI-15-086" }, { "cve": "CVE-2014-6329", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-085/advisory.json", "detail_path": "advisories/ZDI-15-085", "id": "ZDI-15-085", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-085/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2653", "zdi_id": "ZDI-15-085" }, { "cve": "CVE-2015-1624", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-084/advisory.json", "detail_path": "advisories/ZDI-15-084", "id": "ZDI-15-084", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-084/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2658", "zdi_id": "ZDI-15-084" }, { "cve": "CVE-2015-1623", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-083/advisory.json", "detail_path": "advisories/ZDI-15-083", "id": "ZDI-15-083", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2657", "zdi_id": "ZDI-15-083" }, { "cve": "CVE-2015-1622", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-082/advisory.json", "detail_path": "advisories/ZDI-15-082", "id": "ZDI-15-082", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CGeneratedContent::UnWrapContent Out-Of-Bound Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-082/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2655", "zdi_id": "ZDI-15-082" }, { "cve": "CVE-2015-0100", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-081/advisory.json", "detail_path": "advisories/ZDI-15-081", "id": "ZDI-15-081", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-081/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2652", "zdi_id": "ZDI-15-081" }, { "cve": "CVE-2015-0099", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-080/advisory.json", "detail_path": "advisories/ZDI-15-080", "id": "ZDI-15-080", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer BuildAnimation Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-080/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2629", "zdi_id": "ZDI-15-080" }, { "cve": "CVE-2015-0077", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-079/advisory.json", "detail_path": "advisories/ZDI-15-079", "id": "ZDI-15-079", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Windows NtUserfnINSTRINGNULL Information Leak Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-079/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2590", "zdi_id": "ZDI-15-079" }, { "cve": "CVE-2015-0094", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-078/advisory.json", "detail_path": "advisories/ZDI-15-078", "id": "ZDI-15-078", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Windows NtUserfnINOUTNCCALCSIZE Information Leak Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-078/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2537", "zdi_id": "ZDI-15-078" }, { "cve": "CVE-2015-0056", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-077/advisory.json", "detail_path": "advisories/ZDI-15-077", "id": "ZDI-15-077", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-077/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2631", "zdi_id": "ZDI-15-077" }, { "cve": "CVE-2015-0081", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vuln...", "detail_json": "/data/advisories/ZDI-15-076/advisory.json", "detail_path": "advisories/ZDI-15-076", "id": "ZDI-15-076", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Windows Text Services Out-Of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-076/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2571", "zdi_id": "ZDI-15-076" }, { "cve": "CVE-2015-1626", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-075/advisory.json", "detail_path": "advisories/ZDI-15-075", "id": "ZDI-15-075", "kind": "published", "published_date": "2015-03-10", "status": "published", "title": "Microsoft Internet Explorer CInputContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2548", "zdi_id": "ZDI-15-075" }, { "cve": "CVE-2015-2094", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate WinRDS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-074/advisory.json", "detail_path": "advisories/ZDI-15-074", "id": "ZDI-15-074", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 SaveSiteImage Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-074/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2165", "zdi_id": "ZDI-15-074" }, { "cve": "CVE-2015-2094", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate WinRDS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-073/advisory.json", "detail_path": "advisories/ZDI-15-073", "id": "ZDI-15-073", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 StopSiteAllChannel Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-073/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2164", "zdi_id": "ZDI-15-073" }, { "cve": "CVE-2015-2094", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate WinRDS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-072/advisory.json", "detail_path": "advisories/ZDI-15-072", "id": "ZDI-15-072", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 PlaySiteAllChannel Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-072/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2163", "zdi_id": "ZDI-15-072" }, { "cve": "CVE-2015-2094", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate WinRDS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-071/advisory.json", "detail_path": "advisories/ZDI-15-071", "id": "ZDI-15-071", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 PrintSiteImage Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-071/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2155", "zdi_id": "ZDI-15-071" }, { "cve": "CVE-2015-2095", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-070/advisory.json", "detail_path": "advisories/ZDI-15-070", "id": "ZDI-15-070", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 SetConnectInfo Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-070/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2149", "zdi_id": "ZDI-15-070" }, { "cve": "CVE-2015-2096", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-069/advisory.json", "detail_path": "advisories/ZDI-15-069", "id": "ZDI-15-069", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 Connect Method Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-069/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2148", "zdi_id": "ZDI-15-069" }, { "cve": "CVE-2015-2097", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-068/advisory.json", "detail_path": "advisories/ZDI-15-068", "id": "ZDI-15-068", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 LoadImageEx Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-068/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2125", "zdi_id": "ZDI-15-068" }, { "cve": "CVE-2015-2100", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate Control Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-067/advisory.json", "detail_path": "advisories/ZDI-15-067", "id": "ZDI-15-067", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate Control Center WESPDiscovery.WESPDiscoveryCtrl.1 TCPDiscovery Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-067/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2157", "zdi_id": "ZDI-15-067" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-066/advisory.json", "detail_path": "advisories/ZDI-15-066", "id": "ZDI-15-066", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 OpenDVrSSite Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-066/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2126", "zdi_id": "ZDI-15-066" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-065/advisory.json", "detail_path": "advisories/ZDI-15-065", "id": "ZDI-15-065", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteName Property Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-065/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2127", "zdi_id": "ZDI-15-065" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-064/advisory.json", "detail_path": "advisories/ZDI-15-064", "id": "ZDI-15-064", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteChannel Property Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-064/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2128", "zdi_id": "ZDI-15-064" }, { "cve": "CVE-2015-2099", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate Control Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-063/advisory.json", "detail_path": "advisories/ZDI-15-063", "id": "ZDI-15-063", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate Control Center WESPPlayback.WESPPlaybackCtrl.1 GetThumbnail Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-063/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2158", "zdi_id": "ZDI-15-063" }, { "cve": "CVE-2015-2097", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-062/advisory.json", "detail_path": "advisories/ZDI-15-062", "id": "ZDI-15-062", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPSerialPort.WESPSerialPortCtrl.1 Connect Method Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-062/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2129", "zdi_id": "ZDI-15-062" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-061/advisory.json", "detail_path": "advisories/ZDI-15-061", "id": "ZDI-15-061", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 Connect/ConnectEx Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-061/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2124", "zdi_id": "ZDI-15-061" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-060/advisory.json", "detail_path": "advisories/ZDI-15-060", "id": "ZDI-15-060", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 AudioOnlySiteChannel Property Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-060/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2130", "zdi_id": "ZDI-15-060" }, { "cve": "CVE-2015-2097", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-059/advisory.json", "detail_path": "advisories/ZDI-15-059", "id": "ZDI-15-059", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 LoadImage Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-059/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2123", "zdi_id": "ZDI-15-059" }, { "cve": "CVE-2015-2098", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-058/advisory.json", "detail_path": "advisories/ZDI-15-058", "id": "ZDI-15-058", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPEvent.WESPEventCtrl.1 Connect/ConnectEx/ConnectEx2 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-058/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2121", "zdi_id": "ZDI-15-058" }, { "cve": "CVE-2015-2100", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-057/advisory.json", "detail_path": "advisories/ZDI-15-057", "id": "ZDI-15-057", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate eDVR Manager WESPDiscovery.WESPDiscoveryCtrl.1 TCPDiscovery Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-057/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2119", "zdi_id": "ZDI-15-057" }, { "cve": "CVE-2015-2099", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate Control Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-056/advisory.json", "detail_path": "advisories/ZDI-15-056", "id": "ZDI-15-056", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate Control Center LoginContoller.LoginControllerCtrl.1 Login Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-056/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2118", "zdi_id": "ZDI-15-056" }, { "cve": "CVE-2015-2099", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate Control Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-15-055/advisory.json", "detail_path": "advisories/ZDI-15-055", "id": "ZDI-15-055", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate Control Center FileConverter.FileConverterCtrl.1 GetRecFileInfo Stack and Heap Buffer Overflow Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-055/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2115", "zdi_id": "ZDI-15-055" }, { "cve": "CVE-2015-2093", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the WebGate WebEyeAudio ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-15-054/advisory.json", "detail_path": "advisories/ZDI-15-054", "id": "ZDI-15-054", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) WebGate WebEyeAudio.OCX Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-054/", "vendor": "WebGate", "vendor_url": null, "zdi_can": "ZDI-CAN-2092", "zdi_id": "ZDI-15-054" }, { "cve": "CVE-2015-2092", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-15-053/advisory.json", "detail_path": "advisories/ZDI-15-053", "id": "ZDI-15-053", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-053/", "vendor": "Agilent Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-2288", "zdi_id": "ZDI-15-053" }, { "cve": null, "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-15-052/advisory.json", "detail_path": "advisories/ZDI-15-052", "id": "ZDI-15-052", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "(0Day) Microsoft Word Line Formatting Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-052/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2485", "zdi_id": "ZDI-15-052" }, { "cve": "CVE-2015-2061", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PTC Creo View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-051/advisory.json", "detail_path": "advisories/ZDI-15-051", "id": "ZDI-15-051", "kind": "published", "published_date": "2015-02-27", "status": "published", "title": "PTC Creo View Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-051/", "vendor": "PTC", "vendor_url": null, "zdi_can": "ZDI-CAN-2198", "zdi_id": "ZDI-15-051" }, { "cve": "CVE-2014-6369", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-050/advisory.json", "detail_path": "advisories/ZDI-15-050", "id": "ZDI-15-050", "kind": "published", "published_date": "2015-02-25", "status": "published", "title": "Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-050/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2545", "zdi_id": "ZDI-15-050" }, { "cve": "CVE-2015-1605", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this secu...", "detail_json": "/data/advisories/ZDI-15-049/advisory.json", "detail_path": "advisories/ZDI-15-049", "id": "ZDI-15-049", "kind": "published", "published_date": "2015-02-20", "status": "published", "title": "Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-049/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-2335", "zdi_id": "ZDI-15-049" }, { "cve": "CVE-2015-1605", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this secu...", "detail_json": "/data/advisories/ZDI-15-048/advisory.json", "detail_path": "advisories/ZDI-15-048", "id": "ZDI-15-048", "kind": "published", "published_date": "2015-02-20", "status": "published", "title": "Dell ScriptLogic Asset Manager GetClientPackage SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-048/", "vendor": "Dell", "vendor_url": null, "zdi_can": "ZDI-CAN-2334", "zdi_id": "ZDI-15-048" }, { "cve": "CVE-2015-0331", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-15-047/advisory.json", "detail_path": "advisories/ZDI-15-047", "id": "ZDI-15-047", "kind": "published", "published_date": "2015-02-19", "status": "published", "title": "Adobe Flash HLS Playlist Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-047/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2625", "zdi_id": "ZDI-15-047" }, { "cve": "CVE-2014-9375", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LibraryFileUploadServlet servl...", "detail_json": "/data/advisories/ZDI-15-046/advisory.json", "detail_path": "advisories/ZDI-15-046", "id": "ZDI-15-046", "kind": "published", "published_date": "2015-02-13", "status": "published", "title": "Lexmark Markvision Enterprise LibraryFileUploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-046/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-2648", "zdi_id": "ZDI-15-046" }, { "cve": "CVE-2015-0314", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-15-045/advisory.json", "detail_path": "advisories/ZDI-15-045", "id": "ZDI-15-045", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Adobe Flash Player BitmapFilter Invalid Object Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-045/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2602", "zdi_id": "ZDI-15-045" }, { "cve": "CVE-2015-1500", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-044/advisory.json", "detail_path": "advisories/ZDI-15-044", "id": "ZDI-15-044", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl graphManager.load Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-044/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2380", "zdi_id": "ZDI-15-044" }, { "cve": "CVE-2015-1501", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-043/advisory.json", "detail_path": "advisories/ZDI-15-043", "id": "ZDI-15-043", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-043/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2379", "zdi_id": "ZDI-15-043" }, { "cve": "CVE-2015-1500", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-15-042/advisory.json", "detail_path": "advisories/ZDI-15-042", "id": "ZDI-15-042", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-042/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2378", "zdi_id": "ZDI-15-042" }, { "cve": "CVE-2015-1499", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete files of their choosing from systems running vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ActiveMQ...", "detail_json": "/data/advisories/ZDI-15-041/advisory.json", "detail_path": "advisories/ZDI-15-041", "id": "ZDI-15-041", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Samsung Security Manager ActiveMQ Broker Service DELETE Method Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-041/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2339", "zdi_id": "ZDI-15-041" }, { "cve": "CVE-2014-9200", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-15-040/advisory.json", "detail_path": "advisories/ZDI-15-040", "id": "ZDI-15-040", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Schneider Electric SoMove Lite IsObjectModel RemoveParameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-040/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2478", "zdi_id": "ZDI-15-040" }, { "cve": "CVE-2015-1498", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of certain request...", "detail_json": "/data/advisories/ZDI-15-039/advisory.json", "detail_path": "advisories/ZDI-15-039", "id": "ZDI-15-039", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Persistent Systems Client Automation Remote Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-039/", "vendor": "Persistent Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-1916", "zdi_id": "ZDI-15-039" }, { "cve": "CVE-2015-1497", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which lis...", "detail_json": "/data/advisories/ZDI-15-038/advisory.json", "detail_path": "advisories/ZDI-15-038", "id": "ZDI-15-038", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-038/", "vendor": "Persistent Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-2142", "zdi_id": "ZDI-15-038" }, { "cve": "CVE-2015-1496", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permission...", "detail_json": "/data/advisories/ZDI-15-037/advisory.json", "detail_path": "advisories/ZDI-15-037", "id": "ZDI-15-037", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Motorola Scanner SDK ScannerService.exe Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-037/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-2515", "zdi_id": "ZDI-15-037" }, { "cve": "CVE-2015-1496", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permission...", "detail_json": "/data/advisories/ZDI-15-036/advisory.json", "detail_path": "advisories/ZDI-15-036", "id": "ZDI-15-036", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Motorola Scanner SDK rsmdriverproviderservice.exe Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-036/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-2516", "zdi_id": "ZDI-15-036" }, { "cve": "CVE-2015-1496", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permission...", "detail_json": "/data/advisories/ZDI-15-035/advisory.json", "detail_path": "advisories/ZDI-15-035", "id": "ZDI-15-035", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Motorola Scanner SDK CoreScanner.exe Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-035/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-2514", "zdi_id": "ZDI-15-035" }, { "cve": "CVE-2015-1495", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-034/advisory.json", "detail_path": "advisories/ZDI-15-034", "id": "ZDI-15-034", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Motorola Scanner SDK OPOSScale.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-034/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-2488", "zdi_id": "ZDI-15-034" }, { "cve": "CVE-2015-1495", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-15-033/advisory.json", "detail_path": "advisories/ZDI-15-033", "id": "ZDI-15-033", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Motorola Scanner SDK OPOSSCANNER.ocx Open Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-033/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-2489", "zdi_id": "ZDI-15-033" }, { "cve": "CVE-2014-6354", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-032/advisory.json", "detail_path": "advisories/ZDI-15-032", "id": "ZDI-15-032", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CSVGSVGElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-032/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2386", "zdi_id": "ZDI-15-032" }, { "cve": "CVE-2015-1044", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial-of-service on vulnerable installations of VMWare Workstation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VMWare Authorization service, which is...", "detail_json": "/data/advisories/ZDI-15-031/advisory.json", "detail_path": "advisories/ZDI-15-031", "id": "ZDI-15-031", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "VMware Workstation Authorization Service Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-031/", "vendor": "VMware, Inc.", "vendor_url": null, "zdi_can": "ZDI-CAN-2383", "zdi_id": "ZDI-15-031" }, { "cve": "CVE-2015-0058", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows for elevation of privilege on vulnerable installations of Microsoft Windows. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The specific flaw exists within the usage of Curs...", "detail_json": "/data/advisories/ZDI-15-030/advisory.json", "detail_path": "advisories/ZDI-15-030", "id": "ZDI-15-030", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Windows win32k.sys Dangling Pointer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2626", "zdi_id": "ZDI-15-030" }, { "cve": "CVE-2015-0053", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-029/advisory.json", "detail_path": "advisories/ZDI-15-029", "id": "ZDI-15-029", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer UnitValueProperty Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-029/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2628", "zdi_id": "ZDI-15-029" }, { "cve": "CVE-2015-0046", "cvss": 2.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-15-028/advisory.json", "detail_path": "advisories/ZDI-15-028", "id": "ZDI-15-028", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer Type Confusion Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-028/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2607", "zdi_id": "ZDI-15-028" }, { "cve": "CVE-2015-0045", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-027/advisory.json", "detail_path": "advisories/ZDI-15-027", "id": "ZDI-15-027", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CLineFull Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2580", "zdi_id": "ZDI-15-027" }, { "cve": "CVE-2015-0044", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-026/advisory.json", "detail_path": "advisories/ZDI-15-026", "id": "ZDI-15-026", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CTableLayout Out-of-Bounds Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2604", "zdi_id": "ZDI-15-026" }, { "cve": "CVE-2015-0043", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-025/advisory.json", "detail_path": "advisories/ZDI-15-025", "id": "ZDI-15-025", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2595", "zdi_id": "ZDI-15-025" }, { "cve": "CVE-2015-0042", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-024/advisory.json", "detail_path": "advisories/ZDI-15-024", "id": "ZDI-15-024", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2564", "zdi_id": "ZDI-15-024" }, { "cve": "CVE-2015-0041", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-023/advisory.json", "detail_path": "advisories/ZDI-15-023", "id": "ZDI-15-023", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CTreePos Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2546", "zdi_id": "ZDI-15-023" }, { "cve": "CVE-2015-0040", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-022/advisory.json", "detail_path": "advisories/ZDI-15-022", "id": "ZDI-15-022", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CMapElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2557", "zdi_id": "ZDI-15-022" }, { "cve": "CVE-2015-0038", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-021/advisory.json", "detail_path": "advisories/ZDI-15-021", "id": "ZDI-15-021", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CUListElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-021/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2554", "zdi_id": "ZDI-15-021" }, { "cve": "CVE-2015-0037", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-020/advisory.json", "detail_path": "advisories/ZDI-15-020", "id": "ZDI-15-020", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer Ptls6::LsFmtText Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2562", "zdi_id": "ZDI-15-020" }, { "cve": "CVE-2015-0036", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-019/advisory.json", "detail_path": "advisories/ZDI-15-019", "id": "ZDI-15-019", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2570", "zdi_id": "ZDI-15-019" }, { "cve": "CVE-2015-0035", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-018/advisory.json", "detail_path": "advisories/ZDI-15-018", "id": "ZDI-15-018", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2561", "zdi_id": "ZDI-15-018" }, { "cve": "CVE-2015-0035", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-017/advisory.json", "detail_path": "advisories/ZDI-15-017", "id": "ZDI-15-017", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-017/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2608", "zdi_id": "ZDI-15-017" }, { "cve": "CVE-2015-0031", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-016/advisory.json", "detail_path": "advisories/ZDI-15-016", "id": "ZDI-15-016", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer TransNavContext Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-016/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2305", "zdi_id": "ZDI-15-016" }, { "cve": "CVE-2015-0027", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-015/advisory.json", "detail_path": "advisories/ZDI-15-015", "id": "ZDI-15-015", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CSS Regions Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-015/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2534", "zdi_id": "ZDI-15-015" }, { "cve": "CVE-2015-0025", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-014/advisory.json", "detail_path": "advisories/ZDI-15-014", "id": "ZDI-15-014", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2396", "zdi_id": "ZDI-15-014" }, { "cve": "CVE-2015-0017", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-013/advisory.json", "detail_path": "advisories/ZDI-15-013", "id": "ZDI-15-013", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Internet Explorer CAutoRange::ScrollIntoView Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2395", "zdi_id": "ZDI-15-013" }, { "cve": "CVE-2015-0003", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to elevate to System privileges on vulnerable installations of Microsoft Windows. This vulnerability requires the ability to run arbitrary unprivileged code. The specific flaw exists within the handling of the WM_SYST...", "detail_json": "/data/advisories/ZDI-15-012/advisory.json", "detail_path": "advisories/ZDI-15-012", "id": "ZDI-15-012", "kind": "published", "published_date": "2015-02-10", "status": "published", "title": "Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2549", "zdi_id": "ZDI-15-012" }, { "cve": "CVE-2014-4484", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-011/advisory.json", "detail_path": "advisories/ZDI-15-011", "id": "ZDI-15-011", "kind": "published", "published_date": "2015-01-27", "status": "published", "title": "Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-011/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2532", "zdi_id": "ZDI-15-011" }, { "cve": "CVE-2014-8840", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-15-010/advisory.json", "detail_path": "advisories/ZDI-15-010", "id": "ZDI-15-010", "kind": "published", "published_date": "2015-01-27", "status": "published", "title": "(Mobile Pwn2Own) Apple iOS SSL Sandbox Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-010/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2612", "zdi_id": "ZDI-15-010" }, { "cve": "CVE-2014-4477", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-15-009/advisory.json", "detail_path": "advisories/ZDI-15-009", "id": "ZDI-15-009", "kind": "published", "published_date": "2015-01-27", "status": "published", "title": "(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-009/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2611", "zdi_id": "ZDI-15-009" }, { "cve": "CVE-2014-5211", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection FTP client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-15-008/advisory.json", "detail_path": "advisories/ZDI-15-008", "id": "ZDI-15-008", "kind": "published", "published_date": "2015-01-21", "status": "published", "title": "Attachmate Reflection FTP Client Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-008/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2475", "zdi_id": "ZDI-15-008" }, { "cve": "CVE-2015-0307", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-15-007/advisory.json", "detail_path": "advisories/ZDI-15-007", "id": "ZDI-15-007", "kind": "published", "published_date": "2015-01-21", "status": "published", "title": "Adobe Flash Player AVSegmentedSource::getABRProfileInfoAtIndex Out-Of-Bounds Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-007/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2601", "zdi_id": "ZDI-15-007" }, { "cve": "CVE-2014-5005", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StatusUpdateServlet servlet...", "detail_json": "/data/advisories/ZDI-15-006/advisory.json", "detail_path": "advisories/ZDI-15-006", "id": "ZDI-15-006", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "ManageEngine Desktop Central MSP StatusUpdateServlet fileName File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-006/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2443", "zdi_id": "ZDI-15-006" }, { "cve": "CVE-2014-9188", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-005/advisory.json", "detail_path": "advisories/ZDI-15-005", "id": "ZDI-15-005", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "Schneider Electric ProClima MetaDraw ArrangeObjects Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-005/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2524", "zdi_id": "ZDI-15-005" }, { "cve": "CVE-2014-8512", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-004/advisory.json", "detail_path": "advisories/ZDI-15-004", "id": "ZDI-15-004", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "Schneider Electric ProClima ATX45 SetBodyAttribute Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-004/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2479", "zdi_id": "ZDI-15-004" }, { "cve": "CVE-2014-8511", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-003/advisory.json", "detail_path": "advisories/ZDI-15-003", "id": "ZDI-15-003", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "Schneider Electric ProClima ATX45 SetHtmlFileName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-003/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2477", "zdi_id": "ZDI-15-003" }, { "cve": "CVE-2014-8514", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-002/advisory.json", "detail_path": "advisories/ZDI-15-002", "id": "ZDI-15-002", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "Schneider Electric ProClima MetaDraw ObjLinks Property Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-002/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2483", "zdi_id": "ZDI-15-002" }, { "cve": "CVE-2014-8513", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-15-001/advisory.json", "detail_path": "advisories/ZDI-15-001", "id": "ZDI-15-001", "kind": "published", "published_date": "2015-01-07", "status": "published", "title": "Schneider Electric ProClima MetaDraw ObjectOverlappedBy Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-15-001/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-2480", "zdi_id": "ZDI-15-001" }, { "cve": "CVE-2014-6374", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-430/advisory.json", "detail_path": "advisories/ZDI-14-430", "id": "ZDI-14-430", "kind": "published", "published_date": "2015-12-18", "status": "published", "title": "Microsoft Internet Explorer RtfToForeign32 Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-430/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2811", "zdi_id": "ZDI-14-430" }, { "cve": "CVE-2014-5145", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies 2100 Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CSDispatcher.exe process, w...", "detail_json": "/data/advisories/ZDI-14-429/advisory.json", "detail_path": "advisories/ZDI-14-429", "id": "ZDI-14-429", "kind": "published", "published_date": "2015-10-05", "status": "published", "title": "(0Day) Agilent Technologies 2100 Expert CSDispatcher.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-429/", "vendor": "Agilent Technologies", "vendor_url": null, "zdi_can": "ZDI-CAN-2279", "zdi_id": "ZDI-14-429" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. This vulnerability requires the attacker to have an unprivileged account on the system. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-14-428/advisory.json", "detail_path": "advisories/ZDI-14-428", "id": "ZDI-14-428", "kind": "published", "published_date": "2015-10-05", "status": "published", "title": "(0Day) SolarWinds Server and Application Monitor Alert Manager Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-428/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2517", "zdi_id": "ZDI-14-428" }, { "cve": "CVE-2014-1581", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-427/advisory.json", "detail_path": "advisories/ZDI-14-427", "id": "ZDI-14-427", "kind": "published", "published_date": "2015-02-23", "status": "published", "title": "Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-427/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2531", "zdi_id": "ZDI-14-427" }, { "cve": null, "cvss": 7.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is required to exploit this vulnerability. The specific flaws exist within the cloneid request parameter...", "detail_json": "/data/advisories/ZDI-14-426/advisory.json", "detail_path": "advisories/ZDI-14-426", "id": "ZDI-14-426", "kind": "published", "published_date": "2015-02-23", "status": "published", "title": "AlienVault Unified Security Management cloneid SQL Injection and Scanner Binary Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-426/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2049", "zdi_id": "ZDI-14-426" }, { "cve": "CVE-2014-9192", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service to vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included HTTP server. By providing a sm...", "detail_json": "/data/advisories/ZDI-14-425/advisory.json", "detail_path": "advisories/ZDI-14-425", "id": "ZDI-14-425", "kind": "published", "published_date": "2014-12-12", "status": "published", "title": "Trihedral VTScada Integer Overflow Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-425/", "vendor": "Trihedral Engineering Ltd", "vendor_url": null, "zdi_can": "ZDI-CAN-2599", "zdi_id": "ZDI-14-425" }, { "cve": "CVE-2014-8269", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-14-424/advisory.json", "detail_path": "advisories/ZDI-14-424", "id": "ZDI-14-424", "kind": "published", "published_date": "2014-12-11", "status": "published", "title": "Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-424/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-2527", "zdi_id": "ZDI-14-424" }, { "cve": "CVE-2014-8269", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-14-423/advisory.json", "detail_path": "advisories/ZDI-14-423", "id": "ZDI-14-423", "kind": "published", "published_date": "2014-12-11", "status": "published", "title": "Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-423/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-2528", "zdi_id": "ZDI-14-423" }, { "cve": "CVE-2014-9373", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CollectorConfInfoServlet servl...", "detail_json": "/data/advisories/ZDI-14-422/advisory.json", "detail_path": "advisories/ZDI-14-422", "id": "ZDI-14-422", "kind": "published", "published_date": "2014-12-11", "status": "published", "title": "ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-422/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2462", "zdi_id": "ZDI-14-422" }, { "cve": "CVE-2014-9372", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadAccoun...", "detail_json": "/data/advisories/ZDI-14-421/advisory.json", "detail_path": "advisories/ZDI-14-421", "id": "ZDI-14-421", "kind": "published", "published_date": "2014-12-11", "status": "published", "title": "ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-421/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2473", "zdi_id": "ZDI-14-421" }, { "cve": "CVE-2014-9371", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NativeAppServlet servlet. T...", "detail_json": "/data/advisories/ZDI-14-420/advisory.json", "detail_path": "advisories/ZDI-14-420", "id": "ZDI-14-420", "kind": "published", "published_date": "2014-12-11", "status": "published", "title": "ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-420/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2445", "zdi_id": "ZDI-14-420" }, { "cve": "CVE-2014-8270", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BMC Track-It!. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of password resets. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-419/advisory.json", "detail_path": "advisories/ZDI-14-419", "id": "ZDI-14-419", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "BMC Track-It! Web Account Credential Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-419/", "vendor": "BMC Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2581", "zdi_id": "ZDI-14-419" }, { "cve": "CVE-2014-8515", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...", "detail_json": "/data/advisories/ZDI-14-418/advisory.json", "detail_path": "advisories/ZDI-14-418", "id": "ZDI-14-418", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "BitTorrent Web Interface Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-418/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2352", "zdi_id": "ZDI-14-418" }, { "cve": "CVE-2014-9163", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-417/advisory.json", "detail_path": "advisories/ZDI-14-417", "id": "ZDI-14-417", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Adobe Flash Player parseFloat Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-417/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2552", "zdi_id": "ZDI-14-417" }, { "cve": "CVE-2014-9162", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-14-416/advisory.json", "detail_path": "advisories/ZDI-14-416", "id": "ZDI-14-416", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-416/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2588", "zdi_id": "ZDI-14-416" }, { "cve": "CVE-2014-9264", "cvss": 9.5, "cvss_vector": null, "description_snippet": "This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of a malformed integer constant. If an application allows untrusted input to...", "detail_json": "/data/advisories/ZDI-14-415/advisory.json", "detail_path": "advisories/ZDI-14-415", "id": "ZDI-14-415", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "SAP SQL Anywhere .NET Data Provider Malformed Integer Stack Buffer Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-415/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2349", "zdi_id": "ZDI-14-415" }, { "cve": "CVE-2014-9264", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of the REPLICATE function. If an application allows untrusted input to be use...", "detail_json": "/data/advisories/ZDI-14-414/advisory.json", "detail_path": "advisories/ZDI-14-414", "id": "ZDI-14-414", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "SAP SQL Anywhere .NET Data Provider REPLICATE Function Heap Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-414/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2351", "zdi_id": "ZDI-14-414" }, { "cve": "CVE-2014-9264", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of the SPACE function. If an application allows untrusted input to be used as...", "detail_json": "/data/advisories/ZDI-14-413/advisory.json", "detail_path": "advisories/ZDI-14-413", "id": "ZDI-14-413", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "SAP SQL Anywhere .NET Data Provider SPACE Function Heap Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-413/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2350", "zdi_id": "ZDI-14-413" }, { "cve": "CVE-2014-9264", "cvss": 9.5, "cvss_vector": null, "description_snippet": "This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of column aliases. If an application allows untrusted input to be used as the...", "detail_json": "/data/advisories/ZDI-14-412/advisory.json", "detail_path": "advisories/ZDI-14-412", "id": "ZDI-14-412", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "SAP SQL Anywhere .NET Data Provider Column Alias Stack Buffer Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-412/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2348", "zdi_id": "ZDI-14-412" }, { "cve": "CVE-2014-8742", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportDownloadServlet class. T...", "detail_json": "/data/advisories/ZDI-14-411/advisory.json", "detail_path": "advisories/ZDI-14-411", "id": "ZDI-14-411", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-411/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-2438", "zdi_id": "ZDI-14-411" }, { "cve": "CVE-2014-8741", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. Th...", "detail_json": "/data/advisories/ZDI-14-410/advisory.json", "detail_path": "advisories/ZDI-14-410", "id": "ZDI-14-410", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-410/", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-2437", "zdi_id": "ZDI-14-410" }, { "cve": "CVE-2014-8966", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-409/advisory.json", "detail_path": "advisories/ZDI-14-409", "id": "ZDI-14-409", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer CInputElement Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-409/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2536", "zdi_id": "ZDI-14-409" }, { "cve": "CVE-2014-6329", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-408/advisory.json", "detail_path": "advisories/ZDI-14-408", "id": "ZDI-14-408", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-408/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2522", "zdi_id": "ZDI-14-408" }, { "cve": "CVE-2014-6327", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-407/advisory.json", "detail_path": "advisories/ZDI-14-407", "id": "ZDI-14-407", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer CSetTimeoutInfo Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-407/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2521", "zdi_id": "ZDI-14-407" }, { "cve": "CVE-2014-6376", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability consists of potentially hazardous use of memory on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-14-406/advisory.json", "detail_path": "advisories/ZDI-14-406", "id": "ZDI-14-406", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer LineBoxBuilder::FindWord Out-Of-Bounds Memory Access Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-406/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2520", "zdi_id": "ZDI-14-406" }, { "cve": "CVE-2014-6375", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-405/advisory.json", "detail_path": "advisories/ZDI-14-405", "id": "ZDI-14-405", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer Insert Command Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-405/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2503", "zdi_id": "ZDI-14-405" }, { "cve": "CVE-2014-6374", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-404/advisory.json", "detail_path": "advisories/ZDI-14-404", "id": "ZDI-14-404", "kind": "published", "published_date": "2014-12-09", "status": "published", "title": "Microsoft Internet Explorer RtfToForeign32 Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-404/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2498", "zdi_id": "ZDI-14-404" }, { "cve": "CVE-2014-8967", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-403/advisory.json", "detail_path": "advisories/ZDI-14-403", "id": "ZDI-14-403", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-403/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2365", "zdi_id": "ZDI-14-403" }, { "cve": "CVE-2014-9268", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-402/advisory.json", "detail_path": "advisories/ZDI-14-402", "id": "ZDI-14-402", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "Autodesk Design Review AdView.AdViewer.1 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-402/", "vendor": "Autodesk", "vendor_url": null, "zdi_can": "ZDI-CAN-2197", "zdi_id": "ZDI-14-402" }, { "cve": "CVE-2014-9265", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-401/advisory.json", "detail_path": "advisories/ZDI-14-401", "id": "ZDI-14-401", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "Samsung SmartViewer CNC_Ctrl ActiveX Control BackupToAvi Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-401/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2355", "zdi_id": "ZDI-14-401" }, { "cve": "CVE-2014-9266", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-400/advisory.json", "detail_path": "advisories/ZDI-14-400", "id": "ZDI-14-400", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "Samsung SmartViewer STWConfig ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-400/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2413", "zdi_id": "ZDI-14-400" }, { "cve": "CVE-2014-9267", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-14-399/advisory.json", "detail_path": "advisories/ZDI-14-399", "id": "ZDI-14-399", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "PTC IsoView ActiveX Control ViewPort Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-399/", "vendor": "PTC", "vendor_url": null, "zdi_can": "ZDI-CAN-2190", "zdi_id": "ZDI-14-399" }, { "cve": "CVE-2014-9267", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-14-398/advisory.json", "detail_path": "advisories/ZDI-14-398", "id": "ZDI-14-398", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "PTC IsoView Activex Control Multiple Animation Methods Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-398/", "vendor": "PTC", "vendor_url": null, "zdi_can": "ZDI-CAN-2189", "zdi_id": "ZDI-14-398" }, { "cve": "CVE-2014-9263", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-397/advisory.json", "detail_path": "advisories/ZDI-14-397", "id": "ZDI-14-397", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 GetONVIFDeviceInformation/GetONVIFProfiles/GetONVIFStreamUri Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-397/", "vendor": "3S Pocketnet Tech", "vendor_url": null, "zdi_can": "ZDI-CAN-2409", "zdi_id": "ZDI-14-397" }, { "cve": "CVE-2014-9263", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-396/advisory.json", "detail_path": "advisories/ZDI-14-396", "id": "ZDI-14-396", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SetDisplayText Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-396/", "vendor": "3S Pocketnet Tech", "vendor_url": null, "zdi_can": "ZDI-CAN-2408", "zdi_id": "ZDI-14-396" }, { "cve": "CVE-2014-9263", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-395/advisory.json", "detail_path": "advisories/ZDI-14-395", "id": "ZDI-14-395", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SaveCurrentImageEx Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-395/", "vendor": "3S Pocketnet Tech", "vendor_url": null, "zdi_can": "ZDI-CAN-2407", "zdi_id": "ZDI-14-395" }, { "cve": "CVE-2014-9263", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-394/advisory.json", "detail_path": "advisories/ZDI-14-394", "id": "ZDI-14-394", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SaveCurrentImage Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-394/", "vendor": "3S Pocketnet Tech", "vendor_url": null, "zdi_can": "ZDI-CAN-2406", "zdi_id": "ZDI-14-394" }, { "cve": "CVE-2014-9263", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-14-393/advisory.json", "detail_path": "advisories/ZDI-14-393", "id": "ZDI-14-393", "kind": "published", "published_date": "2014-12-04", "status": "published", "title": "(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 StartRecord/StartRecordEx/StartScheuledRecord Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-393/", "vendor": "3S Pocketnet Tech", "vendor_url": null, "zdi_can": "ZDI-CAN-2405", "zdi_id": "ZDI-14-393" }, { "cve": "CVE-2014-8002", "cvss": 9.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can force a dang...", "detail_json": "/data/advisories/ZDI-14-392/advisory.json", "detail_path": "advisories/ZDI-14-392", "id": "ZDI-14-392", "kind": "published", "published_date": "2014-12-03", "status": "published", "title": "Cisco OpenH264 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-392/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-2415", "zdi_id": "ZDI-14-392" }, { "cve": "CVE-2014-8001", "cvss": 9.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a...", "detail_json": "/data/advisories/ZDI-14-391/advisory.json", "detail_path": "advisories/ZDI-14-391", "id": "ZDI-14-391", "kind": "published", "published_date": "2014-12-03", "status": "published", "title": "Cisco OpenH264 Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-391/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-2414", "zdi_id": "ZDI-14-391" }, { "cve": "CVE-2014-1314", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-14-390/advisory.json", "detail_path": "advisories/ZDI-14-390", "id": "ZDI-14-390", "kind": "published", "published_date": "2014-12-02", "status": "published", "title": "(Pwn2Own) Apple OS X WindowsServer Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-390/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2222", "zdi_id": "ZDI-14-390" }, { "cve": "CVE-2014-8423", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of access to the management portal. T...", "detail_json": "/data/advisories/ZDI-14-389/advisory.json", "detail_path": "advisories/ZDI-14-389", "id": "ZDI-14-389", "kind": "published", "published_date": "2014-11-25", "status": "published", "title": "ARRIS VAP2500 Management Portal Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-389/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-2137", "zdi_id": "ZDI-14-389" }, { "cve": "CVE-2014-8424", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of user authentication. The issue lie...", "detail_json": "/data/advisories/ZDI-14-388/advisory.json", "detail_path": "advisories/ZDI-14-388", "id": "ZDI-14-388", "kind": "published", "published_date": "2014-11-25", "status": "published", "title": "ARRIS VAP2500 Management Portal Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-388/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-2136", "zdi_id": "ZDI-14-388" }, { "cve": "CVE-2014-8425", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of access to the management portal. T...", "detail_json": "/data/advisories/ZDI-14-387/advisory.json", "detail_path": "advisories/ZDI-14-387", "id": "ZDI-14-387", "kind": "published", "published_date": "2014-11-25", "status": "published", "title": "ARRIS VAP2500 Management Portal Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-387/", "vendor": "ARRIS", "vendor_url": null, "zdi_can": "ZDI-CAN-2135", "zdi_id": "ZDI-14-387" }, { "cve": "CVE-2014-8678", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine OpUtils. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ConfigSaveServlet servlet. The...", "detail_json": "/data/advisories/ZDI-14-386/advisory.json", "detail_path": "advisories/ZDI-14-386", "id": "ZDI-14-386", "kind": "published", "published_date": "2014-11-21", "status": "published", "title": "ManageEngine OpUtils ConfigSaveServlet saveFile Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-386/", "vendor": "ManageEngine", "vendor_url": null, "zdi_can": "ZDI-CAN-2428", "zdi_id": "ZDI-14-386" }, { "cve": "CVE-2014-8420", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-14-385/advisory.json", "detail_path": "advisories/ZDI-14-385", "id": "ZDI-14-385", "kind": "published", "published_date": "2014-11-21", "status": "published", "title": "Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-385/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-2286", "zdi_id": "ZDI-14-385" }, { "cve": "CVE-2014-5424", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-14-384/advisory.json", "detail_path": "advisories/ZDI-14-384", "id": "ZDI-14-384", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Rockwell Automation Connected Components Workbench RA.ViewElements.Row.1 Arbitrary Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-384/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-2418", "zdi_id": "ZDI-14-384" }, { "cve": "CVE-2014-5424", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...", "detail_json": "/data/advisories/ZDI-14-383/advisory.json", "detail_path": "advisories/ZDI-14-383", "id": "ZDI-14-383", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Rockwell Automation Connected Components Workbench RA.ViewElements.Grid.1 Arbitrary Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-383/", "vendor": "Rockwell Automation", "vendor_url": null, "zdi_can": "ZDI-CAN-2417", "zdi_id": "ZDI-14-383" }, { "cve": "CVE-2014-6466", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-382/advisory.json", "detail_path": "advisories/ZDI-14-382", "id": "ZDI-14-382", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Oracle Java jp2launcher.exe Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-382/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2535", "zdi_id": "ZDI-14-382" }, { "cve": "CVE-2014-6351", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-381/advisory.json", "detail_path": "advisories/ZDI-14-381", "id": "ZDI-14-381", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CSS Quotes Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-381/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2544", "zdi_id": "ZDI-14-381" }, { "cve": "CVE-2014-6348", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-380/advisory.json", "detail_path": "advisories/ZDI-14-380", "id": "ZDI-14-380", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CHeaderElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-380/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2482", "zdi_id": "ZDI-14-380" }, { "cve": "CVE-2014-6344", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-379/advisory.json", "detail_path": "advisories/ZDI-14-379", "id": "ZDI-14-379", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer GetReplacedUrlImgCtxCookie Out-of-bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-379/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2436", "zdi_id": "ZDI-14-379" }, { "cve": "CVE-2014-6343", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-378/advisory.json", "detail_path": "advisories/ZDI-14-378", "id": "ZDI-14-378", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-378/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2410", "zdi_id": "ZDI-14-378" }, { "cve": "CVE-2014-6342", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-377/advisory.json", "detail_path": "advisories/ZDI-14-377", "id": "ZDI-14-377", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CPtsTextParaclient::GetApeCorners Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-377/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2474", "zdi_id": "ZDI-14-377" }, { "cve": "CVE-2014-6341", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-376/advisory.json", "detail_path": "advisories/ZDI-14-376", "id": "ZDI-14-376", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CStyleSheet::get_parentStyleSheet Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-376/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2433", "zdi_id": "ZDI-14-376" }, { "cve": "CVE-2014-4143", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-375/advisory.json", "detail_path": "advisories/ZDI-14-375", "id": "ZDI-14-375", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer CSecurityContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-375/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2404", "zdi_id": "ZDI-14-375" }, { "cve": "CVE-2014-6347", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-374/advisory.json", "detail_path": "advisories/ZDI-14-374", "id": "ZDI-14-374", "kind": "published", "published_date": "2014-11-19", "status": "published", "title": "Microsoft Internet Explorer DOMStringMap Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-374/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2399", "zdi_id": "ZDI-14-374" }, { "cve": "CVE-2014-8510", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read files from the underlying operating system on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance web application authentication is required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-14-373/advisory.json", "detail_path": "advisories/ZDI-14-373", "id": "ZDI-14-373", "kind": "published", "published_date": "2014-11-06", "status": "published", "title": "Trend Micro InterScan Web Security Virtual Appliance Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-373/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-2369", "zdi_id": "ZDI-14-373" }, { "cve": "CVE-2014-8516", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of file uploads. The...", "detail_json": "/data/advisories/ZDI-14-372/advisory.json", "detail_path": "advisories/ZDI-14-372", "id": "ZDI-14-372", "kind": "published", "published_date": "2014-11-03", "status": "published", "title": "(0Day) Visual Mining NetCharts Server File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-372/", "vendor": "Visual Mining", "vendor_url": null, "zdi_can": "ZDI-CAN-2183", "zdi_id": "ZDI-14-372" }, { "cve": "CVE-2014-8508", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to insert persistent JavaScript on vulnerable installations of the Denon AVR-3313CI audio/video receiver's web portal. Authentication is not required to persist the attack. However, user interaction is required to ex...", "detail_json": "/data/advisories/ZDI-14-371/advisory.json", "detail_path": "advisories/ZDI-14-371", "id": "ZDI-14-371", "kind": "published", "published_date": "2014-11-03", "status": "published", "title": "(0Day) Denon AVR-3313CI 'Friendlyname' Persistent Cross-Site Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-371/", "vendor": "Denon", "vendor_url": null, "zdi_can": "ZDI-CAN-2333", "zdi_id": "ZDI-14-371" }, { "cve": "CVE-2014-8509", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the l...", "detail_json": "/data/advisories/ZDI-14-370/advisory.json", "detail_path": "advisories/ZDI-14-370", "id": "ZDI-14-370", "kind": "published", "published_date": "2014-10-29", "status": "published", "title": "BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-370/", "vendor": "BitTorrent", "vendor_url": null, "zdi_can": "ZDI-CAN-2494", "zdi_id": "ZDI-14-370" }, { "cve": "CVE-2014-0786", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the \"guest\" user. The issue lie...", "detail_json": "/data/advisories/ZDI-14-369/advisory.json", "detail_path": "advisories/ZDI-14-369", "id": "ZDI-14-369", "kind": "published", "published_date": "2014-10-24", "status": "published", "title": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-369/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-2310", "zdi_id": "ZDI-14-369" }, { "cve": "CVE-2014-4391", "cvss": 5.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-14-368/advisory.json", "detail_path": "advisories/ZDI-14-368", "id": "ZDI-14-368", "kind": "published", "published_date": "2014-10-24", "status": "published", "title": "Apple OS X GateKeeper Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-368/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1923", "zdi_id": "ZDI-14-368" }, { "cve": "CVE-2014-1803", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-367/advisory.json", "detail_path": "advisories/ZDI-14-367", "id": "ZDI-14-367", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-367/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2306", "zdi_id": "ZDI-14-367" }, { "cve": "CVE-2014-1799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-366/advisory.json", "detail_path": "advisories/ZDI-14-366", "id": "ZDI-14-366", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CDOMEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-366/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2324", "zdi_id": "ZDI-14-366" }, { "cve": "CVE-2014-0569", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-365/advisory.json", "detail_path": "advisories/ZDI-14-365", "id": "ZDI-14-365", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-365/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2518", "zdi_id": "ZDI-14-365" }, { "cve": "CVE-2014-8755", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Network Camera View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-364/advisory.json", "detail_path": "advisories/ZDI-14-364", "id": "ZDI-14-364", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Panasonic Network Camera View GetImageDataPrint Untrusted Pointer Dereference Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-364/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-2357", "zdi_id": "ZDI-14-364" }, { "cve": "CVE-2014-8756", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Network Camera Recorder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-14-363/advisory.json", "detail_path": "advisories/ZDI-14-363", "id": "ZDI-14-363", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Panasonic Network Camera Recorder NcrCtl4.NcrNet.1 GetVOLHeader Arbitrary Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-363/", "vendor": "Panasonic", "vendor_url": null, "zdi_can": "ZDI-CAN-2171", "zdi_id": "ZDI-14-363" }, { "cve": "CVE-2014-8074", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Foxit ActiveX Pro SDK ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-362/advisory.json", "detail_path": "advisories/ZDI-14-362", "id": "ZDI-14-362", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Foxit ActiveX Pro SDK SetLogFile Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-362/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-2490", "zdi_id": "ZDI-14-362" }, { "cve": "CVE-2014-2636", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerabil...", "detail_json": "/data/advisories/ZDI-14-361/advisory.json", "detail_path": "advisories/ZDI-14-361", "id": "ZDI-14-361", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Hewlett-Packard Sprinter TTF16.ocx AttachToSS Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-361/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2336", "zdi_id": "ZDI-14-361" }, { "cve": "CVE-2014-2637", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerabil...", "detail_json": "/data/advisories/ZDI-14-360/advisory.json", "detail_path": "advisories/ZDI-14-360", "id": "ZDI-14-360", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Hewlett-Packard Sprinter TTF16.ocx CopyRange/CopyRangeEx Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-360/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2342", "zdi_id": "ZDI-14-360" }, { "cve": "CVE-2014-2638", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerabil...", "detail_json": "/data/advisories/ZDI-14-359/advisory.json", "detail_path": "advisories/ZDI-14-359", "id": "ZDI-14-359", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Hewlett-Packard Sprinter TTF16.ocx DefaultFontName Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-359/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2344", "zdi_id": "ZDI-14-359" }, { "cve": "CVE-2014-2635", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerabil...", "detail_json": "/data/advisories/ZDI-14-358/advisory.json", "detail_path": "advisories/ZDI-14-358", "id": "ZDI-14-358", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Hewlett-Packard Sprinter TTF16.ocx SwapTables Method Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-358/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2343", "zdi_id": "ZDI-14-358" }, { "cve": "CVE-2014-1769", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-357/advisory.json", "detail_path": "advisories/ZDI-14-357", "id": "ZDI-14-357", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-357/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2280", "zdi_id": "ZDI-14-357" }, { "cve": "CVE-2014-4145", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-356/advisory.json", "detail_path": "advisories/ZDI-14-356", "id": "ZDI-14-356", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CElement::DelMarkupPtr Out-Of-Bounds Read Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-356/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2388", "zdi_id": "ZDI-14-356" }, { "cve": "CVE-2014-4092", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-355/advisory.json", "detail_path": "advisories/ZDI-14-355", "id": "ZDI-14-355", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CTableCell Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-355/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2398", "zdi_id": "ZDI-14-355" }, { "cve": "CVE-2014-1799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-354/advisory.json", "detail_path": "advisories/ZDI-14-354", "id": "ZDI-14-354", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-354/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2359", "zdi_id": "ZDI-14-354" }, { "cve": "CVE-2014-4130", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-353/advisory.json", "detail_path": "advisories/ZDI-14-353", "id": "ZDI-14-353", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer Title attribute Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-353/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2377", "zdi_id": "ZDI-14-353" }, { "cve": "CVE-2014-4138", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-352/advisory.json", "detail_path": "advisories/ZDI-14-352", "id": "ZDI-14-352", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer ConvertBitmaptoPng Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-352/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2382", "zdi_id": "ZDI-14-352" }, { "cve": "CVE-2014-4141", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-351/advisory.json", "detail_path": "advisories/ZDI-14-351", "id": "ZDI-14-351", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-351/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2397", "zdi_id": "ZDI-14-351" }, { "cve": "CVE-2014-4117", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-14-350/advisory.json", "detail_path": "advisories/ZDI-14-350", "id": "ZDI-14-350", "kind": "published", "published_date": "2014-10-14", "status": "published", "title": "Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-350/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2484", "zdi_id": "ZDI-14-350" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-349/advisory.json", "detail_path": "advisories/ZDI-14-349", "id": "ZDI-14-349", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) Microsoft Internet Explorer ScriptEngine Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-349/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2387", "zdi_id": "ZDI-14-349" }, { "cve": "CVE-2014-6434", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insu...", "detail_json": "/data/advisories/ZDI-14-348/advisory.json", "detail_path": "advisories/ZDI-14-348", "id": "ZDI-14-348", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) GoPro HERO 3+ gpExec restart Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-348/", "vendor": "GoPro", "vendor_url": null, "zdi_can": "ZDI-CAN-2168", "zdi_id": "ZDI-14-348" }, { "cve": "CVE-2014-6433", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insu...", "detail_json": "/data/advisories/ZDI-14-347/advisory.json", "detail_path": "advisories/ZDI-14-347", "id": "ZDI-14-347", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) GoPro HERO 3+ gpExec start Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-347/", "vendor": "GoPro", "vendor_url": null, "zdi_can": "ZDI-CAN-2162", "zdi_id": "ZDI-14-347" }, { "cve": null, "cvss": 4.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-14-346/advisory.json", "detail_path": "advisories/ZDI-14-346", "id": "ZDI-14-346", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) Apple OS X IOHIDSecurePromptClient Denial Of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-346/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2147", "zdi_id": "ZDI-14-346" }, { "cve": null, "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within omnidlc.exe which can be called v...", "detail_json": "/data/advisories/ZDI-14-345/advisory.json", "detail_path": "advisories/ZDI-14-345", "id": "ZDI-14-345", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector omnidlc Buffer Overflow Remote Code Execution Vulnerabililty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-345/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2200", "zdi_id": "ZDI-14-345" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXEC_INTEGUT...", "detail_json": "/data/advisories/ZDI-14-344/advisory.json", "detail_path": "advisories/ZDI-14-344", "id": "ZDI-14-344", "kind": "published", "published_date": "2014-10-02", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-344/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2266", "zdi_id": "ZDI-14-344" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-343/advisory.json", "detail_path": "advisories/ZDI-14-343", "id": "ZDI-14-343", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Command 685 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-343/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2373", "zdi_id": "ZDI-14-343" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-342/advisory.json", "detail_path": "advisories/ZDI-14-342", "id": "ZDI-14-342", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -D Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-342/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2179", "zdi_id": "ZDI-14-342" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-341/advisory.json", "detail_path": "advisories/ZDI-14-341", "id": "ZDI-14-341", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -T Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-341/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2178", "zdi_id": "ZDI-14-341" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-340/advisory.json", "detail_path": "advisories/ZDI-14-340", "id": "ZDI-14-340", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -L Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-340/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2177", "zdi_id": "ZDI-14-340" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-339/advisory.json", "detail_path": "advisories/ZDI-14-339", "id": "ZDI-14-339", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -D Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-339/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2176", "zdi_id": "ZDI-14-339" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-338/advisory.json", "detail_path": "advisories/ZDI-14-338", "id": "ZDI-14-338", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -T Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-338/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2175", "zdi_id": "ZDI-14-338" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-337/advisory.json", "detail_path": "advisories/ZDI-14-337", "id": "ZDI-14-337", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Option -L Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-337/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2174", "zdi_id": "ZDI-14-337" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-336/advisory.json", "detail_path": "advisories/ZDI-14-336", "id": "ZDI-14-336", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-336/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2173", "zdi_id": "ZDI-14-336" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-335/advisory.json", "detail_path": "advisories/ZDI-14-335", "id": "ZDI-14-335", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-335/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2078", "zdi_id": "ZDI-14-335" }, { "cve": "CVE-2014-5501", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-334/advisory.json", "detail_path": "advisories/ZDI-14-334", "id": "ZDI-14-334", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam diagnose Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-334/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2332", "zdi_id": "ZDI-14-334" }, { "cve": "CVE-2014-5502", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability. The specific flaw exists within the sslvpn_liveuser_delete opcode. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-333/advisory.json", "detail_path": "advisories/ZDI-14-333", "id": "ZDI-14-333", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam sslvpn_liveuser_delete Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-333/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2327", "zdi_id": "ZDI-14-333" }, { "cve": "CVE-2014-5502", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability. The specific flaw exists within the webclient_portal_settings opcode. The issue lies...", "detail_json": "/data/advisories/ZDI-14-332/advisory.json", "detail_path": "advisories/ZDI-14-332", "id": "ZDI-14-332", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam webclient_portal_settings Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-332/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2328", "zdi_id": "ZDI-14-332" }, { "cve": "CVE-2014-5502", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability. The specific flaw exists within the checkcert_key opcode. The issue lies in the fail...", "detail_json": "/data/advisories/ZDI-14-331/advisory.json", "detail_path": "advisories/ZDI-14-331", "id": "ZDI-14-331", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam checkcert_key Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-331/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2329", "zdi_id": "ZDI-14-331" }, { "cve": "CVE-2014-4112", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-330/advisory.json", "detail_path": "advisories/ZDI-14-330", "id": "ZDI-14-330", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-330/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2185", "zdi_id": "ZDI-14-330" }, { "cve": "CVE-2014-5503", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL on vulnerable installations of Sophos Cyberoam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the add_guest_user opcode. The issue lies in the...", "detail_json": "/data/advisories/ZDI-14-329/advisory.json", "detail_path": "advisories/ZDI-14-329", "id": "ZDI-14-329", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam add_guest_user Blind SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-329/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2331", "zdi_id": "ZDI-14-329" }, { "cve": "CVE-2014-5502", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability. The specific flaw exists within the ccc_flush_sql_file opcode. The issue lies in the...", "detail_json": "/data/advisories/ZDI-14-328/advisory.json", "detail_path": "advisories/ZDI-14-328", "id": "ZDI-14-328", "kind": "published", "published_date": "2014-10-01", "status": "published", "title": "Sophos Cyberoam ccc_flush_sql_file Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-328/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2330", "zdi_id": "ZDI-14-328" }, { "cve": "CVE-2014-4067", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-327/advisory.json", "detail_path": "advisories/ZDI-14-327", "id": "ZDI-14-327", "kind": "published", "published_date": "2014-09-25", "status": "published", "title": "Microsoft Internet Explorer CSS Transition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-327/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2346", "zdi_id": "ZDI-14-327" }, { "cve": "CVE-2014-4350", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-326/advisory.json", "detail_path": "advisories/ZDI-14-326", "id": "ZDI-14-326", "kind": "published", "published_date": "2014-09-22", "status": "published", "title": "Apple QuickTime MIDI Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-326/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2238", "zdi_id": "ZDI-14-326" }, { "cve": "CVE-2014-1391", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-325/advisory.json", "detail_path": "advisories/ZDI-14-325", "id": "ZDI-14-325", "kind": "published", "published_date": "2014-09-22", "status": "published", "title": "Apple QuickTime mdat Atom Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-325/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1996", "zdi_id": "ZDI-14-325" }, { "cve": "CVE-2014-0561", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-324/advisory.json", "detail_path": "advisories/ZDI-14-324", "id": "ZDI-14-324", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Adobe Reader 3DIF Plugin Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-324/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2300", "zdi_id": "ZDI-14-324" }, { "cve": "CVE-2014-0567", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-323/advisory.json", "detail_path": "advisories/ZDI-14-323", "id": "ZDI-14-323", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Adobe Reader replace() Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-323/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2432", "zdi_id": "ZDI-14-323" }, { "cve": "CVE-2014-4101", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-14-322/advisory.json", "detail_path": "advisories/ZDI-14-322", "id": "ZDI-14-322", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer UpdateColumnAndColGroupStyles Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-322/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2487", "zdi_id": "ZDI-14-322" }, { "cve": "CVE-2014-4092", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-321/advisory.json", "detail_path": "advisories/ZDI-14-321", "id": "ZDI-14-321", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CTableOMRowCache Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-321/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2403", "zdi_id": "ZDI-14-321" }, { "cve": "CVE-2014-4092", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-320/advisory.json", "detail_path": "advisories/ZDI-14-320", "id": "ZDI-14-320", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CTableOMRowCache Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-320/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2430", "zdi_id": "ZDI-14-320" }, { "cve": "CVE-2014-4096", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-319/advisory.json", "detail_path": "advisories/ZDI-14-319", "id": "ZDI-14-319", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CBackgroundCollection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-319/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2486", "zdi_id": "ZDI-14-319" }, { "cve": "CVE-2014-4079", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-318/advisory.json", "detail_path": "advisories/ZDI-14-318", "id": "ZDI-14-318", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-318/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2393", "zdi_id": "ZDI-14-318" }, { "cve": "CVE-2014-4090", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-317/advisory.json", "detail_path": "advisories/ZDI-14-317", "id": "ZDI-14-317", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CTableCell Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-317/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2412", "zdi_id": "ZDI-14-317" }, { "cve": "CVE-2014-4085", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-316/advisory.json", "detail_path": "advisories/ZDI-14-316", "id": "ZDI-14-316", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-316/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2391", "zdi_id": "ZDI-14-316" }, { "cve": "CVE-2014-4108", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-315/advisory.json", "detail_path": "advisories/ZDI-14-315", "id": "ZDI-14-315", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CTable Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-315/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2401", "zdi_id": "ZDI-14-315" }, { "cve": "CVE-2014-4107", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-314/advisory.json", "detail_path": "advisories/ZDI-14-314", "id": "ZDI-14-314", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-314/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2400", "zdi_id": "ZDI-14-314" }, { "cve": "CVE-2014-4105", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-313/advisory.json", "detail_path": "advisories/ZDI-14-313", "id": "ZDI-14-313", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CSelectTracker::GetMoveDirection Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-313/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2392", "zdi_id": "ZDI-14-313" }, { "cve": "CVE-2014-4103", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-14-312/advisory.json", "detail_path": "advisories/ZDI-14-312", "id": "ZDI-14-312", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CDataBindTask Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-312/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2390", "zdi_id": "ZDI-14-312" }, { "cve": "CVE-2014-4099", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-311/advisory.json", "detail_path": "advisories/ZDI-14-311", "id": "ZDI-14-311", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CCanvasRadialGradient Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-311/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2356", "zdi_id": "ZDI-14-311" }, { "cve": "CVE-2014-4098", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-310/advisory.json", "detail_path": "advisories/ZDI-14-310", "id": "ZDI-14-310", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-310/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2364", "zdi_id": "ZDI-14-310" }, { "cve": "CVE-2014-4096", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-309/advisory.json", "detail_path": "advisories/ZDI-14-309", "id": "ZDI-14-309", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer Empty CAttrValue Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-309/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2353", "zdi_id": "ZDI-14-309" }, { "cve": "CVE-2014-4097", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-308/advisory.json", "detail_path": "advisories/ZDI-14-308", "id": "ZDI-14-308", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CFieldSetLayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-308/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2347", "zdi_id": "ZDI-14-308" }, { "cve": "CVE-2014-4095", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-307/advisory.json", "detail_path": "advisories/ZDI-14-307", "id": "ZDI-14-307", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CHTMLEditorProxy Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-307/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2345", "zdi_id": "ZDI-14-307" }, { "cve": "CVE-2014-4065", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-306/advisory.json", "detail_path": "advisories/ZDI-14-306", "id": "ZDI-14-306", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-306/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2276", "zdi_id": "ZDI-14-306" }, { "cve": "CVE-2014-2624", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ovopi.dll which listens by...", "detail_json": "/data/advisories/ZDI-14-305/advisory.json", "detail_path": "advisories/ZDI-14-305", "id": "ZDI-14-305", "kind": "published", "published_date": "2014-09-16", "status": "published", "title": "Hewlett-Packard Network Node Manager ovopi.dll Stack Based Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-305/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2264", "zdi_id": "ZDI-14-305" }, { "cve": "CVE-2014-1567", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-304/advisory.json", "detail_path": "advisories/ZDI-14-304", "id": "ZDI-14-304", "kind": "published", "published_date": "2014-09-03", "status": "published", "title": "Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-304/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2394", "zdi_id": "ZDI-14-304" }, { "cve": "CVE-2014-5504", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the usage of HyperSQL. The issu...", "detail_json": "/data/advisories/ZDI-14-303/advisory.json", "detail_path": "advisories/ZDI-14-303", "id": "ZDI-14-303", "kind": "published", "published_date": "2014-09-03", "status": "published", "title": "SolarWinds Log and Event Manager Static Credential Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-303/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2154", "zdi_id": "ZDI-14-303" }, { "cve": "CVE-2014-5506", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-302/advisory.json", "detail_path": "advisories/ZDI-14-302", "id": "ZDI-14-302", "kind": "published", "published_date": "2014-09-03", "status": "published", "title": "SAP Crystal Reports Connection String Processing Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-302/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2143", "zdi_id": "ZDI-14-302" }, { "cve": "CVE-2014-5505", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-301/advisory.json", "detail_path": "advisories/ZDI-14-301", "id": "ZDI-14-301", "kind": "published", "published_date": "2014-09-03", "status": "published", "title": "SAP Crystal Reports Datasource Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-301/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-2146", "zdi_id": "ZDI-14-301" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetIQ AppManager Client Resource Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists because the installer defaults...", "detail_json": "/data/advisories/ZDI-14-300/advisory.json", "detail_path": "advisories/ZDI-14-300", "id": "ZDI-14-300", "kind": "published", "published_date": "2014-09-03", "status": "published", "title": "Attachmate AppManager Client Resource Monitor Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-300/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2139", "zdi_id": "ZDI-14-300" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The i...", "detail_json": "/data/advisories/ZDI-14-299/advisory.json", "detail_path": "advisories/ZDI-14-299", "id": "ZDI-14-299", "kind": "published", "published_date": "2014-08-27", "status": "published", "title": "SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-299/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-2087", "zdi_id": "ZDI-14-299" }, { "cve": "CVE-2014-2351", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CSWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sa...", "detail_json": "/data/advisories/ZDI-14-298/advisory.json", "detail_path": "advisories/ZDI-14-298", "id": "ZDI-14-298", "kind": "published", "published_date": "2014-08-27", "status": "published", "title": "CSWorks Software Framework SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-298/", "vendor": "CSWorks", "vendor_url": null, "zdi_can": "ZDI-CAN-2191", "zdi_id": "ZDI-14-298" }, { "cve": "CVE-2014-3411", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper Network and Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XDB service. The issue...", "detail_json": "/data/advisories/ZDI-14-297/advisory.json", "detail_path": "advisories/ZDI-14-297", "id": "ZDI-14-297", "kind": "published", "published_date": "2014-08-27", "status": "published", "title": "Juniper Network and Security Manager XDB Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-297/", "vendor": "Juniper", "vendor_url": null, "zdi_can": "ZDI-CAN-2151", "zdi_id": "ZDI-14-297" }, { "cve": "CVE-2014-0600", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of the poLibMaintenanceFileSave...", "detail_json": "/data/advisories/ZDI-14-296/advisory.json", "detail_path": "advisories/ZDI-14-296", "id": "ZDI-14-296", "kind": "published", "published_date": "2014-08-26", "status": "published", "title": "Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-296/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-2287", "zdi_id": "ZDI-14-296" }, { "cve": "CVE-2014-5210", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-295/advisory.json", "detail_path": "advisories/ZDI-14-295", "id": "ZDI-14-295", "kind": "published", "published_date": "2014-08-14", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-295/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2292", "zdi_id": "ZDI-14-295" }, { "cve": "CVE-2014-5210", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-294/advisory.json", "detail_path": "advisories/ZDI-14-294", "id": "ZDI-14-294", "kind": "published", "published_date": "2014-08-14", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-294/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2290", "zdi_id": "ZDI-14-294" }, { "cve": "CVE-2014-2949", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of F5 Data Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discoverFilerBasicInfo.jsft page. An attacke...", "detail_json": "/data/advisories/ZDI-14-293/advisory.json", "detail_path": "advisories/ZDI-14-293", "id": "ZDI-14-293", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "(0Day) F5 Data Manager discoverFilerBasicInfo.jsft filerName SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-293/", "vendor": "F5", "vendor_url": null, "zdi_can": "ZDI-CAN-2308", "zdi_id": "ZDI-14-293" }, { "cve": "CVE-2014-2819", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-292/advisory.json", "detail_path": "advisories/ZDI-14-292", "id": "ZDI-14-292", "kind": "published", "published_date": "2014-08-07", "status": "published", "title": "(0Day) (Pwn2Own) Microsoft Internet Explorer PresentationHost.exe Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-292/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2236", "zdi_id": "ZDI-14-292" }, { "cve": "CVE-2014-0603", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Pro FTP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-291/advisory.json", "detail_path": "advisories/ZDI-14-291", "id": "ZDI-14-291", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Attachmate Reflection Pro FTP rftpcom15.dll GetSiteProperties3 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-291/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2354", "zdi_id": "ZDI-14-291" }, { "cve": "CVE-2014-0605", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Secure FTP Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-14-290/advisory.json", "detail_path": "advisories/ZDI-14-290", "id": "ZDI-14-290", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Attachmate Reflection Secure FTP Client rftpcom.dll SaveSettings Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-290/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2106", "zdi_id": "ZDI-14-290" }, { "cve": "CVE-2014-0604", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Secure FTP Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-14-289/advisory.json", "detail_path": "advisories/ZDI-14-289", "id": "ZDI-14-289", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Attachmate Reflection Secure FTP Client rftpcom.dll StartLog Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-289/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2081", "zdi_id": "ZDI-14-289" }, { "cve": "CVE-2014-0603", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Secure FTP Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-14-288/advisory.json", "detail_path": "advisories/ZDI-14-288", "id": "ZDI-14-288", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Attachmate Reflection Secure FTP Client rftpcom.dll Multiple Memory Corruption Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-288/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2075", "zdi_id": "ZDI-14-288" }, { "cve": "CVE-2014-4060", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-14-287/advisory.json", "detail_path": "advisories/ZDI-14-287", "id": "ZDI-14-287", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Windows Media Center CSyncBasePlayer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-287/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2277", "zdi_id": "ZDI-14-287" }, { "cve": "CVE-2014-4051", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-286/advisory.json", "detail_path": "advisories/ZDI-14-286", "id": "ZDI-14-286", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CPhraseElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-286/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2316", "zdi_id": "ZDI-14-286" }, { "cve": "CVE-2014-4050", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-285/advisory.json", "detail_path": "advisories/ZDI-14-285", "id": "ZDI-14-285", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer first-letter Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-285/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2309", "zdi_id": "ZDI-14-285" }, { "cve": "CVE-2014-2827", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-284/advisory.json", "detail_path": "advisories/ZDI-14-284", "id": "ZDI-14-284", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer Arrow Key Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-284/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2278", "zdi_id": "ZDI-14-284" }, { "cve": "CVE-2014-4056", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-283/advisory.json", "detail_path": "advisories/ZDI-14-283", "id": "ZDI-14-283", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-283/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2272", "zdi_id": "ZDI-14-283" }, { "cve": "CVE-2014-4058", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-282/advisory.json", "detail_path": "advisories/ZDI-14-282", "id": "ZDI-14-282", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CScriptElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-282/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2323", "zdi_id": "ZDI-14-282" }, { "cve": "CVE-2014-4055", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-281/advisory.json", "detail_path": "advisories/ZDI-14-281", "id": "ZDI-14-281", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CInput onfocus Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-281/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2315", "zdi_id": "ZDI-14-281" }, { "cve": "CVE-2014-4052", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-280/advisory.json", "detail_path": "advisories/ZDI-14-280", "id": "ZDI-14-280", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-280/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2314", "zdi_id": "ZDI-14-280" }, { "cve": "CVE-2014-2631", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Manag...", "detail_json": "/data/advisories/ZDI-14-279/advisory.json", "detail_path": "advisories/ZDI-14-279", "id": "ZDI-14-279", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Hewlett-Packard Application Lifecycle Manager DLL Planting Elevation of Privilege Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-279/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2138", "zdi_id": "ZDI-14-279" }, { "cve": "CVE-2014-2820", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-278/advisory.json", "detail_path": "advisories/ZDI-14-278", "id": "ZDI-14-278", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CDOMUIEvent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-278/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2243", "zdi_id": "ZDI-14-278" }, { "cve": "CVE-2014-0540", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose memory addresses on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-14-277/advisory.json", "detail_path": "advisories/ZDI-14-277", "id": "ZDI-14-277", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Adobe Flash Player Vector Object Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-277/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2326", "zdi_id": "ZDI-14-277" }, { "cve": "CVE-2014-2818", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-276/advisory.json", "detail_path": "advisories/ZDI-14-276", "id": "ZDI-14-276", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CScriptData Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-276/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2204", "zdi_id": "ZDI-14-276" }, { "cve": "CVE-2014-2774", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-275/advisory.json", "detail_path": "advisories/ZDI-14-275", "id": "ZDI-14-275", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CElement::GetClassCacheArray Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-275/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2156", "zdi_id": "ZDI-14-275" }, { "cve": "CVE-2014-4063", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-274/advisory.json", "detail_path": "advisories/ZDI-14-274", "id": "ZDI-14-274", "kind": "published", "published_date": "2014-08-12", "status": "published", "title": "Microsoft Internet Explorer CSegment Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-274/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2184", "zdi_id": "ZDI-14-274" }, { "cve": "CVE-2014-5158", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-273/advisory.json", "detail_path": "advisories/ZDI-14-273", "id": "ZDI-14-273", "kind": "published", "published_date": "2014-08-01", "status": "published", "title": "AlienVault OSSIM av-centerd Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-273/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2193", "zdi_id": "ZDI-14-273" }, { "cve": "CVE-2014-5158", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ossim-framework service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-272/advisory.json", "detail_path": "advisories/ZDI-14-272", "id": "ZDI-14-272", "kind": "published", "published_date": "2014-08-01", "status": "published", "title": "AlienVault OSSIM backup Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-272/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2182", "zdi_id": "ZDI-14-272" }, { "cve": "CVE-2014-5159", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ossim-framework service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-271/advisory.json", "detail_path": "advisories/ZDI-14-271", "id": "ZDI-14-271", "kind": "published", "published_date": "2014-08-01", "status": "published", "title": "AlienVault OSSIM ws_data SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-271/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2181", "zdi_id": "ZDI-14-271" }, { "cve": "CVE-2014-1762", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-270/advisory.json", "detail_path": "advisories/ZDI-14-270", "id": "ZDI-14-270", "kind": "published", "published_date": "2014-07-30", "status": "published", "title": "(0Day) (Pwn2Own\\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-270/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2209", "zdi_id": "ZDI-14-270" }, { "cve": "CVE-2014-0607", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Verastream Process Designer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'DeploymentService' A...", "detail_json": "/data/advisories/ZDI-14-269/advisory.json", "detail_path": "advisories/ZDI-14-269", "id": "ZDI-14-269", "kind": "published", "published_date": "2014-07-30", "status": "published", "title": "Attachmate Verastream Process Designer Process Server Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-269/", "vendor": "Attachmate", "vendor_url": null, "zdi_can": "ZDI-CAN-2161", "zdi_id": "ZDI-14-269" }, { "cve": "CVE-2014-2626", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Visualization. Authentication is not required to exploit this vulnerability. The specific flaw exists within the toServerObject functio...", "detail_json": "/data/advisories/ZDI-14-268/advisory.json", "detail_path": "advisories/ZDI-14-268", "id": "ZDI-14-268", "kind": "published", "published_date": "2014-07-24", "status": "published", "title": "Shunra Network Virtualization for Hewlett-Packard toServerObject() Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-268/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2024", "zdi_id": "ZDI-14-268" }, { "cve": "CVE-2014-2625", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Visualization. Authentication is not required to exploit this vulnerability. The specific flaw exists within the storedNtxFile function...", "detail_json": "/data/advisories/ZDI-14-267/advisory.json", "detail_path": "advisories/ZDI-14-267", "id": "ZDI-14-267", "kind": "published", "published_date": "2014-07-24", "status": "published", "title": "Shunra Network Virtualization for Hewlett-Packard storedNtxFile() Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-267/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2023", "zdi_id": "ZDI-14-267" }, { "cve": "CVE-2014-2803", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-266/advisory.json", "detail_path": "advisories/ZDI-14-266", "id": "ZDI-14-266", "kind": "published", "published_date": "2014-07-24", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-266/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2363", "zdi_id": "ZDI-14-266" }, { "cve": "CVE-2014-2802", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-265/advisory.json", "detail_path": "advisories/ZDI-14-265", "id": "ZDI-14-265", "kind": "published", "published_date": "2014-07-24", "status": "published", "title": "Microsoft Internet Explorer CTitleElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-265/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2376", "zdi_id": "ZDI-14-265" }, { "cve": "CVE-2014-4979", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-264/advisory.json", "detail_path": "advisories/ZDI-14-264", "id": "ZDI-14-264", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "(0Day) Apple QuickTime 'mvhd' Atom Heap Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-264/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2082", "zdi_id": "ZDI-14-264" }, { "cve": "CVE-2014-5160", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default...", "detail_json": "/data/advisories/ZDI-14-263/advisory.json", "detail_path": "advisories/ZDI-14-263", "id": "ZDI-14-263", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-263/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2170", "zdi_id": "ZDI-14-263" }, { "cve": "CVE-2014-5160", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default...", "detail_json": "/data/advisories/ZDI-14-262/advisory.json", "detail_path": "advisories/ZDI-14-262", "id": "ZDI-14-262", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-262/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2153", "zdi_id": "ZDI-14-262" }, { "cve": "CVE-2014-1765", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-261/advisory.json", "detail_path": "advisories/ZDI-14-261", "id": "ZDI-14-261", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-261/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2366", "zdi_id": "ZDI-14-261" }, { "cve": "CVE-2014-1799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-260/advisory.json", "detail_path": "advisories/ZDI-14-260", "id": "ZDI-14-260", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "Microsoft Internet Explorer CMarkupPointer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-260/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2371", "zdi_id": "ZDI-14-260" }, { "cve": "CVE-2014-2764", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-259/advisory.json", "detail_path": "advisories/ZDI-14-259", "id": "ZDI-14-259", "kind": "published", "published_date": "2014-07-23", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-259/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2187", "zdi_id": "ZDI-14-259" }, { "cve": "CVE-2014-2490", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-258/advisory.json", "detail_path": "advisories/ZDI-14-258", "id": "ZDI-14-258", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Oracle Java ResourceBundle Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-258/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2246", "zdi_id": "ZDI-14-258" }, { "cve": "CVE-2014-4249", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence Mobile App Designer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UIXCacheRes...", "detail_json": "/data/advisories/ZDI-14-257/advisory.json", "detail_path": "advisories/ZDI-14-257", "id": "ZDI-14-257", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Oracle Business Intelligence Mobile App Designer UIXCacheResourceServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-257/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2107", "zdi_id": "ZDI-14-257" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-256/advisory.json", "detail_path": "advisories/ZDI-14-256", "id": "ZDI-14-256", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx ServerResponse Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-256/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2067", "zdi_id": "ZDI-14-256" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-255/advisory.json", "detail_path": "advisories/ZDI-14-255", "id": "ZDI-14-255", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx GetColor Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-255/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2066", "zdi_id": "ZDI-14-255" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-254/advisory.json", "detail_path": "advisories/ZDI-14-254", "id": "ZDI-14-254", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx AlarmImage Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-254/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2064", "zdi_id": "ZDI-14-254" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-253/advisory.json", "detail_path": "advisories/ZDI-14-253", "id": "ZDI-14-253", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx SetColor Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-253/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2063", "zdi_id": "ZDI-14-253" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-252/advisory.json", "detail_path": "advisories/ZDI-14-252", "id": "ZDI-14-252", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx CCDParameter Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-252/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2062", "zdi_id": "ZDI-14-252" }, { "cve": "CVE-2014-2365", "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gmicons.asp functionality. By providing...", "detail_json": "/data/advisories/ZDI-14-251/advisory.json", "detail_path": "advisories/ZDI-14-251", "id": "ZDI-14-251", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-251/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2086", "zdi_id": "ZDI-14-251" }, { "cve": "CVE-2014-2366", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose arbitrary credentials on vulnerable versions of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within the upAdminPg.asp component. An authenticated...", "detail_json": "/data/advisories/ZDI-14-250/advisory.json", "detail_path": "advisories/ZDI-14-250", "id": "ZDI-14-250", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess Password Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-250/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2085", "zdi_id": "ZDI-14-250" }, { "cve": "CVE-2014-2367", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. B...", "detail_json": "/data/advisories/ZDI-14-249/advisory.json", "detail_path": "advisories/ZDI-14-249", "id": "ZDI-14-249", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess Remote Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-249/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2079", "zdi_id": "ZDI-14-249" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-248/advisory.json", "detail_path": "advisories/ZDI-14-248", "id": "ZDI-14-248", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx IPAddress Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-248/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2069", "zdi_id": "ZDI-14-248" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-247/advisory.json", "detail_path": "advisories/ZDI-14-247", "id": "ZDI-14-247", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx SetBaud Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-247/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2068", "zdi_id": "ZDI-14-247" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-246/advisory.json", "detail_path": "advisories/ZDI-14-246", "id": "ZDI-14-246", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx GetParameter Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-246/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2065", "zdi_id": "ZDI-14-246" }, { "cve": "CVE-2014-2368", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to install certain ActiveX controls without user interaction on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-14-245/advisory.json", "detail_path": "advisories/ZDI-14-245", "id": "ZDI-14-245", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess bwocxrun ActiveX Control Installation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-245/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2061", "zdi_id": "ZDI-14-245" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-244/advisory.json", "detail_path": "advisories/ZDI-14-244", "id": "ZDI-14-244", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess webdact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-244/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2045", "zdi_id": "ZDI-14-244" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-243/advisory.json", "detail_path": "advisories/ZDI-14-243", "id": "ZDI-14-243", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess webdact.ocx ProjectName Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-243/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2044", "zdi_id": "ZDI-14-243" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-242/advisory.json", "detail_path": "advisories/ZDI-14-242", "id": "ZDI-14-242", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess dvs.ocx SetParameter Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-242/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2043", "zdi_id": "ZDI-14-242" }, { "cve": "CVE-2014-2364", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-241/advisory.json", "detail_path": "advisories/ZDI-14-241", "id": "ZDI-14-241", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Advantech WebAccess webvact.ocx ProjectName Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-241/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2032", "zdi_id": "ZDI-14-241" }, { "cve": "CVE-2014-1371", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-14-240/advisory.json", "detail_path": "advisories/ZDI-14-240", "id": "ZDI-14-240", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Apple OS X Dock Service Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-240/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2285", "zdi_id": "ZDI-14-240" }, { "cve": "CVE-2014-0117", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_proxy module. The issue...", "detail_json": "/data/advisories/ZDI-14-239/advisory.json", "detail_path": "advisories/ZDI-14-239", "id": "ZDI-14-239", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Apache HTTP Server mod_proxy Denial Of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-239/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-2241", "zdi_id": "ZDI-14-239" }, { "cve": "CVE-2014-0308", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-238/advisory.json", "detail_path": "advisories/ZDI-14-238", "id": "ZDI-14-238", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Microsoft Internet Explorer CUListElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-238/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2201", "zdi_id": "ZDI-14-238" }, { "cve": "CVE-2014-1799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-237/advisory.json", "detail_path": "advisories/ZDI-14-237", "id": "ZDI-14-237", "kind": "published", "published_date": "2014-07-18", "status": "published", "title": "Microsoft Internet Explorer CView Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-237/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2368", "zdi_id": "ZDI-14-237" }, { "cve": "CVE-2014-0226", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updating of mod_status. A race condition...", "detail_json": "/data/advisories/ZDI-14-236/advisory.json", "detail_path": "advisories/ZDI-14-236", "id": "ZDI-14-236", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-236/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-2340", "zdi_id": "ZDI-14-236" }, { "cve": "CVE-2014-2622", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet s...", "detail_json": "/data/advisories/ZDI-14-235/advisory.json", "detail_path": "advisories/ZDI-14-235", "id": "ZDI-14-235", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-235/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2312", "zdi_id": "ZDI-14-235" }, { "cve": "CVE-2014-2621", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IctDownloadSer...", "detail_json": "/data/advisories/ZDI-14-234/advisory.json", "detail_path": "advisories/ZDI-14-234", "id": "ZDI-14-234", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center IctDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-234/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2090", "zdi_id": "ZDI-14-234" }, { "cve": "CVE-2014-2620", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FaultDownloadS...", "detail_json": "/data/advisories/ZDI-14-233/advisory.json", "detail_path": "advisories/ZDI-14-233", "id": "ZDI-14-233", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center FaultDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-233/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2089", "zdi_id": "ZDI-14-233" }, { "cve": "CVE-2014-2619", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyslogDownload...", "detail_json": "/data/advisories/ZDI-14-232/advisory.json", "detail_path": "advisories/ZDI-14-232", "id": "ZDI-14-232", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center SyslogDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-232/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2088", "zdi_id": "ZDI-14-232" }, { "cve": "CVE-2014-2618", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet...", "detail_json": "/data/advisories/ZDI-14-231/advisory.json", "detail_path": "advisories/ZDI-14-231", "id": "ZDI-14-231", "kind": "published", "published_date": "2014-07-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center BIMS UploadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-231/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2080", "zdi_id": "ZDI-14-231" }, { "cve": "CVE-2014-2617", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of Hewl...", "detail_json": "/data/advisories/ZDI-14-230/advisory.json", "detail_path": "advisories/ZDI-14-230", "id": "ZDI-14-230", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-230/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2104", "zdi_id": "ZDI-14-230" }, { "cve": "CVE-2014-2615", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mam-collectors servlet. The i...", "detail_json": "/data/advisories/ZDI-14-229/advisory.json", "detail_path": "advisories/ZDI-14-229", "id": "ZDI-14-229", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Hewlett-Packard Universal CMDB mam-collectors Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-229/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2083", "zdi_id": "ZDI-14-229" }, { "cve": "CVE-2014-2614", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmailServlet servlet. The issue li...", "detail_json": "/data/advisories/ZDI-14-228/advisory.json", "detail_path": "advisories/ZDI-14-228", "id": "ZDI-14-228", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Hewlett-Packard SiteScope EmailServlet servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-228/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2140", "zdi_id": "ZDI-14-228" }, { "cve": "CVE-2014-2761", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-227/advisory.json", "detail_path": "advisories/ZDI-14-227", "id": "ZDI-14-227", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer TextBlockRun Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-227/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2367", "zdi_id": "ZDI-14-227" }, { "cve": "CVE-2014-1769", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-226/advisory.json", "detail_path": "advisories/ZDI-14-226", "id": "ZDI-14-226", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-226/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2370", "zdi_id": "ZDI-14-226" }, { "cve": "CVE-2014-2813", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-225/advisory.json", "detail_path": "advisories/ZDI-14-225", "id": "ZDI-14-225", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-225/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2303", "zdi_id": "ZDI-14-225" }, { "cve": "CVE-2014-4647", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-14-224/advisory.json", "detail_path": "advisories/ZDI-14-224", "id": "ZDI-14-224", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-224/", "vendor": "Embarcadero", "vendor_url": null, "zdi_can": "ZDI-CAN-2302", "zdi_id": "ZDI-14-224" }, { "cve": "CVE-2014-1765", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-223/advisory.json", "detail_path": "advisories/ZDI-14-223", "id": "ZDI-14-223", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-223/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2269", "zdi_id": "ZDI-14-223" }, { "cve": "CVE-2014-2809", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-222/advisory.json", "detail_path": "advisories/ZDI-14-222", "id": "ZDI-14-222", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-222/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2239", "zdi_id": "ZDI-14-222" }, { "cve": "CVE-2014-2780", "cvss": 4.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-14-221/advisory.json", "detail_path": "advisories/ZDI-14-221", "id": "ZDI-14-221", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(Pwn2Own) Microsoft Windows DirectShow Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-221/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2231", "zdi_id": "ZDI-14-221" }, { "cve": "CVE-2014-1767", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-14-220/advisory.json", "detail_path": "advisories/ZDI-14-220", "id": "ZDI-14-220", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(Pwn2Own) Microsoft Windows AFD.SYS Dangling Pointer Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-220/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2228", "zdi_id": "ZDI-14-220" }, { "cve": "CVE-2014-1765", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-219/advisory.json", "detail_path": "advisories/ZDI-14-219", "id": "ZDI-14-219", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-219/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2226", "zdi_id": "ZDI-14-219" }, { "cve": "CVE-2014-2781", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-14-218/advisory.json", "detail_path": "advisories/ZDI-14-218", "id": "ZDI-14-218", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(Pwn2Own) Microsoft On-Screen Keyboard Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-218/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2224", "zdi_id": "ZDI-14-218" }, { "cve": "CVE-2014-1763", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-217/advisory.json", "detail_path": "advisories/ZDI-14-217", "id": "ZDI-14-217", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer CSS Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-217/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2212", "zdi_id": "ZDI-14-217" }, { "cve": "CVE-2014-2792", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-216/advisory.json", "detail_path": "advisories/ZDI-14-216", "id": "ZDI-14-216", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer CDOMNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-216/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2203", "zdi_id": "ZDI-14-216" }, { "cve": "CVE-2014-2791", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-215/advisory.json", "detail_path": "advisories/ZDI-14-215", "id": "ZDI-14-215", "kind": "published", "published_date": "2014-07-09", "status": "published", "title": "Microsoft Internet Explorer CAryWindowTbl Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-215/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2169", "zdi_id": "ZDI-14-215" }, { "cve": "CVE-2014-4646", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on software built with vulnerable versions of the Foxit SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-14-214/advisory.json", "detail_path": "advisories/ZDI-14-214", "id": "ZDI-14-214", "kind": "published", "published_date": "2014-06-30", "status": "published", "title": "Foxit PDF SDK DLL FPDFBookmark_GetTitle Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-214/", "vendor": "Foxit", "vendor_url": null, "zdi_can": "ZDI-CAN-1983", "zdi_id": "ZDI-14-214" }, { "cve": "CVE-2014-2782", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-213/advisory.json", "detail_path": "advisories/ZDI-14-213", "id": "ZDI-14-213", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Microsoft Internet Explorer ControlTracker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-213/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2240", "zdi_id": "ZDI-14-213" }, { "cve": "CVE-2014-0282", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-212/advisory.json", "detail_path": "advisories/ZDI-14-212", "id": "ZDI-14-212", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Microsoft Internet Explorer CInput Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-212/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2271", "zdi_id": "ZDI-14-212" }, { "cve": "CVE-2013-5017", "cvss": 7.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability. The specific flaws exist within the user.php and snmpConfig.php files. SQL inje...", "detail_json": "/data/advisories/ZDI-14-211/advisory.json", "detail_path": "advisories/ZDI-14-211", "id": "ZDI-14-211", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Symantec Web Gateway user.php SQL Injection and snmpConfig.php Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-211/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-2047", "zdi_id": "ZDI-14-211" }, { "cve": "CVE-2014-2611", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is required to exploit this vulnerability. The specific flaw exists within the fndwar web application. A...", "detail_json": "/data/advisories/ZDI-14-210/advisory.json", "detail_path": "advisories/ZDI-14-210", "id": "ZDI-14-210", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Hewlett-Packard IT Executive Scorecard fndwar Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-210/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2120", "zdi_id": "ZDI-14-210" }, { "cve": "CVE-2014-2610", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is required to exploit this vulnerability. The specific flaw exists within the Content Acceleration Pack...", "detail_json": "/data/advisories/ZDI-14-209/advisory.json", "detail_path": "advisories/ZDI-14-209", "id": "ZDI-14-209", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Hewlett-Packard IT Executive Scorecard CAP File Upload Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-209/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2117", "zdi_id": "ZDI-14-209" }, { "cve": "CVE-2014-2609", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is not required to exploit this vulnerability. The specific flaw exists within allowed HTTP access to a...", "detail_json": "/data/advisories/ZDI-14-208/advisory.json", "detail_path": "advisories/ZDI-14-208", "id": "ZDI-14-208", "kind": "published", "published_date": "2014-06-18", "status": "published", "title": "Hewlett-Packard IT Executive Scorecard Java Glassfish Admin Console Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-208/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2116", "zdi_id": "ZDI-14-208" }, { "cve": "CVE-2014-4153", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue li...", "detail_json": "/data/advisories/ZDI-14-207/advisory.json", "detail_path": "advisories/ZDI-14-207", "id": "ZDI-14-207", "kind": "published", "published_date": "2014-06-13", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm get_file Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-207/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2289", "zdi_id": "ZDI-14-207" }, { "cve": "CVE-2014-4152", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-206/advisory.json", "detail_path": "advisories/ZDI-14-206", "id": "ZDI-14-206", "kind": "published", "published_date": "2014-06-13", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-206/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2284", "zdi_id": "ZDI-14-206" }, { "cve": "CVE-2014-4151", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-205/advisory.json", "detail_path": "advisories/ZDI-14-205", "id": "ZDI-14-205", "kind": "published", "published_date": "2014-06-13", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm set_file Arbitrary File Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-205/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2293", "zdi_id": "ZDI-14-205" }, { "cve": "CVE-2014-3805", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-204/advisory.json", "detail_path": "advisories/ZDI-14-204", "id": "ZDI-14-204", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-204/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2283", "zdi_id": "ZDI-14-204" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-203/advisory.json", "detail_path": "advisories/ZDI-14-203", "id": "ZDI-14-203", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm set_file Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-203/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2294", "zdi_id": "ZDI-14-203" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-202/advisory.json", "detail_path": "advisories/ZDI-14-202", "id": "ZDI-14-202", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm update_system_info_debian_package Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-202/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2295", "zdi_id": "ZDI-14-202" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-201/advisory.json", "detail_path": "advisories/ZDI-14-201", "id": "ZDI-14-201", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm ossec_task Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-201/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2291", "zdi_id": "ZDI-14-201" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-200/advisory.json", "detail_path": "advisories/ZDI-14-200", "id": "ZDI-14-200", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm admin_ip Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-200/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2297", "zdi_id": "ZDI-14-200" }, { "cve": "CVE-2014-3805", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-199/advisory.json", "detail_path": "advisories/ZDI-14-199", "id": "ZDI-14-199", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm get_log_line Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-199/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2281", "zdi_id": "ZDI-14-199" }, { "cve": "CVE-2014-3805", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-198/advisory.json", "detail_path": "advisories/ZDI-14-198", "id": "ZDI-14-198", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm update_system/upgrade_pro_web Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-198/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2282", "zdi_id": "ZDI-14-198" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-197/advisory.json", "detail_path": "advisories/ZDI-14-197", "id": "ZDI-14-197", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm sync_rserver Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-197/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2296", "zdi_id": "ZDI-14-197" }, { "cve": "CVE-2014-3804", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in...", "detail_json": "/data/advisories/ZDI-14-196/advisory.json", "detail_path": "advisories/ZDI-14-196", "id": "ZDI-14-196", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "AlienVault OSSIM av-centerd Util.pm framework_ip Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-196/", "vendor": "AlienVault", "vendor_url": null, "zdi_can": "ZDI-CAN-2298", "zdi_id": "ZDI-14-196" }, { "cve": "CVE-2013-6221", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard AutoPass License Server. Authentication is not required to exploit this vulnerability. The flaw exists within the CommunicationServlet. The spe...", "detail_json": "/data/advisories/ZDI-14-195/advisory.json", "detail_path": "advisories/ZDI-14-195", "id": "ZDI-14-195", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Hewlett-Packard AutoPass License Server Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-195/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2031", "zdi_id": "ZDI-14-195" }, { "cve": "CVE-2014-1799", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-194/advisory.json", "detail_path": "advisories/ZDI-14-194", "id": "ZDI-14-194", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2267", "zdi_id": "ZDI-14-194" }, { "cve": "CVE-2014-2756", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-193/advisory.json", "detail_path": "advisories/ZDI-14-193", "id": "ZDI-14-193", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CMarkupPointer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-193/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2237", "zdi_id": "ZDI-14-193" }, { "cve": "CVE-2014-1766", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-192/advisory.json", "detail_path": "advisories/ZDI-14-192", "id": "ZDI-14-192", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer CDispNodeBase Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-192/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2227", "zdi_id": "ZDI-14-192" }, { "cve": "CVE-2014-1805", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-191/advisory.json", "detail_path": "advisories/ZDI-14-191", "id": "ZDI-14-191", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CWindow Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-191/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2223", "zdi_id": "ZDI-14-191" }, { "cve": "CVE-2014-1764", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-190/advisory.json", "detail_path": "advisories/ZDI-14-190", "id": "ZDI-14-190", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-190/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2213", "zdi_id": "ZDI-14-190" }, { "cve": "CVE-2014-2777", "cvss": 7.2, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-189/advisory.json", "detail_path": "advisories/ZDI-14-189", "id": "ZDI-14-189", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-189/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2218", "zdi_id": "ZDI-14-189" }, { "cve": "CVE-2014-2776", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-188/advisory.json", "detail_path": "advisories/ZDI-14-188", "id": "ZDI-14-188", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer Js::PathTypeHandlerBase Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-188/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2202", "zdi_id": "ZDI-14-188" }, { "cve": "CVE-2014-2775", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-187/advisory.json", "detail_path": "advisories/ZDI-14-187", "id": "ZDI-14-187", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-187/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2166", "zdi_id": "ZDI-14-187" }, { "cve": "CVE-2014-1762", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-186/advisory.json", "detail_path": "advisories/ZDI-14-186", "id": "ZDI-14-186", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "(Pwn2Own\\Pwn4Fun) Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-186/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2099", "zdi_id": "ZDI-14-186" }, { "cve": "CVE-2014-2772", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-185/advisory.json", "detail_path": "advisories/ZDI-14-185", "id": "ZDI-14-185", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer textContent Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-185/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2199", "zdi_id": "ZDI-14-185" }, { "cve": "CVE-2014-1800", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-184/advisory.json", "detail_path": "advisories/ZDI-14-184", "id": "ZDI-14-184", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2159", "zdi_id": "ZDI-14-184" }, { "cve": "CVE-2014-1797", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-183/advisory.json", "detail_path": "advisories/ZDI-14-183", "id": "ZDI-14-183", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer isindex Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-183/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2145", "zdi_id": "ZDI-14-183" }, { "cve": "CVE-2014-2758", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-182/advisory.json", "detail_path": "advisories/ZDI-14-182", "id": "ZDI-14-182", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CDXTFilterNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-182/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2144", "zdi_id": "ZDI-14-182" }, { "cve": "CVE-2014-2757", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-181/advisory.json", "detail_path": "advisories/ZDI-14-181", "id": "ZDI-14-181", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-181/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2134", "zdi_id": "ZDI-14-181" }, { "cve": "CVE-2014-1785", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-180/advisory.json", "detail_path": "advisories/ZDI-14-180", "id": "ZDI-14-180", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-180/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2110", "zdi_id": "ZDI-14-180" }, { "cve": "CVE-2014-1782", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-179/advisory.json", "detail_path": "advisories/ZDI-14-179", "id": "ZDI-14-179", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CGeneratedContent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-179/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2076", "zdi_id": "ZDI-14-179" }, { "cve": "CVE-2014-1780", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-178/advisory.json", "detail_path": "advisories/ZDI-14-178", "id": "ZDI-14-178", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-178/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2055", "zdi_id": "ZDI-14-178" }, { "cve": "CVE-2014-1779", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-177/advisory.json", "detail_path": "advisories/ZDI-14-177", "id": "ZDI-14-177", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-177/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2057", "zdi_id": "ZDI-14-177" }, { "cve": "CVE-2014-0282", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-176/advisory.json", "detail_path": "advisories/ZDI-14-176", "id": "ZDI-14-176", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-176/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2039", "zdi_id": "ZDI-14-176" }, { "cve": "CVE-2014-1775", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-175/advisory.json", "detail_path": "advisories/ZDI-14-175", "id": "ZDI-14-175", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CPeerFactoryUrlMap Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-175/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2037", "zdi_id": "ZDI-14-175" }, { "cve": "CVE-2014-1774", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-174/advisory.json", "detail_path": "advisories/ZDI-14-174", "id": "ZDI-14-174", "kind": "published", "published_date": "2014-06-11", "status": "published", "title": "Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-174/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2025", "zdi_id": "ZDI-14-174" }, { "cve": "CVE-2014-0195", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assu...", "detail_json": "/data/advisories/ZDI-14-173/advisory.json", "detail_path": "advisories/ZDI-14-173", "id": "ZDI-14-173", "kind": "published", "published_date": "2014-06-05", "status": "published", "title": "OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-173/", "vendor": "OpenSSL", "vendor_url": null, "zdi_can": "ZDI-CAN-2304", "zdi_id": "ZDI-14-173" }, { "cve": "CVE-2014-3911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-172/advisory.json", "detail_path": "advisories/ZDI-14-172", "id": "ZDI-14-172", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 Multiple Methods Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-172/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2320", "zdi_id": "ZDI-14-172" }, { "cve": "CVE-2014-3911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-171/advisory.json", "detail_path": "advisories/ZDI-14-171", "id": "ZDI-14-171", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 FrameAdvanceReader Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-171/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2322", "zdi_id": "ZDI-14-171" }, { "cve": "CVE-2014-3911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-170/advisory.json", "detail_path": "advisories/ZDI-14-170", "id": "ZDI-14-170", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 DeleteDeviceProfile Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-170/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2321", "zdi_id": "ZDI-14-170" }, { "cve": "CVE-2014-3912", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-169/advisory.json", "detail_path": "advisories/ZDI-14-169", "id": "ZDI-14-169", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 FindConfigChildeKeyList Method Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-169/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2317", "zdi_id": "ZDI-14-169" }, { "cve": "CVE-2014-3911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-168/advisory.json", "detail_path": "advisories/ZDI-14-168", "id": "ZDI-14-168", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ChangeControlLocalName Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-168/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2311", "zdi_id": "ZDI-14-168" }, { "cve": "CVE-2014-3911", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-167/advisory.json", "detail_path": "advisories/ZDI-14-167", "id": "ZDI-14-167", "kind": "published", "published_date": "2014-06-04", "status": "published", "title": "Samsung iPOLiS Device Manager XNSSDKWINDOW.XnsSdkWindowCtrlForIpInstaller.1 Start Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-167/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2307", "zdi_id": "ZDI-14-167" }, { "cve": "CVE-2014-3914", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the u...", "detail_json": "/data/advisories/ZDI-14-166/advisory.json", "detail_path": "advisories/ZDI-14-166", "id": "ZDI-14-166", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM userRequest save_server_groups Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-166/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2247", "zdi_id": "ZDI-14-166" }, { "cve": "CVE-2014-3914", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the f...", "detail_json": "/data/advisories/ZDI-14-165/advisory.json", "detail_path": "advisories/ZDI-14-165", "id": "ZDI-14-165", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM fileRequestorServlet del Command Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-165/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2248", "zdi_id": "ZDI-14-165" }, { "cve": "CVE-2014-3915", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the u...", "detail_json": "/data/advisories/ZDI-14-164/advisory.json", "detail_path": "advisories/ZDI-14-164", "id": "ZDI-14-164", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM userRequest/tsmRequest Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-164/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2259", "zdi_id": "ZDI-14-164" }, { "cve": "CVE-2014-3914", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-14-163/advisory.json", "detail_path": "advisories/ZDI-14-163", "id": "ZDI-14-163", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM fileRequestorServlet readDataFile Command Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-163/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2260", "zdi_id": "ZDI-14-163" }, { "cve": "CVE-2014-3914", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the f...", "detail_json": "/data/advisories/ZDI-14-162/advisory.json", "detail_path": "advisories/ZDI-14-162", "id": "ZDI-14-162", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM fileRequestorServlet run/runClear Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-162/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2262", "zdi_id": "ZDI-14-162" }, { "cve": "CVE-2014-3914", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the f...", "detail_json": "/data/advisories/ZDI-14-161/advisory.json", "detail_path": "advisories/ZDI-14-161", "id": "ZDI-14-161", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Rocket Servergraph Admin Center for TSM fileRequestServlet writeDataFile Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-161/", "vendor": "Rocket Software", "vendor_url": null, "zdi_can": "ZDI-CAN-2263", "zdi_id": "ZDI-14-161" }, { "cve": "CVE-2014-3913", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ericom AccessNow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the way AccessServer32.exe handles requests...", "detail_json": "/data/advisories/ZDI-14-160/advisory.json", "detail_path": "advisories/ZDI-14-160", "id": "ZDI-14-160", "kind": "published", "published_date": "2014-06-02", "status": "published", "title": "(0Day) Ericom AccessNow Server Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-160/", "vendor": "Ericom", "vendor_url": null, "zdi_can": "ZDI-CAN-2268", "zdi_id": "ZDI-14-160" }, { "cve": "CVE-2014-3790", "cvss": 6.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console (RVC)...", "detail_json": "/data/advisories/ZDI-14-159/advisory.json", "detail_path": "advisories/ZDI-14-159", "id": "ZDI-14-159", "kind": "published", "published_date": "2014-05-30", "status": "published", "title": "(0Day) VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-159/", "vendor": "VMWare, Inc.", "vendor_url": null, "zdi_can": "ZDI-CAN-2003", "zdi_id": "ZDI-14-159" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getConnection function in es...", "detail_json": "/data/advisories/ZDI-14-158/advisory.json", "detail_path": "advisories/ZDI-14-158", "id": "ZDI-14-158", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse ConnectionType.getConnection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-158/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1968", "zdi_id": "ZDI-14-158" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.isInput function in esp_serv...", "detail_json": "/data/advisories/ZDI-14-157/advisory.json", "detail_path": "advisories/ZDI-14-157", "id": "ZDI-14-157", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse ConnectionType.isInput Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-157/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1967", "zdi_id": "ZDI-14-157" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getSampleRow function in esp_ser...", "detail_json": "/data/advisories/ZDI-14-156/advisory.json", "detail_path": "advisories/ZDI-14-156", "id": "ZDI-14-156", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getSampleRow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-156/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1966", "zdi_id": "ZDI-14-156" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getFieldTypes function in esp_se...", "detail_json": "/data/advisories/ZDI-14-155/advisory.json", "detail_path": "advisories/ZDI-14-155", "id": "ZDI-14-155", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getFieldTypes Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-155/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1965", "zdi_id": "ZDI-14-155" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getFieldNames function in esp_se...", "detail_json": "/data/advisories/ZDI-14-154/advisory.json", "detail_path": "advisories/ZDI-14-154", "id": "ZDI-14-154", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getFieldNames Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-154/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1964", "zdi_id": "ZDI-14-154" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.setParams function in esp_server...", "detail_json": "/data/advisories/ZDI-14-153/advisory.json", "detail_path": "advisories/ZDI-14-153", "id": "ZDI-14-153", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.setParams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-153/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1963", "zdi_id": "ZDI-14-153" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.destroy function in esp_server_l...", "detail_json": "/data/advisories/ZDI-14-152/advisory.json", "detail_path": "advisories/ZDI-14-152", "id": "ZDI-14-152", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.destroy Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-152/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1962", "zdi_id": "ZDI-14-152" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.dispose function in esp_server_l...", "detail_json": "/data/advisories/ZDI-14-151/advisory.json", "detail_path": "advisories/ZDI-14-151", "id": "ZDI-14-151", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.dispose Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-151/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1961", "zdi_id": "ZDI-14-151" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getTableNames function in esp_se...", "detail_json": "/data/advisories/ZDI-14-150/advisory.json", "detail_path": "advisories/ZDI-14-150", "id": "ZDI-14-150", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getTableNames Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-150/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1960", "zdi_id": "ZDI-14-150" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.setScanDepth function in esp_ser...", "detail_json": "/data/advisories/ZDI-14-149/advisory.json", "detail_path": "advisories/ZDI-14-149", "id": "ZDI-14-149", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.setScanDepth Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-149/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1959", "zdi_id": "ZDI-14-149" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.canDiscover function in esp_serv...", "detail_json": "/data/advisories/ZDI-14-148/advisory.json", "detail_path": "advisories/ZDI-14-148", "id": "ZDI-14-148", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.canDiscover Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-148/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1958", "zdi_id": "ZDI-14-148" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getError function in esp_server_...", "detail_json": "/data/advisories/ZDI-14-147/advisory.json", "detail_path": "advisories/ZDI-14-147", "id": "ZDI-14-147", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getError Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-147/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1957", "zdi_id": "ZDI-14-147" }, { "cve": "CVE-2014-3457", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.reset function in esp_server_lib...", "detail_json": "/data/advisories/ZDI-14-146/advisory.json", "detail_path": "advisories/ZDI-14-146", "id": "ZDI-14-146", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.reset Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-146/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1956", "zdi_id": "ZDI-14-146" }, { "cve": "CVE-2014-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getErrors function in esp_server...", "detail_json": "/data/advisories/ZDI-14-145/advisory.json", "detail_path": "advisories/ZDI-14-145", "id": "ZDI-14-145", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getErrors Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-145/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1954", "zdi_id": "ZDI-14-145" }, { "cve": "CVE-2014-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getName function in esp_serv...", "detail_json": "/data/advisories/ZDI-14-144/advisory.json", "detail_path": "advisories/ZDI-14-144", "id": "ZDI-14-144", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse ConnectionType.getName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-144/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1955", "zdi_id": "ZDI-14-144" }, { "cve": "CVE-2014-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getParamNames function in es...", "detail_json": "/data/advisories/ZDI-14-143/advisory.json", "detail_path": "advisories/ZDI-14-143", "id": "ZDI-14-143", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse ConnectionType.getParamNames Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-143/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1952", "zdi_id": "ZDI-14-143" }, { "cve": "CVE-2014-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getXmlDescription function i...", "detail_json": "/data/advisories/ZDI-14-142/advisory.json", "detail_path": "advisories/ZDI-14-142", "id": "ZDI-14-142", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse ConnectionType.getXmlDescription Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-142/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1953", "zdi_id": "ZDI-14-142" }, { "cve": "CVE-2014-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getType function in esp_server_l...", "detail_json": "/data/advisories/ZDI-14-141/advisory.json", "detail_path": "advisories/ZDI-14-141", "id": "ZDI-14-141", "kind": "published", "published_date": "2014-05-22", "status": "published", "title": "(0Day) SAP Sybase ESP esp_parse Connection.getType Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-141/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1951", "zdi_id": "ZDI-14-141" }, { "cve": "CVE-2014-1770", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-140/advisory.json", "detail_path": "advisories/ZDI-14-140", "id": "ZDI-14-140", "kind": "published", "published_date": "2014-05-21", "status": "published", "title": "(0Day) Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-140/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1989", "zdi_id": "ZDI-14-140" }, { "cve": "CVE-2014-0773", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-139/advisory.json", "detail_path": "advisories/ZDI-14-139", "id": "ZDI-14-139", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "Advantech WebAccess bwocxrun.ocx CreateProcess Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-139/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2095", "zdi_id": "ZDI-14-139" }, { "cve": "CVE-2014-0772", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-138/advisory.json", "detail_path": "advisories/ZDI-14-138", "id": "ZDI-14-138", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-138/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2094", "zdi_id": "ZDI-14-138" }, { "cve": "CVE-2014-0771", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-137/advisory.json", "detail_path": "advisories/ZDI-14-137", "id": "ZDI-14-137", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "Advantech WebAccess bwocxrun.ocx OpenUrlToBuffer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-137/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2093", "zdi_id": "ZDI-14-137" }, { "cve": "CVE-2014-3789", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPermissions.asp component of the web serve...", "detail_json": "/data/advisories/ZDI-14-136/advisory.json", "detail_path": "advisories/ZDI-14-136", "id": "ZDI-14-136", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "Cogent DataHub Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-136/", "vendor": "Cogent Real-Time Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-2160", "zdi_id": "ZDI-14-136" }, { "cve": "CVE-2014-3788", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included Web Server. By providing a request w...", "detail_json": "/data/advisories/ZDI-14-135/advisory.json", "detail_path": "advisories/ZDI-14-135", "id": "ZDI-14-135", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "Cogent DataHub Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-135/", "vendor": "Cogent Real-Time Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-2192", "zdi_id": "ZDI-14-135" }, { "cve": "CVE-2014-3460", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-134/advisory.json", "detail_path": "advisories/ZDI-14-134", "id": "ZDI-14-134", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "(0Day) Novell NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-134/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1946", "zdi_id": "ZDI-14-134" }, { "cve": "CVE-2014-3459", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Network Configuration Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-14-133/advisory.json", "detail_path": "advisories/ZDI-14-133", "id": "ZDI-14-133", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "(0Day) SolarWinds Network Configuration Manager PEstrarg1 Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-133/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1906", "zdi_id": "ZDI-14-133" }, { "cve": "CVE-2014-0512", "cvss": 4.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-132/advisory.json", "detail_path": "advisories/ZDI-14-132", "id": "ZDI-14-132", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "(Pwn2Own) Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-132/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2211", "zdi_id": "ZDI-14-132" }, { "cve": "CVE-2014-0511", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-131/advisory.json", "detail_path": "advisories/ZDI-14-131", "id": "ZDI-14-131", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "(Pwn2Own) Adobe Reader PDF417 Barcode Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-131/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2210", "zdi_id": "ZDI-14-131" }, { "cve": "CVE-2014-0510", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-130/advisory.json", "detail_path": "advisories/ZDI-14-130", "id": "ZDI-14-130", "kind": "published", "published_date": "2014-05-19", "status": "published", "title": "(Pwn2Own) Adobe Flash Display Object Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-130/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2235", "zdi_id": "ZDI-14-130" }, { "cve": "CVE-2014-3802", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic...", "detail_json": "/data/advisories/ZDI-14-129/advisory.json", "detail_path": "advisories/ZDI-14-129", "id": "ZDI-14-129", "kind": "published", "published_date": "2014-05-14", "status": "published", "title": "Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-129/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1856", "zdi_id": "ZDI-14-129" }, { "cve": "CVE-2014-0527", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-128/advisory.json", "detail_path": "advisories/ZDI-14-128", "id": "ZDI-14-128", "kind": "published", "published_date": "2014-05-13", "status": "published", "title": "Adobe Reader AcroPDF messageHandler Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-128/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2001", "zdi_id": "ZDI-14-128" }, { "cve": "CVE-2014-1649", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Workspace Streaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWS Agent (as_agent.exe) compon...", "detail_json": "/data/advisories/ZDI-14-127/advisory.json", "detail_path": "advisories/ZDI-14-127", "id": "ZDI-14-127", "kind": "published", "published_date": "2014-05-13", "status": "published", "title": "Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-127/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-2102", "zdi_id": "ZDI-14-127" }, { "cve": "CVE-2014-1736", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-126/advisory.json", "detail_path": "advisories/ZDI-14-126", "id": "ZDI-14-126", "kind": "published", "published_date": "2014-05-13", "status": "published", "title": "Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-126/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2245", "zdi_id": "ZDI-14-126" }, { "cve": "CVE-2014-0310", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-125/advisory.json", "detail_path": "advisories/ZDI-14-125", "id": "ZDI-14-125", "kind": "published", "published_date": "2014-05-13", "status": "published", "title": "Microsoft Internet Explorer Attribute Double Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-125/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2101", "zdi_id": "ZDI-14-125" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Silk Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-14-124/advisory.json", "detail_path": "advisories/ZDI-14-124", "id": "ZDI-14-124", "kind": "published", "published_date": "2014-05-05", "status": "published", "title": "(0Day) Borland Silk Central TeeChart ActiveX Control GridLink Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-124/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-2000", "zdi_id": "ZDI-14-124" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland StarTeam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AttachmentService servlet in the FILECHECKO...", "detail_json": "/data/advisories/ZDI-14-123/advisory.json", "detail_path": "advisories/ZDI-14-123", "id": "ZDI-14-123", "kind": "published", "published_date": "2014-05-05", "status": "published", "title": "(0Day) Borland StarTeam Web Server AttachmentService performCheckoutFile Remote Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-123/", "vendor": "Borland", "vendor_url": null, "zdi_can": "ZDI-CAN-1857", "zdi_id": "ZDI-14-123" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaspersky Internet Security. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-14-122/advisory.json", "detail_path": "advisories/ZDI-14-122", "id": "ZDI-14-122", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "Kaspersky Internet Security prremote.dll Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-122/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-1884", "zdi_id": "ZDI-14-122" }, { "cve": "CVE-2014-1318", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-14-121/advisory.json", "detail_path": "advisories/ZDI-14-121", "id": "ZDI-14-121", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "(Pwn2Own\\Pwn4Fun) Apple OS X Graphics Driver Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-121/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2208", "zdi_id": "ZDI-14-121" }, { "cve": "CVE-2014-1320", "cvss": 2.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-120/advisory.json", "detail_path": "advisories/ZDI-14-120", "id": "ZDI-14-120", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "(Pwn2Own\\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-120/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2207", "zdi_id": "ZDI-14-120" }, { "cve": "CVE-2014-0285", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-119/advisory.json", "detail_path": "advisories/ZDI-14-119", "id": "ZDI-14-119", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-119/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2141", "zdi_id": "ZDI-14-119" }, { "cve": "CVE-2014-0780", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web roo...", "detail_json": "/data/advisories/ZDI-14-118/advisory.json", "detail_path": "advisories/ZDI-14-118", "id": "ZDI-14-118", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "InduSoft Web Studio Directory Traversal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-118/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2108", "zdi_id": "ZDI-14-118" }, { "cve": "CVE-2014-0786", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the \"guest\" user. The issue lie...", "detail_json": "/data/advisories/ZDI-14-117/advisory.json", "detail_path": "advisories/ZDI-14-117", "id": "ZDI-14-117", "kind": "published", "published_date": "2014-05-02", "status": "published", "title": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-117/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-2041", "zdi_id": "ZDI-14-117" }, { "cve": "CVE-2014-0768", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-116/advisory.json", "detail_path": "advisories/ZDI-14-116", "id": "ZDI-14-116", "kind": "published", "published_date": "2014-04-24", "status": "published", "title": "Advantech WebAccess webvact.ocx AccessCode2 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-116/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2013", "zdi_id": "ZDI-14-116" }, { "cve": null, "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-115/advisory.json", "detail_path": "advisories/ZDI-14-115", "id": "ZDI-14-115", "kind": "published", "published_date": "2014-04-23", "status": "published", "title": "SolarWinds Server and Application Monitor PEstrarg1 ActiveX Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-115/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1874", "zdi_id": "ZDI-14-115" }, { "cve": "CVE-2014-0456", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-114/advisory.json", "detail_path": "advisories/ZDI-14-114", "id": "ZDI-14-114", "kind": "published", "published_date": "2014-04-23", "status": "published", "title": "Oracle Java System.arraycopy() Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-114/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2054", "zdi_id": "ZDI-14-114" }, { "cve": "CVE-2014-0290", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-113/advisory.json", "detail_path": "advisories/ZDI-14-113", "id": "ZDI-14-113", "kind": "published", "published_date": "2014-04-23", "status": "published", "title": "Microsoft Internet Explorer CMarkup Undo execCommand Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-113/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2131", "zdi_id": "ZDI-14-113" }, { "cve": "CVE-2014-0278", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-112/advisory.json", "detail_path": "advisories/ZDI-14-112", "id": "ZDI-14-112", "kind": "published", "published_date": "2014-04-23", "status": "published", "title": "Microsoft Internet Explorer CSS Out-Of-Bounds Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-112/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2132", "zdi_id": "ZDI-14-112" }, { "cve": "CVE-2014-2407", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-111/advisory.json", "detail_path": "advisories/ZDI-14-111", "id": "ZDI-14-111", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Data Quality LoaderWizard ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-111/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2019", "zdi_id": "ZDI-14-111" }, { "cve": "CVE-2014-2418", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-110/advisory.json", "detail_path": "advisories/ZDI-14-110", "id": "ZDI-14-110", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Data Quality FileChooserDlg onChangeDirectory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-110/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1937", "zdi_id": "ZDI-14-110" }, { "cve": "CVE-2014-2415", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-109/advisory.json", "detail_path": "advisories/ZDI-14-109", "id": "ZDI-14-109", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Data Quality PostcardPreviewInt onclose Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-109/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1936", "zdi_id": "ZDI-14-109" }, { "cve": "CVE-2014-2417", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-108/advisory.json", "detail_path": "advisories/ZDI-14-108", "id": "ZDI-14-108", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Data Quality DscXB onloadstatechange Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-108/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1935", "zdi_id": "ZDI-14-108" }, { "cve": "CVE-2014-2416", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-107/advisory.json", "detail_path": "advisories/ZDI-14-107", "id": "ZDI-14-107", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Data Quality DateTimeWrapper onchange Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-107/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1934", "zdi_id": "ZDI-14-107" }, { "cve": "CVE-2014-2424", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Event Processing. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. The class c...", "detail_json": "/data/advisories/ZDI-14-106/advisory.json", "detail_path": "advisories/ZDI-14-106", "id": "ZDI-14-106", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-106/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2048", "zdi_id": "ZDI-14-106" }, { "cve": "CVE-2014-0457", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-105/advisory.json", "detail_path": "advisories/ZDI-14-105", "id": "ZDI-14-105", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-105/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2058", "zdi_id": "ZDI-14-105" }, { "cve": "CVE-2014-0432", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-104/advisory.json", "detail_path": "advisories/ZDI-14-104", "id": "ZDI-14-104", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Java permuteArguments Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-104/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2060", "zdi_id": "ZDI-14-104" }, { "cve": "CVE-2014-0455", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-103/advisory.json", "detail_path": "advisories/ZDI-14-103", "id": "ZDI-14-103", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Java DropArguments Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-103/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2059", "zdi_id": "ZDI-14-103" }, { "cve": "CVE-2014-2421", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-102/advisory.json", "detail_path": "advisories/ZDI-14-102", "id": "ZDI-14-102", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Oracle Java JPEG Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-102/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2038", "zdi_id": "ZDI-14-102" }, { "cve": "CVE-2014-0321", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-101/advisory.json", "detail_path": "advisories/ZDI-14-101", "id": "ZDI-14-101", "kind": "published", "published_date": "2014-04-21", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-101/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2112", "zdi_id": "ZDI-14-101" }, { "cve": "CVE-2013-6213", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed EmulationAdminSoapBinding...", "detail_json": "/data/advisories/ZDI-14-100/advisory.json", "detail_path": "advisories/ZDI-14-100", "id": "ZDI-14-100", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "Hewlett-Packard Virtual User Generator EmulationAdmin Service Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-100/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1833", "zdi_id": "ZDI-14-100" }, { "cve": "CVE-2013-6215", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal Configuration Management Database (CMDB). Authentication is required to exploit this vulnerability, but it is trivial to bypass. The...", "detail_json": "/data/advisories/ZDI-14-099/advisory.json", "detail_path": "advisories/ZDI-14-099", "id": "ZDI-14-099", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "Hewlett-Packard Universal CMDB Integration Service UploadScansServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-099/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1977", "zdi_id": "ZDI-14-099" }, { "cve": "CVE-2013-6748", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-098/advisory.json", "detail_path": "advisories/ZDI-14-098", "id": "ZDI-14-098", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-098/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2028", "zdi_id": "ZDI-14-098" }, { "cve": "CVE-2014-2210", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw...", "detail_json": "/data/advisories/ZDI-14-097/advisory.json", "detail_path": "advisories/ZDI-14-097", "id": "ZDI-14-097", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-097/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-2018", "zdi_id": "ZDI-14-097" }, { "cve": "CVE-2014-2210", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific fl...", "detail_json": "/data/advisories/ZDI-14-096/advisory.json", "detail_path": "advisories/ZDI-14-096", "id": "ZDI-14-096", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "CA ERwin Web Portal MIMM FileAccessServiceProvider Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-096/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-2017", "zdi_id": "ZDI-14-096" }, { "cve": "CVE-2014-2210", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read database credentials on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-14-095/advisory.json", "detail_path": "advisories/ZDI-14-095", "id": "ZDI-14-095", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "CA ERwin Web Portal MIMM ConfigServiceProvider Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-095/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-2016", "zdi_id": "ZDI-14-095" }, { "cve": "CVE-2014-2210", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read nearly any system file, including database credentials, on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to explo...", "detail_json": "/data/advisories/ZDI-14-094/advisory.json", "detail_path": "advisories/ZDI-14-094", "id": "ZDI-14-094", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "CA ERwin Web Portal MIMM downloadScriptFile.do Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-094/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-2015", "zdi_id": "ZDI-14-094" }, { "cve": "CVE-2014-2210", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to overwrite arbitrary .xml files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-14-093/advisory.json", "detail_path": "advisories/ZDI-14-093", "id": "ZDI-14-093", "kind": "published", "published_date": "2014-04-17", "status": "published", "title": "CA ERwin Web Portal MIMM ConfigServiceProviderServlet Remote File Creation/Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-093/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-2105", "zdi_id": "ZDI-14-093" }, { "cve": "CVE-2014-0506", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-092/advisory.json", "detail_path": "advisories/ZDI-14-092", "id": "ZDI-14-092", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2216", "zdi_id": "ZDI-14-092" }, { "cve": "CVE-2014-1303", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-091/advisory.json", "detail_path": "advisories/ZDI-14-091", "id": "ZDI-14-091", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Apple Safari Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-091/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2221", "zdi_id": "ZDI-14-091" }, { "cve": "CVE-2014-1300", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-090/advisory.json", "detail_path": "advisories/ZDI-14-090", "id": "ZDI-14-090", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own\\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-090/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2206", "zdi_id": "ZDI-14-090" }, { "cve": "CVE-2014-1715", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-089/advisory.json", "detail_path": "advisories/ZDI-14-089", "id": "ZDI-14-089", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Google Chrome Directory Traversal Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-089/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2234", "zdi_id": "ZDI-14-089" }, { "cve": "CVE-2014-1705", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-088/advisory.json", "detail_path": "advisories/ZDI-14-088", "id": "ZDI-14-088", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-088/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2233", "zdi_id": "ZDI-14-088" }, { "cve": "CVE-2014-1714", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-087/advisory.json", "detail_path": "advisories/ZDI-14-087", "id": "ZDI-14-087", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Google Chrome Clipboard Sandbox Escape Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-087/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2230", "zdi_id": "ZDI-14-087" }, { "cve": "CVE-2014-1713", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-086/advisory.json", "detail_path": "advisories/ZDI-14-086", "id": "ZDI-14-086", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-086/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-2229", "zdi_id": "ZDI-14-086" }, { "cve": "CVE-2014-1514", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-085/advisory.json", "detail_path": "advisories/ZDI-14-085", "id": "ZDI-14-085", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Mozilla Firefox TypedArrayObject Out-Of-Bounds Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-085/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2225", "zdi_id": "ZDI-14-085" }, { "cve": "CVE-2014-1513", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-084/advisory.json", "detail_path": "advisories/ZDI-14-084", "id": "ZDI-14-084", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Mozilla Firefox ArrayBuffer Out-Of-Bounds Read/Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-084/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2220", "zdi_id": "ZDI-14-084" }, { "cve": "CVE-2014-1512", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-083/advisory.json", "detail_path": "advisories/ZDI-14-083", "id": "ZDI-14-083", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-083/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2219", "zdi_id": "ZDI-14-083" }, { "cve": "CVE-2014-1511", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-082/advisory.json", "detail_path": "advisories/ZDI-14-082", "id": "ZDI-14-082", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Pop-Up Blocker Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-082/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2215", "zdi_id": "ZDI-14-082" }, { "cve": "CVE-2014-1510", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-081/advisory.json", "detail_path": "advisories/ZDI-14-081", "id": "ZDI-14-081", "kind": "published", "published_date": "2014-04-11", "status": "published", "title": "(Pwn2Own) Mozilla Firefox Privileged Content Loading Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-081/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2214", "zdi_id": "ZDI-14-081" }, { "cve": "CVE-2014-1760", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-080/advisory.json", "detail_path": "advisories/ZDI-14-080", "id": "ZDI-14-080", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Microsoft Internet Explorer CFormatCache::AddRefData Improper Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-080/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2122", "zdi_id": "ZDI-14-080" }, { "cve": "CVE-2014-1753", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-079/advisory.json", "detail_path": "advisories/ZDI-14-079", "id": "ZDI-14-079", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-079/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2111", "zdi_id": "ZDI-14-079" }, { "cve": "CVE-2014-0325", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-078/advisory.json", "detail_path": "advisories/ZDI-14-078", "id": "ZDI-14-078", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-078/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2077", "zdi_id": "ZDI-14-078" }, { "cve": "CVE-2014-0763", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. Multiple SOAP r...", "detail_json": "/data/advisories/ZDI-14-077/advisory.json", "detail_path": "advisories/ZDI-14-077", "id": "ZDI-14-077", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-077/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-1938", "zdi_id": "ZDI-14-077" }, { "cve": "CVE-2014-0764", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-076/advisory.json", "detail_path": "advisories/ZDI-14-076", "id": "ZDI-14-076", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess webvact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-076/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2009", "zdi_id": "ZDI-14-076" }, { "cve": "CVE-2014-0770", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-075/advisory.json", "detail_path": "advisories/ZDI-14-075", "id": "ZDI-14-075", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess webvact.ocx UserName Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-075/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2014", "zdi_id": "ZDI-14-075" }, { "cve": "CVE-2014-0767", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-074/advisory.json", "detail_path": "advisories/ZDI-14-074", "id": "ZDI-14-074", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess webvact.ocx AccessCode Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-074/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2012", "zdi_id": "ZDI-14-074" }, { "cve": "CVE-2014-0766", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-073/advisory.json", "detail_path": "advisories/ZDI-14-073", "id": "ZDI-14-073", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess webvact.ocx NodeName2 Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-073/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2011", "zdi_id": "ZDI-14-073" }, { "cve": "CVE-2014-0765", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-072/advisory.json", "detail_path": "advisories/ZDI-14-072", "id": "ZDI-14-072", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "Advantech WebAccess webvact.ocx GotoCmd Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-072/", "vendor": "Advantech", "vendor_url": null, "zdi_can": "ZDI-CAN-2010", "zdi_id": "ZDI-14-072" }, { "cve": "CVE-2014-0787", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code contained in kxNe...", "detail_json": "/data/advisories/ZDI-14-071/advisory.json", "detail_path": "advisories/ZDI-14-071", "id": "ZDI-14-071", "kind": "published", "published_date": "2014-04-10", "status": "published", "title": "WellinTech KingScada AEserver.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-071/", "vendor": "WellinTech", "vendor_url": null, "zdi_can": "ZDI-CAN-1780", "zdi_id": "ZDI-14-071" }, { "cve": "CVE-2014-0507", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-070/advisory.json", "detail_path": "advisories/ZDI-14-070", "id": "ZDI-14-070", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "Adobe Flash Player Regular Expression Stack Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2167", "zdi_id": "ZDI-14-070" }, { "cve": "CVE-2014-2849", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Web Appliance. Authentication is required to exploit this vulnerability. The specific flaws exist within the change_password and netinterface functions...", "detail_json": "/data/advisories/ZDI-14-069/advisory.json", "detail_path": "advisories/ZDI-14-069", "id": "ZDI-14-069", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-069/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-2026", "zdi_id": "ZDI-14-069" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FSMWebService service....", "detail_json": "/data/advisories/ZDI-14-068/advisory.json", "detail_path": "advisories/ZDI-14-068", "id": "ZDI-14-068", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "SolarWinds Firewall Security Manager FSMWebService Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-068/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1898", "zdi_id": "ZDI-14-068" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-067/advisory.json", "detail_path": "advisories/ZDI-14-067", "id": "ZDI-14-067", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "SolarWinds Server and Application Monitor VSReport Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-067/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1883", "zdi_id": "ZDI-14-067" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-066/advisory.json", "detail_path": "advisories/ZDI-14-066", "id": "ZDI-14-066", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "SolarWinds Server and Application Monitor Apex Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-066/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1875", "zdi_id": "ZDI-14-066" }, { "cve": null, "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-065/advisory.json", "detail_path": "advisories/ZDI-14-065", "id": "ZDI-14-065", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "SolarWinds Server and Application Monitor C1Chart3D8 Array Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-065/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1978", "zdi_id": "ZDI-14-065" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...", "detail_json": "/data/advisories/ZDI-14-064/advisory.json", "detail_path": "advisories/ZDI-14-064", "id": "ZDI-14-064", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "SolarWinds Server and Application Monitor wpdlx Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-064/", "vendor": "SolarWinds", "vendor_url": null, "zdi_can": "ZDI-CAN-1899", "zdi_id": "ZDI-14-064" }, { "cve": "CVE-2013-6210", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Unified Functional Testing. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-063/advisory.json", "detail_path": "advisories/ZDI-14-063", "id": "ZDI-14-063", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "HP Unified Functional Testing ExGrid SaveXML Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-063/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1932", "zdi_id": "ZDI-14-063" }, { "cve": "CVE-2014-0285", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-062/advisory.json", "detail_path": "advisories/ZDI-14-062", "id": "ZDI-14-062", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "Microsoft Internet Explorer NavigateToBookmark Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-062/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2100", "zdi_id": "ZDI-14-062" }, { "cve": "CVE-2014-0274", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-061/advisory.json", "detail_path": "advisories/ZDI-14-061", "id": "ZDI-14-061", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-061/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2074", "zdi_id": "ZDI-14-061" }, { "cve": "CVE-2014-2276", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadCon...", "detail_json": "/data/advisories/ZDI-14-060/advisory.json", "detail_path": "advisories/ZDI-14-060", "id": "ZDI-14-060", "kind": "published", "published_date": "2014-04-08", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war FileUploadController Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-060/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-2133", "zdi_id": "ZDI-14-060" }, { "cve": "CVE-2014-0779", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-14-059/advisory.json", "detail_path": "advisories/ZDI-14-059", "id": "ZDI-14-059", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Schneider-Electric ClearSCADA ServerMain.exe OPF File Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-059/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-1876", "zdi_id": "ZDI-14-059" }, { "cve": "CVE-2014-1486", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-058/advisory.json", "detail_path": "advisories/ZDI-14-058", "id": "ZDI-14-058", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Mozilla Firefox imgRequestProxy Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-058/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-2036", "zdi_id": "ZDI-14-058" }, { "cve": "CVE-2014-1290", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-14-057/advisory.json", "detail_path": "advisories/ZDI-14-057", "id": "ZDI-14-057", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple Mobile Safari isindex Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-057/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2109", "zdi_id": "ZDI-14-057" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office one-X Portal. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserConfigurationService and Up...", "detail_json": "/data/advisories/ZDI-14-056/advisory.json", "detail_path": "advisories/ZDI-14-056", "id": "ZDI-14-056", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Avaya IP Office one-X Portal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-056/", "vendor": "Avaya", "vendor_url": null, "zdi_can": "ZDI-CAN-1688", "zdi_id": "ZDI-14-056" }, { "cve": "CVE-2013-3706", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Configuration Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Preboot Service (novel...", "detail_json": "/data/advisories/ZDI-14-055/advisory.json", "detail_path": "advisories/ZDI-14-055", "id": "ZDI-14-055", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Novell ZENworks Configuration Management PreBoot Service Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-055/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1595", "zdi_id": "ZDI-14-055" }, { "cve": "CVE-2014-0774", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file. The specific flaw exists with...", "detail_json": "/data/advisories/ZDI-14-054/advisory.json", "detail_path": "advisories/ZDI-14-054", "id": "ZDI-14-054", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Schneider Electric OPC Factory Server OFS Client Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-054/", "vendor": "Schneider Electric", "vendor_url": null, "zdi_can": "ZDI-CAN-1881", "zdi_id": "ZDI-14-054" }, { "cve": "CVE-2013-6771", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-14-053/advisory.json", "detail_path": "advisories/ZDI-14-053", "id": "ZDI-14-053", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Splunk runshellscript echo.sh Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-053/", "vendor": "Splunk", "vendor_url": null, "zdi_can": "ZDI-CAN-1895", "zdi_id": "ZDI-14-053" }, { "cve": "CVE-2013-6771", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-14-052/advisory.json", "detail_path": "advisories/ZDI-14-052", "id": "ZDI-14-052", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Splunk collect file Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-052/", "vendor": "Splunk", "vendor_url": null, "zdi_can": "ZDI-CAN-1864", "zdi_id": "ZDI-14-052" }, { "cve": "CVE-2013-4841", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the dbd_manager component which receive...", "detail_json": "/data/advisories/ZDI-14-051/advisory.json", "detail_path": "advisories/ZDI-14-051", "id": "ZDI-14-051", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance dbd_manager libens Unmarshalling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-051/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1509", "zdi_id": "ZDI-14-051" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Cloud Identify Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet called ExtensionAccessSe...", "detail_json": "/data/advisories/ZDI-14-050/advisory.json", "detail_path": "advisories/ZDI-14-050", "id": "ZDI-14-050", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "McAfee Cloud Identity Manager ExtensionAccessServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-050/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-1929", "zdi_id": "ZDI-14-050" }, { "cve": "CVE-2014-1251", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-049/advisory.json", "detail_path": "advisories/ZDI-14-049", "id": "ZDI-14-049", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime clef Atom Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-049/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1945", "zdi_id": "ZDI-14-049" }, { "cve": "CVE-2014-1246", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-048/advisory.json", "detail_path": "advisories/ZDI-14-048", "id": "ZDI-14-048", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime ftab Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-048/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1943", "zdi_id": "ZDI-14-048" }, { "cve": "CVE-2014-1245", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-047/advisory.json", "detail_path": "advisories/ZDI-14-047", "id": "ZDI-14-047", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime stsz Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-047/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1939", "zdi_id": "ZDI-14-047" }, { "cve": "CVE-2014-1247", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-046/advisory.json", "detail_path": "advisories/ZDI-14-046", "id": "ZDI-14-046", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime dref Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-046/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1940", "zdi_id": "ZDI-14-046" }, { "cve": "CVE-2014-1244", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-045/advisory.json", "detail_path": "advisories/ZDI-14-045", "id": "ZDI-14-045", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime stsz Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-045/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1860", "zdi_id": "ZDI-14-045" }, { "cve": "CVE-2014-1243", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-14-044/advisory.json", "detail_path": "advisories/ZDI-14-044", "id": "ZDI-14-044", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-044/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1737", "zdi_id": "ZDI-14-044" }, { "cve": "CVE-2013-6207", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The iss...", "detail_json": "/data/advisories/ZDI-14-043/advisory.json", "detail_path": "advisories/ZDI-14-043", "id": "ZDI-14-043", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-043/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2084", "zdi_id": "ZDI-14-043" }, { "cve": "CVE-2013-6203", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Information Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to access confi...", "detail_json": "/data/advisories/ZDI-14-042/advisory.json", "detail_path": "advisories/ZDI-14-042", "id": "ZDI-14-042", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Hewlett-Packard Application Information Optimizer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-042/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1656", "zdi_id": "ZDI-14-042" }, { "cve": "CVE-2013-6204", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Information Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset function...", "detail_json": "/data/advisories/ZDI-14-041/advisory.json", "detail_path": "advisories/ZDI-14-041", "id": "ZDI-14-041", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Hewlett-Packard Application Information Optimizer Credential Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-041/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2004", "zdi_id": "ZDI-14-041" }, { "cve": "CVE-2014-0498", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-040/advisory.json", "detail_path": "advisories/ZDI-14-040", "id": "ZDI-14-040", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-040/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-2070", "zdi_id": "ZDI-14-040" }, { "cve": "CVE-2013-6724", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS SamplePower. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-14-039/advisory.json", "detail_path": "advisories/ZDI-14-039", "id": "ZDI-14-039", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-039/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1950", "zdi_id": "ZDI-14-039" }, { "cve": "CVE-2013-5907", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-14-038/advisory.json", "detail_path": "advisories/ZDI-14-038", "id": "ZDI-14-038", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-038/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-2020", "zdi_id": "ZDI-14-038" }, { "cve": "CVE-2013-5400", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-14-037/advisory.json", "detail_path": "advisories/ZDI-14-037", "id": "ZDI-14-037", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "IBM Platform Symphony DE Auth-Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-037/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1970", "zdi_id": "ZDI-14-037" }, { "cve": "CVE-2014-0307", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-036/advisory.json", "detail_path": "advisories/ZDI-14-036", "id": "ZDI-14-036", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Microsoft Internet Explorer HtmlLayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-036/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2073", "zdi_id": "ZDI-14-036" }, { "cve": "CVE-2014-0308", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-035/advisory.json", "detail_path": "advisories/ZDI-14-035", "id": "ZDI-14-035", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-035/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2072", "zdi_id": "ZDI-14-035" }, { "cve": "CVE-2014-0313", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-034/advisory.json", "detail_path": "advisories/ZDI-14-034", "id": "ZDI-14-034", "kind": "published", "published_date": "2014-04-03", "status": "published", "title": "Microsoft Internet Explorer Heap Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-034/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2046", "zdi_id": "ZDI-14-034" }, { "cve": "CVE-2014-0312", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-033/advisory.json", "detail_path": "advisories/ZDI-14-033", "id": "ZDI-14-033", "kind": "published", "published_date": "2014-03-20", "status": "published", "title": "Microsoft Internet Explorer CSelectElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-033/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2040", "zdi_id": "ZDI-14-033" }, { "cve": "CVE-2014-0299", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-032/advisory.json", "detail_path": "advisories/ZDI-14-032", "id": "ZDI-14-032", "kind": "published", "published_date": "2014-03-20", "status": "published", "title": "Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-032/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2033", "zdi_id": "ZDI-14-032" }, { "cve": "CVE-2014-0298", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-031/advisory.json", "detail_path": "advisories/ZDI-14-031", "id": "ZDI-14-031", "kind": "published", "published_date": "2014-03-20", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-031/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2030", "zdi_id": "ZDI-14-031" }, { "cve": "CVE-2014-0297", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-030/advisory.json", "detail_path": "advisories/ZDI-14-030", "id": "ZDI-14-030", "kind": "published", "published_date": "2014-03-20", "status": "published", "title": "Microsoft Internet Explorer CTraversalMarkupPointer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2029", "zdi_id": "ZDI-14-030" }, { "cve": "CVE-2013-0946", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Library Manager (rob...", "detail_json": "/data/advisories/ZDI-14-029/advisory.json", "detail_path": "advisories/ZDI-14-029", "id": "ZDI-14-029", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "EMC AlphaStor Library Manager 0x4f Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-029/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1811", "zdi_id": "ZDI-14-029" }, { "cve": "CVE-2014-0281", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-028/advisory.json", "detail_path": "advisories/ZDI-14-028", "id": "ZDI-14-028", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-028/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2035", "zdi_id": "ZDI-14-028" }, { "cve": "CVE-2014-0289", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-027/advisory.json", "detail_path": "advisories/ZDI-14-027", "id": "ZDI-14-027", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CMarkupPointer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2034", "zdi_id": "ZDI-14-027" }, { "cve": "CVE-2014-0275", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-026/advisory.json", "detail_path": "advisories/ZDI-14-026", "id": "ZDI-14-026", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CAreaElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2006", "zdi_id": "ZDI-14-026" }, { "cve": "CVE-2014-0274", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-025/advisory.json", "detail_path": "advisories/ZDI-14-025", "id": "ZDI-14-025", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2005", "zdi_id": "ZDI-14-025" }, { "cve": "CVE-2014-0287", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-024/advisory.json", "detail_path": "advisories/ZDI-14-024", "id": "ZDI-14-024", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CHtmlLayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-2002", "zdi_id": "ZDI-14-024" }, { "cve": "CVE-2014-0286", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-023/advisory.json", "detail_path": "advisories/ZDI-14-023", "id": "ZDI-14-023", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CInputElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-023/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1984", "zdi_id": "ZDI-14-023" }, { "cve": "CVE-2014-0288", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-022/advisory.json", "detail_path": "advisories/ZDI-14-022", "id": "ZDI-14-022", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CDivElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1982", "zdi_id": "ZDI-14-022" }, { "cve": "CVE-2014-0269", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-021/advisory.json", "detail_path": "advisories/ZDI-14-021", "id": "ZDI-14-021", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-021/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1974", "zdi_id": "ZDI-14-021" }, { "cve": "CVE-2014-0270", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-020/advisory.json", "detail_path": "advisories/ZDI-14-020", "id": "ZDI-14-020", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1973", "zdi_id": "ZDI-14-020" }, { "cve": "CVE-2014-0263", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-019/advisory.json", "detail_path": "advisories/ZDI-14-019", "id": "ZDI-14-019", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "Microsoft Direct2D Graphics Component Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1877", "zdi_id": "ZDI-14-019" }, { "cve": "CVE-2013-6749", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-14-018/advisory.json", "detail_path": "advisories/ZDI-14-018", "id": "ZDI-14-018", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-018/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-2027", "zdi_id": "ZDI-14-018" }, { "cve": "CVE-2013-5387", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-14-017/advisory.json", "detail_path": "advisories/ZDI-14-017", "id": "ZDI-14-017", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "IBM Platform Symphony DE Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-017/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1969", "zdi_id": "ZDI-14-017" }, { "cve": "CVE-2014-0751", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component...", "detail_json": "/data/advisories/ZDI-14-016/advisory.json", "detail_path": "advisories/ZDI-14-016", "id": "ZDI-14-016", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-016/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1623", "zdi_id": "ZDI-14-016" }, { "cve": "CVE-2014-0750", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component p...", "detail_json": "/data/advisories/ZDI-14-015/advisory.json", "detail_path": "advisories/ZDI-14-015", "id": "ZDI-14-015", "kind": "published", "published_date": "2014-02-13", "status": "published", "title": "GE Proficy CIMPLICITY gefebt.exe File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-015/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1622", "zdi_id": "ZDI-14-015" }, { "cve": "CVE-2014-0492", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-14-014/advisory.json", "detail_path": "advisories/ZDI-14-014", "id": "ZDI-14-014", "kind": "published", "published_date": "2014-02-05", "status": "published", "title": "Adobe Flash Player Jump Opcode Information Leak Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-014/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1993", "zdi_id": "ZDI-14-014" }, { "cve": "CVE-2013-5907", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-14-013/advisory.json", "detail_path": "advisories/ZDI-14-013", "id": "ZDI-14-013", "kind": "published", "published_date": "2014-02-05", "status": "published", "title": "Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-013/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1979", "zdi_id": "ZDI-14-013" }, { "cve": "CVE-2013-2826", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which...", "detail_json": "/data/advisories/ZDI-14-012/advisory.json", "detail_path": "advisories/ZDI-14-012", "id": "ZDI-14-012", "kind": "published", "published_date": "2014-02-05", "status": "published", "title": "WellinTech KingSCADA KingAlarm & Event KAEManageServer Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-012/", "vendor": "WellinTech", "vendor_url": null, "zdi_can": "ZDI-CAN-1553", "zdi_id": "ZDI-14-012" }, { "cve": "CVE-2013-2827", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada KingGraphics. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-14-011/advisory.json", "detail_path": "advisories/ZDI-14-011", "id": "ZDI-14-011", "kind": "published", "published_date": "2014-02-05", "status": "published", "title": "WellinTech KingScada KingGraphic kxClientDownload ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-011/", "vendor": "WellinTech", "vendor_url": null, "zdi_can": "ZDI-CAN-1552", "zdi_id": "ZDI-14-011" }, { "cve": "CVE-2013-6189", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Information Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within oasoa.exe which...", "detail_json": "/data/advisories/ZDI-14-010/advisory.json", "detail_path": "advisories/ZDI-14-010", "id": "ZDI-14-010", "kind": "published", "published_date": "2014-01-29", "status": "published", "title": "HP Application Information Optimizer DataDirect OpenAccess GIOP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-010/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1666", "zdi_id": "ZDI-14-010" }, { "cve": "CVE-2013-6195", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-14-009/advisory.json", "detail_path": "advisories/ZDI-14-009", "id": "ZDI-14-009", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Multiple Opcodes Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-009/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-2008", "zdi_id": "ZDI-14-009" }, { "cve": "CVE-2013-2347", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup...", "detail_json": "/data/advisories/ZDI-14-008/advisory.json", "detail_path": "advisories/ZDI-14-008", "id": "ZDI-14-008", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-008/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1885", "zdi_id": "ZDI-14-008" }, { "cve": "CVE-2013-2350", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The...", "detail_json": "/data/advisories/ZDI-14-007/advisory.json", "detail_path": "advisories/ZDI-14-007", "id": "ZDI-14-007", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service rbda Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-007/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1897", "zdi_id": "ZDI-14-007" }, { "cve": "CVE-2013-2345", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The...", "detail_json": "/data/advisories/ZDI-14-006/advisory.json", "detail_path": "advisories/ZDI-14-006", "id": "ZDI-14-006", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service vrda Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-006/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1869", "zdi_id": "ZDI-14-006" }, { "cve": "CVE-2013-2349", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The...", "detail_json": "/data/advisories/ZDI-14-005/advisory.json", "detail_path": "advisories/ZDI-14-005", "id": "ZDI-14-005", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service vbda Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-005/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1896", "zdi_id": "ZDI-14-005" }, { "cve": "CVE-2013-2346", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The...", "detail_json": "/data/advisories/ZDI-14-004/advisory.json", "detail_path": "advisories/ZDI-14-004", "id": "ZDI-14-004", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service rrda Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-004/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1870", "zdi_id": "ZDI-14-004" }, { "cve": "CVE-2013-6194", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup...", "detail_json": "/data/advisories/ZDI-14-003/advisory.json", "detail_path": "advisories/ZDI-14-003", "id": "ZDI-14-003", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service Opcode 42 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-003/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1905", "zdi_id": "ZDI-14-003" }, { "cve": "CVE-2013-2348", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup...", "detail_json": "/data/advisories/ZDI-14-002/advisory.json", "detail_path": "advisories/ZDI-14-002", "id": "ZDI-14-002", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service Opcode 45 and 46 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-002/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1892", "zdi_id": "ZDI-14-002" }, { "cve": "CVE-2013-2344", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup...", "detail_json": "/data/advisories/ZDI-14-001/advisory.json", "detail_path": "advisories/ZDI-14-001", "id": "ZDI-14-001", "kind": "published", "published_date": "2014-01-10", "status": "published", "title": "Hewlett-Packard Data Protector Backup Client Service RxNtSetup Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-14-001/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1866", "zdi_id": "ZDI-14-001" }, { "cve": "CVE-2013-2555", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-288/advisory.json", "detail_path": "advisories/ZDI-13-288", "id": "ZDI-13-288", "kind": "published", "published_date": "2015-09-18", "status": "published", "title": "(Pwn2Own) Adobe Flash RTMP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-288/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1826", "zdi_id": "ZDI-13-288" }, { "cve": "CVE-2013-7396", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Apps and Samsung WatchOn. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-13-287/advisory.json", "detail_path": "advisories/ZDI-13-287", "id": "ZDI-13-287", "kind": "published", "published_date": "2013-12-31", "status": "published", "title": "(Mobile Pwn2Own) Samsung Apps/WatchON WebView JavaScript Bridge Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-287/", "vendor": "Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-2052", "zdi_id": "ZDI-13-287" }, { "cve": "CVE-2013-5228", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-13-286/advisory.json", "detail_path": "advisories/ZDI-13-286", "id": "ZDI-13-286", "kind": "published", "published_date": "2013-12-20", "status": "published", "title": "(Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-286/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-2071", "zdi_id": "ZDI-13-286" }, { "cve": "CVE-2013-5398", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Focal Point. Authentication is not required to exploit this vulnerability. The specific flaw exists within com.telelogic.focalpoint.pres.controlle...", "detail_json": "/data/advisories/ZDI-13-285/advisory.json", "detail_path": "advisories/ZDI-13-285", "id": "ZDI-13-285", "kind": "published", "published_date": "2013-12-20", "status": "published", "title": "IBM Rational Focal Point RequestAccessController Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-285/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1949", "zdi_id": "ZDI-13-285" }, { "cve": "CVE-2013-5397", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Focal Point. Authentication is not required to exploit this vulnerability. The specific flaw exists within com.telelogic.focalpoint.pres.controlle...", "detail_json": "/data/advisories/ZDI-13-284/advisory.json", "detail_path": "advisories/ZDI-13-284", "id": "ZDI-13-284", "kind": "published", "published_date": "2013-12-20", "status": "published", "title": "IBM Rational Focal Point LoginController Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-284/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1948", "zdi_id": "ZDI-13-284" }, { "cve": "CVE-2013-6810", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'SoftwareFi...", "detail_json": "/data/advisories/ZDI-13-283/advisory.json", "detail_path": "advisories/ZDI-13-283", "id": "ZDI-13-283", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war SoftwareFileUploadMoreInfoServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-283/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1751", "zdi_id": "ZDI-13-283" }, { "cve": "CVE-2013-6810", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to read arbitrary text files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within one of the p...", "detail_json": "/data/advisories/ZDI-13-282/advisory.json", "detail_path": "advisories/ZDI-13-282", "id": "ZDI-13-282", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-282/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1749", "zdi_id": "ZDI-13-282" }, { "cve": "CVE-2013-6810", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'UnifiedFil...", "detail_json": "/data/advisories/ZDI-13-281/advisory.json", "detail_path": "advisories/ZDI-13-281", "id": "ZDI-13-281", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war UnifiedFileUploadMoreInfoServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-281/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1748", "zdi_id": "ZDI-13-281" }, { "cve": "CVE-2013-6810", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'FileUpload...", "detail_json": "/data/advisories/ZDI-13-280/advisory.json", "detail_path": "advisories/ZDI-13-280", "id": "ZDI-13-280", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war FileUploadController Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-280/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1747", "zdi_id": "ZDI-13-280" }, { "cve": "CVE-2013-6810", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'FileUpload...", "detail_json": "/data/advisories/ZDI-13-279/advisory.json", "detail_path": "advisories/ZDI-13-279", "id": "ZDI-13-279", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition FileUploadController Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-279/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1746", "zdi_id": "ZDI-13-279" }, { "cve": "CVE-2013-6810", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'BootFileUp...", "detail_json": "/data/advisories/ZDI-13-278/advisory.json", "detail_path": "advisories/ZDI-13-278", "id": "ZDI-13-278", "kind": "published", "published_date": "2013-12-18", "status": "published", "title": "EMC Connectrix Manager Converged Network Edition inmservlets.war BootFileUploadMoreInfoServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-278/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1750", "zdi_id": "ZDI-13-278" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the storing of credentials in cleartext. The is...", "detail_json": "/data/advisories/ZDI-13-277/advisory.json", "detail_path": "advisories/ZDI-13-277", "id": "ZDI-13-277", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-277/", "vendor": "Ecava", "vendor_url": null, "zdi_can": "ZDI-CAN-1988", "zdi_id": "ZDI-13-277" }, { "cve": "CVE-2013-5554", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CISCO WAAS Mobile Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CAB files uploaded thro...", "detail_json": "/data/advisories/ZDI-13-276/advisory.json", "detail_path": "advisories/ZDI-13-276", "id": "ZDI-13-276", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Cisco WAAS Mobile Server ReportReceiver CAB Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-276/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1862", "zdi_id": "ZDI-13-276" }, { "cve": "CVE-2013-5330", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-275/advisory.json", "detail_path": "advisories/ZDI-13-275", "id": "ZDI-13-275", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Adobe Flash Player Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-275/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1997", "zdi_id": "ZDI-13-275" }, { "cve": "CVE-2013-5447", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Forms Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-13-274/advisory.json", "detail_path": "advisories/ZDI-13-274", "id": "ZDI-13-274", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "IBM Forms Viewer 'fontname' Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-274/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1976", "zdi_id": "ZDI-13-274" }, { "cve": "CVE-2013-5049", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-273/advisory.json", "detail_path": "advisories/ZDI-13-273", "id": "ZDI-13-273", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Microsoft Internet Explorer CObjectElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-273/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1986", "zdi_id": "ZDI-13-273" }, { "cve": "CVE-2013-5047", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-272/advisory.json", "detail_path": "advisories/ZDI-13-272", "id": "ZDI-13-272", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Microsoft Internet Explorer CMarkup::Insert Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-272/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1985", "zdi_id": "ZDI-13-272" }, { "cve": "CVE-2013-5048", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-271/advisory.json", "detail_path": "advisories/ZDI-13-271", "id": "ZDI-13-271", "kind": "published", "published_date": "2013-12-15", "status": "published", "title": "Microsoft Internet Explorer Unitialized Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-271/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1980", "zdi_id": "ZDI-13-271" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wserver.exe component which listens o...", "detail_json": "/data/advisories/ZDI-13-270/advisory.json", "detail_path": "advisories/ZDI-13-270", "id": "ZDI-13-270", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "ABB MicroSCADA Wserver wserver.exe EXECUTE Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-270/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-1785", "zdi_id": "ZDI-13-270" }, { "cve": null, "cvss": 6.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Valve Steam. No action is necessary on the part of the vulnerable Steam user other than signing on to the Steam service. The specific flaw exists within the ha...", "detail_json": "/data/advisories/ZDI-13-269/advisory.json", "detail_path": "advisories/ZDI-13-269", "id": "ZDI-13-269", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Valve Steam User Chat Message Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-269/", "vendor": "Valve", "vendor_url": null, "zdi_can": "ZDI-CAN-1975", "zdi_id": "ZDI-13-269" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wserver.exe component which listens o...", "detail_json": "/data/advisories/ZDI-13-268/advisory.json", "detail_path": "advisories/ZDI-13-268", "id": "ZDI-13-268", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "ABB MicroSCADA Wserver wserver.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-268/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-1772", "zdi_id": "ZDI-13-268" }, { "cve": "CVE-2013-3917", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-267/advisory.json", "detail_path": "advisories/ZDI-13-267", "id": "ZDI-13-267", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Microsoft Internet Explorer CHTMLEditor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-267/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1972", "zdi_id": "ZDI-13-267" }, { "cve": "CVE-2013-3912", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-266/advisory.json", "detail_path": "advisories/ZDI-13-266", "id": "ZDI-13-266", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-266/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1947", "zdi_id": "ZDI-13-266" }, { "cve": "CVE-2013-3911", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-265/advisory.json", "detail_path": "advisories/ZDI-13-265", "id": "ZDI-13-265", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Microsoft Internet Explorer CEditAdorner Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-265/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1944", "zdi_id": "ZDI-13-265" }, { "cve": "CVE-2013-3910", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-264/advisory.json", "detail_path": "advisories/ZDI-13-264", "id": "ZDI-13-264", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Microsoft Internet Explorer CSelectTracker Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-264/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1933", "zdi_id": "ZDI-13-264" }, { "cve": "CVE-2013-4835", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the issueSiebelCmd() web method. A remote attacker...", "detail_json": "/data/advisories/ZDI-13-263/advisory.json", "detail_path": "advisories/ZDI-13-263", "id": "ZDI-13-263", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP SiteScope issueSiebelCmd SOAP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-263/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1765", "zdi_id": "ZDI-13-263" }, { "cve": "CVE-2013-4836", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service named Gossip...", "detail_json": "/data/advisories/ZDI-13-262/advisory.json", "detail_path": "advisories/ZDI-13-262", "id": "ZDI-13-262", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP Application Lifecycle Management GossipService SOAP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-262/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1759", "zdi_id": "ZDI-13-262" }, { "cve": "CVE-2013-4839", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationA...", "detail_json": "/data/advisories/ZDI-13-261/advisory.json", "detail_path": "advisories/ZDI-13-261", "id": "ZDI-13-261", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP Virtual User Generator EmulationAdmin Service getReport Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-261/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1851", "zdi_id": "ZDI-13-261" }, { "cve": "CVE-2013-4838", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationA...", "detail_json": "/data/advisories/ZDI-13-260/advisory.json", "detail_path": "advisories/ZDI-13-260", "id": "ZDI-13-260", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP Virtual User Generator EmulationAdmin Service saveCodeRuleFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-260/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1850", "zdi_id": "ZDI-13-260" }, { "cve": "CVE-2013-4837", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationA...", "detail_json": "/data/advisories/ZDI-13-259/advisory.json", "detail_path": "advisories/ZDI-13-259", "id": "ZDI-13-259", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP Virtual User Generator EmulationAdmin Service copyFileToServer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-259/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1832", "zdi_id": "ZDI-13-259" }, { "cve": "CVE-2013-1084", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unmaninv web service. The issue lies in the...", "detail_json": "/data/advisories/ZDI-13-258/advisory.json", "detail_path": "advisories/ZDI-13-258", "id": "ZDI-13-258", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Novell ZENworks umaninv Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-258/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1790", "zdi_id": "ZDI-13-258" }, { "cve": "CVE-2013-2366", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Business Process Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the tp_bpm_a...", "detail_json": "/data/advisories/ZDI-13-257/advisory.json", "detail_path": "advisories/ZDI-13-257", "id": "ZDI-13-257", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "HP Business Process Monitor tp_bpm_admin.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-257/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1802", "zdi_id": "ZDI-13-257" }, { "cve": "CVE-2013-5487", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. Without p...", "detail_json": "/data/advisories/ZDI-13-256/advisory.json", "detail_path": "advisories/ZDI-13-256", "id": "ZDI-13-256", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Cisco Data Center Network Manager downloadServlet Remote Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-256/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1768", "zdi_id": "ZDI-13-256" }, { "cve": "CVE-2013-5486", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet. Multipl...", "detail_json": "/data/advisories/ZDI-13-255/advisory.json", "detail_path": "advisories/ZDI-13-255", "id": "ZDI-13-255", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Cisco Data Center Network Manager fileUploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-255/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1767", "zdi_id": "ZDI-13-255" }, { "cve": "CVE-2013-5486", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processImageSave_jsp servl...", "detail_json": "/data/advisories/ZDI-13-254/advisory.json", "detail_path": "advisories/ZDI-13-254", "id": "ZDI-13-254", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Cisco Data Center Network Manager processImageSave_jsp Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-254/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1766", "zdi_id": "ZDI-13-254" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-13-253/advisory.json", "detail_path": "advisories/ZDI-13-253", "id": "ZDI-13-253", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "ABB RobotStudio Tools CWGraph3D ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-253/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-1834", "zdi_id": "ZDI-13-253" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of POST requests. By sending a malfo...", "detail_json": "/data/advisories/ZDI-13-252/advisory.json", "detail_path": "advisories/ZDI-13-252", "id": "ZDI-13-252", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "Cogent DataHub Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-252/", "vendor": "Cogent Real-Time Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-1981", "zdi_id": "ZDI-13-252" }, { "cve": "CVE-2013-1492", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the yaSSL library that is optionally used by My...", "detail_json": "/data/advisories/ZDI-13-251/advisory.json", "detail_path": "advisories/ZDI-13-251", "id": "ZDI-13-251", "kind": "published", "published_date": "2013-11-24", "status": "published", "title": "MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-251/", "vendor": "MySQL", "vendor_url": null, "zdi_can": "ZDI-CAN-1578", "zdi_id": "ZDI-13-251" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PANDA Security for Business Communications. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'Panda AdminSecur...", "detail_json": "/data/advisories/ZDI-13-250/advisory.json", "detail_path": "advisories/ZDI-13-250", "id": "ZDI-13-250", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "PANDA Security Communications Agent Service Pagent.exe 'MESSAGE_FROM_REMOTE' Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-250/", "vendor": "Panda Software", "vendor_url": null, "zdi_can": "ZDI-CAN-1762", "zdi_id": "ZDI-13-250" }, { "cve": "CVE-2013-3828", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Oracle BPEL Process Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptServlet. It suffers...", "detail_json": "/data/advisories/ZDI-13-249/advisory.json", "detail_path": "advisories/ZDI-13-249", "id": "ZDI-13-249", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle BPEL Process Manager ScriptServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-249/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1761", "zdi_id": "ZDI-13-249" }, { "cve": "CVE-2013-5830", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-248/advisory.json", "detail_path": "advisories/ZDI-13-248", "id": "ZDI-13-248", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle Java LDAP Deserialization Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-248/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1908", "zdi_id": "ZDI-13-248" }, { "cve": "CVE-2013-5829", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific v...", "detail_json": "/data/advisories/ZDI-13-247/advisory.json", "detail_path": "advisories/ZDI-13-247", "id": "ZDI-13-247", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle Java FileImageInputStream Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-247/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1894", "zdi_id": "ZDI-13-247" }, { "cve": "CVE-2013-5842", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-246/advisory.json", "detail_path": "advisories/ZDI-13-246", "id": "ZDI-13-246", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle Java ObjectOutputStream Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-246/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1880", "zdi_id": "ZDI-13-246" }, { "cve": "CVE-2013-5783", "cvss": 5.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-245/advisory.json", "detail_path": "advisories/ZDI-13-245", "id": "ZDI-13-245", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle Java NumberFormatter and RealTimeSequencer Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-245/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1878", "zdi_id": "ZDI-13-245" }, { "cve": "CVE-2013-5817", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-244/advisory.json", "detail_path": "advisories/ZDI-13-244", "id": "ZDI-13-244", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Oracle Java LdapCtx Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-244/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1849", "zdi_id": "ZDI-13-244" }, { "cve": "CVE-2013-4827", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APM module's AppDataDaoImpl...", "detail_json": "/data/advisories/ZDI-13-243/advisory.json", "detail_path": "advisories/ZDI-13-243", "id": "ZDI-13-243", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center APM monitorId SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-243/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1664", "zdi_id": "ZDI-13-243" }, { "cve": "CVE-2013-4826", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sdFileDo...", "detail_json": "/data/advisories/ZDI-13-242/advisory.json", "detail_path": "advisories/ZDI-13-242", "id": "ZDI-13-242", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center SOM sdFileDownload Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-242/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1647", "zdi_id": "ZDI-13-242" }, { "cve": "CVE-2013-4825", "cvss": 4.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUt...", "detail_json": "/data/advisories/ZDI-13-241/advisory.json", "detail_path": "advisories/ZDI-13-241", "id": "ZDI-13-241", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center CommonUtils Static DES/ECB Decryption Key Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-241/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1645", "zdi_id": "ZDI-13-241" }, { "cve": "CVE-2013-4824", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOM's euAccountService serv...", "detail_json": "/data/advisories/ZDI-13-240/advisory.json", "detail_path": "advisories/ZDI-13-240", "id": "ZDI-13-240", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center SOM euAccountService Servlet Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-240/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1644", "zdi_id": "ZDI-13-240" }, { "cve": "CVE-2013-4823", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bimsDown...", "detail_json": "/data/advisories/ZDI-13-239/advisory.json", "detail_path": "advisories/ZDI-13-239", "id": "ZDI-13-239", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center BIMS bimsDownload Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-239/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1607", "zdi_id": "ZDI-13-239" }, { "cve": "CVE-2013-4822", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet...", "detail_json": "/data/advisories/ZDI-13-238/advisory.json", "detail_path": "advisories/ZDI-13-238", "id": "ZDI-13-238", "kind": "published", "published_date": "2013-10-16", "status": "published", "title": "Hewlett-Packard Intelligent Management Center BIMS UploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-238/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1606", "zdi_id": "ZDI-13-238" }, { "cve": "CVE-2013-3128", "cvss": 7.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to causes a persistent Denial-of-Service on machines running vulnerable versions of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a vulnerable font. The sp...", "detail_json": "/data/advisories/ZDI-13-237/advisory.json", "detail_path": "advisories/ZDI-13-237", "id": "ZDI-13-237", "kind": "published", "published_date": "2013-10-11", "status": "published", "title": "Microsoft Windows OpenType Font Parsing Persistent Denial-of-Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-237/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1754", "zdi_id": "ZDI-13-237" }, { "cve": "CVE-2013-3872", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-236/advisory.json", "detail_path": "advisories/ZDI-13-236", "id": "ZDI-13-236", "kind": "published", "published_date": "2013-10-08", "status": "published", "title": "Microsoft Internet Explorer CLayout Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-236/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1930", "zdi_id": "ZDI-13-236" }, { "cve": "CVE-2013-3894", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-235/advisory.json", "detail_path": "advisories/ZDI-13-235", "id": "ZDI-13-235", "kind": "published", "published_date": "2013-10-08", "status": "published", "title": "Microsoft Windows TTF CMAP Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-235/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1882", "zdi_id": "ZDI-13-235" }, { "cve": "CVE-2013-3874", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-234/advisory.json", "detail_path": "advisories/ZDI-13-234", "id": "ZDI-13-234", "kind": "published", "published_date": "2013-10-08", "status": "published", "title": "Microsoft Internet Explorer CFontElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-234/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1942", "zdi_id": "ZDI-13-234" }, { "cve": "CVE-2013-3873", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-233/advisory.json", "detail_path": "advisories/ZDI-13-233", "id": "ZDI-13-233", "kind": "published", "published_date": "2013-10-08", "status": "published", "title": "Microsoft Internet Explorer HtmlLayout::SmartObject Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-233/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1941", "zdi_id": "ZDI-13-233" }, { "cve": "CVE-2013-3871", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-232/advisory.json", "detail_path": "advisories/ZDI-13-232", "id": "ZDI-13-232", "kind": "published", "published_date": "2013-10-08", "status": "published", "title": "Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-232/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1927", "zdi_id": "ZDI-13-232" }, { "cve": "CVE-2013-3846", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-231/advisory.json", "detail_path": "advisories/ZDI-13-231", "id": "ZDI-13-231", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-231/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1925", "zdi_id": "ZDI-13-231" }, { "cve": "CVE-2013-3358", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-230/advisory.json", "detail_path": "advisories/ZDI-13-230", "id": "ZDI-13-230", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Adobe Reader U3D PCX Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-230/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1931", "zdi_id": "ZDI-13-230" }, { "cve": "CVE-2013-4810", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus and Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed EJB...", "detail_json": "/data/advisories/ZDI-13-229/advisory.json", "detail_path": "advisories/ZDI-13-229", "id": "ZDI-13-229", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-229/", "vendor": "Hewlett-Packard, Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1760", "zdi_id": "ZDI-13-229" }, { "cve": "CVE-2013-4813", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus. Authentication is not required to exploit this vulnerability. The specific flaws exist within the Agent servlet. This servlet is vulnerable to a c...", "detail_json": "/data/advisories/ZDI-13-228/advisory.json", "detail_path": "advisories/ZDI-13-228", "id": "ZDI-13-228", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "HP PCM+ AgentController Servlet Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-228/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1745", "zdi_id": "ZDI-13-228" }, { "cve": "CVE-2013-4809", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEventsServlet. This servlet contains a SQL in...", "detail_json": "/data/advisories/ZDI-13-227/advisory.json", "detail_path": "advisories/ZDI-13-227", "id": "ZDI-13-227", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "HP PCM+ GetEventsServlet SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-227/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1744", "zdi_id": "ZDI-13-227" }, { "cve": "CVE-2013-4811", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateDomainControllerServlet. This servlet impr...", "detail_json": "/data/advisories/ZDI-13-226/advisory.json", "detail_path": "advisories/ZDI-13-226", "id": "ZDI-13-226", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "HP PCM+ SNAC Registration Server UpdateDomainControllerServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-226/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1743", "zdi_id": "ZDI-13-226" }, { "cve": "CVE-2013-4812", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateCertificatesServlet. This servlet improper...", "detail_json": "/data/advisories/ZDI-13-225/advisory.json", "detail_path": "advisories/ZDI-13-225", "id": "ZDI-13-225", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "HP PCM+ SNAC Registration Server UpdateCertificatesServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-225/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1742", "zdi_id": "ZDI-13-225" }, { "cve": "CVE-2013-3201", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-224/advisory.json", "detail_path": "advisories/ZDI-13-224", "id": "ZDI-13-224", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CHtmParse Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-224/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1863", "zdi_id": "ZDI-13-224" }, { "cve": "CVE-2013-3203", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-223/advisory.json", "detail_path": "advisories/ZDI-13-223", "id": "ZDI-13-223", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-223/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1926", "zdi_id": "ZDI-13-223" }, { "cve": "CVE-2013-3845", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-222/advisory.json", "detail_path": "advisories/ZDI-13-222", "id": "ZDI-13-222", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-222/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1924", "zdi_id": "ZDI-13-222" }, { "cve": "CVE-2013-3209", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-221/advisory.json", "detail_path": "advisories/ZDI-13-221", "id": "ZDI-13-221", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CSegment Object Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-221/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1913", "zdi_id": "ZDI-13-221" }, { "cve": "CVE-2013-3208", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-220/advisory.json", "detail_path": "advisories/ZDI-13-220", "id": "ZDI-13-220", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CAtomTable Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-220/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1917", "zdi_id": "ZDI-13-220" }, { "cve": "CVE-2013-3207", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-219/advisory.json", "detail_path": "advisories/ZDI-13-219", "id": "ZDI-13-219", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CBlockElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-219/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1912", "zdi_id": "ZDI-13-219" }, { "cve": "CVE-2013-3206", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-218/advisory.json", "detail_path": "advisories/ZDI-13-218", "id": "ZDI-13-218", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CWindow Destructor Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-218/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1893", "zdi_id": "ZDI-13-218" }, { "cve": "CVE-2013-3205", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-217/advisory.json", "detail_path": "advisories/ZDI-13-217", "id": "ZDI-13-217", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-217/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1907", "zdi_id": "ZDI-13-217" }, { "cve": "CVE-2013-3202", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-216/advisory.json", "detail_path": "advisories/ZDI-13-216", "id": "ZDI-13-216", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Internet Explorer CTreePos Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-216/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1909", "zdi_id": "ZDI-13-216" }, { "cve": "CVE-2013-3863", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-215/advisory.json", "detail_path": "advisories/ZDI-13-215", "id": "ZDI-13-215", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Microsoft Visio Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-215/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1799", "zdi_id": "ZDI-13-215" }, { "cve": "CVE-2013-3026", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-13-214/advisory.json", "detail_path": "advisories/ZDI-13-214", "id": "ZDI-13-214", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "IBM Quickr for Domino ActiveX Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-214/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1812", "zdi_id": "ZDI-13-214" }, { "cve": "CVE-2013-3027", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-13-213/advisory.json", "detail_path": "advisories/ZDI-13-213", "id": "ZDI-13-213", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "IBM Lotus iNotes ActiveX Control Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-213/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1971", "zdi_id": "ZDI-13-213" }, { "cve": "CVE-2013-3346", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-212/advisory.json", "detail_path": "advisories/ZDI-13-212", "id": "ZDI-13-212", "kind": "published", "published_date": "2013-09-11", "status": "published", "title": "Adobe Reader ToolButton Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-212/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1601", "zdi_id": "ZDI-13-212" }, { "cve": null, "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Polaris Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the parsing of a DOCX...", "detail_json": "/data/advisories/ZDI-13-211/advisory.json", "detail_path": "advisories/ZDI-13-211", "id": "ZDI-13-211", "kind": "published", "published_date": "2013-08-29", "status": "published", "title": "(0Day) (Mobile Pwn2Own) Polaris Viewer DOCX VML Shape Tag Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-211/", "vendor": "Samsung, Samsung, Samsung, Samsung", "vendor_url": null, "zdi_can": "ZDI-CAN-1658", "zdi_id": "ZDI-13-211" }, { "cve": "CVE-2013-4854", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a le...", "detail_json": "/data/advisories/ZDI-13-210/advisory.json", "detail_path": "advisories/ZDI-13-210", "id": "ZDI-13-210", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "ISC BIND rdata Denial Of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-210/", "vendor": "ISC", "vendor_url": null, "zdi_can": "ZDI-CAN-1911", "zdi_id": "ZDI-13-210" }, { "cve": "CVE-2013-4801", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-209/advisory.json", "detail_path": "advisories/ZDI-13-209", "id": "ZDI-13-209", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner lrLRIServices ActiveX Control SetOutputDirectory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-209/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1736", "zdi_id": "ZDI-13-209" }, { "cve": "CVE-2013-4799", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XDR. The issue lies in the handlin...", "detail_json": "/data/advisories/ZDI-13-208/advisory.json", "detail_path": "advisories/ZDI-13-208", "id": "ZDI-13-208", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-208/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1734", "zdi_id": "ZDI-13-208" }, { "cve": "CVE-2013-4798", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-13-207/advisory.json", "detail_path": "advisories/ZDI-13-207", "id": "ZDI-13-207", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner lrFileIOService ActiveX Control WriteFileString Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-207/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1705", "zdi_id": "ZDI-13-207" }, { "cve": "CVE-2013-4797", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-206/advisory.json", "detail_path": "advisories/ZDI-13-206", "id": "ZDI-13-206", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner LrWebIEBrowserMgr.dll ActiveX Control FlushSnapshotToFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-206/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1690", "zdi_id": "ZDI-13-206" }, { "cve": "CVE-2013-2367", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within APIBSMIntegrationImpl's processing of the runOMAgen...", "detail_json": "/data/advisories/ZDI-13-205/advisory.json", "detail_path": "advisories/ZDI-13-205", "id": "ZDI-13-205", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-205/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1678", "zdi_id": "ZDI-13-205" }, { "cve": "CVE-2013-2362", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP System Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the iprange parameter when...", "detail_json": "/data/advisories/ZDI-13-204/advisory.json", "detail_path": "advisories/ZDI-13-204", "id": "ZDI-13-204", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard System Management iprange Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-204/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1676", "zdi_id": "ZDI-13-204" }, { "cve": "CVE-2013-2369", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-203/advisory.json", "detail_path": "advisories/ZDI-13-203", "id": "ZDI-13-203", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner lrFileIOService ActiveX Control CreateFileCont Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-203/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1670", "zdi_id": "ZDI-13-203" }, { "cve": "CVE-2013-2368", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-202/advisory.json", "detail_path": "advisories/ZDI-13-202", "id": "ZDI-13-202", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard LoadRunner micWebAjax.dll ActiveX Control NotifyEvent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-202/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1669", "zdi_id": "ZDI-13-202" }, { "cve": "CVE-2013-2351", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager i. Authentication is not required to exploit this vulnerability. The specific flaw exists within pmd.exe, which listens by default on T...", "detail_json": "/data/advisories/ZDI-13-201/advisory.json", "detail_path": "advisories/ZDI-13-201", "id": "ZDI-13-201", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard Network Node Manager I pmd.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-201/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1566", "zdi_id": "ZDI-13-201" }, { "cve": "CVE-2013-4802", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of HP Application Lifecycle Management Quality Center. User interaction is required to exploit this vulnerability in that the target must visit a ma...", "detail_json": "/data/advisories/ZDI-13-200/advisory.json", "detail_path": "advisories/ZDI-13-200", "id": "ZDI-13-200", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Hewlett-Packard Application Lifecycle Management Quality Center Multiple Cross-Site Scripting Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-200/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1565", "zdi_id": "ZDI-13-200" }, { "cve": "CVE-2013-3751", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database. Authentication is not required to exploit this vulnerability. The specific flaw exists in the LpxFSMDom function. This function is responsible...", "detail_json": "/data/advisories/ZDI-13-199/advisory.json", "detail_path": "advisories/ZDI-13-199", "id": "ZDI-13-199", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Oracle Database Server SQL QName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-199/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1560", "zdi_id": "ZDI-13-199" }, { "cve": "CVE-2013-3194", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-198/advisory.json", "detail_path": "advisories/ZDI-13-198", "id": "ZDI-13-198", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-198/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1867", "zdi_id": "ZDI-13-198" }, { "cve": "CVE-2013-3199", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-197/advisory.json", "detail_path": "advisories/ZDI-13-197", "id": "ZDI-13-197", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Microsoft Internet Explorer Undo Command Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-197/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1859", "zdi_id": "ZDI-13-197" }, { "cve": "CVE-2013-3193", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-196/advisory.json", "detail_path": "advisories/ZDI-13-196", "id": "ZDI-13-196", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Microsoft Internet Explorer selectAll/RemoveFormat execCommand Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-196/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1858", "zdi_id": "ZDI-13-196" }, { "cve": "CVE-2013-3184", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-195/advisory.json", "detail_path": "advisories/ZDI-13-195", "id": "ZDI-13-195", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-195/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1861", "zdi_id": "ZDI-13-195" }, { "cve": "CVE-2013-3184", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-194/advisory.json", "detail_path": "advisories/ZDI-13-194", "id": "ZDI-13-194", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Microsoft Internet Explorer CreateMarkupPointer2 Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1922", "zdi_id": "ZDI-13-194" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-193/advisory.json", "detail_path": "advisories/ZDI-13-193", "id": "ZDI-13-193", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-193/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1871", "zdi_id": "ZDI-13-193" }, { "cve": "CVE-2013-2556", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-192/advisory.json", "detail_path": "advisories/ZDI-13-192", "id": "ZDI-13-192", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "(Pwn2Own) Microsoft Windows Shared Data ASLR Security Feature Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-192/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1836", "zdi_id": "ZDI-13-192" }, { "cve": "CVE-2013-3764", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBind...", "detail_json": "/data/advisories/ZDI-13-191/advisory.json", "detail_path": "advisories/ZDI-13-191", "id": "ZDI-13-191", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-191/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1787", "zdi_id": "ZDI-13-191" }, { "cve": "CVE-2013-3763", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBind...", "detail_json": "/data/advisories/ZDI-13-190/advisory.json", "detail_path": "advisories/ZDI-13-190", "id": "ZDI-13-190", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-190/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1784", "zdi_id": "ZDI-13-190" }, { "cve": "CVE-2012-0411", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-13-189/advisory.json", "detail_path": "advisories/ZDI-13-189", "id": "ZDI-13-189", "kind": "published", "published_date": "2013-08-13", "status": "published", "title": "Novell iPrint Client op-client-interface-version Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-189/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1533", "zdi_id": "ZDI-13-189" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaw exists with input sanitization in the test_li_connection.p...", "detail_json": "/data/advisories/ZDI-13-188/advisory.json", "detail_path": "advisories/ZDI-13-188", "id": "ZDI-13-188", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure test_li_connection.php Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-188/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1886", "zdi_id": "ZDI-13-188" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaw exists with input sanitization in the confpremenu.php comp...", "detail_json": "/data/advisories/ZDI-13-187/advisory.json", "detail_path": "advisories/ZDI-13-187", "id": "ZDI-13-187", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure confpremenu.php Export Log Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-187/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1887", "zdi_id": "ZDI-13-187" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaw exists with input sanitization in the confpremenu.php comp...", "detail_json": "/data/advisories/ZDI-13-186/advisory.json", "detail_path": "advisories/ZDI-13-186", "id": "ZDI-13-186", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure confpremenu.php Install License Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-186/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1888", "zdi_id": "ZDI-13-186" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaw exists with input sanitization in the ldapsyncnow.php comp...", "detail_json": "/data/advisories/ZDI-13-185/advisory.json", "detail_path": "advisories/ZDI-13-185", "id": "ZDI-13-185", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure ldapsyncnow.php Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-185/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1889", "zdi_id": "ZDI-13-185" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaws exist with input sanitization in the livelog.html compone...", "detail_json": "/data/advisories/ZDI-13-184/advisory.json", "detail_path": "advisories/ZDI-13-184", "id": "ZDI-13-184", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure livelog.html Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-184/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1890", "zdi_id": "ZDI-13-184" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability. The specific flaws exist with input sanitization in the conflivelog.pl compo...", "detail_json": "/data/advisories/ZDI-13-183/advisory.json", "detail_path": "advisories/ZDI-13-183", "id": "ZDI-13-183", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(0Day) PineApp Mail-SeCure conflivelog.pl Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-183/", "vendor": "PineApp", "vendor_url": null, "zdi_can": "ZDI-CAN-1868", "zdi_id": "ZDI-13-183" }, { "cve": "CVE-2013-2370", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-182/advisory.json", "detail_path": "advisories/ZDI-13-182", "id": "ZDI-13-182", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Hewlett-Packard LoadRunner lrFileIOService ActiveX Control WriteFileBinary Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-182/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1671", "zdi_id": "ZDI-13-182" }, { "cve": "CVE-2013-2785", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component...", "detail_json": "/data/advisories/ZDI-13-181/advisory.json", "detail_path": "advisories/ZDI-13-181", "id": "ZDI-13-181", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "GE Proficy CIMPLICITY CimWebServer Broadcase/Init Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-181/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1624", "zdi_id": "ZDI-13-181" }, { "cve": "CVE-2013-2785", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component...", "detail_json": "/data/advisories/ZDI-13-180/advisory.json", "detail_path": "advisories/ZDI-13-180", "id": "ZDI-13-180", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "GE Proficy CIMPLICITY CimWebServer Password Decode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-180/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1621", "zdi_id": "ZDI-13-180" }, { "cve": "CVE-2013-2343", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra service, specifically with th...", "detail_json": "/data/advisories/ZDI-13-179/advisory.json", "detail_path": "advisories/ZDI-13-179", "id": "ZDI-13-179", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance Hydra Login Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-179/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1510", "zdi_id": "ZDI-13-179" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent Datahub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web server component's handling of HTTP heade...", "detail_json": "/data/advisories/ZDI-13-178/advisory.json", "detail_path": "advisories/ZDI-13-178", "id": "ZDI-13-178", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Cogent Datahub Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-178/", "vendor": "Cogent Real-Time Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-1915", "zdi_id": "ZDI-13-178" }, { "cve": "CVE-2013-3347", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-177/advisory.json", "detail_path": "advisories/ZDI-13-177", "id": "ZDI-13-177", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Adobe Flash Player Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-177/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1879", "zdi_id": "ZDI-13-177" }, { "cve": "CVE-2013-3146", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-176/advisory.json", "detail_path": "advisories/ZDI-13-176", "id": "ZDI-13-176", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer column-count Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-176/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1841", "zdi_id": "ZDI-13-176" }, { "cve": "CVE-2013-3145", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-175/advisory.json", "detail_path": "advisories/ZDI-13-175", "id": "ZDI-13-175", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CSpanElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-175/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1842", "zdi_id": "ZDI-13-175" }, { "cve": "CVE-2013-3147", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-174/advisory.json", "detail_path": "advisories/ZDI-13-174", "id": "ZDI-13-174", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer BubbleBecomeCurrent Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-174/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1838", "zdi_id": "ZDI-13-174" }, { "cve": "CVE-2013-3149", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-173/advisory.json", "detail_path": "advisories/ZDI-13-173", "id": "ZDI-13-173", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-173/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1837", "zdi_id": "ZDI-13-173" }, { "cve": "CVE-2013-3144", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-172/advisory.json", "detail_path": "advisories/ZDI-13-172", "id": "ZDI-13-172", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-172/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1818", "zdi_id": "ZDI-13-172" }, { "cve": "CVE-2013-1345", "cvss": 6.2, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must run a malicious executable. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-13-171/advisory.json", "detail_path": "advisories/ZDI-13-171", "id": "ZDI-13-171", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Windows win32k.sys Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-171/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1873", "zdi_id": "ZDI-13-171" }, { "cve": "CVE-2013-1300", "cvss": 6.9, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-170/advisory.json", "detail_path": "advisories/ZDI-13-170", "id": "ZDI-13-170", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "(Pwn2Own) Microsoft Windows NtUserMessageCall Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-170/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1891", "zdi_id": "ZDI-13-170" }, { "cve": "CVE-2013-4800", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of connections using SSL. The issue l...", "detail_json": "/data/advisories/ZDI-13-169/advisory.json", "detail_path": "advisories/ZDI-13-169", "id": "ZDI-13-169", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Hewlett-Packard LoadRunner Stack Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-169/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1735", "zdi_id": "ZDI-13-169" }, { "cve": "CVE-2013-3127", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-13-168/advisory.json", "detail_path": "advisories/ZDI-13-168", "id": "ZDI-13-168", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Windows Media Player WMV Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-168/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1592", "zdi_id": "ZDI-13-168" }, { "cve": "CVE-2013-3153", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-167/advisory.json", "detail_path": "advisories/ZDI-13-167", "id": "ZDI-13-167", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer RemoveSplice Use-After-Free Remote Code Execution Vulnerabliity", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-167/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1854", "zdi_id": "ZDI-13-167" }, { "cve": "CVE-2013-3152", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-166/advisory.json", "detail_path": "advisories/ZDI-13-166", "id": "ZDI-13-166", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-166/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1805", "zdi_id": "ZDI-13-166" }, { "cve": "CVE-2013-3151", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-165/advisory.json", "detail_path": "advisories/ZDI-13-165", "id": "ZDI-13-165", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-165/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1847", "zdi_id": "ZDI-13-165" }, { "cve": "CVE-2013-3150", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-164/advisory.json", "detail_path": "advisories/ZDI-13-164", "id": "ZDI-13-164", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-164/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1848", "zdi_id": "ZDI-13-164" }, { "cve": "CVE-2013-3143", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-163/advisory.json", "detail_path": "advisories/ZDI-13-163", "id": "ZDI-13-163", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-163/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1770", "zdi_id": "ZDI-13-163" }, { "cve": "CVE-2013-3148", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-162/advisory.json", "detail_path": "advisories/ZDI-13-162", "id": "ZDI-13-162", "kind": "published", "published_date": "2013-07-26", "status": "published", "title": "Microsoft Internet Explorer CMshtmlEd Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-162/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1843", "zdi_id": "ZDI-13-162" }, { "cve": "CVE-2013-2335", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-161/advisory.json", "detail_path": "advisories/ZDI-13-161", "id": "ZDI-13-161", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 227 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-161/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1733", "zdi_id": "ZDI-13-161" }, { "cve": "CVE-2013-2448", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-160/advisory.json", "detail_path": "advisories/ZDI-13-160", "id": "ZDI-13-160", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java Sequencer Security Manager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-160/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1795", "zdi_id": "ZDI-13-160" }, { "cve": "CVE-2013-2455", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-159/advisory.json", "detail_path": "advisories/ZDI-13-159", "id": "ZDI-13-159", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java ManagedObjectManagerFactory Security Manager Bypass Remote Code Execution Vulnerabillity", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-159/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1729", "zdi_id": "ZDI-13-159" }, { "cve": "CVE-2013-2470", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific v...", "detail_json": "/data/advisories/ZDI-13-158/advisory.json", "detail_path": "advisories/ZDI-13-158", "id": "ZDI-13-158", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-158/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1820", "zdi_id": "ZDI-13-158" }, { "cve": "CVE-2013-2464", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-157/advisory.json", "detail_path": "advisories/ZDI-13-157", "id": "ZDI-13-157", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-157/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1844", "zdi_id": "ZDI-13-157" }, { "cve": "CVE-2013-2463", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-156/advisory.json", "detail_path": "advisories/ZDI-13-156", "id": "ZDI-13-156", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-156/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1846", "zdi_id": "ZDI-13-156" }, { "cve": "CVE-2013-2469", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-155/advisory.json", "detail_path": "advisories/ZDI-13-155", "id": "ZDI-13-155", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-155/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1845", "zdi_id": "ZDI-13-155" }, { "cve": "CVE-2013-2473", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-154/advisory.json", "detail_path": "advisories/ZDI-13-154", "id": "ZDI-13-154", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java ByteComponentRaster Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-154/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1831", "zdi_id": "ZDI-13-154" }, { "cve": "CVE-2013-2465", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-153/advisory.json", "detail_path": "advisories/ZDI-13-153", "id": "ZDI-13-153", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-153/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1853", "zdi_id": "ZDI-13-153" }, { "cve": "CVE-2013-2471", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-152/advisory.json", "detail_path": "advisories/ZDI-13-152", "id": "ZDI-13-152", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java IntegerComponentRaster Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-152/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1821", "zdi_id": "ZDI-13-152" }, { "cve": "CVE-2013-2472", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-151/advisory.json", "detail_path": "advisories/ZDI-13-151", "id": "ZDI-13-151", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java ShortComponentRaster Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-151/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1830", "zdi_id": "ZDI-13-151" }, { "cve": "CVE-2013-0975", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-150/advisory.json", "detail_path": "advisories/ZDI-13-150", "id": "ZDI-13-150", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-150/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1620", "zdi_id": "ZDI-13-150" }, { "cve": "CVE-2013-1493", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-149/advisory.json", "detail_path": "advisories/ZDI-13-149", "id": "ZDI-13-149", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java cmmColorConvert Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-149/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1718", "zdi_id": "ZDI-13-149" }, { "cve": "CVE-2013-0809", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-148/advisory.json", "detail_path": "advisories/ZDI-13-148", "id": "ZDI-13-148", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-148/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1698", "zdi_id": "ZDI-13-148" }, { "cve": "CVE-2013-3520", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Chargeback Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the Im...", "detail_json": "/data/advisories/ZDI-13-147/advisory.json", "detail_path": "advisories/ZDI-13-147", "id": "ZDI-13-147", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "VMware vCenter Chargeback Manager ImageUploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-147/", "vendor": "VMWare, Inc.", "vendor_url": null, "zdi_can": "ZDI-CAN-1852", "zdi_id": "ZDI-13-147" }, { "cve": "CVE-2013-3141", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-146/advisory.json", "detail_path": "advisories/ZDI-13-146", "id": "ZDI-13-146", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-146/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1781", "zdi_id": "ZDI-13-146" }, { "cve": "CVE-2013-3142", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-145/advisory.json", "detail_path": "advisories/ZDI-13-145", "id": "ZDI-13-145", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CEventObj Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-145/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1769", "zdi_id": "ZDI-13-145" }, { "cve": "CVE-2013-3123", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-144/advisory.json", "detail_path": "advisories/ZDI-13-144", "id": "ZDI-13-144", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-144/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1819", "zdi_id": "ZDI-13-144" }, { "cve": "CVE-2013-3126", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-143/advisory.json", "detail_path": "advisories/ZDI-13-143", "id": "ZDI-13-143", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer jsdbgui Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-143/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1806", "zdi_id": "ZDI-13-143" }, { "cve": "CVE-2013-1493", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-13-142/advisory.json", "detail_path": "advisories/ZDI-13-142", "id": "ZDI-13-142", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java Image ColorConvert Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-142/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1741", "zdi_id": "ZDI-13-142" }, { "cve": "CVE-2013-3125", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-141/advisory.json", "detail_path": "advisories/ZDI-13-141", "id": "ZDI-13-141", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-141/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1800", "zdi_id": "ZDI-13-141" }, { "cve": "CVE-2013-3124", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-140/advisory.json", "detail_path": "advisories/ZDI-13-140", "id": "ZDI-13-140", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer SmartDispClient Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-140/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1822", "zdi_id": "ZDI-13-140" }, { "cve": "CVE-2013-3122", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-139/advisory.json", "detail_path": "advisories/ZDI-13-139", "id": "ZDI-13-139", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CHtmTagStm Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-139/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1808", "zdi_id": "ZDI-13-139" }, { "cve": "CVE-2013-3121", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-138/advisory.json", "detail_path": "advisories/ZDI-13-138", "id": "ZDI-13-138", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer runtimeStyle Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-138/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1803", "zdi_id": "ZDI-13-138" }, { "cve": "CVE-2013-3120", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-137/advisory.json", "detail_path": "advisories/ZDI-13-137", "id": "ZDI-13-137", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CSelectedControlAdorner Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-137/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1814", "zdi_id": "ZDI-13-137" }, { "cve": "CVE-2013-3119", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-136/advisory.json", "detail_path": "advisories/ZDI-13-136", "id": "ZDI-13-136", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-136/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1796", "zdi_id": "ZDI-13-136" }, { "cve": "CVE-2013-3118", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-135/advisory.json", "detail_path": "advisories/ZDI-13-135", "id": "ZDI-13-135", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CSVGMaskElement Double-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-135/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1789", "zdi_id": "ZDI-13-135" }, { "cve": "CVE-2013-3112", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-134/advisory.json", "detail_path": "advisories/ZDI-13-134", "id": "ZDI-13-134", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-134/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1753", "zdi_id": "ZDI-13-134" }, { "cve": "CVE-2013-3111", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-133/advisory.json", "detail_path": "advisories/ZDI-13-133", "id": "ZDI-13-133", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Microsoft Internet Explorer CSelectionInteractButtonBehavior Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-133/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1771", "zdi_id": "ZDI-13-133" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-132/advisory.json", "detail_path": "advisories/ZDI-13-132", "id": "ZDI-13-132", "kind": "published", "published_date": "2013-06-27", "status": "published", "title": "Oracle Java KeyStore SecurityManager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-132/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1730", "zdi_id": "ZDI-13-132" }, { "cve": "CVE-2013-2334", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-131/advisory.json", "detail_path": "advisories/ZDI-13-131", "id": "ZDI-13-131", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 1091 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-131/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1681", "zdi_id": "ZDI-13-131" }, { "cve": "CVE-2013-2333", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-130/advisory.json", "detail_path": "advisories/ZDI-13-130", "id": "ZDI-13-130", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 211 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-130/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1680", "zdi_id": "ZDI-13-130" }, { "cve": "CVE-2013-2332", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-129/advisory.json", "detail_path": "advisories/ZDI-13-129", "id": "ZDI-13-129", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 260 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-129/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1654", "zdi_id": "ZDI-13-129" }, { "cve": "CVE-2013-2331", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-128/advisory.json", "detail_path": "advisories/ZDI-13-128", "id": "ZDI-13-128", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 1092 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-128/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1652", "zdi_id": "ZDI-13-128" }, { "cve": "CVE-2013-2330", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-127/advisory.json", "detail_path": "advisories/ZDI-13-127", "id": "ZDI-13-127", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 305 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-127/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1638", "zdi_id": "ZDI-13-127" }, { "cve": "CVE-2013-2329", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-126/advisory.json", "detail_path": "advisories/ZDI-13-126", "id": "ZDI-13-126", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 259 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-126/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1637", "zdi_id": "ZDI-13-126" }, { "cve": "CVE-2013-2328", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-125/advisory.json", "detail_path": "advisories/ZDI-13-125", "id": "ZDI-13-125", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Multiple Opcodes Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-125/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1636", "zdi_id": "ZDI-13-125" }, { "cve": "CVE-2013-2327", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-124/advisory.json", "detail_path": "advisories/ZDI-13-124", "id": "ZDI-13-124", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 264 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-124/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1635", "zdi_id": "ZDI-13-124" }, { "cve": "CVE-2013-2326", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-123/advisory.json", "detail_path": "advisories/ZDI-13-123", "id": "ZDI-13-123", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 234 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-123/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1634", "zdi_id": "ZDI-13-123" }, { "cve": "CVE-2013-2325", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-122/advisory.json", "detail_path": "advisories/ZDI-13-122", "id": "ZDI-13-122", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 235 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-122/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1633", "zdi_id": "ZDI-13-122" }, { "cve": "CVE-2013-2324", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random T...", "detail_json": "/data/advisories/ZDI-13-121/advisory.json", "detail_path": "advisories/ZDI-13-121", "id": "ZDI-13-121", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager crs.exe Multiple Opcodes Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-121/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1629", "zdi_id": "ZDI-13-121" }, { "cve": "CVE-2013-5021", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-13-120/advisory.json", "detail_path": "advisories/ZDI-13-120", "id": "ZDI-13-120", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-120/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-1554", "zdi_id": "ZDI-13-120" }, { "cve": "CVE-2013-0988", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-119/advisory.json", "detail_path": "advisories/ZDI-13-119", "id": "ZDI-13-119", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime FlashPix Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-119/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1710", "zdi_id": "ZDI-13-119" }, { "cve": "CVE-2013-1019", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-118/advisory.json", "detail_path": "advisories/ZDI-13-118", "id": "ZDI-13-118", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-118/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1709", "zdi_id": "ZDI-13-118" }, { "cve": "CVE-2013-1016", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-117/advisory.json", "detail_path": "advisories/ZDI-13-117", "id": "ZDI-13-117", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime H.263 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-117/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1604", "zdi_id": "ZDI-13-117" }, { "cve": "CVE-2013-1021", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-116/advisory.json", "detail_path": "advisories/ZDI-13-116", "id": "ZDI-13-116", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-116/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1813", "zdi_id": "ZDI-13-116" }, { "cve": "CVE-2013-1022", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-115/advisory.json", "detail_path": "advisories/ZDI-13-115", "id": "ZDI-13-115", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime mvhd Atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-115/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1809", "zdi_id": "ZDI-13-115" }, { "cve": "CVE-2013-1020", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-114/advisory.json", "detail_path": "advisories/ZDI-13-114", "id": "ZDI-13-114", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime MJPEG Frame stsd Atom Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-114/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1720", "zdi_id": "ZDI-13-114" }, { "cve": "CVE-2013-1018", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-113/advisory.json", "detail_path": "advisories/ZDI-13-113", "id": "ZDI-13-113", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime 3GP Parsing Remote Code Execution Vunerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-113/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1641", "zdi_id": "ZDI-13-113" }, { "cve": "CVE-2013-1015", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-112/advisory.json", "detail_path": "advisories/ZDI-13-112", "id": "ZDI-13-112", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime TeXML textBox Element Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-112/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1628", "zdi_id": "ZDI-13-112" }, { "cve": "CVE-2013-0986", "cvss": 5.1, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-111/advisory.json", "detail_path": "advisories/ZDI-13-111", "id": "ZDI-13-111", "kind": "published", "published_date": "2013-06-11", "status": "published", "title": "Apple QuickTime enof Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-111/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1603", "zdi_id": "ZDI-13-111" }, { "cve": "CVE-2013-1017", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-110/advisory.json", "detail_path": "advisories/ZDI-13-110", "id": "ZDI-13-110", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Apple QuickTime dref Volume Name Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-110/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1602", "zdi_id": "ZDI-13-110" }, { "cve": "CVE-2013-0999", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-13-109/advisory.json", "detail_path": "advisories/ZDI-13-109", "id": "ZDI-13-109", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Webkit.org Webkit string.replace Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-109/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1517", "zdi_id": "ZDI-13-109" }, { "cve": "CVE-2013-0998", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-13-108/advisory.json", "detail_path": "advisories/ZDI-13-108", "id": "ZDI-13-108", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Webkit.org Webkit string.concat() Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-108/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1516", "zdi_id": "ZDI-13-108" }, { "cve": "CVE-2013-0997", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-13-107/advisory.json", "detail_path": "advisories/ZDI-13-107", "id": "ZDI-13-107", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Apple Safari Array Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-107/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1704", "zdi_id": "ZDI-13-107" }, { "cve": "CVE-2013-2549, CVE-2013-2550", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-106/advisory.json", "detail_path": "advisories/ZDI-13-106", "id": "ZDI-13-106", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "(Pwn2Own) Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-106/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1840", "zdi_id": "ZDI-13-106" }, { "cve": "CVE-2013-2727", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader 10.1.4 on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-13-105/advisory.json", "detail_path": "advisories/ZDI-13-105", "id": "ZDI-13-105", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Adobe Reader U3D Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-105/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1667", "zdi_id": "ZDI-13-105" }, { "cve": "CVE-2013-3187", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-104/advisory.json", "detail_path": "advisories/ZDI-13-104", "id": "ZDI-13-104", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Microsoft Internet Explorer CSVGTextElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-104/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1798", "zdi_id": "ZDI-13-104" }, { "cve": "CVE-2013-1312", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-103/advisory.json", "detail_path": "advisories/ZDI-13-103", "id": "ZDI-13-103", "kind": "published", "published_date": "2013-05-30", "status": "published", "title": "Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-103/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1778", "zdi_id": "ZDI-13-103" }, { "cve": "CVE-2013-2551", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-102/advisory.json", "detail_path": "advisories/ZDI-13-102", "id": "ZDI-13-102", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer VML Parsing Remote Code Execution Vulnerabillity", "updated_date": "2020-04-14", "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-102/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1828", "zdi_id": "ZDI-13-102" }, { "cve": "CVE-2012-5947", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS SamplePower. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-13-101/advisory.json", "detail_path": "advisories/ZDI-13-101", "id": "ZDI-13-101", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "IBM SPSS SamplePower Vsflex7l.ocx ActiveX ComboList Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-101/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1546", "zdi_id": "ZDI-13-101" }, { "cve": "CVE-2012-5946", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS SamplePower. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-13-100/advisory.json", "detail_path": "advisories/ZDI-13-100", "id": "ZDI-13-100", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "IBM SPSS SamplePower C1sizer.ocx ActiveX TabCaption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-100/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1545", "zdi_id": "ZDI-13-100" }, { "cve": "CVE-2012-5945", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS SamplePower. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-13-099/advisory.json", "detail_path": "advisories/ZDI-13-099", "id": "ZDI-13-099", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "IBM SPSS SamplePower Vsflex8l.ocx ActiveX ComboList/ColComboList Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-099/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1544", "zdi_id": "ZDI-13-099" }, { "cve": "CVE-2013-1338", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-098/advisory.json", "detail_path": "advisories/ZDI-13-098", "id": "ZDI-13-098", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer VML TextBox Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-098/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1807", "zdi_id": "ZDI-13-098" }, { "cve": "CVE-2013-0090", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-097/advisory.json", "detail_path": "advisories/ZDI-13-097", "id": "ZDI-13-097", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-097/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1783", "zdi_id": "ZDI-13-097" }, { "cve": "CVE-2013-1091", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-096/advisory.json", "detail_path": "advisories/ZDI-13-096", "id": "ZDI-13-096", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Novell iPrint Client IPP Response Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-096/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1715", "zdi_id": "ZDI-13-096" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of F-Secure E-mail and Server Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-13-095/advisory.json", "detail_path": "advisories/ZDI-13-095", "id": "ZDI-13-095", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "F-Secure E-mail and Server Security FSDBCom ActiveX Control GetCommand Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-095/", "vendor": "F-Secure", "vendor_url": null, "zdi_can": "ZDI-CAN-1692", "zdi_id": "ZDI-13-095" }, { "cve": "CVE-2013-1559", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Content. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-13-094/advisory.json", "detail_path": "advisories/ZDI-13-094", "id": "ZDI-13-094", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Oracle WebCenter Content CheckOutAndOpen.dll ActiveX coao/openWebdav Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-094/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1689", "zdi_id": "ZDI-13-094" }, { "cve": "CVE-2012-5219", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mdbBuildValueBasedSQL fun...", "detail_json": "/data/advisories/ZDI-13-093/advisory.json", "detail_path": "advisories/ZDI-13-093", "id": "ZDI-13-093", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Hewlett-Packard Managed Printing Administrator mdbBuildValueBasedSQL() Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-093/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1668", "zdi_id": "ZDI-13-093" }, { "cve": "CVE-2013-0593", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-13-092/advisory.json", "detail_path": "advisories/ZDI-13-092", "id": "ZDI-13-092", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "IBM SPSS Chart2D olch2x32.ocx ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-092/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1576", "zdi_id": "ZDI-13-092" }, { "cve": "CVE-2013-1516", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Document Capture. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-13-091/advisory.json", "detail_path": "advisories/ZDI-13-091", "id": "ZDI-13-091", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Oracle Document Capture BlackIceDevMode.ocx ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-091/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1551", "zdi_id": "ZDI-13-091" }, { "cve": "CVE-2013-0787", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-090/advisory.json", "detail_path": "advisories/ZDI-13-090", "id": "ZDI-13-090", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "(Pwn2Own) Mozilla Firefox nsHTMLEditRules Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-090/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1825", "zdi_id": "ZDI-13-090" }, { "cve": "CVE-2013-0401", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-089/advisory.json", "detail_path": "advisories/ZDI-13-089", "id": "ZDI-13-089", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "(Pwn2Own) Oracle Java DragAndDrop Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-089/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1817", "zdi_id": "ZDI-13-089" }, { "cve": "CVE-2013-1082", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management . Authentication is not required to exploit this vulnerability. The specific flaw exists within DUSAP.php, which receives a '...", "detail_json": "/data/advisories/ZDI-13-088/advisory.json", "detail_path": "advisories/ZDI-13-088", "id": "ZDI-13-088", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Novell ZENworks Mobile Management DUSAP.php Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-088/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1764", "zdi_id": "ZDI-13-088" }, { "cve": "CVE-2013-1081", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within MDM.php, which receives a 'lan...", "detail_json": "/data/advisories/ZDI-13-087/advisory.json", "detail_path": "advisories/ZDI-13-087", "id": "ZDI-13-087", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Novell ZENworks Mobile Management MDM.php Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-087/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1763", "zdi_id": "ZDI-13-087" }, { "cve": "CVE-2013-1305", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of IIS. No user interaction is required to exploit this vulnerability. The specific flaw exists within handling of HTTP headers in the Windows kernel...", "detail_json": "/data/advisories/ZDI-13-086/advisory.json", "detail_path": "advisories/ZDI-13-086", "id": "ZDI-13-086", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft HTTP.SYS Remote Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-086/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1804", "zdi_id": "ZDI-13-086" }, { "cve": "CVE-2013-1308", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-085/advisory.json", "detail_path": "advisories/ZDI-13-085", "id": "ZDI-13-085", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer TransNavContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-085/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1755", "zdi_id": "ZDI-13-085" }, { "cve": "CVE-2013-3140", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-084/advisory.json", "detail_path": "advisories/ZDI-13-084", "id": "ZDI-13-084", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-084/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1788", "zdi_id": "ZDI-13-084" }, { "cve": "CVE-2013-1309", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-083/advisory.json", "detail_path": "advisories/ZDI-13-083", "id": "ZDI-13-083", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1694", "zdi_id": "ZDI-13-083" }, { "cve": "CVE-2013-1306", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-082/advisory.json", "detail_path": "advisories/ZDI-13-082", "id": "ZDI-13-082", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-082/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1695", "zdi_id": "ZDI-13-082" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-081/advisory.json", "detail_path": "advisories/ZDI-13-081", "id": "ZDI-13-081", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-081/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1872", "zdi_id": "ZDI-13-081" }, { "cve": "CVE-2103-0989", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-080/advisory.json", "detail_path": "advisories/ZDI-13-080", "id": "ZDI-13-080", "kind": "published", "published_date": "2013-05-29", "status": "published", "title": "Apple QuickTime MP3 Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-080/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1724", "zdi_id": "ZDI-13-080" }, { "cve": "CVE-2013-2436", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-079/advisory.json", "detail_path": "advisories/ZDI-13-079", "id": "ZDI-13-079", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java MethodHandle Sandbox Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-079/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1835", "zdi_id": "ZDI-13-079" }, { "cve": "CVE-2013-1491", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-078/advisory.json", "detail_path": "advisories/ZDI-13-078", "id": "ZDI-13-078", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "(Pwn2Own) Oracle Java Font Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-078/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1829", "zdi_id": "ZDI-13-078" }, { "cve": "CVE-2013-0402", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-077/advisory.json", "detail_path": "advisories/ZDI-13-077", "id": "ZDI-13-077", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "(Pwn2Own) Oracle Java FLV Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-077/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1827", "zdi_id": "ZDI-13-077" }, { "cve": "CVE-2013-1488", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-076/advisory.json", "detail_path": "advisories/ZDI-13-076", "id": "ZDI-13-076", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "(Pwn2Own) Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-076/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1823", "zdi_id": "ZDI-13-076" }, { "cve": "CVE-2013-2426", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-075/advisory.json", "detail_path": "advisories/ZDI-13-075", "id": "ZDI-13-075", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java java.util.concurrent.ConcurrentHashMap Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-075/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1731", "zdi_id": "ZDI-13-075" }, { "cve": "CVE-2013-2428", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-074/advisory.json", "detail_path": "advisories/ZDI-13-074", "id": "ZDI-13-074", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java JavaFX WebPage Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-074/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1727", "zdi_id": "ZDI-13-074" }, { "cve": "CVE-2013-2420", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-073/advisory.json", "detail_path": "advisories/ZDI-13-073", "id": "ZDI-13-073", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java setICMpixels Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-073/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1716", "zdi_id": "ZDI-13-073" }, { "cve": "CVE-2013-2394", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-072/advisory.json", "detail_path": "advisories/ZDI-13-072", "id": "ZDI-13-072", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java t2k Type1 Subroutine Indexing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-072/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1700", "zdi_id": "ZDI-13-072" }, { "cve": "CVE-2013-2434", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-071/advisory.json", "detail_path": "advisories/ZDI-13-071", "id": "ZDI-13-071", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java t2k.dll glyph_AddPoint() Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-071/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1699", "zdi_id": "ZDI-13-071" }, { "cve": "CVE-2013-2383", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-070/advisory.json", "detail_path": "advisories/ZDI-13-070", "id": "ZDI-13-070", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java mort TTF Table Ligature Substitution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-070/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1697", "zdi_id": "ZDI-13-070" }, { "cve": "CVE-2013-1569", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-069/advisory.json", "detail_path": "advisories/ZDI-13-069", "id": "ZDI-13-069", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java mort TTF Table Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-069/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1686", "zdi_id": "ZDI-13-069" }, { "cve": "CVE-2013-2384", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-068/advisory.json", "detail_path": "advisories/ZDI-13-068", "id": "ZDI-13-068", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Oracle Java GSUB TTF Table LookupCount Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-068/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1685", "zdi_id": "ZDI-13-068" }, { "cve": "CVE-2013-1177", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Clean Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw is in the handling of filter URL parameters when co...", "detail_json": "/data/advisories/ZDI-13-067/advisory.json", "detail_path": "advisories/ZDI-13-067", "id": "ZDI-13-067", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Cisco Clean Access Manager filter SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-067/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1535", "zdi_id": "ZDI-13-067" }, { "cve": "CVE-2013-1177", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Clean Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw is in the handling of sortColumn URL parameters whe...", "detail_json": "/data/advisories/ZDI-13-066/advisory.json", "detail_path": "advisories/ZDI-13-066", "id": "ZDI-13-066", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Cisco Clean Access Manager sortColumn SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-066/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1536", "zdi_id": "ZDI-13-066" }, { "cve": "CVE-2013-1296", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-065/advisory.json", "detail_path": "advisories/ZDI-13-065", "id": "ZDI-13-065", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "Microsoft Internet Explorer RDP ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-065/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1675", "zdi_id": "ZDI-13-065" }, { "cve": "CVE-2013-0912", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-064/advisory.json", "detail_path": "advisories/ZDI-13-064", "id": "ZDI-13-064", "kind": "published", "published_date": "2013-05-10", "status": "published", "title": "(Pwn2Own) Google Chrome Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-064/", "vendor": "Google", "vendor_url": null, "zdi_can": "ZDI-CAN-1824", "zdi_id": "ZDI-13-064" }, { "cve": "CVE-2012-5212", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the communication channel...", "detail_json": "/data/advisories/ZDI-13-063/advisory.json", "detail_path": "advisories/ZDI-13-063", "id": "ZDI-13-063", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center JavaService Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-063/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1663", "zdi_id": "ZDI-13-063" }, { "cve": "CVE-2012-5207", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. T...", "detail_json": "/data/advisories/ZDI-13-062/advisory.json", "detail_path": "advisories/ZDI-13-062", "id": "ZDI-13-062", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-062/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1661", "zdi_id": "ZDI-13-062" }, { "cve": "CVE-2012-5206", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyslogDownloadServlet...", "detail_json": "/data/advisories/ZDI-13-061/advisory.json", "detail_path": "advisories/ZDI-13-061", "id": "ZDI-13-061", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center SyslogDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-061/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1660", "zdi_id": "ZDI-13-061" }, { "cve": "CVE-2012-5209", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the flexFileUpload servlet. Thi...", "detail_json": "/data/advisories/ZDI-13-060/advisory.json", "detail_path": "advisories/ZDI-13-060", "id": "ZDI-13-060", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center flexFileUpload Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-060/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1659", "zdi_id": "ZDI-13-060" }, { "cve": "CVE-2012-5210", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tamServl...", "detail_json": "/data/advisories/ZDI-13-059/advisory.json", "detail_path": "advisories/ZDI-13-059", "id": "ZDI-13-059", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center TAM tamServletDownload Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-059/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1646", "zdi_id": "ZDI-13-059" }, { "cve": "CVE-2012-5211", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acmServl...", "detail_json": "/data/advisories/ZDI-13-058/advisory.json", "detail_path": "advisories/ZDI-13-058", "id": "ZDI-13-058", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center UAM acmServletDownload Servlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-058/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1643", "zdi_id": "ZDI-13-058" }, { "cve": "CVE-2012-5208", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Download...", "detail_json": "/data/advisories/ZDI-13-057/advisory.json", "detail_path": "advisories/ZDI-13-057", "id": "ZDI-13-057", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Hewlett-Packard Intelligent Management Center DownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-057/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1615", "zdi_id": "ZDI-13-057" }, { "cve": "CVE-2013-1146", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Smart Install client. A specially crafted packet c...", "detail_json": "/data/advisories/ZDI-13-056/advisory.json", "detail_path": "advisories/ZDI-13-056", "id": "ZDI-13-056", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-056/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1568", "zdi_id": "ZDI-13-056" }, { "cve": "CVE-2013-0971", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-13-055/advisory.json", "detail_path": "advisories/ZDI-13-055", "id": "ZDI-13-055", "kind": "published", "published_date": "2013-04-09", "status": "published", "title": "Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-055/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1518", "zdi_id": "ZDI-13-055" }, { "cve": "CVE-2012-5205", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Download...", "detail_json": "/data/advisories/ZDI-13-054/advisory.json", "detail_path": "advisories/ZDI-13-054", "id": "ZDI-13-054", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Hewlett-Packard Intelligent Management Center DownloadReportSourceServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-054/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1650", "zdi_id": "ZDI-13-054" }, { "cve": "CVE-2012-5204", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IctDownl...", "detail_json": "/data/advisories/ZDI-13-053/advisory.json", "detail_path": "advisories/ZDI-13-053", "id": "ZDI-13-053", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Hewlett-Packard Intelligent Management Center IctDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-053/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1614", "zdi_id": "ZDI-13-053" }, { "cve": "CVE-2012-5203", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportIm...", "detail_json": "/data/advisories/ZDI-13-052/advisory.json", "detail_path": "advisories/ZDI-13-052", "id": "ZDI-13-052", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Hewlett-Packard Intelligent Management Center ReportImgServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-052/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1613", "zdi_id": "ZDI-13-052" }, { "cve": "CVE-2012-5202", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FaultDow...", "detail_json": "/data/advisories/ZDI-13-051/advisory.json", "detail_path": "advisories/ZDI-13-051", "id": "ZDI-13-051", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Hewlett-Packard Intelligent Management Center FaultDownloadServlet Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-051/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1612", "zdi_id": "ZDI-13-051" }, { "cve": "CVE-2012-5201", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mibFileUpload...", "detail_json": "/data/advisories/ZDI-13-050/advisory.json", "detail_path": "advisories/ZDI-13-050", "id": "ZDI-13-050", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Hewlett-Packard Intelligent Management Center mibFileUpload Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-050/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1611", "zdi_id": "ZDI-13-050" }, { "cve": "CVE-2013-1080", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific issues exists within ZENworks Control Center which listens on tcp/4...", "detail_json": "/data/advisories/ZDI-13-049/advisory.json", "detail_path": "advisories/ZDI-13-049", "id": "ZDI-13-049", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-049/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1527", "zdi_id": "ZDI-13-049" }, { "cve": "CVE-2013-1079", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-13-048/advisory.json", "detail_path": "advisories/ZDI-13-048", "id": "ZDI-13-048", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-048/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1433", "zdi_id": "ZDI-13-048" }, { "cve": "CVE-2013-0094", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-047/advisory.json", "detail_path": "advisories/ZDI-13-047", "id": "ZDI-13-047", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Microsoft Internet Explorer removeChild Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1721", "zdi_id": "ZDI-13-047" }, { "cve": "CVE-2013-0093", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-046/advisory.json", "detail_path": "advisories/ZDI-13-046", "id": "ZDI-13-046", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Microsoft Internet Explorer onBeforeCopy Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-046/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1677", "zdi_id": "ZDI-13-046" }, { "cve": "CVE-2013-0092", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-045/advisory.json", "detail_path": "advisories/ZDI-13-045", "id": "ZDI-13-045", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Microsoft Internet Explorer GetMarkupPtr Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-045/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1673", "zdi_id": "ZDI-13-045" }, { "cve": "CVE-2013-0089", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-13-044/advisory.json", "detail_path": "advisories/ZDI-13-044", "id": "ZDI-13-044", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Microsoft Internet Explorer CMarkupBehaviorContext Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1648", "zdi_id": "ZDI-13-044" }, { "cve": "CVE-2013-0088", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is d...", "detail_json": "/data/advisories/ZDI-13-043/advisory.json", "detail_path": "advisories/ZDI-13-043", "id": "ZDI-13-043", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Microsoft Internet Explorer saveHistory Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-043/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1649", "zdi_id": "ZDI-13-043" }, { "cve": "CVE-2013-1484", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-042/advisory.json", "detail_path": "advisories/ZDI-13-042", "id": "ZDI-13-042", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-042/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1732", "zdi_id": "ZDI-13-042" }, { "cve": "CVE-2013-1485", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-13-041/advisory.json", "detail_path": "advisories/ZDI-13-041", "id": "ZDI-13-041", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-041/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1708", "zdi_id": "ZDI-13-041" }, { "cve": "CVE-2013-1484", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-13-040/advisory.json", "detail_path": "advisories/ZDI-13-040", "id": "ZDI-13-040", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Oracle Java Proxy.newProxyInstance Security Manager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-040/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1706", "zdi_id": "ZDI-13-040" }, { "cve": "CVE-2013-0754", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-039/advisory.json", "detail_path": "advisories/ZDI-13-039", "id": "ZDI-13-039", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Mozilla Firefox ListenerManager Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-039/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1591", "zdi_id": "ZDI-13-039" }, { "cve": "CVE-2013-0755", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-038/advisory.json", "detail_path": "advisories/ZDI-13-038", "id": "ZDI-13-038", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Mozilla Firefox mozVibrate Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-038/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1589", "zdi_id": "ZDI-13-038" }, { "cve": "CVE-2013-0756", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-037/advisory.json", "detail_path": "advisories/ZDI-13-037", "id": "ZDI-13-037", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Mozilla Firefox obj_toSource Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-037/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1571", "zdi_id": "ZDI-13-037" }, { "cve": "CVE-2013-1085", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-13-036/advisory.json", "detail_path": "advisories/ZDI-13-036", "id": "ZDI-13-036", "kind": "published", "published_date": "2013-03-22", "status": "published", "title": "Novell GroupWise Messenger import Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-036/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1339", "zdi_id": "ZDI-13-036" }, { "cve": "CVE-2013-0930", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrob...", "detail_json": "/data/advisories/ZDI-13-035/advisory.json", "detail_path": "advisories/ZDI-13-035", "id": "ZDI-13-035", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "EMC AlphaStor Device Manager 0x41 Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-035/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1703", "zdi_id": "ZDI-13-035" }, { "cve": "CVE-2013-0929", "cvss": 7.6, "cvss_vector": null, "description_snippet": "This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrob...", "detail_json": "/data/advisories/ZDI-13-034/advisory.json", "detail_path": "advisories/ZDI-13-034", "id": "ZDI-13-034", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "EMC AlphaStor Device Manager 0x75 Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-034/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1702", "zdi_id": "ZDI-13-034" }, { "cve": "CVE-2013-0928", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrobotd.exe) whi...", "detail_json": "/data/advisories/ZDI-13-033/advisory.json", "detail_path": "advisories/ZDI-13-033", "id": "ZDI-13-033", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "EMC AlphaStor Device Manager 0x75 Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-033/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1701", "zdi_id": "ZDI-13-033" }, { "cve": "CVE-2013-0028", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-032/advisory.json", "detail_path": "advisories/ZDI-13-032", "id": "ZDI-13-032", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer CObjectElement Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-032/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1719", "zdi_id": "ZDI-13-032" }, { "cve": "CVE-2013-0029", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-031/advisory.json", "detail_path": "advisories/ZDI-13-031", "id": "ZDI-13-031", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer CHTML Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-031/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1714", "zdi_id": "ZDI-13-031" }, { "cve": "CVE-2013-0029", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-030/advisory.json", "detail_path": "advisories/ZDI-13-030", "id": "ZDI-13-030", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer CHTML Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-030/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1707", "zdi_id": "ZDI-13-030" }, { "cve": "CVE-2013-0020", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-029/advisory.json", "detail_path": "advisories/ZDI-13-029", "id": "ZDI-13-029", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-029/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1655", "zdi_id": "ZDI-13-029" }, { "cve": "CVE-2013-0018", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-028/advisory.json", "detail_path": "advisories/ZDI-13-028", "id": "ZDI-13-028", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer SetCapture Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-028/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1640", "zdi_id": "ZDI-13-028" }, { "cve": "CVE-2013-0024", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-027/advisory.json", "detail_path": "advisories/ZDI-13-027", "id": "ZDI-13-027", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer pasteHTML Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1672", "zdi_id": "ZDI-13-027" }, { "cve": "CVE-2013-0023", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-026/advisory.json", "detail_path": "advisories/ZDI-13-026", "id": "ZDI-13-026", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1683", "zdi_id": "ZDI-13-026" }, { "cve": "CVE-2013-0019", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-025/advisory.json", "detail_path": "advisories/ZDI-13-025", "id": "ZDI-13-025", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Internet Explorer COmWindowProxy Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1598", "zdi_id": "ZDI-13-025" }, { "cve": "CVE-2013-1313", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-024/advisory.json", "detail_path": "advisories/ZDI-13-024", "id": "ZDI-13-024", "kind": "published", "published_date": "2013-02-14", "status": "published", "title": "Microsoft Windows OLE Automation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-024/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1674", "zdi_id": "ZDI-13-024" }, { "cve": "CVE-2013-1479", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-023/advisory.json", "detail_path": "advisories/ZDI-13-023", "id": "ZDI-13-023", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java JavaFX D3DRendererDelegate Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-023/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1594", "zdi_id": "ZDI-13-023" }, { "cve": "CVE-2013-1480", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-022/advisory.json", "detail_path": "advisories/ZDI-13-022", "id": "ZDI-13-022", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java AWT Image Transform Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-022/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1580", "zdi_id": "ZDI-13-022" }, { "cve": "CVE-2012-5677", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-13-021/advisory.json", "detail_path": "advisories/ZDI-13-021", "id": "ZDI-13-021", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Adobe Flash Player loadPCMFromByteArray Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-021/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1582", "zdi_id": "ZDI-13-021" }, { "cve": "CVE-2012-4607", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC NetWorker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way nsrck.exe handles a remotely supplied stri...", "detail_json": "/data/advisories/ZDI-13-020/advisory.json", "detail_path": "advisories/ZDI-13-020", "id": "ZDI-13-020", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "EMC NetWorker nsrck.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-020/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1542", "zdi_id": "ZDI-13-020" }, { "cve": "CVE-2012-4607", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC NetWorker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way nsrindexd.exe handles RPC calls with opcod...", "detail_json": "/data/advisories/ZDI-13-019/advisory.json", "detail_path": "advisories/ZDI-13-019", "id": "ZDI-13-019", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "EMC NetWorker nsrindexd.exe Opcode 0x07 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-019/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1543", "zdi_id": "ZDI-13-019" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component whi...", "detail_json": "/data/advisories/ZDI-13-018/advisory.json", "detail_path": "advisories/ZDI-13-018", "id": "ZDI-13-018", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-018/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-1188", "zdi_id": "ZDI-13-018" }, { "cve": "CVE-2012-3282", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra component which listens by de...", "detail_json": "/data/advisories/ZDI-13-017/advisory.json", "detail_path": "advisories/ZDI-13-017", "id": "ZDI-13-017", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance Password Hash Disclosure Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-017/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1468", "zdi_id": "ZDI-13-017" }, { "cve": "CVE-2012-3283", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra service, specifically with th...", "detail_json": "/data/advisories/ZDI-13-016/advisory.json", "detail_path": "advisories/ZDI-13-016", "id": "ZDI-13-016", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance Hydra Set Disk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-016/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1511", "zdi_id": "ZDI-13-016" }, { "cve": "CVE-2012-3284", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra service, specifically within...", "detail_json": "/data/advisories/ZDI-13-015/advisory.json", "detail_path": "advisories/ZDI-13-015", "id": "ZDI-13-015", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance Hydra SNMP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-015/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1512", "zdi_id": "ZDI-13-015" }, { "cve": "CVE-2012-3285", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra service, specifically with th...", "detail_json": "/data/advisories/ZDI-13-014/advisory.json", "detail_path": "advisories/ZDI-13-014", "id": "ZDI-13-014", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Hewlett-Packard LeftHand Virtual SAN Appliance Hydra Ping Hostname Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-014/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1513", "zdi_id": "ZDI-13-014" }, { "cve": "CVE-2012-1543", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-013/advisory.json", "detail_path": "advisories/ZDI-13-013", "id": "ZDI-13-013", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java JavaFX WCMediaPlayer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-013/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1728", "zdi_id": "ZDI-13-013" }, { "cve": "CVE-2012-1543", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-012/advisory.json", "detail_path": "advisories/ZDI-13-012", "id": "ZDI-13-012", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java JavaFX WCGraphicsManager Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-012/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1725", "zdi_id": "ZDI-13-012" }, { "cve": "CVE-2012-3213", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-011/advisory.json", "detail_path": "advisories/ZDI-13-011", "id": "ZDI-13-011", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java NativeJavaConstructor Class Serialization Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-011/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1587", "zdi_id": "ZDI-13-011" }, { "cve": "CVE-2013-1481", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-13-010/advisory.json", "detail_path": "advisories/ZDI-13-010", "id": "ZDI-13-010", "kind": "published", "published_date": "2013-02-11", "status": "published", "title": "Oracle Java PV_ProcessSampleWithSMOD Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-010/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1534", "zdi_id": "ZDI-13-010" }, { "cve": "CVE-2012-3748", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-13-009/advisory.json", "detail_path": "advisories/ZDI-13-009", "id": "ZDI-13-009", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "(Mobile Pwn2Own) Apple Safari shiftCount/splice Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-009/", "vendor": "Apple, Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1657", "zdi_id": "ZDI-13-009" }, { "cve": "CVE-2012-0439", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-13-008/advisory.json", "detail_path": "advisories/ZDI-13-008", "id": "ZDI-13-008", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-008/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1329", "zdi_id": "ZDI-13-008" }, { "cve": "CVE-2012-2548", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-13-007/advisory.json", "detail_path": "advisories/ZDI-13-007", "id": "ZDI-13-007", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Microsoft Internet Explorer Layout Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1550", "zdi_id": "ZDI-13-007" }, { "cve": "CVE-2013-0753", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-006/advisory.json", "detail_path": "advisories/ZDI-13-006", "id": "ZDI-13-006", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-006/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1608", "zdi_id": "ZDI-13-006" }, { "cve": "CVE-2013-0002", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-13-005/advisory.json", "detail_path": "advisories/ZDI-13-005", "id": "ZDI-13-005", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Microsoft .NET Framework EncoderParameters.ConvertToMemory Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-005/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1515", "zdi_id": "ZDI-13-005" }, { "cve": "CVE-2013-0003", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-13-004/advisory.json", "detail_path": "advisories/ZDI-13-004", "id": "ZDI-13-004", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Microsoft .NET Framework System.DirectoryServices.Protocols Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1514", "zdi_id": "ZDI-13-004" }, { "cve": "CVE-2013-0750", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-13-003/advisory.json", "detail_path": "advisories/ZDI-13-003", "id": "ZDI-13-003", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-003/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1473", "zdi_id": "ZDI-13-003" }, { "cve": "CVE-2012-3174", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici...", "detail_json": "/data/advisories/ZDI-13-002/advisory.json", "detail_path": "advisories/ZDI-13-002", "id": "ZDI-13-002", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Oracle Java Runtime Environment MethodHandle Security Manager Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-002/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1693", "zdi_id": "ZDI-13-002" }, { "cve": "CVE-2013-0418", "cvss": 5.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-13-001/advisory.json", "detail_path": "advisories/ZDI-13-001", "id": "ZDI-13-001", "kind": "published", "published_date": "2013-02-01", "status": "published", "title": "Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-13-001/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1563", "zdi_id": "ZDI-13-001" }, { "cve": "CVE-2012-2054", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-12-203/advisory.json", "detail_path": "advisories/ZDI-12-203", "id": "ZDI-12-203", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Honeywell HMIWeb Browser ActiveX Control RequestDSPLoad Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-203/", "vendor": "Honeywell", "vendor_url": null, "zdi_can": "ZDI-CAN-1437", "zdi_id": "ZDI-12-203" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-12-202/advisory.json", "detail_path": "advisories/ZDI-12-202", "id": "ZDI-12-202", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Oracle Outside In WordPerfect File Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-202/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1480", "zdi_id": "ZDI-12-202" }, { "cve": "CVE-2012-0182", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-201/advisory.json", "detail_path": "advisories/ZDI-12-201", "id": "ZDI-12-201", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Office Word PAPX Section Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-201/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1281", "zdi_id": "ZDI-12-201" }, { "cve": "CVE-2012-2548", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-200/advisory.json", "detail_path": "advisories/ZDI-12-200", "id": "ZDI-12-200", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer 9 CTreeNode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-200/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1569", "zdi_id": "ZDI-12-200" }, { "cve": "CVE-2012-4969", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-199/advisory.json", "detail_path": "advisories/ZDI-12-199", "id": "ZDI-12-199", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer execCommand Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-199/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1586", "zdi_id": "ZDI-12-199" }, { "cve": "CVE-2012-2557", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-198/advisory.json", "detail_path": "advisories/ZDI-12-198", "id": "ZDI-12-198", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer CMarkup outerText Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-198/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1574", "zdi_id": "ZDI-12-198" }, { "cve": "CVE-2012-1682", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-197/advisory.json", "detail_path": "advisories/ZDI-12-197", "id": "ZDI-12-197", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Oracle Java java.beans.Statement Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-197/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1590", "zdi_id": "ZDI-12-197" }, { "cve": "CVE-2012-0417", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the...", "detail_json": "/data/advisories/ZDI-12-196/advisory.json", "detail_path": "advisories/ZDI-12-196", "id": "ZDI-12-196", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-196/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1347", "zdi_id": "ZDI-12-196" }, { "cve": "CVE-2012-0928", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-12-195/advisory.json", "detail_path": "advisories/ZDI-12-195", "id": "ZDI-12-195", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "RealNetworks RealPlayer ATRAC Sample Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-195/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1322", "zdi_id": "ZDI-12-195" }, { "cve": "CVE-2012-1878", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-194/advisory.json", "detail_path": "advisories/ZDI-12-194", "id": "ZDI-12-194", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-194/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1523", "zdi_id": "ZDI-12-194" }, { "cve": "CVE-2012-1879", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-193/advisory.json", "detail_path": "advisories/ZDI-12-193", "id": "ZDI-12-193", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-193/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1524", "zdi_id": "ZDI-12-193" }, { "cve": "CVE-2012-1880", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-192/advisory.json", "detail_path": "advisories/ZDI-12-192", "id": "ZDI-12-192", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-192/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1525", "zdi_id": "ZDI-12-192" }, { "cve": "CVE-2011-3071", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-12-191/advisory.json", "detail_path": "advisories/ZDI-12-191", "id": "ZDI-12-191", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-191/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1528", "zdi_id": "ZDI-12-191" }, { "cve": "CVE-2012-1877", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-190/advisory.json", "detail_path": "advisories/ZDI-12-190", "id": "ZDI-12-190", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-190/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1520", "zdi_id": "ZDI-12-190" }, { "cve": "CVE-2012-1721", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-189/advisory.json", "detail_path": "advisories/ZDI-12-189", "id": "ZDI-12-189", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-189/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1501", "zdi_id": "ZDI-12-189" }, { "cve": "CVE-2012-1881", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-188/advisory.json", "detail_path": "advisories/ZDI-12-188", "id": "ZDI-12-188", "kind": "published", "published_date": "2012-12-21", "status": "published", "title": "Microsoft Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-188/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1526", "zdi_id": "ZDI-12-188" }, { "cve": "CVE-2012-0923", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-187/advisory.json", "detail_path": "advisories/ZDI-12-187", "id": "ZDI-12-187", "kind": "published", "published_date": "2012-11-19", "status": "published", "title": "RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-187/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1350", "zdi_id": "ZDI-12-187" }, { "cve": "CVE-2012-0183", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-12-186/advisory.json", "detail_path": "advisories/ZDI-12-186", "id": "ZDI-12-186", "kind": "published", "published_date": "2012-11-15", "status": "published", "title": "Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-186/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1402", "zdi_id": "ZDI-12-186" }, { "cve": "CVE-2012-0650", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP po...", "detail_json": "/data/advisories/ZDI-12-185/advisory.json", "detail_path": "advisories/ZDI-12-185", "id": "ZDI-12-185", "kind": "published", "published_date": "2012-11-15", "status": "published", "title": "Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-185/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1385", "zdi_id": "ZDI-12-185" }, { "cve": "CVE-2012-2543", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-184/advisory.json", "detail_path": "advisories/ZDI-12-184", "id": "ZDI-12-184", "kind": "published", "published_date": "2012-11-15", "status": "published", "title": "Microsoft Excel Feature11/Feature12 Record Trusted Counter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-184/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1373", "zdi_id": "ZDI-12-184" }, { "cve": "CVE-2012-0925", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the rv40.dl...", "detail_json": "/data/advisories/ZDI-12-183/advisory.json", "detail_path": "advisories/ZDI-12-183", "id": "ZDI-12-183", "kind": "published", "published_date": "2012-11-15", "status": "published", "title": "RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-183/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1191", "zdi_id": "ZDI-12-183" }, { "cve": "CVE-2012-2289", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-182/advisory.json", "detail_path": "advisories/ZDI-12-182", "id": "ZDI-12-182", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-182/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1529", "zdi_id": "ZDI-12-182" }, { "cve": "CVE-2011-4186", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-12-181/advisory.json", "detail_path": "advisories/ZDI-12-181", "id": "ZDI-12-181", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-181/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1466", "zdi_id": "ZDI-12-181" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-12-180/advisory.json", "detail_path": "advisories/ZDI-12-180", "id": "ZDI-12-180", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-180/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1434", "zdi_id": "ZDI-12-180" }, { "cve": "CVE-2012-2289", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-179/advisory.json", "detail_path": "advisories/ZDI-12-179", "id": "ZDI-12-179", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-179/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1493", "zdi_id": "ZDI-12-179" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to...", "detail_json": "/data/advisories/ZDI-12-178/advisory.json", "detail_path": "advisories/ZDI-12-178", "id": "ZDI-12-178", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-178/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1472", "zdi_id": "ZDI-12-178" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to...", "detail_json": "/data/advisories/ZDI-12-177/advisory.json", "detail_path": "advisories/ZDI-12-177", "id": "ZDI-12-177", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-177/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1465", "zdi_id": "ZDI-12-177" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to...", "detail_json": "/data/advisories/ZDI-12-176/advisory.json", "detail_path": "advisories/ZDI-12-176", "id": "ZDI-12-176", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-176/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1464", "zdi_id": "ZDI-12-176" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to...", "detail_json": "/data/advisories/ZDI-12-175/advisory.json", "detail_path": "advisories/ZDI-12-175", "id": "ZDI-12-175", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-175/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1463", "zdi_id": "ZDI-12-175" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw is a directory traversal in the UploadFilesHandler url that allow...", "detail_json": "/data/advisories/ZDI-12-174/advisory.json", "detail_path": "advisories/ZDI-12-174", "id": "ZDI-12-174", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-174/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1462", "zdi_id": "ZDI-12-174" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to...", "detail_json": "/data/advisories/ZDI-12-173/advisory.json", "detail_path": "advisories/ZDI-12-173", "id": "ZDI-12-173", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-173/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1461", "zdi_id": "ZDI-12-173" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC compone...", "detail_json": "/data/advisories/ZDI-12-172/advisory.json", "detail_path": "advisories/ZDI-12-172", "id": "ZDI-12-172", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-172/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1456", "zdi_id": "ZDI-12-172" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the uam.exe component which...", "detail_json": "/data/advisories/ZDI-12-171/advisory.json", "detail_path": "advisories/ZDI-12-171", "id": "ZDI-12-171", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-171/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1348", "zdi_id": "ZDI-12-171" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-12-170/advisory.json", "detail_path": "advisories/ZDI-12-170", "id": "ZDI-12-170", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-170/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1327", "zdi_id": "ZDI-12-170" }, { "cve": "CVE-2012-2516", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-169/advisory.json", "detail_path": "advisories/ZDI-12-169", "id": "ZDI-12-169", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-169/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1491", "zdi_id": "ZDI-12-169" }, { "cve": "CVE-2011-0340", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-168/advisory.json", "detail_path": "advisories/ZDI-12-168", "id": "ZDI-12-168", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-168/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1342", "zdi_id": "ZDI-12-168" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with...", "detail_json": "/data/advisories/ZDI-12-167/advisory.json", "detail_path": "advisories/ZDI-12-167", "id": "ZDI-12-167", "kind": "published", "published_date": "2012-08-29", "status": "published", "title": "(0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-167/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1318", "zdi_id": "ZDI-12-167" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra component which listens by de...", "detail_json": "/data/advisories/ZDI-12-166/advisory.json", "detail_path": "advisories/ZDI-12-166", "id": "ZDI-12-166", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "(0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-166/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1467", "zdi_id": "ZDI-12-166" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Agent for NonStop Server. User interaction is required to exploit this vulnerability in that the target must check the status of an existing node...", "detail_json": "/data/advisories/ZDI-12-165/advisory.json", "detail_path": "advisories/ZDI-12-165", "id": "ZDI-12-165", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "(0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-165/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1391", "zdi_id": "ZDI-12-165" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the img.exe compon...", "detail_json": "/data/advisories/ZDI-12-164/advisory.json", "detail_path": "advisories/ZDI-12-164", "id": "ZDI-12-164", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "(0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-164/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1389", "zdi_id": "ZDI-12-164" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C/3Com iNode Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the iNOdeMngChecker.exe component whi...", "detail_json": "/data/advisories/ZDI-12-163/advisory.json", "detail_path": "advisories/ZDI-12-163", "id": "ZDI-12-163", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "(0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-163/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1358", "zdi_id": "ZDI-12-163" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentservice.exe process which listen...", "detail_json": "/data/advisories/ZDI-12-162/advisory.json", "detail_path": "advisories/ZDI-12-162", "id": "ZDI-12-162", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "(0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-162/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1287", "zdi_id": "ZDI-12-162" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-12-161/advisory.json", "detail_path": "advisories/ZDI-12-161", "id": "ZDI-12-161", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-161/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1487", "zdi_id": "ZDI-12-161" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-12-160/advisory.json", "detail_path": "advisories/ZDI-12-160", "id": "ZDI-12-160", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-160/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1486", "zdi_id": "ZDI-12-160" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-12-159/advisory.json", "detail_path": "advisories/ZDI-12-159", "id": "ZDI-12-159", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-159/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1488", "zdi_id": "ZDI-12-159" }, { "cve": "CVE-2012-1891", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-158/advisory.json", "detail_path": "advisories/ZDI-12-158", "id": "ZDI-12-158", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-158/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1521", "zdi_id": "ZDI-12-158" }, { "cve": "CVE-2012-1847", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-157/advisory.json", "detail_path": "advisories/ZDI-12-157", "id": "ZDI-12-157", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-157/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1374", "zdi_id": "ZDI-12-157" }, { "cve": "CVE-2012-2493", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-156/advisory.json", "detail_path": "advisories/ZDI-12-156", "id": "ZDI-12-156", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-156/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1411", "zdi_id": "ZDI-12-156" }, { "cve": "CVE-2011-0340", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-155/advisory.json", "detail_path": "advisories/ZDI-12-155", "id": "ZDI-12-155", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-155/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1341", "zdi_id": "ZDI-12-155" }, { "cve": "CVE-2012-2174", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-154/advisory.json", "detail_path": "advisories/ZDI-12-154", "id": "ZDI-12-154", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-154/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1343", "zdi_id": "ZDI-12-154" }, { "cve": "CVE-2012-0670", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-153/advisory.json", "detail_path": "advisories/ZDI-12-153", "id": "ZDI-12-153", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-153/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1495", "zdi_id": "ZDI-12-153" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of applications that utilize Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must visit open a malic...", "detail_json": "/data/advisories/ZDI-12-152/advisory.json", "detail_path": "advisories/ZDI-12-152", "id": "ZDI-12-152", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-152/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1483", "zdi_id": "ZDI-12-152" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-151/advisory.json", "detail_path": "advisories/ZDI-12-151", "id": "ZDI-12-151", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-151/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1482", "zdi_id": "ZDI-12-151" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In Technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-12-150/advisory.json", "detail_path": "advisories/ZDI-12-150", "id": "ZDI-12-150", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Oracle Outside In XPM Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-150/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1481", "zdi_id": "ZDI-12-150" }, { "cve": "CVE-2012-2494", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-149/advisory.json", "detail_path": "advisories/ZDI-12-149", "id": "ZDI-12-149", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-149/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1412", "zdi_id": "ZDI-12-149" }, { "cve": "CVE-2012-0232", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Real-Time Information Portal. Authentication is not required to exploit this vulnerability. This specific flaw exists within the Remote Interface Se...", "detail_json": "/data/advisories/ZDI-12-148/advisory.json", "detail_path": "advisories/ZDI-12-148", "id": "ZDI-12-148", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-148/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1419", "zdi_id": "ZDI-12-148" }, { "cve": "CVE-2011-3897", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-12-147/advisory.json", "detail_path": "advisories/ZDI-12-147", "id": "ZDI-12-147", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-147/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1416", "zdi_id": "ZDI-12-147" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the service handles a specially formatted...", "detail_json": "/data/advisories/ZDI-12-146/advisory.json", "detail_path": "advisories/ZDI-12-146", "id": "ZDI-12-146", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-146/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1409", "zdi_id": "ZDI-12-146" }, { "cve": "CVE-2012-0289", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default...", "detail_json": "/data/advisories/ZDI-12-145/advisory.json", "detail_path": "advisories/ZDI-12-145", "id": "ZDI-12-145", "kind": "published", "published_date": "2012-08-22", "status": "published", "title": "Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-145/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1357", "zdi_id": "ZDI-12-145" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The...", "detail_json": "/data/advisories/ZDI-12-144/advisory.json", "detail_path": "advisories/ZDI-12-144", "id": "ZDI-12-144", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-144/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1485", "zdi_id": "ZDI-12-144" }, { "cve": "CVE-2012-1888", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-143/advisory.json", "detail_path": "advisories/ZDI-12-143", "id": "ZDI-12-143", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-143/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1531", "zdi_id": "ZDI-12-143" }, { "cve": "CVE-2012-1713", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-142/advisory.json", "detail_path": "advisories/ZDI-12-142", "id": "ZDI-12-142", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-142/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1502", "zdi_id": "ZDI-12-142" }, { "cve": "CVE-2012-1855", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The fla...", "detail_json": "/data/advisories/ZDI-12-141/advisory.json", "detail_path": "advisories/ZDI-12-141", "id": "ZDI-12-141", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-141/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1469", "zdi_id": "ZDI-12-141" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RM...", "detail_json": "/data/advisories/ZDI-12-140/advisory.json", "detail_path": "advisories/ZDI-12-140", "id": "ZDI-12-140", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-140/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-1406", "zdi_id": "ZDI-12-140" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the c...", "detail_json": "/data/advisories/ZDI-12-139/advisory.json", "detail_path": "advisories/ZDI-12-139", "id": "ZDI-12-139", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-139/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-1441", "zdi_id": "ZDI-12-139" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Business Objects Financial Consolidation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...", "detail_json": "/data/advisories/ZDI-12-138/advisory.json", "detail_path": "advisories/ZDI-12-138", "id": "ZDI-12-138", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-138/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-1430", "zdi_id": "ZDI-12-138" }, { "cve": "CVE-2012-0662", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defin...", "detail_json": "/data/advisories/ZDI-12-137/advisory.json", "detail_path": "advisories/ZDI-12-137", "id": "ZDI-12-137", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-137/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1386", "zdi_id": "ZDI-12-137" }, { "cve": "CVE-2011-3220", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists w...", "detail_json": "/data/advisories/ZDI-12-136/advisory.json", "detail_path": "advisories/ZDI-12-136", "id": "ZDI-12-136", "kind": "published", "published_date": "2012-08-17", "status": "published", "title": "Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-136/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1371", "zdi_id": "ZDI-12-136" }, { "cve": "CVE-2012-0661", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-135/advisory.json", "detail_path": "advisories/ZDI-12-135", "id": "ZDI-12-135", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-135/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1459", "zdi_id": "ZDI-12-135" }, { "cve": "CVE-2012-2176", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-12-134/advisory.json", "detail_path": "advisories/ZDI-12-134", "id": "ZDI-12-134", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-134/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1455", "zdi_id": "ZDI-12-134" }, { "cve": "CVE-2012-0229", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default...", "detail_json": "/data/advisories/ZDI-12-133/advisory.json", "detail_path": "advisories/ZDI-12-133", "id": "ZDI-12-133", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-133/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1377", "zdi_id": "ZDI-12-133" }, { "cve": "CVE-2012-2175", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-12-132/advisory.json", "detail_path": "advisories/ZDI-12-132", "id": "ZDI-12-132", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-132/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1439", "zdi_id": "ZDI-12-132" }, { "cve": "CVE-2012-0162", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-12-131/advisory.json", "detail_path": "advisories/ZDI-12-131", "id": "ZDI-12-131", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-131/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1432", "zdi_id": "ZDI-12-131" }, { "cve": "CVE-2011-3458", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-130/advisory.json", "detail_path": "advisories/ZDI-12-130", "id": "ZDI-12-130", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-130/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1382", "zdi_id": "ZDI-12-130" }, { "cve": "CVE-2012-0159", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-12-129/advisory.json", "detail_path": "advisories/ZDI-12-129", "id": "ZDI-12-129", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-129/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1338", "zdi_id": "ZDI-12-129" }, { "cve": "CVE-2011-3671", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-128/advisory.json", "detail_path": "advisories/ZDI-12-128", "id": "ZDI-12-128", "kind": "published", "published_date": "2012-08-03", "status": "published", "title": "Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-128/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1301", "zdi_id": "ZDI-12-128" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service w...", "detail_json": "/data/advisories/ZDI-12-127/advisory.json", "detail_path": "advisories/ZDI-12-127", "id": "ZDI-12-127", "kind": "published", "published_date": "2012-07-18", "status": "published", "title": "(0Day) HP StorageWorks File Migration Agent RsaFTP.dll Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-127/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1190", "zdi_id": "ZDI-12-127" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service w...", "detail_json": "/data/advisories/ZDI-12-126/advisory.json", "detail_path": "advisories/ZDI-12-126", "id": "ZDI-12-126", "kind": "published", "published_date": "2012-07-18", "status": "published", "title": "(0Day) HP StorageWorks File Migration Agent RsaCIFS.dll Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-126/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1189", "zdi_id": "ZDI-12-126" }, { "cve": "CVE-2012-0666", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-125/advisory.json", "detail_path": "advisories/ZDI-12-125", "id": "ZDI-12-125", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-125/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1398", "zdi_id": "ZDI-12-125" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-124/advisory.json", "detail_path": "advisories/ZDI-12-124", "id": "ZDI-12-124", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-124/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1450", "zdi_id": "ZDI-12-124" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-123/advisory.json", "detail_path": "advisories/ZDI-12-123", "id": "ZDI-12-123", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-123/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1449", "zdi_id": "ZDI-12-123" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-122/advisory.json", "detail_path": "advisories/ZDI-12-122", "id": "ZDI-12-122", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-122/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1448", "zdi_id": "ZDI-12-122" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-121/advisory.json", "detail_path": "advisories/ZDI-12-121", "id": "ZDI-12-121", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-121/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1447", "zdi_id": "ZDI-12-121" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-120/advisory.json", "detail_path": "advisories/ZDI-12-120", "id": "ZDI-12-120", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-120/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1446", "zdi_id": "ZDI-12-120" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-119/advisory.json", "detail_path": "advisories/ZDI-12-119", "id": "ZDI-12-119", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-119/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1445", "zdi_id": "ZDI-12-119" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-118/advisory.json", "detail_path": "advisories/ZDI-12-118", "id": "ZDI-12-118", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-118/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1444", "zdi_id": "ZDI-12-118" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-117/advisory.json", "detail_path": "advisories/ZDI-12-117", "id": "ZDI-12-117", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-117/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1443", "zdi_id": "ZDI-12-117" }, { "cve": "CVE-2012-0409", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default...", "detail_json": "/data/advisories/ZDI-12-116/advisory.json", "detail_path": "advisories/ZDI-12-116", "id": "ZDI-12-116", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-116/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1442", "zdi_id": "ZDI-12-116" }, { "cve": "CVE-2012-2020", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens...", "detail_json": "/data/advisories/ZDI-12-115/advisory.json", "detail_path": "advisories/ZDI-12-115", "id": "ZDI-12-115", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-115/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1326", "zdi_id": "ZDI-12-115" }, { "cve": "CVE-2012-2019", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens...", "detail_json": "/data/advisories/ZDI-12-114/advisory.json", "detail_path": "advisories/ZDI-12-114", "id": "ZDI-12-114", "kind": "published", "published_date": "2012-07-12", "status": "published", "title": "HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-114/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1325", "zdi_id": "ZDI-12-114" }, { "cve": "CVE-2012-0708", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-113/advisory.json", "detail_path": "advisories/ZDI-12-113", "id": "ZDI-12-113", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-113/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1249", "zdi_id": "ZDI-12-113" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with o...", "detail_json": "/data/advisories/ZDI-12-112/advisory.json", "detail_path": "advisories/ZDI-12-112", "id": "ZDI-12-112", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-112/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-1396", "zdi_id": "ZDI-12-112" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by defau...", "detail_json": "/data/advisories/ZDI-12-111/advisory.json", "detail_path": "advisories/ZDI-12-111", "id": "ZDI-12-111", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-111/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-1394", "zdi_id": "ZDI-12-111" }, { "cve": "CVE-2011-3659", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-110/advisory.json", "detail_path": "advisories/ZDI-12-110", "id": "ZDI-12-110", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-110/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1413", "zdi_id": "ZDI-12-110" }, { "cve": "CVE-2012-0663", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-109/advisory.json", "detail_path": "advisories/ZDI-12-109", "id": "ZDI-12-109", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-109/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1367", "zdi_id": "ZDI-12-109" }, { "cve": "CVE-2012-0663", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-108/advisory.json", "detail_path": "advisories/ZDI-12-108", "id": "ZDI-12-108", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-108/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1365", "zdi_id": "ZDI-12-108" }, { "cve": "CVE-2012-0663", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-107/advisory.json", "detail_path": "advisories/ZDI-12-107", "id": "ZDI-12-107", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-107/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1364", "zdi_id": "ZDI-12-107" }, { "cve": "CVE-2012-3811", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer...", "detail_json": "/data/advisories/ZDI-12-106/advisory.json", "detail_path": "advisories/ZDI-12-106", "id": "ZDI-12-106", "kind": "published", "published_date": "2012-06-28", "status": "published", "title": "Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-106/", "vendor": "Avaya", "vendor_url": null, "zdi_can": "ZDI-CAN-1355", "zdi_id": "ZDI-12-106" }, { "cve": "CVE-2012-0664", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-105/advisory.json", "detail_path": "advisories/ZDI-12-105", "id": "ZDI-12-105", "kind": "published", "published_date": "2012-06-27", "status": "published", "title": "Apple QuickTime Text Track Descriptor Parsing Remote Code Execution Vulnerability", "updated_date": "2019-07-19", "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-105/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1408", "zdi_id": "ZDI-12-105" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with o...", "detail_json": "/data/advisories/ZDI-12-104/advisory.json", "detail_path": "advisories/ZDI-12-104", "id": "ZDI-12-104", "kind": "published", "published_date": "2012-06-27", "status": "published", "title": "SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-104/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-1395", "zdi_id": "ZDI-12-104" }, { "cve": "CVE-2011-3459", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-12-103/advisory.json", "detail_path": "advisories/ZDI-12-103", "id": "ZDI-12-103", "kind": "published", "published_date": "2012-06-27", "status": "published", "title": "Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-103/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1369", "zdi_id": "ZDI-12-103" }, { "cve": "CVE-2011-4187", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the exposed Ge...", "detail_json": "/data/advisories/ZDI-12-102/advisory.json", "detail_path": "advisories/ZDI-12-102", "id": "ZDI-12-102", "kind": "published", "published_date": "2012-06-27", "status": "published", "title": "Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-102/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1345", "zdi_id": "ZDI-12-102" }, { "cve": "CVE-2012-0202", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Cognos. Authentication is not required to exploit this vulnerability. The flaw exists within the tm1admsd.exe component. This process listens on TCP port 5...", "detail_json": "/data/advisories/ZDI-12-101/advisory.json", "detail_path": "advisories/ZDI-12-101", "id": "ZDI-12-101", "kind": "published", "published_date": "2012-06-27", "status": "published", "title": "IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-101/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1418", "zdi_id": "ZDI-12-101" }, { "cve": "CVE-2012-0127", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PMParamHandler component of...", "detail_json": "/data/advisories/ZDI-12-100/advisory.json", "detail_path": "advisories/ZDI-12-100", "id": "ZDI-12-100", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-100/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1340", "zdi_id": "ZDI-12-100" }, { "cve": "CVE-2011-4165", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is...", "detail_json": "/data/advisories/ZDI-12-099/advisory.json", "detail_path": "advisories/ZDI-12-099", "id": "ZDI-12-099", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-099/", "vendor": "Hewlett-Packard, DataDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-1263", "zdi_id": "ZDI-12-099" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...", "detail_json": "/data/advisories/ZDI-12-098/advisory.json", "detail_path": "advisories/ZDI-12-098", "id": "ZDI-12-098", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-098/", "vendor": "America Online", "vendor_url": null, "zdi_can": "ZDI-CAN-1421", "zdi_id": "ZDI-12-098" }, { "cve": "CVE-2012-0121", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-12-097/advisory.json", "detail_path": "advisories/ZDI-12-097", "id": "ZDI-12-097", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-097/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1392", "zdi_id": "ZDI-12-097" }, { "cve": "CVE-2012-0122", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The sp...", "detail_json": "/data/advisories/ZDI-12-096/advisory.json", "detail_path": "advisories/ZDI-12-096", "id": "ZDI-12-096", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-096/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1393", "zdi_id": "ZDI-12-096" }, { "cve": "CVE-2012-0663", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-095/advisory.json", "detail_path": "advisories/ZDI-12-095", "id": "ZDI-12-095", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-095/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1363", "zdi_id": "ZDI-12-095" }, { "cve": "CVE-2012-0942", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing...", "detail_json": "/data/advisories/ZDI-12-094/advisory.json", "detail_path": "advisories/ZDI-12-094", "id": "ZDI-12-094", "kind": "published", "published_date": "2012-06-21", "status": "published", "title": "RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-094/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1428", "zdi_id": "ZDI-12-094" }, { "cve": "CVE-2012-1876", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-093/advisory.json", "detail_path": "advisories/ZDI-12-093", "id": "ZDI-12-093", "kind": "published", "published_date": "2012-06-12", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-093/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1547", "zdi_id": "ZDI-12-093" }, { "cve": "CVE-2011-4247", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-092/advisory.json", "detail_path": "advisories/ZDI-12-092", "id": "ZDI-12-092", "kind": "published", "published_date": "2012-06-08", "status": "published", "title": "RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-092/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1313", "zdi_id": "ZDI-12-092" }, { "cve": "CVE-2012-0299", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticate...", "detail_json": "/data/advisories/ZDI-12-091/advisory.json", "detail_path": "advisories/ZDI-12-091", "id": "ZDI-12-091", "kind": "published", "published_date": "2012-06-08", "status": "published", "title": "Symantec Web Gateway upload_file Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-091/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1436", "zdi_id": "ZDI-12-091" }, { "cve": "CVE-2012-0297", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data...", "detail_json": "/data/advisories/ZDI-12-090/advisory.json", "detail_path": "advisories/ZDI-12-090", "id": "ZDI-12-090", "kind": "published", "published_date": "2012-06-08", "status": "published", "title": "Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-090/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1435", "zdi_id": "ZDI-12-090" }, { "cve": "CVE-2011-4164", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP pack...", "detail_json": "/data/advisories/ZDI-12-089/advisory.json", "detail_path": "advisories/ZDI-12-089", "id": "ZDI-12-089", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-089/", "vendor": "Hewlett-Packard, DataDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-1214", "zdi_id": "ZDI-12-089" }, { "cve": "CVE-2011-4163", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that...", "detail_json": "/data/advisories/ZDI-12-088/advisory.json", "detail_path": "advisories/ZDI-12-088", "id": "ZDI-12-088", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-088/", "vendor": "Hewlett-Packard, DataDirect", "vendor_url": null, "zdi_can": "ZDI-CAN-1213", "zdi_id": "ZDI-12-088" }, { "cve": "CVE-2011-4260", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-087/advisory.json", "detail_path": "advisories/ZDI-12-087", "id": "ZDI-12-087", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-087/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1352", "zdi_id": "ZDI-12-087" }, { "cve": "CVE-2012-0922", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-086/advisory.json", "detail_path": "advisories/ZDI-12-086", "id": "ZDI-12-086", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-086/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1361", "zdi_id": "ZDI-12-086" }, { "cve": "CVE-2011-4261", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-085/advisory.json", "detail_path": "advisories/ZDI-12-085", "id": "ZDI-12-085", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-085/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1360", "zdi_id": "ZDI-12-085" }, { "cve": "CVE-2012-0926", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 en...", "detail_json": "/data/advisories/ZDI-12-084/advisory.json", "detail_path": "advisories/ZDI-12-084", "id": "ZDI-12-084", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-084/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1293", "zdi_id": "ZDI-12-084" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-083/advisory.json", "detail_path": "advisories/ZDI-12-083", "id": "ZDI-12-083", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-083/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1476", "zdi_id": "ZDI-12-083" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-082/advisory.json", "detail_path": "advisories/ZDI-12-082", "id": "ZDI-12-082", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Oracle Java OpenGL Arbitrary Native Library Loading Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-082/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1475", "zdi_id": "ZDI-12-082" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-081/advisory.json", "detail_path": "advisories/ZDI-12-081", "id": "ZDI-12-081", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-081/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1474", "zdi_id": "ZDI-12-081" }, { "cve": "CVE-2012-0754", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-12-080/advisory.json", "detail_path": "advisories/ZDI-12-080", "id": "ZDI-12-080", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-080/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1470", "zdi_id": "ZDI-12-080" }, { "cve": "CVE-2012-0665", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-079/advisory.json", "detail_path": "advisories/ZDI-12-079", "id": "ZDI-12-079", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-079/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1460", "zdi_id": "ZDI-12-079" }, { "cve": "CVE-2012-0669", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-078/advisory.json", "detail_path": "advisories/ZDI-12-078", "id": "ZDI-12-078", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-078/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1440", "zdi_id": "ZDI-12-078" }, { "cve": "CVE-2012-0667", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-077/advisory.json", "detail_path": "advisories/ZDI-12-077", "id": "ZDI-12-077", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-077/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1422", "zdi_id": "ZDI-12-077" }, { "cve": "CVE-2012-0659", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-12-076/advisory.json", "detail_path": "advisories/ZDI-12-076", "id": "ZDI-12-076", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-076/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1376", "zdi_id": "ZDI-12-076" }, { "cve": "CVE-2012-0668", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-075/advisory.json", "detail_path": "advisories/ZDI-12-075", "id": "ZDI-12-075", "kind": "published", "published_date": "2012-06-06", "status": "published", "title": "Apple QuickTime RLE Sample Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-075/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1370", "zdi_id": "ZDI-12-075" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-12-074/advisory.json", "detail_path": "advisories/ZDI-12-074", "id": "ZDI-12-074", "kind": "published", "published_date": "2012-04-19", "status": "published", "title": "Oracle Forms Recognition CroScPlt.dll ActiveX Control Remote Code Execution Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-074/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1399", "zdi_id": "ZDI-12-074" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-12-073/advisory.json", "detail_path": "advisories/ZDI-12-073", "id": "ZDI-12-073", "kind": "published", "published_date": "2012-04-19", "status": "published", "title": "Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-073/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1356", "zdi_id": "ZDI-12-073" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ReportEventW requests. When parsing...", "detail_json": "/data/advisories/ZDI-12-072/advisory.json", "detail_path": "advisories/ZDI-12-072", "id": "ZDI-12-072", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-072/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1530", "zdi_id": "ZDI-12-072" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ndr_ValidatePassword requests. When...", "detail_json": "/data/advisories/ZDI-12-071/advisory.json", "detail_path": "advisories/ZDI-12-071", "id": "ZDI-12-071", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba ndr_ValidatePassword heap overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-071/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1505", "zdi_id": "ZDI-12-071" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles lsa_LookupNames requests. When parsi...", "detail_json": "/data/advisories/ZDI-12-070/advisory.json", "detail_path": "advisories/ZDI-12-070", "id": "ZDI-12-070", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba lsa_LookupNames Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-070/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1506", "zdi_id": "ZDI-12-070" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles SetInfoPolicy requests. When parsing...", "detail_json": "/data/advisories/ZDI-12-069/advisory.json", "detail_path": "advisories/ZDI-12-069", "id": "ZDI-12-069", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba SetInfoPolicy AuditEventsInfo Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-069/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1504", "zdi_id": "ZDI-12-069" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles GetAliasMembership requests. When pa...", "detail_json": "/data/advisories/ZDI-12-068/advisory.json", "detail_path": "advisories/ZDI-12-068", "id": "ZDI-12-068", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba GetAliasMembership SidArray Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-068/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1503", "zdi_id": "ZDI-12-068" }, { "cve": "CVE-2012-0592", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists wit...", "detail_json": "/data/advisories/ZDI-12-067/advisory.json", "detail_path": "advisories/ZDI-12-067", "id": "ZDI-12-067", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "WebKit.org Webkit Array.Splice Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-067/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1484", "zdi_id": "ZDI-12-067" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is d...", "detail_json": "/data/advisories/ZDI-12-066/advisory.json", "detail_path": "advisories/ZDI-12-066", "id": "ZDI-12-066", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Internet Explorer CTagFactory Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-066/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1479", "zdi_id": "ZDI-12-066" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is d...", "detail_json": "/data/advisories/ZDI-12-065/advisory.json", "detail_path": "advisories/ZDI-12-065", "id": "ZDI-12-065", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Microsoft Internet Explorer selectAll Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-065/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1471", "zdi_id": "ZDI-12-065" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS EnumArray1 request. By...", "detail_json": "/data/advisories/ZDI-12-064/advisory.json", "detail_path": "advisories/ZDI-12-064", "id": "ZDI-12-064", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-064/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1539", "zdi_id": "ZDI-12-064" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL SVCCTL StartServiceW reques...", "detail_json": "/data/advisories/ZDI-12-063/advisory.json", "detail_path": "advisories/ZDI-12-063", "id": "ZDI-12-063", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba NDR PULL SVCCTL StartServiceW Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-063/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1537", "zdi_id": "ZDI-12-063" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL LSA TrustDomainInfoControll...", "detail_json": "/data/advisories/ZDI-12-062/advisory.json", "detail_path": "advisories/ZDI-12-062", "id": "ZDI-12-062", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-062/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1538", "zdi_id": "ZDI-12-062" }, { "cve": "CVE-2012-1182", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS INFO3 request. By sendi...", "detail_json": "/data/advisories/ZDI-12-061/advisory.json", "detail_path": "advisories/ZDI-12-061", "id": "ZDI-12-061", "kind": "published", "published_date": "2012-04-18", "status": "published", "title": "Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-061/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-1540", "zdi_id": "ZDI-12-061" }, { "cve": "CVE-2012-0498", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-060/advisory.json", "detail_path": "advisories/ZDI-12-060", "id": "ZDI-12-060", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-060/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1496", "zdi_id": "ZDI-12-060" }, { "cve": "CVE-2012-0444", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-059/advisory.json", "detail_path": "advisories/ZDI-12-059", "id": "ZDI-12-059", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-059/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1477", "zdi_id": "ZDI-12-059" }, { "cve": "CVE-2011-3460", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-058/advisory.json", "detail_path": "advisories/ZDI-12-058", "id": "ZDI-12-058", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-058/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1372", "zdi_id": "ZDI-12-058" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-12-057/advisory.json", "detail_path": "advisories/ZDI-12-057", "id": "ZDI-12-057", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-057/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1548", "zdi_id": "ZDI-12-057" }, { "cve": "CVE-2011-3658", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-12-056/advisory.json", "detail_path": "advisories/ZDI-12-056", "id": "ZDI-12-056", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-056/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1414", "zdi_id": "ZDI-12-056" }, { "cve": "CVE-2011-3928", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists wit...", "detail_json": "/data/advisories/ZDI-12-055/advisory.json", "detail_path": "advisories/ZDI-12-055", "id": "ZDI-12-055", "kind": "published", "published_date": "2012-04-09", "status": "published", "title": "Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-055/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1415", "zdi_id": "ZDI-12-055" }, { "cve": "CVE-2011-2825", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-12-054/advisory.json", "detail_path": "advisories/ZDI-12-054", "id": "ZDI-12-054", "kind": "published", "published_date": "2012-03-26", "status": "published", "title": "Webkit fontface Invalid Font Family Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-054/", "vendor": "WebKit.Org", "vendor_url": null, "zdi_can": "ZDI-CAN-1283", "zdi_id": "ZDI-12-054" }, { "cve": "CVE-2011-4249", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-12-053/advisory.json", "detail_path": "advisories/ZDI-12-053", "id": "ZDI-12-053", "kind": "published", "published_date": "2012-03-26", "status": "published", "title": "RealNetworks RealPlayer RV30 Sample Arbitrary Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-053/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1284", "zdi_id": "ZDI-12-053" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of FlexNet License Server Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within lmgrd license server manager. lmg...", "detail_json": "/data/advisories/ZDI-12-052/advisory.json", "detail_path": "advisories/ZDI-12-052", "id": "ZDI-12-052", "kind": "published", "published_date": "2012-03-26", "status": "published", "title": "FlexNet License Server Manager lmgrd Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-052/", "vendor": "Flexera Software", "vendor_url": null, "zdi_can": "ZDI-CAN-1192", "zdi_id": "ZDI-12-052" }, { "cve": "CVE-2011-4254", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-12-051/advisory.json", "detail_path": "advisories/ZDI-12-051", "id": "ZDI-12-051", "kind": "published", "published_date": "2012-03-22", "status": "published", "title": "RealNetworks RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-051/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1286", "zdi_id": "ZDI-12-051" }, { "cve": "CVE-2011-4262", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-12-050/advisory.json", "detail_path": "advisories/ZDI-12-050", "id": "ZDI-12-050", "kind": "published", "published_date": "2012-03-22", "status": "published", "title": "RealNetworks RealPlayer mp4fformat rdrf Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-050/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1319", "zdi_id": "ZDI-12-050" }, { "cve": "CVE-2012-0927", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within cook.dll, s...", "detail_json": "/data/advisories/ZDI-12-049/advisory.json", "detail_path": "advisories/ZDI-12-049", "id": "ZDI-12-049", "kind": "published", "published_date": "2012-03-22", "status": "published", "title": "RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-049/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1359", "zdi_id": "ZDI-12-049" }, { "cve": "CVE-2012-0924", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within dmp4.dll, s...", "detail_json": "/data/advisories/ZDI-12-048/advisory.json", "detail_path": "advisories/ZDI-12-048", "id": "ZDI-12-048", "kind": "published", "published_date": "2012-03-22", "status": "published", "title": "RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-048/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1368", "zdi_id": "ZDI-12-048" }, { "cve": "CVE-2012-0754", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-12-047/advisory.json", "detail_path": "advisories/ZDI-12-047", "id": "ZDI-12-047", "kind": "published", "published_date": "2012-03-22", "status": "published", "title": "Adobe Flash ASconstructor Function Call Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-047/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1362", "zdi_id": "ZDI-12-047" }, { "cve": "CVE-2011-4257", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-12-046/advisory.json", "detail_path": "advisories/ZDI-12-046", "id": "ZDI-12-046", "kind": "published", "published_date": "2012-03-20", "status": "published", "title": "RealNetworks RealPlayer Cook Codec Channel Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-046/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1276", "zdi_id": "ZDI-12-046" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-045/advisory.json", "detail_path": "advisories/ZDI-12-045", "id": "ZDI-12-045", "kind": "published", "published_date": "2012-03-20", "status": "published", "title": "Oracle Java JOGL NEWT Reflection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-045/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1490", "zdi_id": "ZDI-12-045" }, { "cve": "CVE-2012-0002", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while l...", "detail_json": "/data/advisories/ZDI-12-044/advisory.json", "detail_path": "advisories/ZDI-12-044", "id": "ZDI-12-044", "kind": "published", "published_date": "2012-03-15", "status": "published", "title": "Microsoft Remote Desktop Protocol Channel Abort Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1320", "zdi_id": "ZDI-12-044" }, { "cve": "CVE-2012-1173", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LibTIFF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-12-043/advisory.json", "detail_path": "advisories/ZDI-12-043", "id": "ZDI-12-043", "kind": "published", "published_date": "2012-03-13", "status": "published", "title": "LibTIFF TileSize Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-043/", "vendor": "Libtiff", "vendor_url": null, "zdi_can": "ZDI-CAN-1221", "zdi_id": "ZDI-12-043" }, { "cve": "CVE-2011-2113", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-12-041/advisory.json", "detail_path": "advisories/ZDI-12-041", "id": "ZDI-12-041", "kind": "published", "published_date": "2012-03-01", "status": "published", "title": "Adobe Shockwave iml32.dll DEMX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-041/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1247", "zdi_id": "ZDI-12-041" }, { "cve": "CVE-2012-0198, CVE-2012-0199", "cvss": 10.0, "cvss_vector": null, "description_snippet": "IBM Tivoli Provisioning Manager soapServlet SOAP Message Printer.getPrinterAgentKey SQL Injection Vulnerability This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Provisioning Manager Express for Sof...", "detail_json": "/data/advisories/ZDI-12-040/advisory.json", "detail_path": "advisories/ZDI-12-040", "id": "ZDI-12-040", "kind": "published", "published_date": "2012-03-01", "status": "published", "title": "IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-040/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1328", "zdi_id": "ZDI-12-040" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-039/advisory.json", "detail_path": "advisories/ZDI-12-039", "id": "ZDI-12-039", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-039/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1410", "zdi_id": "ZDI-12-039" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-12-038/advisory.json", "detail_path": "advisories/ZDI-12-038", "id": "ZDI-12-038", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-038/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1453", "zdi_id": "ZDI-12-038" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-037/advisory.json", "detail_path": "advisories/ZDI-12-037", "id": "ZDI-12-037", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-037/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1407", "zdi_id": "ZDI-12-037" }, { "cve": "CVE-2012-0155", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-12-036/advisory.json", "detail_path": "advisories/ZDI-12-036", "id": "ZDI-12-036", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-036/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1457", "zdi_id": "ZDI-12-036" }, { "cve": "CVE-2012-0011", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML,...", "detail_json": "/data/advisories/ZDI-12-035/advisory.json", "detail_path": "advisories/ZDI-12-035", "id": "ZDI-12-035", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-035/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1299", "zdi_id": "ZDI-12-035" }, { "cve": "CVE-2012-0150", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-12-034/advisory.json", "detail_path": "advisories/ZDI-12-034", "id": "ZDI-12-034", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-034/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1400", "zdi_id": "ZDI-12-034" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packet...", "detail_json": "/data/advisories/ZDI-12-033/advisory.json", "detail_path": "advisories/ZDI-12-033", "id": "ZDI-12-033", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-033/", "vendor": "ABB", "vendor_url": null, "zdi_can": "ZDI-CAN-1260", "zdi_id": "ZDI-12-033" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-032/advisory.json", "detail_path": "advisories/ZDI-12-032", "id": "ZDI-12-032", "kind": "published", "published_date": "2012-02-22", "status": "published", "title": "Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-032/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1353", "zdi_id": "ZDI-12-032" }, { "cve": "CVE-2011-4194", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-se...", "detail_json": "/data/advisories/ZDI-12-031/advisory.json", "detail_path": "advisories/ZDI-12-031", "id": "ZDI-12-031", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-031/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1354", "zdi_id": "ZDI-12-031" }, { "cve": "CVE-2011-1388", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-030/advisory.json", "detail_path": "advisories/ZDI-12-030", "id": "ZDI-12-030", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-030/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1246", "zdi_id": "ZDI-12-030" }, { "cve": "CVE-2011-1391", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-029/advisory.json", "detail_path": "advisories/ZDI-12-029", "id": "ZDI-12-029", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-029/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1245", "zdi_id": "ZDI-12-029" }, { "cve": "CVE-2011-1392", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-028/advisory.json", "detail_path": "advisories/ZDI-12-028", "id": "ZDI-12-028", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-028/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1288", "zdi_id": "ZDI-12-028" }, { "cve": "CVE-2012-0189", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-12-027/advisory.json", "detail_path": "advisories/ZDI-12-027", "id": "ZDI-12-027", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-027/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1307", "zdi_id": "ZDI-12-027" }, { "cve": "CVE-2012-0190", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-12-026/advisory.json", "detail_path": "advisories/ZDI-12-026", "id": "ZDI-12-026", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-026/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1298", "zdi_id": "ZDI-12-026" }, { "cve": "CVE-2012-0395", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opco...", "detail_json": "/data/advisories/ZDI-12-025/advisory.json", "detail_path": "advisories/ZDI-12-025", "id": "ZDI-12-025", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-025/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1451", "zdi_id": "ZDI-12-025" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored proc...", "detail_json": "/data/advisories/ZDI-12-024/advisory.json", "detail_path": "advisories/ZDI-12-024", "id": "ZDI-12-024", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-024/", "vendor": "Total Defense", "vendor_url": null, "zdi_can": "ZDI-CAN-1180", "zdi_id": "ZDI-12-024" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_C...", "detail_json": "/data/advisories/ZDI-12-023/advisory.json", "detail_path": "advisories/ZDI-12-023", "id": "ZDI-12-023", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-023/", "vendor": "Total Defense", "vendor_url": null, "zdi_can": "ZDI-CAN-1123", "zdi_id": "ZDI-12-023" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, access...", "detail_json": "/data/advisories/ZDI-12-022/advisory.json", "detail_path": "advisories/ZDI-12-022", "id": "ZDI-12-022", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-022/", "vendor": "Total Defense", "vendor_url": null, "zdi_can": "ZDI-CAN-1121", "zdi_id": "ZDI-12-022" }, { "cve": "CVE-2011-4373", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-12-021/advisory.json", "detail_path": "advisories/ZDI-12-021", "id": "ZDI-12-021", "kind": "published", "published_date": "2012-02-08", "status": "published", "title": "Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-021/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1426", "zdi_id": "ZDI-12-021" }, { "cve": "CVE-2012-0189", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-12-020/advisory.json", "detail_path": "advisories/ZDI-12-020", "id": "ZDI-12-020", "kind": "published", "published_date": "2012-01-30", "status": "published", "title": "IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-020/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1297", "zdi_id": "ZDI-12-020" }, { "cve": "CVE-2012-0188", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-12-019/advisory.json", "detail_path": "advisories/ZDI-12-019", "id": "ZDI-12-019", "kind": "published", "published_date": "2012-01-30", "status": "published", "title": "IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-019/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1295", "zdi_id": "ZDI-12-019" }, { "cve": "CVE-2011-3478", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling in...", "detail_json": "/data/advisories/ZDI-12-018/advisory.json", "detail_path": "advisories/ZDI-12-018", "id": "ZDI-12-018", "kind": "published", "published_date": "2012-01-25", "status": "published", "title": "Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-018/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1273", "zdi_id": "ZDI-12-018" }, { "cve": null, "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vend...", "detail_json": "/data/advisories/ZDI-12-017/advisory.json", "detail_path": "advisories/ZDI-12-017", "id": "ZDI-12-017", "kind": "published", "published_date": "2012-01-20", "status": "published", "title": "Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-017/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1306", "zdi_id": "ZDI-12-017" }, { "cve": "CVE-2011-4789", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles...", "detail_json": "/data/advisories/ZDI-12-016/advisory.json", "detail_path": "advisories/ZDI-12-016", "id": "ZDI-12-016", "kind": "published", "published_date": "2012-01-12", "status": "published", "title": "(0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-016/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1259", "zdi_id": "ZDI-12-016" }, { "cve": "CVE-2011-4788", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. Ther...", "detail_json": "/data/advisories/ZDI-12-015/advisory.json", "detail_path": "advisories/ZDI-12-015", "id": "ZDI-12-015", "kind": "published", "published_date": "2012-01-12", "status": "published", "title": "(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-015/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1243", "zdi_id": "ZDI-12-015" }, { "cve": "CVE-2011-4787", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-014/advisory.json", "detail_path": "advisories/ZDI-12-014", "id": "ZDI-12-014", "kind": "published", "published_date": "2012-01-12", "status": "published", "title": "HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-014/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1117", "zdi_id": "ZDI-12-014" }, { "cve": "CVE-2011-4786", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-12-013/advisory.json", "detail_path": "advisories/ZDI-12-013", "id": "ZDI-12-013", "kind": "published", "published_date": "2012-01-12", "status": "published", "title": "HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-013/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1093", "zdi_id": "ZDI-12-013" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-12-012/advisory.json", "detail_path": "advisories/ZDI-12-012", "id": "ZDI-12-012", "kind": "published", "published_date": "2012-01-12", "status": "published", "title": "(0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-012/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-1094", "zdi_id": "ZDI-12-012" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC...", "detail_json": "/data/advisories/ZDI-12-011/advisory.json", "detail_path": "advisories/ZDI-12-011", "id": "ZDI-12-011", "kind": "published", "published_date": "2012-01-10", "status": "published", "title": "Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-011/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1206", "zdi_id": "ZDI-12-011" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This proces...", "detail_json": "/data/advisories/ZDI-12-010/advisory.json", "detail_path": "advisories/ZDI-12-010", "id": "ZDI-12-010", "kind": "published", "published_date": "2012-01-10", "status": "published", "title": "Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-010/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-1290", "zdi_id": "ZDI-12-010" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This proces...", "detail_json": "/data/advisories/ZDI-12-009/advisory.json", "detail_path": "advisories/ZDI-12-009", "id": "ZDI-12-009", "kind": "published", "published_date": "2012-01-10", "status": "published", "title": "Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-009/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-1291", "zdi_id": "ZDI-12-009" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component whi...", "detail_json": "/data/advisories/ZDI-12-008/advisory.json", "detail_path": "advisories/ZDI-12-008", "id": "ZDI-12-008", "kind": "published", "published_date": "2012-01-10", "status": "published", "title": "Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-008/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-1188", "zdi_id": "ZDI-12-008" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC...", "detail_json": "/data/advisories/ZDI-12-007/advisory.json", "detail_path": "advisories/ZDI-12-007", "id": "ZDI-12-007", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-007/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1269", "zdi_id": "ZDI-12-007" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC...", "detail_json": "/data/advisories/ZDI-12-006/advisory.json", "detail_path": "advisories/ZDI-12-006", "id": "ZDI-12-006", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-006/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1268", "zdi_id": "ZDI-12-006" }, { "cve": "CVE-2011-3248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-12-005/advisory.json", "detail_path": "advisories/ZDI-12-005", "id": "ZDI-12-005", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-005/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1378", "zdi_id": "ZDI-12-005" }, { "cve": "CVE-2011-3250", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-12-004/advisory.json", "detail_path": "advisories/ZDI-12-004", "id": "ZDI-12-004", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-004/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1184", "zdi_id": "ZDI-12-004" }, { "cve": "CVE-2011-3166", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. When pr...", "detail_json": "/data/advisories/ZDI-12-003/advisory.json", "detail_path": "advisories/ZDI-12-003", "id": "ZDI-12-003", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-003/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1209", "zdi_id": "ZDI-12-003" }, { "cve": "CVE-2011-3167", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user sup...", "detail_json": "/data/advisories/ZDI-12-002/advisory.json", "detail_path": "advisories/ZDI-12-002", "id": "ZDI-12-002", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-002/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1210", "zdi_id": "ZDI-12-002" }, { "cve": "CVE-2011-4169", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-12-001/advisory.json", "detail_path": "advisories/ZDI-12-001", "id": "ZDI-12-001", "kind": "published", "published_date": "2012-01-05", "status": "published", "title": "HP Managed Printing Administration img_id Multiple Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-12-001/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1067", "zdi_id": "ZDI-12-001" }, { "cve": "CVE-2011-4168", "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including...", "detail_json": "/data/advisories/ZDI-11-354/advisory.json", "detail_path": "advisories/ZDI-11-354", "id": "ZDI-11-354", "kind": "published", "published_date": "2011-12-22", "status": "published", "title": "HP Managed Printing Administration jobDelivery Multiple Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-354/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1066", "zdi_id": "ZDI-11-354" }, { "cve": "CVE-2011-4167", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An...", "detail_json": "/data/advisories/ZDI-11-353/advisory.json", "detail_path": "advisories/ZDI-11-353", "id": "ZDI-11-353", "kind": "published", "published_date": "2011-12-22", "status": "published", "title": "HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-353/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1065", "zdi_id": "ZDI-11-353" }, { "cve": "CVE-2011-4166", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including...", "detail_json": "/data/advisories/ZDI-11-352/advisory.json", "detail_path": "advisories/ZDI-11-352", "id": "ZDI-11-352", "kind": "published", "published_date": "2011-12-22", "status": "published", "title": "HP Managed Printing Administration jobAcct Multiple Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-352/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1064", "zdi_id": "ZDI-11-352" }, { "cve": "CVE-2011-4536", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll....", "detail_json": "/data/advisories/ZDI-11-351/advisory.json", "detail_path": "advisories/ZDI-11-351", "id": "ZDI-11-351", "kind": "published", "published_date": "2011-12-22", "status": "published", "title": "WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-351/", "vendor": "WellinTech", "vendor_url": null, "zdi_can": "ZDI-CAN-1261", "zdi_id": "ZDI-11-351" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Enterasys Netsight. Authentication is not required to exploit this vulnerability. The flaw exists within the nssyslogd.exe component which listens by default o...", "detail_json": "/data/advisories/ZDI-11-350/advisory.json", "detail_path": "advisories/ZDI-11-350", "id": "ZDI-11-350", "kind": "published", "published_date": "2011-12-19", "status": "published", "title": "Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-350/", "vendor": "Enterasys", "vendor_url": null, "zdi_can": "ZDI-CAN-1099", "zdi_id": "ZDI-11-350" }, { "cve": "CVE-2011-2127", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the NPAPI version of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...", "detail_json": "/data/advisories/ZDI-11-349/advisory.json", "detail_path": "advisories/ZDI-11-349", "id": "ZDI-11-349", "kind": "published", "published_date": "2011-12-17", "status": "published", "title": "Adobe Shockwave NPAPI Plug-in Drag and Drop Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-349/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1114", "zdi_id": "ZDI-11-349" }, { "cve": "CVE-2011-3165", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When...", "detail_json": "/data/advisories/ZDI-11-348/advisory.json", "detail_path": "advisories/ZDI-11-348", "id": "ZDI-11-348", "kind": "published", "published_date": "2011-12-13", "status": "published", "title": "HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-348/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1208", "zdi_id": "ZDI-11-348" }, { "cve": "CVE-2011-1983", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-11-347/advisory.json", "detail_path": "advisories/ZDI-11-347", "id": "ZDI-11-347", "kind": "published", "published_date": "2011-12-13", "status": "published", "title": "Microsoft Office Word Hidden Border Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-347/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1085", "zdi_id": "ZDI-11-347" }, { "cve": "CVE-2011-3413", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-346/advisory.json", "detail_path": "advisories/ZDI-11-346", "id": "ZDI-11-346", "kind": "published", "published_date": "2011-12-13", "status": "published", "title": "Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-346/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1280", "zdi_id": "ZDI-11-346" }, { "cve": null, "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on...", "detail_json": "/data/advisories/ZDI-11-345/advisory.json", "detail_path": "advisories/ZDI-11-345", "id": "ZDI-11-345", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-345/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-1138", "zdi_id": "ZDI-11-345" }, { "cve": "CVE-2011-4253", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-344/advisory.json", "detail_path": "advisories/ZDI-11-344", "id": "ZDI-11-344", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-344/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1304", "zdi_id": "ZDI-11-344" }, { "cve": "CVE-2011-4260", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-343/advisory.json", "detail_path": "advisories/ZDI-11-343", "id": "ZDI-11-343", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-343/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1351", "zdi_id": "ZDI-11-343" }, { "cve": "CVE-2011-2653", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. The flaw exists within the rtrlet component. This process liste...", "detail_json": "/data/advisories/ZDI-11-342/advisory.json", "detail_path": "advisories/ZDI-11-342", "id": "ZDI-11-342", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "Novell ZENworks Asset Management Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-342/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1282", "zdi_id": "ZDI-11-342" }, { "cve": "CVE-2011-3319", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-11-341/advisory.json", "detail_path": "advisories/ZDI-11-341", "id": "ZDI-11-341", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-341/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1236", "zdi_id": "ZDI-11-341" }, { "cve": "CVE-2011-3248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-340/advisory.json", "detail_path": "advisories/ZDI-11-340", "id": "ZDI-11-340", "kind": "published", "published_date": "2011-12-07", "status": "published", "title": "Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-340/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1302", "zdi_id": "ZDI-11-340" }, { "cve": "CVE-2011-2397", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Iron Mountain Connected Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Agent service that listens by...", "detail_json": "/data/advisories/ZDI-11-339/advisory.json", "detail_path": "advisories/ZDI-11-339", "id": "ZDI-11-339", "kind": "published", "published_date": "2011-12-01", "status": "published", "title": "Iron Mountain Connected Backup Agent Unauthenticated Remote Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-339/", "vendor": "Iron Mountain", "vendor_url": null, "zdi_can": "ZDI-CAN-1023", "zdi_id": "ZDI-11-339" }, { "cve": "CVE-2011-4258", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-338/advisory.json", "detail_path": "advisories/ZDI-11-338", "id": "ZDI-11-338", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-338/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1277", "zdi_id": "ZDI-11-338" }, { "cve": "CVE-2011-4256", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-337/advisory.json", "detail_path": "advisories/ZDI-11-337", "id": "ZDI-11-337", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-337/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1303", "zdi_id": "ZDI-11-337" }, { "cve": "CVE-2011-4255", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-336/advisory.json", "detail_path": "advisories/ZDI-11-336", "id": "ZDI-11-336", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-336/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1278", "zdi_id": "ZDI-11-336" }, { "cve": "CVE-2011-4252", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-335/advisory.json", "detail_path": "advisories/ZDI-11-335", "id": "ZDI-11-335", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-335/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1305", "zdi_id": "ZDI-11-335" }, { "cve": "CVE-2011-4251", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-334/advisory.json", "detail_path": "advisories/ZDI-11-334", "id": "ZDI-11-334", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-334/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1279", "zdi_id": "ZDI-11-334" }, { "cve": "CVE-2011-4250", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-333/advisory.json", "detail_path": "advisories/ZDI-11-333", "id": "ZDI-11-333", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-333/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1311", "zdi_id": "ZDI-11-333" }, { "cve": "CVE-2011-4248", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-332/advisory.json", "detail_path": "advisories/ZDI-11-332", "id": "ZDI-11-332", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-332/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1310", "zdi_id": "ZDI-11-332" }, { "cve": "CVE-2011-4259", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-11-331/advisory.json", "detail_path": "advisories/ZDI-11-331", "id": "ZDI-11-331", "kind": "published", "published_date": "2011-11-28", "status": "published", "title": "RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-331/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1294", "zdi_id": "ZDI-11-331" }, { "cve": "CVE-2011-4051", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which liste...", "detail_json": "/data/advisories/ZDI-11-330/advisory.json", "detail_path": "advisories/ZDI-11-330", "id": "ZDI-11-330", "kind": "published", "published_date": "2011-11-16", "status": "published", "title": "InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-330/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1181", "zdi_id": "ZDI-11-330" }, { "cve": "CVE-2011-4052", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime depe...", "detail_json": "/data/advisories/ZDI-11-329/advisory.json", "detail_path": "advisories/ZDI-11-329", "id": "ZDI-11-329", "kind": "published", "published_date": "2011-11-16", "status": "published", "title": "InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-329/", "vendor": "Indusoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1183", "zdi_id": "ZDI-11-329" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within ho...", "detail_json": "/data/advisories/ZDI-11-328/advisory.json", "detail_path": "advisories/ZDI-11-328", "id": "ZDI-11-328", "kind": "published", "published_date": "2011-11-11", "status": "published", "title": "ProFTPD Response Pool Use-After-Free Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-328/", "vendor": "ProFTPD", "vendor_url": null, "zdi_can": "ZDI-CAN-1420", "zdi_id": "ZDI-11-328" }, { "cve": "CVE-2011-3161", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-327/advisory.json", "detail_path": "advisories/ZDI-11-327", "id": "ZDI-11-327", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server LogBackupLocationStatus Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-327/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1229", "zdi_id": "ZDI-11-327" }, { "cve": "CVE-2011-3156", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-326/advisory.json", "detail_path": "advisories/ZDI-11-326", "id": "ZDI-11-326", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server LogClientInstallation Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-326/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1222", "zdi_id": "ZDI-11-326" }, { "cve": "CVE-2011-3157", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-325/advisory.json", "detail_path": "advisories/ZDI-11-325", "id": "ZDI-11-325", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension GetPolicies Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-325/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1225", "zdi_id": "ZDI-11-325" }, { "cve": "CVE-2011-3158", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-324/advisory.json", "detail_path": "advisories/ZDI-11-324", "id": "ZDI-11-324", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server RequestCopy Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-324/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1226", "zdi_id": "ZDI-11-324" }, { "cve": "CVE-2011-3159", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-323/advisory.json", "detail_path": "advisories/ZDI-11-323", "id": "ZDI-11-323", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server LogClientHealth Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-323/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1227", "zdi_id": "ZDI-11-323" }, { "cve": "CVE-2011-3160", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-322/advisory.json", "detail_path": "advisories/ZDI-11-322", "id": "ZDI-11-322", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server LogCopyOperation Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-322/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1228", "zdi_id": "ZDI-11-322" }, { "cve": "CVE-2011-3162", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component whic...", "detail_json": "/data/advisories/ZDI-11-321/advisory.json", "detail_path": "advisories/ZDI-11-321", "id": "ZDI-11-321", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "HP Data Protector Notebook Extension Policy Server FinishedCopy Remote SQL Injection Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-321/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1296", "zdi_id": "ZDI-11-321" }, { "cve": "CVE-2011-1918", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listen...", "detail_json": "/data/advisories/ZDI-11-320/advisory.json", "detail_path": "advisories/ZDI-11-320", "id": "ZDI-11-320", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "GE Proficy Historian ihDataArchiver.exe Trusted Header Size Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-320/", "vendor": "GE", "vendor_url": null, "zdi_can": "ZDI-CAN-1233", "zdi_id": "ZDI-11-320" }, { "cve": "CVE-2011-3174", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-319/advisory.json", "detail_path": "advisories/ZDI-11-319", "id": "ZDI-11-319", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-319/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1235", "zdi_id": "ZDI-11-319" }, { "cve": "CVE-2011-2657", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...", "detail_json": "/data/advisories/ZDI-11-318/advisory.json", "detail_path": "advisories/ZDI-11-318", "id": "ZDI-11-318", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-318/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1204", "zdi_id": "ZDI-11-318" }, { "cve": "CVE-2011-2658", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-317/advisory.json", "detail_path": "advisories/ZDI-11-317", "id": "ZDI-11-317", "kind": "published", "published_date": "2011-11-07", "status": "published", "title": "Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-317/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1234", "zdi_id": "ZDI-11-317" }, { "cve": "CVE-2011-3251", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-316/advisory.json", "detail_path": "advisories/ZDI-11-316", "id": "ZDI-11-316", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-316/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1315", "zdi_id": "ZDI-11-316" }, { "cve": "CVE-2011-3249", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-315/advisory.json", "detail_path": "advisories/ZDI-11-315", "id": "ZDI-11-315", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-315/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1275", "zdi_id": "ZDI-11-315" }, { "cve": "CVE-2011-3247", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-314/advisory.json", "detail_path": "advisories/ZDI-11-314", "id": "ZDI-11-314", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-314/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1090", "zdi_id": "ZDI-11-314" }, { "cve": "CVE-2011-3223", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-313/advisory.json", "detail_path": "advisories/ZDI-11-313", "id": "ZDI-11-313", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-313/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1274", "zdi_id": "ZDI-11-313" }, { "cve": "CVE-2011-3221", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-312/advisory.json", "detail_path": "advisories/ZDI-11-312", "id": "ZDI-11-312", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-312/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1220", "zdi_id": "ZDI-11-312" }, { "cve": "CVE-2011-3220", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...", "detail_json": "/data/advisories/ZDI-11-311/advisory.json", "detail_path": "advisories/ZDI-11-311", "id": "ZDI-11-311", "kind": "published", "published_date": "2011-10-27", "status": "published", "title": "Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-311/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1219", "zdi_id": "ZDI-11-311" }, { "cve": "CVE-2011-2441", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-310/advisory.json", "detail_path": "advisories/ZDI-11-310", "id": "ZDI-11-310", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-310/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1309", "zdi_id": "ZDI-11-310" }, { "cve": "CVE-2011-3173", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-309/advisory.json", "detail_path": "advisories/ZDI-11-309", "id": "ZDI-11-309", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-309/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1289", "zdi_id": "ZDI-11-309" }, { "cve": "CVE-2011-4004", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-11-308/advisory.json", "detail_path": "advisories/ZDI-11-308", "id": "ZDI-11-308", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-308/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1170", "zdi_id": "ZDI-11-308" }, { "cve": "CVE-2011-3545", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-307/advisory.json", "detail_path": "advisories/ZDI-11-307", "id": "ZDI-11-307", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-307/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1218", "zdi_id": "ZDI-11-307" }, { "cve": "CVE-2011-3521", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-306/advisory.json", "detail_path": "advisories/ZDI-11-306", "id": "ZDI-11-306", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-306/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1253", "zdi_id": "ZDI-11-306" }, { "cve": "CVE-2011-3544", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-305/advisory.json", "detail_path": "advisories/ZDI-11-305", "id": "ZDI-11-305", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-305/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1254", "zdi_id": "ZDI-11-305" }, { "cve": "CVE-2011-3252", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the ta...", "detail_json": "/data/advisories/ZDI-11-304/advisory.json", "detail_path": "advisories/ZDI-11-304", "id": "ZDI-11-304", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-304/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1150", "zdi_id": "ZDI-11-304" }, { "cve": "CVE-2011-3219", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-303/advisory.json", "detail_path": "advisories/ZDI-11-303", "id": "ZDI-11-303", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-303/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1314", "zdi_id": "ZDI-11-303" }, { "cve": "CVE-2011-2432", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-11-302/advisory.json", "detail_path": "advisories/ZDI-11-302", "id": "ZDI-11-302", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-302/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1197", "zdi_id": "ZDI-11-302" }, { "cve": "CVE-2011-2434", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-301/advisory.json", "detail_path": "advisories/ZDI-11-301", "id": "ZDI-11-301", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-301/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1199", "zdi_id": "ZDI-11-301" }, { "cve": "CVE-2011-2433", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-300/advisory.json", "detail_path": "advisories/ZDI-11-300", "id": "ZDI-11-300", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-300/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1198", "zdi_id": "ZDI-11-300" }, { "cve": "CVE-2011-2435", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-299/advisory.json", "detail_path": "advisories/ZDI-11-299", "id": "ZDI-11-299", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader PICT Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-299/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1200", "zdi_id": "ZDI-11-299" }, { "cve": "CVE-2011-2436", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-298/advisory.json", "detail_path": "advisories/ZDI-11-298", "id": "ZDI-11-298", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-298/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1201", "zdi_id": "ZDI-11-298" }, { "cve": "CVE-2011-2437", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-297/advisory.json", "detail_path": "advisories/ZDI-11-297", "id": "ZDI-11-297", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-297/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1202", "zdi_id": "ZDI-11-297" }, { "cve": "CVE-2011-2438", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-296/advisory.json", "detail_path": "advisories/ZDI-11-296", "id": "ZDI-11-296", "kind": "published", "published_date": "2011-10-26", "status": "published", "title": "Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-296/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1212", "zdi_id": "ZDI-11-296" }, { "cve": "CVE-2011-3222", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-295/advisory.json", "detail_path": "advisories/ZDI-11-295", "id": "ZDI-11-295", "kind": "published", "published_date": "2011-10-18", "status": "published", "title": "Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-295/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1312", "zdi_id": "ZDI-11-295" }, { "cve": "CVE-2011-0554", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Symantec IM Manager web interface expose...", "detail_json": "/data/advisories/ZDI-11-294/advisory.json", "detail_path": "advisories/ZDI-11-294", "id": "ZDI-11-294", "kind": "published", "published_date": "2011-10-18", "status": "published", "title": "Symantec IM Manager ProcessAction Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-294/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1091", "zdi_id": "ZDI-11-294" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel/Avaya Identity Engines Ignition Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AdminAccountMa...", "detail_json": "/data/advisories/ZDI-11-293/advisory.json", "detail_path": "advisories/ZDI-11-293", "id": "ZDI-11-293", "kind": "published", "published_date": "2011-10-18", "status": "published", "title": "Avaya Identity Engines Ignition Server Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-293/", "vendor": "Avaya", "vendor_url": null, "zdi_can": "ZDI-CAN-1095", "zdi_id": "ZDI-11-293" }, { "cve": "CVE-2011-2738", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server. Authentication is not required to exploit this vulnerability. The flaw exists withi...", "detail_json": "/data/advisories/ZDI-11-292/advisory.json", "detail_path": "advisories/ZDI-11-292", "id": "ZDI-11-292", "kind": "published", "published_date": "2011-10-18", "status": "published", "title": "Cisco Unified Service Monitor brstart sm_read_string_length Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-292/", "vendor": "Cisco, EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1258", "zdi_id": "ZDI-11-292" }, { "cve": "CVE-2011-2738", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server. Authentication is not required to exploit this vulnerability. The flaw exists withi...", "detail_json": "/data/advisories/ZDI-11-291/advisory.json", "detail_path": "advisories/ZDI-11-291", "id": "ZDI-11-291", "kind": "published", "published_date": "2011-10-18", "status": "published", "title": "Cisco Unified Service Monitor brstart add_dm Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-291/", "vendor": "EMC, Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-1109", "zdi_id": "ZDI-11-291" }, { "cve": "CVE-2011-2001", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-290/advisory.json", "detail_path": "advisories/ZDI-11-290", "id": "ZDI-11-290", "kind": "published", "published_date": "2011-10-15", "status": "published", "title": "Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-290/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1324", "zdi_id": "ZDI-11-290" }, { "cve": "CVE-2011-2000", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-289/advisory.json", "detail_path": "advisories/ZDI-11-289", "id": "ZDI-11-289", "kind": "published", "published_date": "2011-10-15", "status": "published", "title": "Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-289/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1323", "zdi_id": "ZDI-11-289" }, { "cve": "CVE-2011-1999", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-11-288/advisory.json", "detail_path": "advisories/ZDI-11-288", "id": "ZDI-11-288", "kind": "published", "published_date": "2011-10-15", "status": "published", "title": "Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-288/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1300", "zdi_id": "ZDI-11-288" }, { "cve": "CVE-2011-1996", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-287/advisory.json", "detail_path": "advisories/ZDI-11-287", "id": "ZDI-11-287", "kind": "published", "published_date": "2011-10-15", "status": "published", "title": "Internet Explorer Select Element Cache Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-287/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1267", "zdi_id": "ZDI-11-287" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Client. User interaction is required to exploit this vulnerability in that the target must open a malicious e-mail message. The specific flaw...", "detail_json": "/data/advisories/ZDI-11-286/advisory.json", "detail_path": "advisories/ZDI-11-286", "id": "ZDI-11-286", "kind": "published", "published_date": "2011-10-14", "status": "published", "title": "Novell Groupwise Client DOCX Loader Relationship Id Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-286/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-966", "zdi_id": "ZDI-11-286" }, { "cve": "CVE-2010-4325", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALE...", "detail_json": "/data/advisories/ZDI-11-285/advisory.json", "detail_path": "advisories/ZDI-11-285", "id": "ZDI-11-285", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Novell Groupwise iCal COMMENT, RRULE, TZNAME Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-285/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1187", "zdi_id": "ZDI-11-285" }, { "cve": "CVE-2011-2441", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-284/advisory.json", "detail_path": "advisories/ZDI-11-284", "id": "ZDI-11-284", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Adobe Reader Compound Glyphs Array Indexing Error Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-284/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1308", "zdi_id": "ZDI-11-284" }, { "cve": "CVE-2011-2438", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-283/advisory.json", "detail_path": "advisories/ZDI-11-283", "id": "ZDI-11-283", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Adobe Reader Image Data Buffer Allocation Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-283/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1211", "zdi_id": "ZDI-11-283" }, { "cve": "CVE-2011-2438", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-282/advisory.json", "detail_path": "advisories/ZDI-11-282", "id": "ZDI-11-282", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Adobe Reader U3D BMP Colors Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-282/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1196", "zdi_id": "ZDI-11-282" }, { "cve": "CVE-2011-1990", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-281/advisory.json", "detail_path": "advisories/ZDI-11-281", "id": "ZDI-11-281", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-281/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1251", "zdi_id": "ZDI-11-281" }, { "cve": "CVE-2011-1989", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-280/advisory.json", "detail_path": "advisories/ZDI-11-280", "id": "ZDI-11-280", "kind": "published", "published_date": "2011-10-13", "status": "published", "title": "Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-280/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1223", "zdi_id": "ZDI-11-280" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to explo...", "detail_json": "/data/advisories/ZDI-11-279/advisory.json", "detail_path": "advisories/ZDI-11-279", "id": "ZDI-11-279", "kind": "published", "published_date": "2011-09-02", "status": "published", "title": "(0Day) Witness Systems eQuality Unify Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-279/", "vendor": "Nortel, Witness Systems", "vendor_url": null, "zdi_can": "ZDI-CAN-1097", "zdi_id": "ZDI-11-279" }, { "cve": "CVE-2011-2654", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC metho...", "detail_json": "/data/advisories/ZDI-11-278/advisory.json", "detail_path": "advisories/ZDI-11-278", "id": "ZDI-11-278", "kind": "published", "published_date": "2011-09-02", "status": "published", "title": "Novell Cloud Manager Insufficient Framework User Validation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-278/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1154", "zdi_id": "ZDI-11-278" }, { "cve": "CVE-2011-0258", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-277/advisory.json", "detail_path": "advisories/ZDI-11-277", "id": "ZDI-11-277", "kind": "published", "published_date": "2011-08-31", "status": "published", "title": "Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-277/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1285", "zdi_id": "ZDI-11-277" }, { "cve": "CVE-2011-2140", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The fla...", "detail_json": "/data/advisories/ZDI-11-276/advisory.json", "detail_path": "advisories/ZDI-11-276", "id": "ZDI-11-276", "kind": "published", "published_date": "2011-08-23", "status": "published", "title": "Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-276/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-975", "zdi_id": "ZDI-11-276" }, { "cve": "CVE-2011-2735", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service lis...", "detail_json": "/data/advisories/ZDI-11-275/advisory.json", "detail_path": "advisories/ZDI-11-275", "id": "ZDI-11-275", "kind": "published", "published_date": "2011-08-23", "status": "published", "title": "EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-275/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1256", "zdi_id": "ZDI-11-275" }, { "cve": "CVE-2011-2735", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service lis...", "detail_json": "/data/advisories/ZDI-11-274/advisory.json", "detail_path": "advisories/ZDI-11-274", "id": "ZDI-11-274", "kind": "published", "published_date": "2011-08-23", "status": "published", "title": "EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-274/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1255", "zdi_id": "ZDI-11-274" }, { "cve": "CVE-2011-2735", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the...", "detail_json": "/data/advisories/ZDI-11-273/advisory.json", "detail_path": "advisories/ZDI-11-273", "id": "ZDI-11-273", "kind": "published", "published_date": "2011-08-23", "status": "published", "title": "EMC Autostart Domain Name Logging Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-273/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1078", "zdi_id": "ZDI-11-273" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexnet License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the license server manager which listens...", "detail_json": "/data/advisories/ZDI-11-272/advisory.json", "detail_path": "advisories/ZDI-11-272", "id": "ZDI-11-272", "kind": "published", "published_date": "2011-08-17", "status": "published", "title": "(0Day) FlexNet License Server Manager Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-272/", "vendor": "Flexera Software", "vendor_url": null, "zdi_can": "ZDI-CAN-1050", "zdi_id": "ZDI-11-272" }, { "cve": "CVE-2011-2378", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-271/advisory.json", "detail_path": "advisories/ZDI-11-271", "id": "ZDI-11-271", "kind": "published", "published_date": "2011-08-17", "status": "published", "title": "Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-271/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1141", "zdi_id": "ZDI-11-271" }, { "cve": "CVE-2011-0084", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-270/advisory.json", "detail_path": "advisories/ZDI-11-270", "id": "ZDI-11-270", "kind": "published", "published_date": "2011-08-17", "status": "published", "title": "Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-270/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1143", "zdi_id": "ZDI-11-270" }, { "cve": "CVE-2011-2947", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-269/advisory.json", "detail_path": "advisories/ZDI-11-269", "id": "ZDI-11-269", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-269/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1152", "zdi_id": "ZDI-11-269" }, { "cve": "CVE-2011-2948", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-268/advisory.json", "detail_path": "advisories/ZDI-11-268", "id": "ZDI-11-268", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-268/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1185", "zdi_id": "ZDI-11-268" }, { "cve": "CVE-2011-2949", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-267/advisory.json", "detail_path": "advisories/ZDI-11-267", "id": "ZDI-11-267", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-267/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1136", "zdi_id": "ZDI-11-267" }, { "cve": "CVE-2011-2951", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-266/advisory.json", "detail_path": "advisories/ZDI-11-266", "id": "ZDI-11-266", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-266/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1122", "zdi_id": "ZDI-11-266" }, { "cve": "CVE-2011-2950", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-265/advisory.json", "detail_path": "advisories/ZDI-11-265", "id": "ZDI-11-265", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-265/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1153", "zdi_id": "ZDI-11-265" }, { "cve": "CVE-2011-0547", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc....", "detail_json": "/data/advisories/ZDI-11-264/advisory.json", "detail_path": "advisories/ZDI-11-264", "id": "ZDI-11-264", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-264/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1110", "zdi_id": "ZDI-11-264" }, { "cve": "CVE-2011-0547", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc....", "detail_json": "/data/advisories/ZDI-11-263/advisory.json", "detail_path": "advisories/ZDI-11-263", "id": "ZDI-11-263", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-263/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1112", "zdi_id": "ZDI-11-263" }, { "cve": "CVE-2011-0547", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The p...", "detail_json": "/data/advisories/ZDI-11-262/advisory.json", "detail_path": "advisories/ZDI-11-262", "id": "ZDI-11-262", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-262/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1111", "zdi_id": "ZDI-11-262" }, { "cve": "CVE-2011-2404", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-261/advisory.json", "detail_path": "advisories/ZDI-11-261", "id": "ZDI-11-261", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-261/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1092", "zdi_id": "ZDI-11-261" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel Media Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the cstore.exe component which listens by...", "detail_json": "/data/advisories/ZDI-11-260/advisory.json", "detail_path": "advisories/ZDI-11-260", "id": "ZDI-11-260", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-260/", "vendor": "Nortel", "vendor_url": null, "zdi_can": "ZDI-CAN-1096", "zdi_id": "ZDI-11-260" }, { "cve": "CVE-2011-0251", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-259/advisory.json", "detail_path": "advisories/ZDI-11-259", "id": "ZDI-11-259", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-259/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1162", "zdi_id": "ZDI-11-259" }, { "cve": "CVE-2011-0249", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-258/advisory.json", "detail_path": "advisories/ZDI-11-258", "id": "ZDI-11-258", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-258/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1160", "zdi_id": "ZDI-11-258" }, { "cve": "CVE-2011-0247", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-257/advisory.json", "detail_path": "advisories/ZDI-11-257", "id": "ZDI-11-257", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-257/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1231", "zdi_id": "ZDI-11-257" }, { "cve": "CVE-2011-0248", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-256/advisory.json", "detail_path": "advisories/ZDI-11-256", "id": "ZDI-11-256", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple Quicktime Media Link src Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-256/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1151", "zdi_id": "ZDI-11-256" }, { "cve": "CVE-2011-0247", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-255/advisory.json", "detail_path": "advisories/ZDI-11-255", "id": "ZDI-11-255", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-255/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1232", "zdi_id": "ZDI-11-255" }, { "cve": "CVE-2011-0256", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-254/advisory.json", "detail_path": "advisories/ZDI-11-254", "id": "ZDI-11-254", "kind": "published", "published_date": "2011-08-16", "status": "published", "title": "Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-254/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1262", "zdi_id": "ZDI-11-254" }, { "cve": "CVE-2011-2138", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-253/advisory.json", "detail_path": "advisories/ZDI-11-253", "id": "ZDI-11-253", "kind": "published", "published_date": "2011-08-12", "status": "published", "title": "Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-253/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1230", "zdi_id": "ZDI-11-253" }, { "cve": "CVE-2011-0257", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-252/advisory.json", "detail_path": "advisories/ZDI-11-252", "id": "ZDI-11-252", "kind": "published", "published_date": "2011-08-08", "status": "published", "title": "Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-252/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1164", "zdi_id": "ZDI-11-252" }, { "cve": "CVE-2011-0250", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-251/advisory.json", "detail_path": "advisories/ZDI-11-251", "id": "ZDI-11-251", "kind": "published", "published_date": "2011-08-09", "status": "published", "title": "Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-251/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1161", "zdi_id": "ZDI-11-251" }, { "cve": "CVE-2011-0252", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-250/advisory.json", "detail_path": "advisories/ZDI-11-250", "id": "ZDI-11-250", "kind": "published", "published_date": "2011-08-09", "status": "published", "title": "Apple QuickTime STTS atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-250/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1163", "zdi_id": "ZDI-11-250" }, { "cve": "CVE-2011-1347", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to wri...", "detail_json": "/data/advisories/ZDI-11-249/advisory.json", "detail_path": "advisories/ZDI-11-249", "id": "ZDI-11-249", "kind": "published", "published_date": "2011-08-09", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-249/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1159", "zdi_id": "ZDI-11-249" }, { "cve": "CVE-2011-1964", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-248/advisory.json", "detail_path": "advisories/ZDI-11-248", "id": "ZDI-11-248", "kind": "published", "published_date": "2011-08-09", "status": "published", "title": "Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-248/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1244", "zdi_id": "ZDI-11-248" }, { "cve": "CVE-2011-1963", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-247/advisory.json", "detail_path": "advisories/ZDI-11-247", "id": "ZDI-11-247", "kind": "published", "published_date": "2011-08-09", "status": "published", "title": "Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-247/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1224", "zdi_id": "ZDI-11-247" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers...", "detail_json": "/data/advisories/ZDI-11-246/advisory.json", "detail_path": "advisories/ZDI-11-246", "id": "ZDI-11-246", "kind": "published", "published_date": "2011-07-29", "status": "published", "title": "Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-246/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1069", "zdi_id": "ZDI-11-246" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Moni...", "detail_json": "/data/advisories/ZDI-11-245/advisory.json", "detail_path": "advisories/ZDI-11-245", "id": "ZDI-11-245", "kind": "published", "published_date": "2011-07-29", "status": "published", "title": "Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-245/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1077", "zdi_id": "ZDI-11-245" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin and lmgrd com...", "detail_json": "/data/advisories/ZDI-11-244/advisory.json", "detail_path": "advisories/ZDI-11-244", "id": "ZDI-11-244", "kind": "published", "published_date": "2011-07-28", "status": "published", "title": "(0Day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-244/", "vendor": "Flexera Software", "vendor_url": null, "zdi_can": "ZDI-CAN-1076", "zdi_id": "ZDI-11-244" }, { "cve": "CVE-2011-0232", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit...", "detail_json": "/data/advisories/ZDI-11-243/advisory.json", "detail_path": "advisories/ZDI-11-243", "id": "ZDI-11-243", "kind": "published", "published_date": "2011-07-27", "status": "published", "title": "WebKit ContentEditable Inline Style Remote Code Execution Vulnerability", "updated_date": "2020-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-243/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1108", "zdi_id": "ZDI-11-243" }, { "cve": "CVE-2011-0255", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-242/advisory.json", "detail_path": "advisories/ZDI-11-242", "id": "ZDI-11-242", "kind": "published", "published_date": "2011-07-27", "status": "published", "title": "Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-242/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1317", "zdi_id": "ZDI-11-242" }, { "cve": "CVE-2011-0254", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-11-241/advisory.json", "detail_path": "advisories/ZDI-11-241", "id": "ZDI-11-241", "kind": "published", "published_date": "2011-07-27", "status": "published", "title": "Webkit setAttributes attributeChanged Remote Code Execution Vulnerability", "updated_date": "2020-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-241/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1166", "zdi_id": "ZDI-11-241" }, { "cve": "CVE-2011-1453", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-240/advisory.json", "detail_path": "advisories/ZDI-11-240", "id": "ZDI-11-240", "kind": "published", "published_date": "2011-07-27", "status": "published", "title": "Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-240/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1021", "zdi_id": "ZDI-11-240" }, { "cve": "CVE-2011-0233", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-11-239/advisory.json", "detail_path": "advisories/ZDI-11-239", "id": "ZDI-11-239", "kind": "published", "published_date": "2011-07-27", "status": "published", "title": "Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-239/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1047", "zdi_id": "ZDI-11-239" }, { "cve": "CVE-2011-2261", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validate_login function defined within...", "detail_json": "/data/advisories/ZDI-11-238/advisory.json", "detail_path": "advisories/ZDI-11-238", "id": "ZDI-11-238", "kind": "published", "published_date": "2011-07-21", "status": "published", "title": "Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-238/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1165", "zdi_id": "ZDI-11-238" }, { "cve": "CVE-2011-2667", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Icihttp.exe module (CA Gateway Se...", "detail_json": "/data/advisories/ZDI-11-237/advisory.json", "detail_path": "advisories/ZDI-11-237", "id": "ZDI-11-237", "kind": "published", "published_date": "2011-07-20", "status": "published", "title": "CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-237/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1017", "zdi_id": "ZDI-11-237" }, { "cve": "CVE-2011-1741", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation...", "detail_json": "/data/advisories/ZDI-11-236/advisory.json", "detail_path": "advisories/ZDI-11-236", "id": "ZDI-11-236", "kind": "published", "published_date": "2011-07-18", "status": "published", "title": "EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-236/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-1079", "zdi_id": "ZDI-11-236" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within En_Utility.dll. A module called from...", "detail_json": "/data/advisories/ZDI-11-235/advisory.json", "detail_path": "advisories/ZDI-11-235", "id": "ZDI-11-235", "kind": "published", "published_date": "2011-07-12", "status": "published", "title": "TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-235/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-1139", "zdi_id": "ZDI-11-235" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-11-234/advisory.json", "detail_path": "advisories/ZDI-11-234", "id": "ZDI-11-234", "kind": "published", "published_date": "2011-07-11", "status": "published", "title": "Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-234/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-1125", "zdi_id": "ZDI-11-234" }, { "cve": "CVE-2011-0549", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of the Symantec Web Gateway appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the username parameter of POST...", "detail_json": "/data/advisories/ZDI-11-233/advisory.json", "detail_path": "advisories/ZDI-11-233", "id": "ZDI-11-233", "kind": "published", "published_date": "2011-07-07", "status": "published", "title": "Symantec Web Gateway forget.php SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-233/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-1048", "zdi_id": "ZDI-11-233" }, { "cve": "CVE-2011-1867", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C/3Com iNode Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the iNOdeMngChecker.exe component whi...", "detail_json": "/data/advisories/ZDI-11-232/advisory.json", "detail_path": "advisories/ZDI-11-232", "id": "ZDI-11-232", "kind": "published", "published_date": "2011-07-01", "status": "published", "title": "HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-232/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1082", "zdi_id": "ZDI-11-232" }, { "cve": "CVE-2010-3790", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-231/advisory.json", "detail_path": "advisories/ZDI-11-231", "id": "ZDI-11-231", "kind": "published", "published_date": "2011-06-29", "status": "published", "title": "Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-231/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1148", "zdi_id": "ZDI-11-231" }, { "cve": "CVE-2011-0211", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-230/advisory.json", "detail_path": "advisories/ZDI-11-230", "id": "ZDI-11-230", "kind": "published", "published_date": "2011-06-29", "status": "published", "title": "Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-230/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1140", "zdi_id": "ZDI-11-230" }, { "cve": "CVE-2011-0209", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-229/advisory.json", "detail_path": "advisories/ZDI-11-229", "id": "ZDI-11-229", "kind": "published", "published_date": "2011-06-29", "status": "published", "title": "Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-229/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1124", "zdi_id": "ZDI-11-229" }, { "cve": "CVE-2011-0200", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious...", "detail_json": "/data/advisories/ZDI-11-228/advisory.json", "detail_path": "advisories/ZDI-11-228", "id": "ZDI-11-228", "kind": "published", "published_date": "2011-06-29", "status": "published", "title": "Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-228/", "vendor": "Apple, Apple, Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1147", "zdi_id": "ZDI-11-228" }, { "cve": "CVE-2011-2220", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFREngine.exe which communicates wit...", "detail_json": "/data/advisories/ZDI-11-227/advisory.json", "detail_path": "advisories/ZDI-11-227", "id": "ZDI-11-227", "kind": "published", "published_date": "2011-06-27", "status": "published", "title": "Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-227/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1250", "zdi_id": "ZDI-11-227" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight. Authentication is not required to exploit this vulnerability. The flaw exists within the LauncherService.exe component which listens by defau...", "detail_json": "/data/advisories/ZDI-11-226/advisory.json", "detail_path": "advisories/ZDI-11-226", "id": "ZDI-11-226", "kind": "published", "published_date": "2011-06-27", "status": "published", "title": "Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-226/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-1045", "zdi_id": "ZDI-11-226" }, { "cve": "CVE-2011-0085", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-11-225/advisory.json", "detail_path": "advisories/ZDI-11-225", "id": "ZDI-11-225", "kind": "published", "published_date": "2011-06-21", "status": "published", "title": "Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-225/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1203", "zdi_id": "ZDI-11-225" }, { "cve": "CVE-2011-2363", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-224/advisory.json", "detail_path": "advisories/ZDI-11-224", "id": "ZDI-11-224", "kind": "published", "published_date": "2011-06-21", "status": "published", "title": "Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-224/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1144", "zdi_id": "ZDI-11-224" }, { "cve": "CVE-2011-0083", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-223/advisory.json", "detail_path": "advisories/ZDI-11-223", "id": "ZDI-11-223", "kind": "published", "published_date": "2011-06-21", "status": "published", "title": "Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-223/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1142", "zdi_id": "ZDI-11-223" }, { "cve": "CVE-2011-2113", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-222/advisory.json", "detail_path": "advisories/ZDI-11-222", "id": "ZDI-11-222", "kind": "published", "published_date": "2011-06-15", "status": "published", "title": "Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-222/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1194", "zdi_id": "ZDI-11-222" }, { "cve": "CVE-2011-2114", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-221/advisory.json", "detail_path": "advisories/ZDI-11-221", "id": "ZDI-11-221", "kind": "published", "published_date": "2011-06-15", "status": "published", "title": "Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-221/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1193", "zdi_id": "ZDI-11-221" }, { "cve": "CVE-2011-0335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-220/advisory.json", "detail_path": "advisories/ZDI-11-220", "id": "ZDI-11-220", "kind": "published", "published_date": "2011-06-15", "status": "published", "title": "Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-220/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1074", "zdi_id": "ZDI-11-220" }, { "cve": "CVE-2011-2094", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-219/advisory.json", "detail_path": "advisories/ZDI-11-219", "id": "ZDI-11-219", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-219/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-998", "zdi_id": "ZDI-11-219" }, { "cve": "CVE-2011-2095", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-218/advisory.json", "detail_path": "advisories/ZDI-11-218", "id": "ZDI-11-218", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-218/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-999", "zdi_id": "ZDI-11-218" }, { "cve": "CVE-2011-2109", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-217/advisory.json", "detail_path": "advisories/ZDI-11-217", "id": "ZDI-11-217", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-217/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1055", "zdi_id": "ZDI-11-217" }, { "cve": "CVE-2011-0335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-216/advisory.json", "detail_path": "advisories/ZDI-11-216", "id": "ZDI-11-216", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-216/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1272", "zdi_id": "ZDI-11-216" }, { "cve": "CVE-2011-2112", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-215/advisory.json", "detail_path": "advisories/ZDI-11-215", "id": "ZDI-11-215", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-215/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1207", "zdi_id": "ZDI-11-215" }, { "cve": "CVE-2011-2112", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-214/advisory.json", "detail_path": "advisories/ZDI-11-214", "id": "ZDI-11-214", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-214/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1205", "zdi_id": "ZDI-11-214" }, { "cve": "CVE-2011-2114", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-213/advisory.json", "detail_path": "advisories/ZDI-11-213", "id": "ZDI-11-213", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-213/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1072", "zdi_id": "ZDI-11-213" }, { "cve": "CVE-2011-2111", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-212/advisory.json", "detail_path": "advisories/ZDI-11-212", "id": "ZDI-11-212", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-212/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1248", "zdi_id": "ZDI-11-212" }, { "cve": "CVE-2011-2113", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-211/advisory.json", "detail_path": "advisories/ZDI-11-211", "id": "ZDI-11-211", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-211/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1195", "zdi_id": "ZDI-11-211" }, { "cve": "CVE-2011-2112", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-210/advisory.json", "detail_path": "advisories/ZDI-11-210", "id": "ZDI-11-210", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-210/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1215", "zdi_id": "ZDI-11-210" }, { "cve": "CVE-2011-0335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-209/advisory.json", "detail_path": "advisories/ZDI-11-209", "id": "ZDI-11-209", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-209/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1216", "zdi_id": "ZDI-11-209" }, { "cve": "CVE-2011-2109", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-208/advisory.json", "detail_path": "advisories/ZDI-11-208", "id": "ZDI-11-208", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-208/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1217", "zdi_id": "ZDI-11-208" }, { "cve": "CVE-2011-2118", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-207/advisory.json", "detail_path": "advisories/ZDI-11-207", "id": "ZDI-11-207", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-207/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1080", "zdi_id": "ZDI-11-207" }, { "cve": "CVE-2011-2111", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-206/advisory.json", "detail_path": "advisories/ZDI-11-206", "id": "ZDI-11-206", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-206/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1060", "zdi_id": "ZDI-11-206" }, { "cve": "CVE-2011-0335", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-205/advisory.json", "detail_path": "advisories/ZDI-11-205", "id": "ZDI-11-205", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-205/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1059", "zdi_id": "ZDI-11-205" }, { "cve": "CVE-2011-2112", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-204/advisory.json", "detail_path": "advisories/ZDI-11-204", "id": "ZDI-11-204", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-204/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1119", "zdi_id": "ZDI-11-204" }, { "cve": "CVE-2011-2112", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-203/advisory.json", "detail_path": "advisories/ZDI-11-203", "id": "ZDI-11-203", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-203/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1113", "zdi_id": "ZDI-11-203" }, { "cve": "CVE-2011-2119", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-202/advisory.json", "detail_path": "advisories/ZDI-11-202", "id": "ZDI-11-202", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-202/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1027", "zdi_id": "ZDI-11-202" }, { "cve": "CVE-2011-2120", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-201/advisory.json", "detail_path": "advisories/ZDI-11-201", "id": "ZDI-11-201", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-201/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1056", "zdi_id": "ZDI-11-201" }, { "cve": "CVE-2011-2121", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-200/advisory.json", "detail_path": "advisories/ZDI-11-200", "id": "ZDI-11-200", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-200/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1057", "zdi_id": "ZDI-11-200" }, { "cve": "CVE-2011-0802", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-199/advisory.json", "detail_path": "advisories/ZDI-11-199", "id": "ZDI-11-199", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Oracle Java Soundbank Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-199/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1264", "zdi_id": "ZDI-11-199" }, { "cve": "CVE-2011-1346", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-198/advisory.json", "detail_path": "advisories/ZDI-11-198", "id": "ZDI-11-198", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-198/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1158", "zdi_id": "ZDI-11-198" }, { "cve": "CVE-2011-1266", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-11-197/advisory.json", "detail_path": "advisories/ZDI-11-197", "id": "ZDI-11-197", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-197/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1070", "zdi_id": "ZDI-11-197" }, { "cve": "CVE-2011-1262", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-196/advisory.json", "detail_path": "advisories/ZDI-11-196", "id": "ZDI-11-196", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-196/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1146", "zdi_id": "ZDI-11-196" }, { "cve": "CVE-2011-1261", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-195/advisory.json", "detail_path": "advisories/ZDI-11-195", "id": "ZDI-11-195", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-195/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1137", "zdi_id": "ZDI-11-195" }, { "cve": "CVE-2011-1260", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-11-194/advisory.json", "detail_path": "advisories/ZDI-11-194", "id": "ZDI-11-194", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-194/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1155", "zdi_id": "ZDI-11-194" }, { "cve": "CVE-2011-1256", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-193/advisory.json", "detail_path": "advisories/ZDI-11-193", "id": "ZDI-11-193", "kind": "published", "published_date": "2011-06-14", "status": "published", "title": "Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-193/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1020", "zdi_id": "ZDI-11-193" }, { "cve": "CVE-2011-0863", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific f...", "detail_json": "/data/advisories/ZDI-11-192/advisory.json", "detail_path": "advisories/ZDI-11-192", "id": "ZDI-11-192", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-192/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1098", "zdi_id": "ZDI-11-192" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-11-191/advisory.json", "detail_path": "advisories/ZDI-11-191", "id": "ZDI-11-191", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-191/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1081", "zdi_id": "ZDI-11-191" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime running on OSX or Linux. This vulnerability does not affect java running on Windows. User interaction is required to exploit this vulne...", "detail_json": "/data/advisories/ZDI-11-190/advisory.json", "detail_path": "advisories/ZDI-11-190", "id": "ZDI-11-190", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-190/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1100", "zdi_id": "ZDI-11-190" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-11-189/advisory.json", "detail_path": "advisories/ZDI-11-189", "id": "ZDI-11-189", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-189/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1088", "zdi_id": "ZDI-11-189" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-11-188/advisory.json", "detail_path": "advisories/ZDI-11-188", "id": "ZDI-11-188", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-188/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1087", "zdi_id": "ZDI-11-188" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-11-187/advisory.json", "detail_path": "advisories/ZDI-11-187", "id": "ZDI-11-187", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-187/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1086", "zdi_id": "ZDI-11-187" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a...", "detail_json": "/data/advisories/ZDI-11-186/advisory.json", "detail_path": "advisories/ZDI-11-186", "id": "ZDI-11-186", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-186/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1049", "zdi_id": "ZDI-11-186" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java h...", "detail_json": "/data/advisories/ZDI-11-185/advisory.json", "detail_path": "advisories/ZDI-11-185", "id": "ZDI-11-185", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-185/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1030", "zdi_id": "ZDI-11-185" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way...", "detail_json": "/data/advisories/ZDI-11-184/advisory.json", "detail_path": "advisories/ZDI-11-184", "id": "ZDI-11-184", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-184/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1031", "zdi_id": "ZDI-11-184" }, { "cve": "CVE-2011-0862", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java h...", "detail_json": "/data/advisories/ZDI-11-183/advisory.json", "detail_path": "advisories/ZDI-11-183", "id": "ZDI-11-183", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-183/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1029", "zdi_id": "ZDI-11-183" }, { "cve": "CVE-2011-0817", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-182/advisory.json", "detail_path": "advisories/ZDI-11-182", "id": "ZDI-11-182", "kind": "published", "published_date": "2011-06-08", "status": "published", "title": "Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-182/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-1046", "zdi_id": "ZDI-11-182" }, { "cve": "CVE-2011-1707", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-181/advisory.json", "detail_path": "advisories/ZDI-11-181", "id": "ZDI-11-181", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-181/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1135", "zdi_id": "ZDI-11-181" }, { "cve": "CVE-2011-1708", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-180/advisory.json", "detail_path": "advisories/ZDI-11-180", "id": "ZDI-11-180", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-180/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1134", "zdi_id": "ZDI-11-180" }, { "cve": "CVE-2011-1706", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-179/advisory.json", "detail_path": "advisories/ZDI-11-179", "id": "ZDI-11-179", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-179/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1133", "zdi_id": "ZDI-11-179" }, { "cve": "CVE-2011-1705", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-178/advisory.json", "detail_path": "advisories/ZDI-11-178", "id": "ZDI-11-178", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-178/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1132", "zdi_id": "ZDI-11-178" }, { "cve": "CVE-2011-1704", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-177/advisory.json", "detail_path": "advisories/ZDI-11-177", "id": "ZDI-11-177", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-177/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1131", "zdi_id": "ZDI-11-177" }, { "cve": "CVE-2011-1703", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-176/advisory.json", "detail_path": "advisories/ZDI-11-176", "id": "ZDI-11-176", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll driver-version Remote Code Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-176/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1130", "zdi_id": "ZDI-11-176" }, { "cve": "CVE-2011-1702", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-175/advisory.json", "detail_path": "advisories/ZDI-11-175", "id": "ZDI-11-175", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-175/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1129", "zdi_id": "ZDI-11-175" }, { "cve": "CVE-2011-1701", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-174/advisory.json", "detail_path": "advisories/ZDI-11-174", "id": "ZDI-11-174", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-174/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1128", "zdi_id": "ZDI-11-174" }, { "cve": "CVE-2011-1700", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-173/advisory.json", "detail_path": "advisories/ZDI-11-173", "id": "ZDI-11-173", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-173/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1127", "zdi_id": "ZDI-11-173" }, { "cve": "CVE-2011-1699", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-11-172/advisory.json", "detail_path": "advisories/ZDI-11-172", "id": "ZDI-11-172", "kind": "published", "published_date": "2011-06-06", "status": "published", "title": "Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-172/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1126", "zdi_id": "ZDI-11-172" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService serve...", "detail_json": "/data/advisories/ZDI-11-171/advisory.json", "detail_path": "advisories/ZDI-11-171", "id": "ZDI-11-171", "kind": "published", "published_date": "2011-06-03", "status": "published", "title": "Sybase OneBridge Mobile Data Suite Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-171/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1068", "zdi_id": "ZDI-11-171" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which lis...", "detail_json": "/data/advisories/ZDI-11-170/advisory.json", "detail_path": "advisories/ZDI-11-170", "id": "ZDI-11-170", "kind": "published", "published_date": "2011-05-31", "status": "published", "title": "(0Day) HP 3COM/H3C Intelligent Management Center img recv Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-170/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1019", "zdi_id": "ZDI-11-170" }, { "cve": "CVE-2011-1220", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Endpoint. Authentication is required to exploit this vulnerability, however it is trivially achieved. The specific flaw exists within the lcfd.exe p...", "detail_json": "/data/advisories/ZDI-11-169/advisory.json", "detail_path": "advisories/ZDI-11-169", "id": "ZDI-11-169", "kind": "published", "published_date": "2011-05-31", "status": "published", "title": "IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-169/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-964", "zdi_id": "ZDI-11-169" }, { "cve": "CVE-2011-0321, CVE-2011-1210", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to register RPC services on vulnerable installations of EMC Legato Networker and IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The flaw exists within the librpc.dll compon...", "detail_json": "/data/advisories/ZDI-11-168/advisory.json", "detail_path": "advisories/ZDI-11-168", "id": "ZDI-11-168", "kind": "published", "published_date": "2011-05-16", "status": "published", "title": "Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-168/", "vendor": "IBM, EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-808", "zdi_id": "ZDI-11-168" }, { "cve": "CVE-2011-1248", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Internet Name Service (WINS). Authentication is not required to exploit this vulnerability. The specific flaw exists within the wins.exe serv...", "detail_json": "/data/advisories/ZDI-11-167/advisory.json", "detail_path": "advisories/ZDI-11-167", "id": "ZDI-11-167", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-167/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1075", "zdi_id": "ZDI-11-167" }, { "cve": "CVE-2011-1854", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the imcsyslogdm.exe component w...", "detail_json": "/data/advisories/ZDI-11-166/advisory.json", "detail_path": "advisories/ZDI-11-166", "id": "ZDI-11-166", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-166/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1028", "zdi_id": "ZDI-11-166" }, { "cve": "CVE-2011-1853", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component wh...", "detail_json": "/data/advisories/ZDI-11-165/advisory.json", "detail_path": "advisories/ZDI-11-165", "id": "ZDI-11-165", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-165/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1015", "zdi_id": "ZDI-11-165" }, { "cve": "CVE-2011-1852", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component wh...", "detail_json": "/data/advisories/ZDI-11-164/advisory.json", "detail_path": "advisories/ZDI-11-164", "id": "ZDI-11-164", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-164/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1014", "zdi_id": "ZDI-11-164" }, { "cve": "CVE-2011-1851", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component wh...", "detail_json": "/data/advisories/ZDI-11-163/advisory.json", "detail_path": "advisories/ZDI-11-163", "id": "ZDI-11-163", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-163/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1013", "zdi_id": "ZDI-11-163" }, { "cve": "CVE-2011-1850", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the dbman.exe component which l...", "detail_json": "/data/advisories/ZDI-11-162/advisory.json", "detail_path": "advisories/ZDI-11-162", "id": "ZDI-11-162", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-162/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1012", "zdi_id": "ZDI-11-162" }, { "cve": "CVE-2011-1849", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which l...", "detail_json": "/data/advisories/ZDI-11-161/advisory.json", "detail_path": "advisories/ZDI-11-161", "id": "ZDI-11-161", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-161/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1011", "zdi_id": "ZDI-11-161" }, { "cve": "CVE-2011-1848", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which lis...", "detail_json": "/data/advisories/ZDI-11-160/advisory.json", "detail_path": "advisories/ZDI-11-160", "id": "ZDI-11-160", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-160/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1010", "zdi_id": "ZDI-11-160" }, { "cve": "CVE-2011-0066", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-159/advisory.json", "detail_path": "advisories/ZDI-11-159", "id": "ZDI-11-159", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-159/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1033", "zdi_id": "ZDI-11-159" }, { "cve": "CVE-2011-0065", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-11-158/advisory.json", "detail_path": "advisories/ZDI-11-158", "id": "ZDI-11-158", "kind": "published", "published_date": "2011-05-10", "status": "published", "title": "Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-158/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1032", "zdi_id": "ZDI-11-158" }, { "cve": "CVE-2011-0073", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-157/advisory.json", "detail_path": "advisories/ZDI-11-157", "id": "ZDI-11-157", "kind": "published", "published_date": "2011-05-09", "status": "published", "title": "Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-157/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-1084", "zdi_id": "ZDI-11-157" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within agsync.dll, which listens for SOAP an...", "detail_json": "/data/advisories/ZDI-11-156/advisory.json", "detail_path": "advisories/ZDI-11-156", "id": "ZDI-11-156", "kind": "published", "published_date": "2011-05-09", "status": "published", "title": "Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-156/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-1089", "zdi_id": "ZDI-11-156" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase MBusiness Anywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the agd.exe component which listens by default...", "detail_json": "/data/advisories/ZDI-11-155/advisory.json", "detail_path": "advisories/ZDI-11-155", "id": "ZDI-11-155", "kind": "published", "published_date": "2011-05-09", "status": "published", "title": "Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-155/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-942", "zdi_id": "ZDI-11-155" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gsoap.exe module exposed by the w...", "detail_json": "/data/advisories/ZDI-11-154/advisory.json", "detail_path": "advisories/ZDI-11-154", "id": "ZDI-11-154", "kind": "published", "published_date": "2011-05-09", "status": "published", "title": "Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-154/", "vendor": "Sybase", "vendor_url": null, "zdi_can": "ZDI-CAN-941", "zdi_id": "ZDI-11-154" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the database service, ibserver.exe, which...", "detail_json": "/data/advisories/ZDI-11-153/advisory.json", "detail_path": "advisories/ZDI-11-153", "id": "ZDI-11-153", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-153/", "vendor": "Embarcadero", "vendor_url": null, "zdi_can": "ZDI-CAN-244", "zdi_id": "ZDI-11-153" }, { "cve": "CVE-2011-1736", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The...", "detail_json": "/data/advisories/ZDI-11-152/advisory.json", "detail_path": "advisories/ZDI-11-152", "id": "ZDI-11-152", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-152/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1179", "zdi_id": "ZDI-11-152" }, { "cve": "CVE-2011-1735", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-151/advisory.json", "detail_path": "advisories/ZDI-11-151", "id": "ZDI-11-151", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-151/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1178", "zdi_id": "ZDI-11-151" }, { "cve": "CVE-2011-1734", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-150/advisory.json", "detail_path": "advisories/ZDI-11-150", "id": "ZDI-11-150", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-150/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1177", "zdi_id": "ZDI-11-150" }, { "cve": "CVE-2011-1733", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-149/advisory.json", "detail_path": "advisories/ZDI-11-149", "id": "ZDI-11-149", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-149/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1176", "zdi_id": "ZDI-11-149" }, { "cve": "CVE-2011-1732", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-148/advisory.json", "detail_path": "advisories/ZDI-11-148", "id": "ZDI-11-148", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-148/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1175", "zdi_id": "ZDI-11-148" }, { "cve": "CVE-2011-1731", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-147/advisory.json", "detail_path": "advisories/ZDI-11-147", "id": "ZDI-11-147", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-147/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1174", "zdi_id": "ZDI-11-147" }, { "cve": "CVE-2011-1730", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-146/advisory.json", "detail_path": "advisories/ZDI-11-146", "id": "ZDI-11-146", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-146/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1173", "zdi_id": "ZDI-11-146" }, { "cve": "CVE-2011-1729", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-145/advisory.json", "detail_path": "advisories/ZDI-11-145", "id": "ZDI-11-145", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-145/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1172", "zdi_id": "ZDI-11-145" }, { "cve": "CVE-2011-1728", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe)...", "detail_json": "/data/advisories/ZDI-11-144/advisory.json", "detail_path": "advisories/ZDI-11-144", "id": "ZDI-11-144", "kind": "published", "published_date": "2011-04-29", "status": "published", "title": "HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-144/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-1171", "zdi_id": "ZDI-11-144" }, { "cve": "CVE-2011-1610", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager compon...", "detail_json": "/data/advisories/ZDI-11-143/advisory.json", "detail_path": "advisories/ZDI-11-143", "id": "ZDI-11-143", "kind": "published", "published_date": "2011-04-28", "status": "published", "title": "Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-143/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-965", "zdi_id": "ZDI-11-143" }, { "cve": "CVE-2011-1208", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM SolidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the rpc_test_svc_readw...", "detail_json": "/data/advisories/ZDI-11-142/advisory.json", "detail_path": "advisories/ZDI-11-142", "id": "ZDI-11-142", "kind": "published", "published_date": "2011-04-26", "status": "published", "title": "IBM solidDB solid.exe rpc_test_svc Commands Multiple DoS Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-142/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1000", "zdi_id": "ZDI-11-142" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Nortel CS1000 Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process lis...", "detail_json": "/data/advisories/ZDI-11-141/advisory.json", "detail_path": "advisories/ZDI-11-141", "id": "ZDI-11-141", "kind": "published", "published_date": "2011-04-20", "status": "published", "title": "Nortel CS1000 Communications Server Remote Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-141/", "vendor": "Nortel", "vendor_url": null, "zdi_can": "ZDI-CAN-950", "zdi_id": "ZDI-11-141" }, { "cve": "CVE-2011-0234", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-11-140/advisory.json", "detail_path": "advisories/ZDI-11-140", "id": "ZDI-11-140", "kind": "published", "published_date": "2011-04-19", "status": "published", "title": "Webkit Detached Body Element Remote Code Execution Vulnerability", "updated_date": "2020-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-140/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1026", "zdi_id": "ZDI-11-140" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-11-139/advisory.json", "detail_path": "advisories/ZDI-11-139", "id": "ZDI-11-139", "kind": "published", "published_date": "2011-04-19", "status": "published", "title": "Webkit Anonymous Frame Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-139/", "vendor": "WebKit", "vendor_url": null, "zdi_can": "ZDI-CAN-1035", "zdi_id": "ZDI-11-139" }, { "cve": "CVE-2011-0234", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The sp...", "detail_json": "/data/advisories/ZDI-11-138/advisory.json", "detail_path": "advisories/ZDI-11-138", "id": "ZDI-11-138", "kind": "published", "published_date": "2011-04-19", "status": "published", "title": "Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability", "updated_date": "2020-07-30", "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-138/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1036", "zdi_id": "ZDI-11-138" }, { "cve": "CVE-2011-0807", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within th...", "detail_json": "/data/advisories/ZDI-11-137/advisory.json", "detail_path": "advisories/ZDI-11-137", "id": "ZDI-11-137", "kind": "published", "published_date": "2011-04-19", "status": "published", "title": "Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-137/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-930", "zdi_id": "ZDI-11-137" }, { "cve": "CVE-2011-1206", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in how ibmslapd.exe handles LDAP CRAM-MD5 p...", "detail_json": "/data/advisories/ZDI-11-136/advisory.json", "detail_path": "advisories/ZDI-11-136", "id": "ZDI-11-136", "kind": "published", "published_date": "2011-04-18", "status": "published", "title": "IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-136/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-1022", "zdi_id": "ZDI-11-136" }, { "cve": "CVE-2011-1344", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-11-135/advisory.json", "detail_path": "advisories/ZDI-11-135", "id": "ZDI-11-135", "kind": "published", "published_date": "2011-04-14", "status": "published", "title": "(Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-135/", "vendor": "WebKit", "vendor_url": null, "zdi_can": "ZDI-CAN-1168", "zdi_id": "ZDI-11-135" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure...", "detail_json": "/data/advisories/ZDI-11-134/advisory.json", "detail_path": "advisories/ZDI-11-134", "id": "ZDI-11-134", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-134/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1044", "zdi_id": "ZDI-11-134" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, acces...", "detail_json": "/data/advisories/ZDI-11-133/advisory.json", "detail_path": "advisories/ZDI-11-133", "id": "ZDI-11-133", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-133/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1043", "zdi_id": "ZDI-11-133" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure,...", "detail_json": "/data/advisories/ZDI-11-132/advisory.json", "detail_path": "advisories/ZDI-11-132", "id": "ZDI-11-132", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-132/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1042", "zdi_id": "ZDI-11-132" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure,...", "detail_json": "/data/advisories/ZDI-11-131/advisory.json", "detail_path": "advisories/ZDI-11-131", "id": "ZDI-11-131", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-131/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1041", "zdi_id": "ZDI-11-131" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...", "detail_json": "/data/advisories/ZDI-11-130/advisory.json", "detail_path": "advisories/ZDI-11-130", "id": "ZDI-11-130", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-130/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1040", "zdi_id": "ZDI-11-130" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure,...", "detail_json": "/data/advisories/ZDI-11-129/advisory.json", "detail_path": "advisories/ZDI-11-129", "id": "ZDI-11-129", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-129/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1039", "zdi_id": "ZDI-11-129" }, { "cve": "CVE-2011-1653", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored proced...", "detail_json": "/data/advisories/ZDI-11-128/advisory.json", "detail_path": "advisories/ZDI-11-128", "id": "ZDI-11-128", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-128/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1038", "zdi_id": "ZDI-11-128" }, { "cve": "CVE-2011-1655", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Managem...", "detail_json": "/data/advisories/ZDI-11-127/advisory.json", "detail_path": "advisories/ZDI-11-127", "id": "ZDI-11-127", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-127/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1037", "zdi_id": "ZDI-11-127" }, { "cve": "CVE-2011-1654", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to...", "detail_json": "/data/advisories/ZDI-11-126/advisory.json", "detail_path": "advisories/ZDI-11-126", "id": "ZDI-11-126", "kind": "published", "published_date": "2011-04-13", "status": "published", "title": "CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-126/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-1001", "zdi_id": "ZDI-11-126" }, { "cve": "CVE-2011-0656", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-125/advisory.json", "detail_path": "advisories/ZDI-11-125", "id": "ZDI-11-125", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-125/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-901", "zdi_id": "ZDI-11-125" }, { "cve": "CVE-2011-0655", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-124/advisory.json", "detail_path": "advisories/ZDI-11-124", "id": "ZDI-11-124", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-124/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-902", "zdi_id": "ZDI-11-124" }, { "cve": "CVE-2011-0655", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-11-123/advisory.json", "detail_path": "advisories/ZDI-11-123", "id": "ZDI-11-123", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-123/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-949", "zdi_id": "ZDI-11-123" }, { "cve": "CVE-2011-1426", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-122/advisory.json", "detail_path": "advisories/ZDI-11-122", "id": "ZDI-11-122", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-122/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-1016", "zdi_id": "ZDI-11-122" }, { "cve": "CVE-2011-0105", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-121/advisory.json", "detail_path": "advisories/ZDI-11-121", "id": "ZDI-11-121", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-121/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-912", "zdi_id": "ZDI-11-121" }, { "cve": "CVE-2011-0101", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-120/advisory.json", "detail_path": "advisories/ZDI-11-120", "id": "ZDI-11-120", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-120/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1007", "zdi_id": "ZDI-11-120" }, { "cve": "CVE-2011-1345", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-11-119/advisory.json", "detail_path": "advisories/ZDI-11-119", "id": "ZDI-11-119", "kind": "published", "published_date": "2011-04-12", "status": "published", "title": "(Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-119/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-1157", "zdi_id": "ZDI-11-119" }, { "cve": "CVE-2010-4229", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the N...", "detail_json": "/data/advisories/ZDI-11-118/advisory.json", "detail_path": "advisories/ZDI-11-118", "id": "ZDI-11-118", "kind": "published", "published_date": "2011-04-11", "status": "published", "title": "Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-118/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-986", "zdi_id": "ZDI-11-118" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating...", "detail_json": "/data/advisories/ZDI-11-117/advisory.json", "detail_path": "advisories/ZDI-11-117", "id": "ZDI-11-117", "kind": "published", "published_date": "2011-04-11", "status": "published", "title": "McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-117/", "vendor": "McAfee", "vendor_url": null, "zdi_can": "ZDI-CAN-938", "zdi_id": "ZDI-11-117" }, { "cve": "CVE-2011-0994", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by de...", "detail_json": "/data/advisories/ZDI-11-116/advisory.json", "detail_path": "advisories/ZDI-11-116", "id": "ZDI-11-116", "kind": "published", "published_date": "2011-04-04", "status": "published", "title": "Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-116/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-830", "zdi_id": "ZDI-11-116" }, { "cve": null, "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TC...", "detail_json": "/data/advisories/ZDI-11-115/advisory.json", "detail_path": "advisories/ZDI-11-115", "id": "ZDI-11-115", "kind": "published", "published_date": "2011-04-01", "status": "published", "title": "IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-115/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-963", "zdi_id": "ZDI-11-115" }, { "cve": "CVE-2010-4235", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is...", "detail_json": "/data/advisories/ZDI-11-114/advisory.json", "detail_path": "advisories/ZDI-11-114", "id": "ZDI-11-114", "kind": "published", "published_date": "2011-04-01", "status": "published", "title": "RealNetworks Helix Server x-wap-profile Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-114/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-921", "zdi_id": "ZDI-11-114" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Zend Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Zend Java Bridge v3.1 component of the Zend Serv...", "detail_json": "/data/advisories/ZDI-11-113/advisory.json", "detail_path": "advisories/ZDI-11-113", "id": "ZDI-11-113", "kind": "published", "published_date": "2011-03-28", "status": "published", "title": "Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-113/", "vendor": "Zend", "vendor_url": null, "zdi_can": "ZDI-CAN-928", "zdi_id": "ZDI-11-113" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBServer.exe process which listens by defa...", "detail_json": "/data/advisories/ZDI-11-112/advisory.json", "detail_path": "advisories/ZDI-11-112", "id": "ZDI-11-112", "kind": "published", "published_date": "2011-03-23", "status": "published", "title": "(0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-112/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-956", "zdi_id": "ZDI-11-112" }, { "cve": "CVE-2011-4147", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Virtual SAN appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra.exe component which liste...", "detail_json": "/data/advisories/ZDI-11-111/advisory.json", "detail_path": "advisories/ZDI-11-111", "id": "ZDI-11-111", "kind": "published", "published_date": "2011-03-23", "status": "published", "title": "(0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-111/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-906", "zdi_id": "ZDI-11-111" }, { "cve": "CVE-2011-0920", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which lis...", "detail_json": "/data/advisories/ZDI-11-110/advisory.json", "detail_path": "advisories/ZDI-11-110", "id": "ZDI-11-110", "kind": "published", "published_date": "2011-03-22", "status": "published", "title": "(0Day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-110/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-927", "zdi_id": "ZDI-11-110" }, { "cve": "CVE-2011-1417", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-109/advisory.json", "detail_path": "advisories/ZDI-11-109", "id": "ZDI-11-109", "kind": "published", "published_date": "2011-03-22", "status": "published", "title": "(Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-109/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1156", "zdi_id": "ZDI-11-109" }, { "cve": "CVE-2011-0176", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-108/advisory.json", "detail_path": "advisories/ZDI-11-108", "id": "ZDI-11-108", "kind": "published", "published_date": "2011-03-22", "status": "published", "title": "Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-108/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-860", "zdi_id": "ZDI-11-108" }, { "cve": "CVE-2011-1167", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-11-107/advisory.json", "detail_path": "advisories/ZDI-11-107", "id": "ZDI-11-107", "kind": "published", "published_date": "2011-03-21", "status": "published", "title": "Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-107/", "vendor": "Libtiff", "vendor_url": null, "zdi_can": "ZDI-CAN-1004", "zdi_id": "ZDI-11-107" }, { "cve": "CVE-2010-4228", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE co...", "detail_json": "/data/advisories/ZDI-11-106/advisory.json", "detail_path": "advisories/ZDI-11-106", "id": "ZDI-11-106", "kind": "published", "published_date": "2011-03-18", "status": "published", "title": "Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-106/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-940", "zdi_id": "ZDI-11-106" }, { "cve": "CVE-2011-0889", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default...", "detail_json": "/data/advisories/ZDI-11-105/advisory.json", "detail_path": "advisories/ZDI-11-105", "id": "ZDI-11-105", "kind": "published", "published_date": "2011-03-18", "status": "published", "title": "Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-105/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-914", "zdi_id": "ZDI-11-105" }, { "cve": "CVE-2011-1290", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw e...", "detail_json": "/data/advisories/ZDI-11-104/advisory.json", "detail_path": "advisories/ZDI-11-104", "id": "ZDI-11-104", "kind": "published", "published_date": "2011-04-14", "status": "published", "title": "(Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-104/", "vendor": "WebKit", "vendor_url": null, "zdi_can": "ZDI-CAN-1107", "zdi_id": "ZDI-11-104" }, { "cve": "CVE-2011-0055", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-11-103/advisory.json", "detail_path": "advisories/ZDI-11-103", "id": "ZDI-11-103", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-103/", "vendor": "Mozilla", "vendor_url": null, "zdi_can": "ZDI-CAN-971", "zdi_id": "ZDI-11-103" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Postgres Plus Advanced Server DBA Management Server. Authentication is not required to exploit this vulnerability. The flaw exists within the DBA Management Se...", "detail_json": "/data/advisories/ZDI-11-102/advisory.json", "detail_path": "advisories/ZDI-11-102", "id": "ZDI-11-102", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-102/", "vendor": "Postgres", "vendor_url": null, "zdi_can": "ZDI-CAN-996", "zdi_id": "ZDI-11-102" }, { "cve": "CVE-2011-0154", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's iPhone Webkit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-11-101/advisory.json", "detail_path": "advisories/ZDI-11-101", "id": "ZDI-11-101", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-101/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-918", "zdi_id": "ZDI-11-101" }, { "cve": "CVE-2011-0149", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-100/advisory.json", "detail_path": "advisories/ZDI-11-100", "id": "ZDI-11-100", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-100/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-969", "zdi_id": "ZDI-11-100" }, { "cve": "CVE-2011-0133", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-099/advisory.json", "detail_path": "advisories/ZDI-11-099", "id": "ZDI-11-099", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-099/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-968", "zdi_id": "ZDI-11-099" }, { "cve": "CVE-2011-0132", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-098/advisory.json", "detail_path": "advisories/ZDI-11-098", "id": "ZDI-11-098", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-098/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-987", "zdi_id": "ZDI-11-098" }, { "cve": "CVE-2011-0116", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-097/advisory.json", "detail_path": "advisories/ZDI-11-097", "id": "ZDI-11-097", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-097/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-1009", "zdi_id": "ZDI-11-097" }, { "cve": "CVE-2011-0115", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-096/advisory.json", "detail_path": "advisories/ZDI-11-096", "id": "ZDI-11-096", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Safari WebKit Range Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-096/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-970", "zdi_id": "ZDI-11-096" }, { "cve": "CVE-2010-1824", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-095/advisory.json", "detail_path": "advisories/ZDI-11-095", "id": "ZDI-11-095", "kind": "published", "published_date": "2011-03-02", "status": "published", "title": "Apple Webkit Error Message Mutation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-095/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-982", "zdi_id": "ZDI-11-095" }, { "cve": null, "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to compromise the archive records on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe s...", "detail_json": "/data/advisories/ZDI-11-094/advisory.json", "detail_path": "advisories/ZDI-11-094", "id": "ZDI-11-094", "kind": "published", "published_date": "2011-02-28", "status": "published", "title": "(0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-094/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-850", "zdi_id": "ZDI-11-094" }, { "cve": "CVE-2011-1036", "cvss": 9.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-11-093/advisory.json", "detail_path": "advisories/ZDI-11-093", "id": "ZDI-11-093", "kind": "published", "published_date": "2011-02-23", "status": "published", "title": "CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-093/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-882", "zdi_id": "ZDI-11-093" }, { "cve": "CVE-2011-0925", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-092/advisory.json", "detail_path": "advisories/ZDI-11-092", "id": "ZDI-11-092", "kind": "published", "published_date": "2011-02-28", "status": "published", "title": "(0Day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-092/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-862", "zdi_id": "ZDI-11-092" }, { "cve": "CVE-2011-0926", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-091/advisory.json", "detail_path": "advisories/ZDI-11-091", "id": "ZDI-11-091", "kind": "published", "published_date": "2011-02-28", "status": "published", "title": "(0Day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-091/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-861", "zdi_id": "ZDI-11-091" }, { "cve": "CVE-2010-4227", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP por...", "detail_json": "/data/advisories/ZDI-11-090/advisory.json", "detail_path": "advisories/ZDI-11-090", "id": "ZDI-11-090", "kind": "published", "published_date": "2011-02-18", "status": "published", "title": "Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-090/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-876", "zdi_id": "ZDI-11-090" }, { "cve": "CVE-2010-4323", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which...", "detail_json": "/data/advisories/ZDI-11-089/advisory.json", "detail_path": "advisories/ZDI-11-089", "id": "ZDI-11-089", "kind": "published", "published_date": "2011-02-17", "status": "published", "title": "Novell ZenWorks TFTPD Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-089/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-877", "zdi_id": "ZDI-11-089" }, { "cve": "CVE-2011-0364", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Security Agent Management Console. Authentication is not required to exploit this vulnerability. The flaw exists within the webagent.exe component which...", "detail_json": "/data/advisories/ZDI-11-088/advisory.json", "detail_path": "advisories/ZDI-11-088", "id": "ZDI-11-088", "kind": "published", "published_date": "2011-02-16", "status": "published", "title": "Cisco Security Agent Management st_upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-088/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-919", "zdi_id": "ZDI-11-088" }, { "cve": "CVE-2010-4328", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the '/opt/novell/iprint/bin/ipsmd' component this co...", "detail_json": "/data/advisories/ZDI-11-087/advisory.json", "detail_path": "advisories/ZDI-11-087", "id": "ZDI-11-087", "kind": "published", "published_date": "2011-02-16", "status": "published", "title": "Novell iPrint LPD Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-087/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1008", "zdi_id": "ZDI-11-087" }, { "cve": "CVE-2010-4463", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-11-086/advisory.json", "detail_path": "advisories/ZDI-11-086", "id": "ZDI-11-086", "kind": "published", "published_date": "2011-02-15", "status": "published", "title": "Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-086/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-976", "zdi_id": "ZDI-11-086" }, { "cve": "CVE-2010-4462", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exist...", "detail_json": "/data/advisories/ZDI-11-085/advisory.json", "detail_path": "advisories/ZDI-11-085", "id": "ZDI-11-085", "kind": "published", "published_date": "2011-02-15", "status": "published", "title": "Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-085/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-945", "zdi_id": "ZDI-11-085" }, { "cve": "CVE-2010-4452", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...", "detail_json": "/data/advisories/ZDI-11-084/advisory.json", "detail_path": "advisories/ZDI-11-084", "id": "ZDI-11-084", "kind": "published", "published_date": "2011-02-15", "status": "published", "title": "Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-084/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-926", "zdi_id": "ZDI-11-084" }, { "cve": "CVE-2010-4465", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw is due to...", "detail_json": "/data/advisories/ZDI-11-083/advisory.json", "detail_path": "advisories/ZDI-11-083", "id": "ZDI-11-083", "kind": "published", "published_date": "2011-02-15", "status": "published", "title": "Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-083/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-628", "zdi_id": "ZDI-11-083" }, { "cve": "CVE-2010-4466", "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to leak authentication details on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-11-082/advisory.json", "detail_path": "advisories/ZDI-11-082", "id": "ZDI-11-082", "kind": "published", "published_date": "2011-02-15", "status": "published", "title": "Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-082/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-552", "zdi_id": "ZDI-11-082" }, { "cve": "CVE-2011-0578", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-11-081/advisory.json", "detail_path": "advisories/ZDI-11-081", "id": "ZDI-11-081", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Flash Player Point Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-081/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-997", "zdi_id": "ZDI-11-081" }, { "cve": "CVE-2010-4190", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-080/advisory.json", "detail_path": "advisories/ZDI-11-080", "id": "ZDI-11-080", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-080/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-990", "zdi_id": "ZDI-11-080" }, { "cve": "CVE-2011-0557", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-079/advisory.json", "detail_path": "advisories/ZDI-11-079", "id": "ZDI-11-079", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-079/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-885", "zdi_id": "ZDI-11-079" }, { "cve": "CVE-2010-4192", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-078/advisory.json", "detail_path": "advisories/ZDI-11-078", "id": "ZDI-11-078", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-078/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-993", "zdi_id": "ZDI-11-078" }, { "cve": "CVE-2011-0590", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-077/advisory.json", "detail_path": "advisories/ZDI-11-077", "id": "ZDI-11-077", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-077/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-897", "zdi_id": "ZDI-11-077" }, { "cve": "CVE-2011-0694", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-11-076/advisory.json", "detail_path": "advisories/ZDI-11-076", "id": "ZDI-11-076", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-076/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-849", "zdi_id": "ZDI-11-076" }, { "cve": "CVE-2011-0606", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-075/advisory.json", "detail_path": "advisories/ZDI-11-075", "id": "ZDI-11-075", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader rt3d.dll Multimedia Playing Arbitrary Memory Overwite Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-075/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-1003", "zdi_id": "ZDI-11-075" }, { "cve": "CVE-2011-0600", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-11-074/advisory.json", "detail_path": "advisories/ZDI-11-074", "id": "ZDI-11-074", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-074/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-946", "zdi_id": "ZDI-11-074" }, { "cve": "CVE-2011-0598", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-11-073/advisory.json", "detail_path": "advisories/ZDI-11-073", "id": "ZDI-11-073", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Reader ICC Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-073/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-973", "zdi_id": "ZDI-11-073" }, { "cve": "CVE-2011-0599", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-11-072/advisory.json", "detail_path": "advisories/ZDI-11-072", "id": "ZDI-11-072", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Reader BMP ColorData Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-072/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-947", "zdi_id": "ZDI-11-072" }, { "cve": "CVE-2011-0596", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-11-071/advisory.json", "detail_path": "advisories/ZDI-11-071", "id": "ZDI-11-071", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Reader BMP RLE_8 Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-071/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-972", "zdi_id": "ZDI-11-071" }, { "cve": "CVE-2011-0595", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-070/advisory.json", "detail_path": "advisories/ZDI-11-070", "id": "ZDI-11-070", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-070/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-900", "zdi_id": "ZDI-11-070" }, { "cve": "CVE-2011-0593", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-069/advisory.json", "detail_path": "advisories/ZDI-11-069", "id": "ZDI-11-069", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture psd RLE Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-069/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-948", "zdi_id": "ZDI-11-069" }, { "cve": "CVE-2011-0592", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-068/advisory.json", "detail_path": "advisories/ZDI-11-068", "id": "ZDI-11-068", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-068/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-923", "zdi_id": "ZDI-11-068" }, { "cve": "CVE-2011-0591", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-067/advisory.json", "detail_path": "advisories/ZDI-11-067", "id": "ZDI-11-067", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-067/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-924", "zdi_id": "ZDI-11-067" }, { "cve": "CVE-2011-0590", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-066/advisory.json", "detail_path": "advisories/ZDI-11-066", "id": "ZDI-11-066", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Acrobat Reader U3D Texture .iff RLE Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-066/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-899", "zdi_id": "ZDI-11-066" }, { "cve": "CVE-2011-0567", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-11-065/advisory.json", "detail_path": "advisories/ZDI-11-065", "id": "ZDI-11-065", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Adobe Reader Controlled memset Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-065/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-842", "zdi_id": "ZDI-11-065" }, { "cve": "CVE-2011-0045", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows local attackers to execute arbitrary code from the context of kernelspace on vulnerable installations of Microsoft Windows. The ability to make a system call is required in order to exploit this vulnerability. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-11-064/advisory.json", "detail_path": "advisories/ZDI-11-064", "id": "ZDI-11-064", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-064/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-890", "zdi_id": "ZDI-11-064" }, { "cve": "CVE-2011-0092", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-063/advisory.json", "detail_path": "advisories/ZDI-11-063", "id": "ZDI-11-063", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-063/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-813", "zdi_id": "ZDI-11-063" }, { "cve": "CVE-2010-4435", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Calendar Manager RPC Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CMSD server (rpc.cmsd) which liste...", "detail_json": "/data/advisories/ZDI-11-062/advisory.json", "detail_path": "advisories/ZDI-11-062", "id": "ZDI-11-062", "kind": "published", "published_date": "2011-02-08", "status": "published", "title": "Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-062/", "vendor": "Hewlett-Packard, IBM, Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-561", "zdi_id": "ZDI-11-062" }, { "cve": "CVE-2011-0647", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The Replication Manager client installs a service binds the i...", "detail_json": "/data/advisories/ZDI-11-061/advisory.json", "detail_path": "advisories/ZDI-11-061", "id": "ZDI-11-061", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-061/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-614", "zdi_id": "ZDI-11-061" }, { "cve": "CVE-2010-4327", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. The flaw exists within Novell's eDirectory Server's NCP implementation. Novell's eDir...", "detail_json": "/data/advisories/ZDI-11-060/advisory.json", "detail_path": "advisories/ZDI-11-060", "id": "ZDI-11-060", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "Novell eDirectory Malformed NCP Request Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-060/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-445", "zdi_id": "ZDI-11-060" }, { "cve": "CVE-2011-0758", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the eTrust Common Service...", "detail_json": "/data/advisories/ZDI-11-059/advisory.json", "detail_path": "advisories/ZDI-11-059", "id": "ZDI-11-059", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-059/", "vendor": "CA", "vendor_url": null, "zdi_can": "ZDI-CAN-342", "zdi_id": "ZDI-11-059" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imapd process responsible for...", "detail_json": "/data/advisories/ZDI-11-058/advisory.json", "detail_path": "advisories/ZDI-11-058", "id": "ZDI-11-058", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-058/", "vendor": "SCO", "vendor_url": null, "zdi_can": "ZDI-CAN-407", "zdi_id": "ZDI-11-058" }, { "cve": "CVE-2011-0921", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to execute remote code on vulnerable installations of Hewlett-Packard Data Protector. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Service which listens...", "detail_json": "/data/advisories/ZDI-11-057/advisory.json", "detail_path": "advisories/ZDI-11-057", "id": "ZDI-11-057", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-057/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-417", "zdi_id": "ZDI-11-057" }, { "cve": "CVE-2011-0922", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the implementation of the EX...", "detail_json": "/data/advisories/ZDI-11-056/advisory.json", "detail_path": "advisories/ZDI-11-056", "id": "ZDI-11-056", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-056/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-420", "zdi_id": "ZDI-11-056" }, { "cve": "CVE-2011-0923", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments t...", "detail_json": "/data/advisories/ZDI-11-055/advisory.json", "detail_path": "advisories/ZDI-11-055", "id": "ZDI-11-055", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-055/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-419", "zdi_id": "ZDI-11-055" }, { "cve": "CVE-2011-0924", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of the EXEC_CM...", "detail_json": "/data/advisories/ZDI-11-054/advisory.json", "detail_path": "advisories/ZDI-11-054", "id": "ZDI-11-054", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-054/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-418", "zdi_id": "ZDI-11-054" }, { "cve": "CVE-2011-0913", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a d...", "detail_json": "/data/advisories/ZDI-11-053/advisory.json", "detail_path": "advisories/ZDI-11-053", "id": "ZDI-11-053", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-053/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-758", "zdi_id": "ZDI-11-053" }, { "cve": "CVE-2011-0914", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a d...", "detail_json": "/data/advisories/ZDI-11-052/advisory.json", "detail_path": "advisories/ZDI-11-052", "id": "ZDI-11-052", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-052/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-759", "zdi_id": "ZDI-11-052" }, { "cve": "CVE-2011-0912", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of malformed strings within cai:// UR...", "detail_json": "/data/advisories/ZDI-11-051/advisory.json", "detail_path": "advisories/ZDI-11-051", "id": "ZDI-11-051", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-051/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-647", "zdi_id": "ZDI-11-051" }, { "cve": "CVE-2011-1033", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bou...", "detail_json": "/data/advisories/ZDI-11-050/advisory.json", "detail_path": "advisories/ZDI-11-050", "id": "ZDI-11-050", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-050/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-405", "zdi_id": "ZDI-11-050" }, { "cve": "CVE-2011-0916", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP service while processing...", "detail_json": "/data/advisories/ZDI-11-049/advisory.json", "detail_path": "advisories/ZDI-11-049", "id": "ZDI-11-049", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-049/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-375", "zdi_id": "ZDI-11-049" }, { "cve": "CVE-2011-0915", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while proc...", "detail_json": "/data/advisories/ZDI-11-048/advisory.json", "detail_path": "advisories/ZDI-11-048", "id": "ZDI-11-048", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-048/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-373", "zdi_id": "ZDI-11-048" }, { "cve": "CVE-2011-0917", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP...", "detail_json": "/data/advisories/ZDI-11-047/advisory.json", "detail_path": "advisories/ZDI-11-047", "id": "ZDI-11-047", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-047/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-779", "zdi_id": "ZDI-11-047" }, { "cve": "CVE-2011-0918", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NRouter service while transpor...", "detail_json": "/data/advisories/ZDI-11-046/advisory.json", "detail_path": "advisories/ZDI-11-046", "id": "ZDI-11-046", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-046/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-372", "zdi_id": "ZDI-11-046" }, { "cve": "CVE-2011-0919", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while p...", "detail_json": "/data/advisories/ZDI-11-045/advisory.json", "detail_path": "advisories/ZDI-11-045", "id": "ZDI-11-045", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-045/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-374", "zdi_id": "ZDI-11-045" }, { "cve": "CVE-2011-0976", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Powerpoint 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-11-044/advisory.json", "detail_path": "advisories/ZDI-11-044", "id": "ZDI-11-044", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-044/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-827", "zdi_id": "ZDI-11-044" }, { "cve": "CVE-2011-0977", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-11-043/advisory.json", "detail_path": "advisories/ZDI-11-043", "id": "ZDI-11-043", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Microsoft Office Drawing Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-043/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-798", "zdi_id": "ZDI-11-043" }, { "cve": "CVE-2011-0978", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-11-042/advisory.json", "detail_path": "advisories/ZDI-11-042", "id": "ZDI-11-042", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-042/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-904", "zdi_id": "ZDI-11-042" }, { "cve": "CVE-2011-0979", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-041/advisory.json", "detail_path": "advisories/ZDI-11-041", "id": "ZDI-11-041", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-041/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-829", "zdi_id": "ZDI-11-041" }, { "cve": "CVE-2011-0980", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-11-040/advisory.json", "detail_path": "advisories/ZDI-11-040", "id": "ZDI-11-040", "kind": "published", "published_date": "2011-02-07", "status": "published", "title": "(0Day) Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-040/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-811", "zdi_id": "ZDI-11-040" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BMC Perform Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service daemon which listens by default on...", "detail_json": "/data/advisories/ZDI-11-039/advisory.json", "detail_path": "advisories/ZDI-11-039", "id": "ZDI-11-039", "kind": "published", "published_date": "2011-02-03", "status": "published", "title": "BMC Perform Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-039/", "vendor": "BMC Software", "vendor_url": null, "zdi_can": "ZDI-CAN-613", "zdi_id": "ZDI-11-039" }, { "cve": "CVE-2010-3790", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-11-038/advisory.json", "detail_path": "advisories/ZDI-11-038", "id": "ZDI-11-038", "kind": "published", "published_date": "2011-02-01", "status": "published", "title": "Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-038/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-910", "zdi_id": "ZDI-11-038" }, { "cve": "CVE-2010-3719", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The spec...", "detail_json": "/data/advisories/ZDI-11-037/advisory.json", "detail_path": "advisories/ZDI-11-037", "id": "ZDI-11-037", "kind": "published", "published_date": "2011-01-31", "status": "published", "title": "Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-037/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-865", "zdi_id": "ZDI-11-037" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The flaw exists within the db2dasrrm component which listens by default on TCP port 524....", "detail_json": "/data/advisories/ZDI-11-036/advisory.json", "detail_path": "advisories/ZDI-11-036", "id": "ZDI-11-036", "kind": "published", "published_date": "2011-01-31", "status": "published", "title": "IBM DB2 db2dasrrm receiveDASMessage Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-036/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-776", "zdi_id": "ZDI-11-036" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the db2dasrrm process responsible for handling queries t...", "detail_json": "/data/advisories/ZDI-11-035/advisory.json", "detail_path": "advisories/ZDI-11-035", "id": "ZDI-11-035", "kind": "published", "published_date": "2011-01-31", "status": "published", "title": "IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-035/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-775", "zdi_id": "ZDI-11-035" }, { "cve": "CVE-2011-0276", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidde...", "detail_json": "/data/advisories/ZDI-11-034/advisory.json", "detail_path": "advisories/ZDI-11-034", "id": "ZDI-11-034", "kind": "published", "published_date": "2011-01-31", "status": "published", "title": "HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-034/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-606", "zdi_id": "ZDI-11-034" }, { "cve": "CVE-2010-4393", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-11-033/advisory.json", "detail_path": "advisories/ZDI-11-033", "id": "ZDI-11-033", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Realplayer vidplin.dll AVI Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-033/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-801", "zdi_id": "ZDI-11-033" }, { "cve": "CVE-2010-0111", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Intel Alert Originator (iao.exe)...", "detail_json": "/data/advisories/ZDI-11-032/advisory.json", "detail_path": "advisories/ZDI-11-032", "id": "ZDI-11-032", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-032/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-580", "zdi_id": "ZDI-11-032" }, { "cve": "CVE-2010-0111", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while p...", "detail_json": "/data/advisories/ZDI-11-031/advisory.json", "detail_path": "advisories/ZDI-11-031", "id": "ZDI-11-031", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Symantec AMS Intel Alert Handler Pin Number Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-031/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-531", "zdi_id": "ZDI-11-031" }, { "cve": "CVE-2010-0111", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while p...", "detail_json": "/data/advisories/ZDI-11-030/advisory.json", "detail_path": "advisories/ZDI-11-030", "id": "ZDI-11-030", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Symantec AMS Intel Alert Handler Modem String Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-030/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-530", "zdi_id": "ZDI-11-030" }, { "cve": "CVE-2010-0111", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HDNLRSVC.EXE service while...", "detail_json": "/data/advisories/ZDI-11-029/advisory.json", "detail_path": "advisories/ZDI-11-029", "id": "ZDI-11-029", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Symantec AMS Intel Alert Handler Service CreateProcess Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-029/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-529", "zdi_id": "ZDI-11-029" }, { "cve": "CVE-2010-0110", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AMSLIB.dll module while pro...", "detail_json": "/data/advisories/ZDI-11-028/advisory.json", "detail_path": "advisories/ZDI-11-028", "id": "ZDI-11-028", "kind": "published", "published_date": "2011-01-27", "status": "published", "title": "Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-028/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-528", "zdi_id": "ZDI-11-028" }, { "cve": "CVE-2010-4325", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing V...", "detail_json": "/data/advisories/ZDI-11-027/advisory.json", "detail_path": "advisories/ZDI-11-027", "id": "ZDI-11-027", "kind": "published", "published_date": "2011-01-26", "status": "published", "title": "Novell GroupWise Internet Agent TZID Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-027/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-967", "zdi_id": "ZDI-11-027" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Access Point process (Zf...", "detail_json": "/data/advisories/ZDI-11-026/advisory.json", "detail_path": "advisories/ZDI-11-026", "id": "ZDI-11-026", "kind": "published", "published_date": "2011-01-26", "status": "published", "title": "Novell Zenworks Handheld Management ZfHIPCnd.exe Opcode 2 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-026/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-1071", "zdi_id": "ZDI-11-026" }, { "cve": "CVE-2010-4326", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing V...", "detail_json": "/data/advisories/ZDI-11-025/advisory.json", "detail_path": "advisories/ZDI-11-025", "id": "ZDI-11-025", "kind": "published", "published_date": "2011-01-25", "status": "published", "title": "Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-025/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-955", "zdi_id": "ZDI-11-025" }, { "cve": "CVE-2011-0273", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the crs.exe process which list...", "detail_json": "/data/advisories/ZDI-11-024/advisory.json", "detail_path": "advisories/ZDI-11-024", "id": "ZDI-11-024", "kind": "published", "published_date": "2011-01-20", "status": "published", "title": "Hewlett-Packard Data Protector Cell Manager Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-024/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-722", "zdi_id": "ZDI-11-024" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component whi...", "detail_json": "/data/advisories/ZDI-11-023/advisory.json", "detail_path": "advisories/ZDI-11-023", "id": "ZDI-11-023", "kind": "published", "published_date": "2011-01-20", "status": "published", "title": "Citrix Provisioning Services streamprocess.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-023/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-746", "zdi_id": "ZDI-11-023" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence One. Authentication is not required to exploit this vulnerability. The flaw exists within the emagent.exe component which listens...", "detail_json": "/data/advisories/ZDI-11-022/advisory.json", "detail_path": "advisories/ZDI-11-022", "id": "ZDI-11-022", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle Business Intelligence emagent.exe nmehl_getURIParams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-022/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-835", "zdi_id": "ZDI-11-022" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Icon Labs Iconfidant SSL Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality responsible for ke...", "detail_json": "/data/advisories/ZDI-11-021/advisory.json", "detail_path": "advisories/ZDI-11-021", "id": "ZDI-11-021", "kind": "published", "published_date": "2011-01-20", "status": "published", "title": "Icon Labs Iconfidant SSL Server Key Length Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-021/", "vendor": "Icon Labs", "vendor_url": null, "zdi_can": "ZDI-CAN-403", "zdi_id": "ZDI-11-021" }, { "cve": "CVE-2010-4417", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within 'voice-servlet/prompt-qa/Index.jspf'. During the...", "detail_json": "/data/advisories/ZDI-11-020/advisory.json", "detail_path": "advisories/ZDI-11-020", "id": "ZDI-11-020", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle Beehive voice-servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-020/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-814", "zdi_id": "ZDI-11-020" }, { "cve": "CVE-2010-4416", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate Veridata. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the application parses an XML...", "detail_json": "/data/advisories/ZDI-11-019/advisory.json", "detail_path": "advisories/ZDI-11-019", "id": "ZDI-11-019", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle GoldenGate Veridata Server XML SOAP Request Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-019/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-800", "zdi_id": "ZDI-11-019" }, { "cve": "CVE-2010-3600", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server run...", "detail_json": "/data/advisories/ZDI-11-018/advisory.json", "detail_path": "advisories/ZDI-11-018", "id": "ZDI-11-018", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-018/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-735", "zdi_id": "ZDI-11-018" }, { "cve": "CVE-2010-4449", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Audit Vault. Authentication is not required to exploit this vulnerability. The flaw exists within the av component which listens by default on TCP port...", "detail_json": "/data/advisories/ZDI-11-017/advisory.json", "detail_path": "advisories/ZDI-11-017", "id": "ZDI-11-017", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle Audit Vault av.action Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-017/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-962", "zdi_id": "ZDI-11-017" }, { "cve": "CVE-2010-3594", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle Real User Experience Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within a portion of the application w...", "detail_json": "/data/advisories/ZDI-11-016/advisory.json", "detail_path": "advisories/ZDI-11-016", "id": "ZDI-11-016", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Oracle Real User Experience Insight rsynclogdird SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-016/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-690", "zdi_id": "ZDI-11-016" }, { "cve": "CVE-2011-0272", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentproc.exe process which binds by default...", "detail_json": "/data/advisories/ZDI-11-015/advisory.json", "detail_path": "advisories/ZDI-11-015", "id": "ZDI-11-015", "kind": "published", "published_date": "2011-01-12", "status": "published", "title": "HP Mercury Loadrunner Agent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-015/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-768", "zdi_id": "ZDI-11-015" }, { "cve": "CVE-2010-4351", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exis...", "detail_json": "/data/advisories/ZDI-11-014/advisory.json", "detail_path": "advisories/ZDI-11-014", "id": "ZDI-11-014", "kind": "published", "published_date": "2011-01-18", "status": "published", "title": "Red Hat OpenJDK IcedTea6 ClassLoader Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-014/", "vendor": "Red Hat", "vendor_url": null, "zdi_can": "ZDI-CAN-1018", "zdi_id": "ZDI-11-014" }, { "cve": "CVE-2010-0115", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management interface which listens by d...", "detail_json": "/data/advisories/ZDI-11-013/advisory.json", "detail_path": "advisories/ZDI-11-013", "id": "ZDI-11-013", "kind": "published", "published_date": "2011-01-12", "status": "published", "title": "Symantec Web Gateway Management Interface USERNAME Blind SQL Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-013/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-879", "zdi_id": "ZDI-11-013" }, { "cve": "CVE-2011-0270", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRptConfig.exe CGI which is exposed by...", "detail_json": "/data/advisories/ZDI-11-012/advisory.json", "detail_path": "advisories/ZDI-11-012", "id": "ZDI-11-012", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-012/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-936", "zdi_id": "ZDI-11-012" }, { "cve": "CVE-2011-0269", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by t...", "detail_json": "/data/advisories/ZDI-11-011/advisory.json", "detail_path": "advisories/ZDI-11-011", "id": "ZDI-11-011", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-011/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-935", "zdi_id": "ZDI-11-011" }, { "cve": "CVE-2011-0268", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by t...", "detail_json": "/data/advisories/ZDI-11-010/advisory.json", "detail_path": "advisories/ZDI-11-010", "id": "ZDI-11-010", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe nameParams/text1 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-010/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-934", "zdi_id": "ZDI-11-010" }, { "cve": "CVE-2011-0267", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by t...", "detail_json": "/data/advisories/ZDI-11-009/advisory.json", "detail_path": "advisories/ZDI-11-009", "id": "ZDI-11-009", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe schdParams/nameParams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-009/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-933", "zdi_id": "ZDI-11-009" }, { "cve": "CVE-2011-0266", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by t...", "detail_json": "/data/advisories/ZDI-11-008/advisory.json", "detail_path": "advisories/ZDI-11-008", "id": "ZDI-11-008", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe nameParams Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-008/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-932", "zdi_id": "ZDI-11-008" }, { "cve": "CVE-2011-0265", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by t...", "detail_json": "/data/advisories/ZDI-11-007/advisory.json", "detail_path": "advisories/ZDI-11-007", "id": "ZDI-11-007", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe data_select1 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-007/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-931", "zdi_id": "ZDI-11-007" }, { "cve": "CVE-2011-0264", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovutil.dll component wh...", "detail_json": "/data/advisories/ZDI-11-006/advisory.json", "detail_path": "advisories/ZDI-11-006", "id": "ZDI-11-006", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "Hewlett-Packard Network Node Manager OVutil.dll Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-006/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-810", "zdi_id": "ZDI-11-006" }, { "cve": "CVE-2011-0263", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovas.exe component whic...", "detail_json": "/data/advisories/ZDI-11-005/advisory.json", "detail_path": "advisories/ZDI-11-005", "id": "ZDI-11-005", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "HP OpenView Network Node Manager ovas.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-005/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-774", "zdi_id": "ZDI-11-005" }, { "cve": "CVE-2011-0262", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request t...", "detail_json": "/data/advisories/ZDI-11-004/advisory.json", "detail_path": "advisories/ZDI-11-004", "id": "ZDI-11-004", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "HP OpenView Network Node Manager ovutil.dll stringToSeconds Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-004/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-757", "zdi_id": "ZDI-11-004" }, { "cve": "CVE-2011-0261", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request t...", "detail_json": "/data/advisories/ZDI-11-003/advisory.json", "detail_path": "advisories/ZDI-11-003", "id": "ZDI-11-003", "kind": "published", "published_date": "2011-01-10", "status": "published", "title": "HP OpenView Network Node Manager jovgraph.exe displayWidth Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-003/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-753", "zdi_id": "ZDI-11-003" }, { "cve": "CVE-2011-0027", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. This vulnerability was submitted to the ZDI via at the annual Pwn2Own competition at CanSecWest. User interaction is required to e...", "detail_json": "/data/advisories/ZDI-11-002/advisory.json", "detail_path": "advisories/ZDI-11-002", "id": "ZDI-11-002", "kind": "published", "published_date": "2011-01-11", "status": "published", "title": "Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-002/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-856", "zdi_id": "ZDI-11-002" }, { "cve": "CVE-2011-0026", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Data Access Components. The vulnerability is present in an API call and as such successful exploitation will depend on an application's implementation of th...", "detail_json": "/data/advisories/ZDI-11-001/advisory.json", "detail_path": "advisories/ZDI-11-001", "id": "ZDI-11-001", "kind": "published", "published_date": "2011-01-11", "status": "published", "title": "Microsoft Data Access Components DSN Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-11-001/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-708", "zdi_id": "ZDI-11-001" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the mrf.exe component composes a...", "detail_json": "/data/advisories/ZDI-10-301/advisory.json", "detail_path": "advisories/ZDI-10-301", "id": "ZDI-10-301", "kind": "published", "published_date": "2010-12-17", "status": "published", "title": "Trend Micro Control Manager Server-agent Communication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-301/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-995", "zdi_id": "ZDI-10-301" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component used by the the Mozilla an...", "detail_json": "/data/advisories/ZDI-10-300/advisory.json", "detail_path": "advisories/ZDI-10-300", "id": "ZDI-10-300", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape/ActiveX Plugin HTTP_CONNECTION Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-300/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-979", "zdi_id": "ZDI-10-300" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the...", "detail_json": "/data/advisories/ZDI-10-299/advisory.json", "detail_path": "advisories/ZDI-10-299", "id": "ZDI-10-299", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape/ActiveX Plugin Wide Character IPP Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-299/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-981", "zdi_id": "ZDI-10-299" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint cli...", "detail_json": "/data/advisories/ZDI-10-298/advisory.json", "detail_path": "advisories/ZDI-10-298", "id": "ZDI-10-298", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape Plugin call-back-url Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-298/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-980", "zdi_id": "ZDI-10-298" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the...", "detail_json": "/data/advisories/ZDI-10-297/advisory.json", "detail_path": "advisories/ZDI-10-297", "id": "ZDI-10-297", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape/ActiveX Location Header Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-297/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-978", "zdi_id": "ZDI-10-297" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-10-296/advisory.json", "detail_path": "advisories/ZDI-10-296", "id": "ZDI-10-296", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape/ActiveX IPP Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-296/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-983", "zdi_id": "ZDI-10-296" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-10-295/advisory.json", "detail_path": "advisories/ZDI-10-295", "id": "ZDI-10-295", "kind": "published", "published_date": "2010-12-26", "status": "published", "title": "Novell iPrint Client Netscape/ActiveX printer-state-reasons Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-295/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-985", "zdi_id": "ZDI-10-295" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-10-294/advisory.json", "detail_path": "advisories/ZDI-10-294", "id": "ZDI-10-294", "kind": "published", "published_date": "2010-12-23", "status": "published", "title": "Rocket U2 Uni RPC Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-294/", "vendor": "Rocket", "vendor_url": null, "zdi_can": "ZDI-CAN-368", "zdi_id": "ZDI-10-294" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks Storage Mirroring. Authentication is not required to exploit this vulnerability. The flaw exists within the DoubleTake.exe component which list...", "detail_json": "/data/advisories/ZDI-10-293/advisory.json", "detail_path": "advisories/ZDI-10-293", "id": "ZDI-10-293", "kind": "published", "published_date": "2010-12-23", "status": "published", "title": "HP StorageWorks Storage Mirroring DoubleTake.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-293/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-958", "zdi_id": "ZDI-10-293" }, { "cve": "CVE-2010-4113", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when po...", "detail_json": "/data/advisories/ZDI-10-292/advisory.json", "detail_path": "advisories/ZDI-10-292", "id": "ZDI-10-292", "kind": "published", "published_date": "2010-12-16", "status": "published", "title": "Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-292/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-697", "zdi_id": "ZDI-10-292" }, { "cve": "CVE-2010-0114", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the portion of the server that gene...", "detail_json": "/data/advisories/ZDI-10-291/advisory.json", "detail_path": "advisories/ZDI-10-291", "id": "ZDI-10-291", "kind": "published", "published_date": "2010-12-15", "status": "published", "title": "Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-291/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-756", "zdi_id": "ZDI-10-291" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi...", "detail_json": "/data/advisories/ZDI-10-290/advisory.json", "detail_path": "advisories/ZDI-10-290", "id": "ZDI-10-290", "kind": "published", "published_date": "2010-12-14", "status": "published", "title": "SAP NetWeaver Business Client SapThemeRepository ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-290/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-939", "zdi_id": "ZDI-10-290" }, { "cve": "CVE-2010-3346", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or op...", "detail_json": "/data/advisories/ZDI-10-289/advisory.json", "detail_path": "advisories/ZDI-10-289", "id": "ZDI-10-289", "kind": "published", "published_date": "2010-12-14", "status": "published", "title": "Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-289/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-725", "zdi_id": "ZDI-10-289" }, { "cve": "CVE-2010-3345", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-10-288/advisory.json", "detail_path": "advisories/ZDI-10-288", "id": "ZDI-10-288", "kind": "published", "published_date": "2010-12-14", "status": "published", "title": "Microsoft Internet Explorer Recursive Select Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-288/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-825", "zdi_id": "ZDI-10-288" }, { "cve": "CVE-2010-3964", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific fla...", "detail_json": "/data/advisories/ZDI-10-287/advisory.json", "detail_path": "advisories/ZDI-10-287", "id": "ZDI-10-287", "kind": "published", "published_date": "2010-12-14", "status": "published", "title": "Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-287/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-706", "zdi_id": "ZDI-10-287" }, { "cve": "CVE-2010-3937", "cvss": 6.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Microsoft Exchange Server 2007. Authentication is required to exploit this vulnerability. The specific flaw exists within store.exe during the handling of a particular MAPI ca...", "detail_json": "/data/advisories/ZDI-10-286/advisory.json", "detail_path": "advisories/ZDI-10-286", "id": "ZDI-10-286", "kind": "published", "published_date": "2010-12-14", "status": "published", "title": "Microsoft Exchange 2007 Infinite Loop Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-286/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-598", "zdi_id": "ZDI-10-286" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpd server component which liste...", "detail_json": "/data/advisories/ZDI-10-285/advisory.json", "detail_path": "advisories/ZDI-10-285", "id": "ZDI-10-285", "kind": "published", "published_date": "2010-12-13", "status": "published", "title": "Novell ZENworks Desktop Management Linux TFTPD Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-285/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-847", "zdi_id": "ZDI-10-285" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by defaul...", "detail_json": "/data/advisories/ZDI-10-284/advisory.json", "detail_path": "advisories/ZDI-10-284", "id": "ZDI-10-284", "kind": "published", "published_date": "2010-12-13", "status": "published", "title": "Novell ZENWorks Remote Management Agent DN Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-284/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-751", "zdi_id": "ZDI-10-284" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by defaul...", "detail_json": "/data/advisories/ZDI-10-283/advisory.json", "detail_path": "advisories/ZDI-10-283", "id": "ZDI-10-283", "kind": "published", "published_date": "2010-12-13", "status": "published", "title": "Novell ZENWorks Remote Management Agent Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-283/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-749", "zdi_id": "ZDI-10-283" }, { "cve": "CVE-2010-4394", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-282/advisory.json", "detail_path": "advisories/ZDI-10-282", "id": "ZDI-10-282", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer RealPix Server Header Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-282/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-911", "zdi_id": "ZDI-10-282" }, { "cve": "CVE-2010-4391", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-281/advisory.json", "detail_path": "advisories/ZDI-10-281", "id": "ZDI-10-281", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-281/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-913", "zdi_id": "ZDI-10-281" }, { "cve": "CVE-2010-4392", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-280/advisory.json", "detail_path": "advisories/ZDI-10-280", "id": "ZDI-10-280", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-280/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-916", "zdi_id": "ZDI-10-280" }, { "cve": "CVE-2010-4389", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-279/advisory.json", "detail_path": "advisories/ZDI-10-279", "id": "ZDI-10-279", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Cook Codec Initialization Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-279/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-881", "zdi_id": "ZDI-10-279" }, { "cve": "CVE-2010-4388", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-278/advisory.json", "detail_path": "advisories/ZDI-10-278", "id": "ZDI-10-278", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-278/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-845", "zdi_id": "ZDI-10-278" }, { "cve": "CVE-2010-4388", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-277/advisory.json", "detail_path": "advisories/ZDI-10-277", "id": "ZDI-10-277", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Main.html Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-277/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-844", "zdi_id": "ZDI-10-277" }, { "cve": "CVE-2010-4388", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-276/advisory.json", "detail_path": "advisories/ZDI-10-276", "id": "ZDI-10-276", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Upsell.htm getqsval Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-276/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-843", "zdi_id": "ZDI-10-276" }, { "cve": "CVE-2010-4396", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction meth...", "detail_json": "/data/advisories/ZDI-10-275/advisory.json", "detail_path": "advisories/ZDI-10-275", "id": "ZDI-10-275", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-275/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-771", "zdi_id": "ZDI-10-275" }, { "cve": "CVE-2010-4378", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-10-274/advisory.json", "detail_path": "advisories/ZDI-10-274", "id": "ZDI-10-274", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-274/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-646", "zdi_id": "ZDI-10-274" }, { "cve": "CVE-2010-2999", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-273/advisory.json", "detail_path": "advisories/ZDI-10-273", "id": "ZDI-10-273", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer AAC MLLT Atom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-273/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-569", "zdi_id": "ZDI-10-273" }, { "cve": "CVE-2010-4377", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media fi...", "detail_json": "/data/advisories/ZDI-10-272/advisory.json", "detail_path": "advisories/ZDI-10-272", "id": "ZDI-10-272", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Cook Audio Codec Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-272/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-506", "zdi_id": "ZDI-10-272" }, { "cve": "CVE-2010-4376", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media fi...", "detail_json": "/data/advisories/ZDI-10-271/advisory.json", "detail_path": "advisories/ZDI-10-271", "id": "ZDI-10-271", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer RTSP GIF Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-271/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-508", "zdi_id": "ZDI-10-271" }, { "cve": "CVE-2010-2997", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must open a malicious SHOUTcast Stream. The specific...", "detail_json": "/data/advisories/ZDI-10-270/advisory.json", "detail_path": "advisories/ZDI-10-270", "id": "ZDI-10-270", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer ICY Protocol StreamTitle Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-270/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-509", "zdi_id": "ZDI-10-270" }, { "cve": "CVE-2010-4397", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-10-269/advisory.json", "detail_path": "advisories/ZDI-10-269", "id": "ZDI-10-269", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer AAC TIT2 Atom Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-269/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-490", "zdi_id": "ZDI-10-269" }, { "cve": "CVE-2010-4384", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-268/advisory.json", "detail_path": "advisories/ZDI-10-268", "id": "ZDI-10-268", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-268/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-434", "zdi_id": "ZDI-10-268" }, { "cve": "CVE-2010-4395", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-10-267/advisory.json", "detail_path": "advisories/ZDI-10-267", "id": "ZDI-10-267", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Advanced Audio Coding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-267/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-922", "zdi_id": "ZDI-10-267" }, { "cve": "CVE-2010-4375", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-266/advisory.json", "detail_path": "advisories/ZDI-10-266", "id": "ZDI-10-266", "kind": "published", "published_date": "2010-12-10", "status": "published", "title": "RealNetworks RealPlayer Multi-Rate Audio Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-266/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-473", "zdi_id": "ZDI-10-266" }, { "cve": "CVE-2010-3767", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-265/advisory.json", "detail_path": "advisories/ZDI-10-265", "id": "ZDI-10-265", "kind": "published", "published_date": "2010-12-09", "status": "published", "title": "Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-265/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-884", "zdi_id": "ZDI-10-265" }, { "cve": "CVE-2010-3766", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-264/advisory.json", "detail_path": "advisories/ZDI-10-264", "id": "ZDI-10-264", "kind": "published", "published_date": "2010-12-09", "status": "published", "title": "Mozilla Firefox nsDOMAttribute MutationObserver Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-264/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-898", "zdi_id": "ZDI-10-264" }, { "cve": "CVE-2010-3984", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA ARCserve Replication and High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the \"create_sessio...", "detail_json": "/data/advisories/ZDI-10-263/advisory.json", "detail_path": "advisories/ZDI-10-263", "id": "ZDI-10-263", "kind": "published", "published_date": "2010-12-09", "status": "published", "title": "CA Multiple Products create_session_bab SOAP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-263/", "vendor": "CA, CA, CA, CA", "vendor_url": null, "zdi_can": "ZDI-CAN-878", "zdi_id": "ZDI-10-263" }, { "cve": "CVE-2010-3800", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-262/advisory.json", "detail_path": "advisories/ZDI-10-262", "id": "ZDI-10-262", "kind": "published", "published_date": "2010-12-07", "status": "published", "title": "Apple QuickTime PICT directBitsRect Pack3 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-262/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-977", "zdi_id": "ZDI-10-262" }, { "cve": "CVE-2010-3800", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-261/advisory.json", "detail_path": "advisories/ZDI-10-261", "id": "ZDI-10-261", "kind": "published", "published_date": "2010-12-07", "status": "published", "title": "Apple QuickTime PICT File PackBits Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-261/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-790", "zdi_id": "ZDI-10-261" }, { "cve": "CVE-2010-3802", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a maliciou...", "detail_json": "/data/advisories/ZDI-10-260/advisory.json", "detail_path": "advisories/ZDI-10-260", "id": "ZDI-10-260", "kind": "published", "published_date": "2010-12-07", "status": "published", "title": "Apple QuickTime Panorama Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-260/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-734", "zdi_id": "ZDI-10-260" }, { "cve": "CVE-2010-3801", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific...", "detail_json": "/data/advisories/ZDI-10-259/advisory.json", "detail_path": "advisories/ZDI-10-259", "id": "ZDI-10-259", "kind": "published", "published_date": "2010-12-07", "status": "published", "title": "Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-259/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-681", "zdi_id": "ZDI-10-259" }, { "cve": "CVE-2010-1508", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-258/advisory.json", "detail_path": "advisories/ZDI-10-258", "id": "ZDI-10-258", "kind": "published", "published_date": "2010-12-07", "status": "published", "title": "Apple QuickTime 3GP Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-258/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-645", "zdi_id": "ZDI-10-258" }, { "cve": "CVE-2010-3812", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-10-257/advisory.json", "detail_path": "advisories/ZDI-10-257", "id": "ZDI-10-257", "kind": "published", "published_date": "2010-11-23", "status": "published", "title": "Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-257/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-874", "zdi_id": "ZDI-10-257" }, { "cve": "CVE-2010-4321", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The f...", "detail_json": "/data/advisories/ZDI-10-256/advisory.json", "detail_path": "advisories/ZDI-10-256", "id": "ZDI-10-256", "kind": "published", "published_date": "2010-12-23", "status": "published", "title": "Novell iPrint Activex GetDriverSettings Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-256/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-959", "zdi_id": "ZDI-10-256" }, { "cve": "CVE-2010-3792", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-10-255/advisory.json", "detail_path": "advisories/ZDI-10-255", "id": "ZDI-10-255", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple QuickTime m1s Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-255/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-839", "zdi_id": "ZDI-10-255" }, { "cve": "CVE-2010-3791", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-10-254/advisory.json", "detail_path": "advisories/ZDI-10-254", "id": "ZDI-10-254", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple QuickTime ELST MediaRate Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-254/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-838", "zdi_id": "ZDI-10-254" }, { "cve": "CVE-2010-3795", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-10-253/advisory.json", "detail_path": "advisories/ZDI-10-253", "id": "ZDI-10-253", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple QuickTime GIF LZW Decompression Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-253/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-828", "zdi_id": "ZDI-10-253" }, { "cve": "CVE-2010-3788", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-252/advisory.json", "detail_path": "advisories/ZDI-10-252", "id": "ZDI-10-252", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-252/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-812", "zdi_id": "ZDI-10-252" }, { "cve": "CVE-2010-3794", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...", "detail_json": "/data/advisories/ZDI-10-251/advisory.json", "detail_path": "advisories/ZDI-10-251", "id": "ZDI-10-251", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple QuickTime FlashPix Max Uninitialized Jpeg Table Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-251/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-778", "zdi_id": "ZDI-10-251" }, { "cve": "CVE-2010-3789", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-250/advisory.json", "detail_path": "advisories/ZDI-10-250", "id": "ZDI-10-250", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple Quicktime rec Chunk Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-250/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-739", "zdi_id": "ZDI-10-250" }, { "cve": "CVE-2010-3793", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-10-249/advisory.json", "detail_path": "advisories/ZDI-10-249", "id": "ZDI-10-249", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple Quicktime Sorenson Video Codec Decoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-249/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-732", "zdi_id": "ZDI-10-249" }, { "cve": "CVE-2010-1843", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to denial of service the IPv6 stack of an installation of Apple Mac OSX. No authentication or user interaction is required in order to exploit this vulnerability. The specific flaw exists within OSX's IPv6 stack. A N...", "detail_json": "/data/advisories/ZDI-10-248/advisory.json", "detail_path": "advisories/ZDI-10-248", "id": "ZDI-10-248", "kind": "published", "published_date": "2010-11-10", "status": "published", "title": "Apple Mac OS X IPv6 PIM Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-248/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-857", "zdi_id": "ZDI-10-248" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP respo...", "detail_json": "/data/advisories/ZDI-10-247/advisory.json", "detail_path": "advisories/ZDI-10-247", "id": "ZDI-10-247", "kind": "published", "published_date": "2010-11-09", "status": "published", "title": "Novell Groupwise GWPOA HTTP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-247/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-770", "zdi_id": "ZDI-10-247" }, { "cve": "CVE-2010-3335", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-246/advisory.json", "detail_path": "advisories/ZDI-10-246", "id": "ZDI-10-246", "kind": "published", "published_date": "2010-11-09", "status": "published", "title": "Microsoft Excel MSODrawing Improper Exception Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-246/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-855", "zdi_id": "ZDI-10-246" }, { "cve": "CVE-2010-2573", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Powerpoint 2003. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...", "detail_json": "/data/advisories/ZDI-10-245/advisory.json", "detail_path": "advisories/ZDI-10-245", "id": "ZDI-10-245", "kind": "published", "published_date": "2010-11-09", "status": "published", "title": "Microsoft Office PowerPoint Unknown Animation Node Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-245/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-748", "zdi_id": "ZDI-10-245" }, { "cve": "CVE-2010-0515", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-244/advisory.json", "detail_path": "advisories/ZDI-10-244", "id": "ZDI-10-244", "kind": "published", "published_date": "2010-11-09", "status": "published", "title": "Apple Quicktime Movie Malformed H.264 Sample Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-244/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-602", "zdi_id": "ZDI-10-244" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing V...", "detail_json": "/data/advisories/ZDI-10-243/advisory.json", "detail_path": "advisories/ZDI-10-243", "id": "ZDI-10-243", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent TZNAME Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-243/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-954", "zdi_id": "ZDI-10-243" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the IMAP server component which listens b...", "detail_json": "/data/advisories/ZDI-10-242/advisory.json", "detail_path": "advisories/ZDI-10-242", "id": "ZDI-10-242", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell Groupwise Internet Agent IMAP LIST Command Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-242/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-846", "zdi_id": "ZDI-10-242" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-m...", "detail_json": "/data/advisories/ZDI-10-241/advisory.json", "detail_path": "advisories/ZDI-10-241", "id": "ZDI-10-241", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent Content-Type Parsing Integer Signedness Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-241/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-953", "zdi_id": "ZDI-10-241" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing V...", "detail_json": "/data/advisories/ZDI-10-240/advisory.json", "detail_path": "advisories/ZDI-10-240", "id": "ZDI-10-240", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent COMMENT Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-240/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-961", "zdi_id": "ZDI-10-240" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing V...", "detail_json": "/data/advisories/ZDI-10-239/advisory.json", "detail_path": "advisories/ZDI-10-239", "id": "ZDI-10-239", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent RRULE Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-239/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-960", "zdi_id": "ZDI-10-239" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-m...", "detail_json": "/data/advisories/ZDI-10-238/advisory.json", "detail_path": "advisories/ZDI-10-238", "id": "ZDI-10-238", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent Content-Type String Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-238/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-952", "zdi_id": "ZDI-10-238" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-m...", "detail_json": "/data/advisories/ZDI-10-237/advisory.json", "detail_path": "advisories/ZDI-10-237", "id": "ZDI-10-237", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "Novell GroupWise Internet Agent Content-Type Multiple Value Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-237/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-951", "zdi_id": "ZDI-10-237" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Composition Environment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sapstartsrv.exe proces...", "detail_json": "/data/advisories/ZDI-10-236/advisory.json", "detail_path": "advisories/ZDI-10-236", "id": "ZDI-10-236", "kind": "published", "published_date": "2010-11-08", "status": "published", "title": "SAP NetWeaver Composition Environment sapstartsrv.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-236/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-896", "zdi_id": "ZDI-10-236" }, { "cve": "CVE-2010-3040", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40...", "detail_json": "/data/advisories/ZDI-10-235/advisory.json", "detail_path": "advisories/ZDI-10-235", "id": "ZDI-10-235", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Cisco ICM Setup Manager Agent.exe HandleUpgradeTrace Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-235/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-795", "zdi_id": "ZDI-10-235" }, { "cve": "CVE-2010-3040", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40...", "detail_json": "/data/advisories/ZDI-10-234/advisory.json", "detail_path": "advisories/ZDI-10-234", "id": "ZDI-10-234", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-234/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-794", "zdi_id": "ZDI-10-234" }, { "cve": "CVE-2010-3040", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP...", "detail_json": "/data/advisories/ZDI-10-233/advisory.json", "detail_path": "advisories/ZDI-10-233", "id": "ZDI-10-233", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Cisco ICM Setup Manager Agent.exe AgentUpgrade Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-233/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-793", "zdi_id": "ZDI-10-233" }, { "cve": "CVE-2010-3040", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40...", "detail_json": "/data/advisories/ZDI-10-232/advisory.json", "detail_path": "advisories/ZDI-10-232", "id": "ZDI-10-232", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-232/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-796", "zdi_id": "ZDI-10-232" }, { "cve": null, "cvss": 6.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is...", "detail_json": "/data/advisories/ZDI-10-231/advisory.json", "detail_path": "advisories/ZDI-10-231", "id": "ZDI-10-231", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-231/", "vendor": "Juniper", "vendor_url": null, "zdi_can": "ZDI-CAN-886", "zdi_id": "ZDI-10-231" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within module ZfHIPCND.exe. This pr...", "detail_json": "/data/advisories/ZDI-10-230/advisory.json", "detail_path": "advisories/ZDI-10-230", "id": "ZDI-10-230", "kind": "published", "published_date": "2010-11-07", "status": "published", "title": "Novell ZENworks Handheld Management ZfHIPCND.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-230/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-709", "zdi_id": "ZDI-10-230" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port...", "detail_json": "/data/advisories/ZDI-10-229/advisory.json", "detail_path": "advisories/ZDI-10-229", "id": "ZDI-10-229", "kind": "published", "published_date": "2010-11-02", "status": "published", "title": "ProFTPD TELNET_IAC Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-229/", "vendor": "ProFTPD", "vendor_url": null, "zdi_can": "ZDI-CAN-925", "zdi_id": "ZDI-10-229" }, { "cve": "CVE-2010-4090", "cvss": 7.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-228/advisory.json", "detail_path": "advisories/ZDI-10-228", "id": "ZDI-10-228", "kind": "published", "published_date": "2010-10-29", "status": "published", "title": "Adobe Shockwave Player Director File SetVertexArray Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-228/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-894", "zdi_id": "ZDI-10-228" }, { "cve": "CVE-2010-3655", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-10-227/advisory.json", "detail_path": "advisories/ZDI-10-227", "id": "ZDI-10-227", "kind": "published", "published_date": "2010-10-29", "status": "published", "title": "Adobe Shockwave Player Lnam Chunk String Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-227/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-909", "zdi_id": "ZDI-10-227" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager inter...", "detail_json": "/data/advisories/ZDI-10-226/advisory.json", "detail_path": "advisories/ZDI-10-226", "id": "ZDI-10-226", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-226/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-943", "zdi_id": "ZDI-10-226" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed...", "detail_json": "/data/advisories/ZDI-10-225/advisory.json", "detail_path": "advisories/ZDI-10-225", "id": "ZDI-10-225", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface DetailReportGroup.lgx Definition File SQL Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-225/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-873", "zdi_id": "ZDI-10-225" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed...", "detail_json": "/data/advisories/ZDI-10-224/advisory.json", "detail_path": "advisories/ZDI-10-224", "id": "ZDI-10-224", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface SummaryReportGroup.lgx Definition File SQL Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-224/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-872", "zdi_id": "ZDI-10-224" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages...", "detail_json": "/data/advisories/ZDI-10-223/advisory.json", "detail_path": "advisories/ZDI-10-223", "id": "ZDI-10-223", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface LoggedInUsers.lgx Definition File SQL Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-223/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-871", "zdi_id": "ZDI-10-223" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed...", "detail_json": "/data/advisories/ZDI-10-222/advisory.json", "detail_path": "advisories/ZDI-10-222", "id": "ZDI-10-222", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface rdpageimlogic.aspx SQL Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-222/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-870", "zdi_id": "ZDI-10-222" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative...", "detail_json": "/data/advisories/ZDI-10-221/advisory.json", "detail_path": "advisories/ZDI-10-221", "id": "ZDI-10-221", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface IMAdminReportTrendFormRun.asp SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-221/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-773", "zdi_id": "ZDI-10-221" }, { "cve": "CVE-2010-0112", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative...", "detail_json": "/data/advisories/ZDI-10-220/advisory.json", "detail_path": "advisories/ZDI-10-220", "id": "ZDI-10-220", "kind": "published", "published_date": "2010-10-27", "status": "published", "title": "Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-220/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-752", "zdi_id": "ZDI-10-220" }, { "cve": "CVE-2010-3183", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-219/advisory.json", "detail_path": "advisories/ZDI-10-219", "id": "ZDI-10-219", "kind": "published", "published_date": "2010-10-19", "status": "published", "title": "Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-219/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-929", "zdi_id": "ZDI-10-219" }, { "cve": "CVE-2008-2154", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database. The specific flaw exists within the install_jar procedure....", "detail_json": "/data/advisories/ZDI-10-218/advisory.json", "detail_path": "advisories/ZDI-10-218", "id": "ZDI-10-218", "kind": "published", "published_date": "2010-10-19", "status": "published", "title": "IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-218/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-743", "zdi_id": "ZDI-10-218" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists when processing the arguments...", "detail_json": "/data/advisories/ZDI-10-217/advisory.json", "detail_path": "advisories/ZDI-10-217", "id": "ZDI-10-217", "kind": "published", "published_date": "2010-10-18", "status": "published", "title": "IBM Informix Dynamic Server DBINFO Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-217/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-381", "zdi_id": "ZDI-10-217" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is required in that an attacker must have valid credentials to connect to the database. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-10-216/advisory.json", "detail_path": "advisories/ZDI-10-216", "id": "ZDI-10-216", "kind": "published", "published_date": "2010-10-18", "status": "published", "title": "IBM Informix Dynamic Server oninit.exe EXPLAIN Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-216/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-288", "zdi_id": "ZDI-10-216" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dl...", "detail_json": "/data/advisories/ZDI-10-215/advisory.json", "detail_path": "advisories/ZDI-10-215", "id": "ZDI-10-215", "kind": "published", "published_date": "2010-10-18", "status": "published", "title": "IBM Informix Dynamic Server librpc.dll Integer Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-215/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-200", "zdi_id": "ZDI-10-215" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Rational Quality Manager and Rational Test Lab Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the installation of the bund...", "detail_json": "/data/advisories/ZDI-10-214/advisory.json", "detail_path": "advisories/ZDI-10-214", "id": "ZDI-10-214", "kind": "published", "published_date": "2010-10-18", "status": "published", "title": "IBM Rational Quality Manager and Test Lab Manager Backdoor Account Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-214/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-699", "zdi_id": "ZDI-10-214" }, { "cve": "CVE-2010-3751", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-10-213/advisory.json", "detail_path": "advisories/ZDI-10-213", "id": "ZDI-10-213", "kind": "published", "published_date": "2010-10-15", "status": "published", "title": "RealNetworks RealPlayer Multiple Protocol Handlers Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-213/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-724", "zdi_id": "ZDI-10-213" }, { "cve": "CVE-2010-3750", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code re...", "detail_json": "/data/advisories/ZDI-10-212/advisory.json", "detail_path": "advisories/ZDI-10-212", "id": "ZDI-10-212", "kind": "published", "published_date": "2010-10-15", "status": "published", "title": "RealNetworks RealPlayer RJMDSections Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-212/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-677", "zdi_id": "ZDI-10-212" }, { "cve": "CVE-2010-3749", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-10-211/advisory.json", "detail_path": "advisories/ZDI-10-211", "id": "ZDI-10-211", "kind": "published", "published_date": "2010-10-15", "status": "published", "title": "RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-211/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-643", "zdi_id": "ZDI-10-211" }, { "cve": "CVE-2010-3747", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the pars...", "detail_json": "/data/advisories/ZDI-10-210/advisory.json", "detail_path": "advisories/ZDI-10-210", "id": "ZDI-10-210", "kind": "published", "published_date": "2010-10-15", "status": "published", "title": "RealNetworks RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-210/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-600", "zdi_id": "ZDI-10-210" }, { "cve": "CVE-2010-2998", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-209/advisory.json", "detail_path": "advisories/ZDI-10-209", "id": "ZDI-10-209", "kind": "published", "published_date": "2010-10-15", "status": "published", "title": "RealNetworks RealPlayer Malformed IVR Pointer Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-209/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-568", "zdi_id": "ZDI-10-209" }, { "cve": "CVE-2010-3559", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-208/advisory.json", "detail_path": "advisories/ZDI-10-208", "id": "ZDI-10-208", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-208/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-715", "zdi_id": "ZDI-10-208" }, { "cve": "CVE-2010-3555", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-10-207/advisory.json", "detail_path": "advisories/ZDI-10-207", "id": "ZDI-10-207", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Java ActiveX Plugin Uninitialized Window Handle Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-207/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-792", "zdi_id": "ZDI-10-207" }, { "cve": "CVE-2010-3552", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-10-206/advisory.json", "detail_path": "advisories/ZDI-10-206", "id": "ZDI-10-206", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Java IE Browser Plugin docbase Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-206/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-859", "zdi_id": "ZDI-10-206" }, { "cve": "CVE-2010-3565", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-205/advisory.json", "detail_path": "advisories/ZDI-10-205", "id": "ZDI-10-205", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Sun JRE JPEGImageWriter.writeImage Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-205/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-809", "zdi_id": "ZDI-10-205" }, { "cve": "CVE-2010-3566", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-10-204/advisory.json", "detail_path": "advisories/ZDI-10-204", "id": "ZDI-10-204", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Sun JRE ICC Profile Device Information Tag Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-204/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-803", "zdi_id": "ZDI-10-204" }, { "cve": "CVE-2010-3571", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-10-203/advisory.json", "detail_path": "advisories/ZDI-10-203", "id": "ZDI-10-203", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-203/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-802", "zdi_id": "ZDI-10-203" }, { "cve": "CVE-2010-3563", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page. The specific flaw exists within the com.sun.jnlp.BasicServiceI...", "detail_json": "/data/advisories/ZDI-10-202/advisory.json", "detail_path": "advisories/ZDI-10-202", "id": "ZDI-10-202", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-202/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-705", "zdi_id": "ZDI-10-202" }, { "cve": "CVE-2010-2419", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists wi...", "detail_json": "/data/advisories/ZDI-10-201/advisory.json", "detail_path": "advisories/ZDI-10-201", "id": "ZDI-10-201", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-201/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-667", "zdi_id": "ZDI-10-201" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by defau...", "detail_json": "/data/advisories/ZDI-10-200/advisory.json", "detail_path": "advisories/ZDI-10-200", "id": "ZDI-10-200", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Tivoli Storage Manager FastBack 0xfafbfcfd Packet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-200/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-700", "zdi_id": "ZDI-10-200" }, { "cve": "CVE-2010-3225", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. Authentication is not required to exploit this vulnerability. The specific flaw exists within Windows Media Player's support fo...", "detail_json": "/data/advisories/ZDI-10-199/advisory.json", "detail_path": "advisories/ZDI-10-199", "id": "ZDI-10-199", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Microsoft Windows Media Player Network Sharing Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-199/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-854", "zdi_id": "ZDI-10-199" }, { "cve": "CVE-2010-1883", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-10-198/advisory.json", "detail_path": "advisories/ZDI-10-198", "id": "ZDI-10-198", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-198/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-833", "zdi_id": "ZDI-10-198" }, { "cve": "CVE-2010-3328", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...", "detail_json": "/data/advisories/ZDI-10-197/advisory.json", "detail_path": "advisories/ZDI-10-197", "id": "ZDI-10-197", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-197/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-826", "zdi_id": "ZDI-10-197" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JobServer.exe process which listens by d...", "detail_json": "/data/advisories/ZDI-10-196/advisory.json", "detail_path": "advisories/ZDI-10-196", "id": "ZDI-10-196", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "SAP Crystal Reports JobServer GIOP Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-196/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-822", "zdi_id": "ZDI-10-196" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CMS.exe process which listens by default...", "detail_json": "/data/advisories/ZDI-10-195/advisory.json", "detail_path": "advisories/ZDI-10-195", "id": "ZDI-10-195", "kind": "published", "published_date": "2010-10-12", "status": "published", "title": "SAP BusinessObjects Crystal Reports Server CMS.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-195/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-787", "zdi_id": "ZDI-10-195" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway compo...", "detail_json": "/data/advisories/ZDI-10-194/advisory.json", "detail_path": "advisories/ZDI-10-194", "id": "ZDI-10-194", "kind": "published", "published_date": "2010-10-08", "status": "published", "title": "IBM Tivoli Provisioning Manager for OS Deployment TCP to ODBC Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-194/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-781", "zdi_id": "ZDI-10-194" }, { "cve": "CVE-2010-3632", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...", "detail_json": "/data/advisories/ZDI-10-193/advisory.json", "detail_path": "advisories/ZDI-10-193", "id": "ZDI-10-193", "kind": "published", "published_date": "2010-10-06", "status": "published", "title": "Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-193/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-868", "zdi_id": "ZDI-10-193" }, { "cve": "CVE-2010-3622", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE...", "detail_json": "/data/advisories/ZDI-10-192/advisory.json", "detail_path": "advisories/ZDI-10-192", "id": "ZDI-10-192", "kind": "published", "published_date": "2010-10-06", "status": "published", "title": "Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-192/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-719", "zdi_id": "ZDI-10-192" }, { "cve": "CVE-2010-3621", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE...", "detail_json": "/data/advisories/ZDI-10-191/advisory.json", "detail_path": "advisories/ZDI-10-191", "id": "ZDI-10-191", "kind": "published", "published_date": "2010-10-06", "status": "published", "title": "Adobe Reader ICC Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-191/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-718", "zdi_id": "ZDI-10-191" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nps.jar web application exposed via the Tomc...", "detail_json": "/data/advisories/ZDI-10-190/advisory.json", "detail_path": "advisories/ZDI-10-190", "id": "ZDI-10-190", "kind": "published", "published_date": "2010-10-01", "status": "published", "title": "Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-190/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-772", "zdi_id": "ZDI-10-190" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. The flaw exists within Novell's eDirectory Server's NCP implementation which binds, b...", "detail_json": "/data/advisories/ZDI-10-189/advisory.json", "detail_path": "advisories/ZDI-10-189", "id": "ZDI-10-189", "kind": "published", "published_date": "2010-10-01", "status": "published", "title": "Novell eDirectory Server Malformed Index Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-189/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-477", "zdi_id": "ZDI-10-189" }, { "cve": null, "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny service to clients on vulnerable installations of IBM Tivoli FastBack Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FastBackMount.exe compo...", "detail_json": "/data/advisories/ZDI-10-188/advisory.json", "detail_path": "advisories/ZDI-10-188", "id": "ZDI-10-188", "kind": "published", "published_date": "2010-09-30", "status": "published", "title": "IBM Tivoli Storage Manager FastBack Mount NULL Pointer Dereference DoS Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-188/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-701", "zdi_id": "ZDI-10-188" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe proc...", "detail_json": "/data/advisories/ZDI-10-187/advisory.json", "detail_path": "advisories/ZDI-10-187", "id": "ZDI-10-187", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server _DAS_ReadBlockReply Remote Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-187/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-664", "zdi_id": "ZDI-10-187" }, { "cve": null, "cvss": 5.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe whic...", "detail_json": "/data/advisories/ZDI-10-186/advisory.json", "detail_path": "advisories/ZDI-10-186", "id": "ZDI-10-186", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-186/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-659", "zdi_id": "ZDI-10-186" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FastBack server process...", "detail_json": "/data/advisories/ZDI-10-185/advisory.json", "detail_path": "advisories/ZDI-10-185", "id": "ZDI-10-185", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-185/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-657", "zdi_id": "ZDI-10-185" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by d...", "detail_json": "/data/advisories/ZDI-10-184/advisory.json", "detail_path": "advisories/ZDI-10-184", "id": "ZDI-10-184", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-184/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-663", "zdi_id": "ZDI-10-184" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The flaw exists within FastBackServer.exe which listens by default on...", "detail_json": "/data/advisories/ZDI-10-183/advisory.json", "detail_path": "advisories/ZDI-10-183", "id": "ZDI-10-183", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-183/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-662", "zdi_id": "ZDI-10-183" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by d...", "detail_json": "/data/advisories/ZDI-10-182/advisory.json", "detail_path": "advisories/ZDI-10-182", "id": "ZDI-10-182", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-182/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-661", "zdi_id": "ZDI-10-182" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by d...", "detail_json": "/data/advisories/ZDI-10-181/advisory.json", "detail_path": "advisories/ZDI-10-181", "id": "ZDI-10-181", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-181/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-660", "zdi_id": "ZDI-10-181" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by d...", "detail_json": "/data/advisories/ZDI-10-180/advisory.json", "detail_path": "advisories/ZDI-10-180", "id": "ZDI-10-180", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-180/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-658", "zdi_id": "ZDI-10-180" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Mount service (FastBackM...", "detail_json": "/data/advisories/ZDI-10-179/advisory.json", "detail_path": "advisories/ZDI-10-179", "id": "ZDI-10-179", "kind": "published", "published_date": "2010-09-29", "status": "published", "title": "IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-179/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-656", "zdi_id": "ZDI-10-179" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Platespin Orchestrate. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application utilizes a bund...", "detail_json": "/data/advisories/ZDI-10-178/advisory.json", "detail_path": "advisories/ZDI-10-178", "id": "ZDI-10-178", "kind": "published", "published_date": "2010-09-15", "status": "published", "title": "Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-178/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-680", "zdi_id": "ZDI-10-178" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while proc...", "detail_json": "/data/advisories/ZDI-10-177/advisory.json", "detail_path": "advisories/ZDI-10-177", "id": "ZDI-10-177", "kind": "published", "published_date": "2010-09-14", "status": "published", "title": "IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-177/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-371", "zdi_id": "ZDI-10-177" }, { "cve": "CVE-2010-2766", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw e...", "detail_json": "/data/advisories/ZDI-10-176/advisory.json", "detail_path": "advisories/ZDI-10-176", "id": "ZDI-10-176", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-176/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-866", "zdi_id": "ZDI-10-176" }, { "cve": "CVE-2010-3008", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function PrvRe...", "detail_json": "/data/advisories/ZDI-10-175/advisory.json", "detail_path": "advisories/ZDI-10-175", "id": "ZDI-10-175", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Hewlett-Packard Data Protector Express PrvRecvRqu Remote Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-175/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-582", "zdi_id": "ZDI-10-175" }, { "cve": "CVE-2010-3007", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function DtbClsLogin defined...", "detail_json": "/data/advisories/ZDI-10-174/advisory.json", "detail_path": "advisories/ZDI-10-174", "id": "ZDI-10-174", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-174/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-581", "zdi_id": "ZDI-10-174" }, { "cve": "CVE-2010-2760", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-173/advisory.json", "detail_path": "advisories/ZDI-10-173", "id": "ZDI-10-173", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-173/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-903", "zdi_id": "ZDI-10-173" }, { "cve": "CVE-2010-3168", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-172/advisory.json", "detail_path": "advisories/ZDI-10-172", "id": "ZDI-10-172", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-172/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-817", "zdi_id": "ZDI-10-172" }, { "cve": "CVE-2010-3167", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-171/advisory.json", "detail_path": "advisories/ZDI-10-171", "id": "ZDI-10-171", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-171/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-804", "zdi_id": "ZDI-10-171" }, { "cve": "CVE-2010-1806", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-170/advisory.json", "detail_path": "advisories/ZDI-10-170", "id": "ZDI-10-170", "kind": "published", "published_date": "2010-09-13", "status": "published", "title": "Apple Safari Webkit Runin Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-170/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-806", "zdi_id": "ZDI-10-170" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within SSHD.NLM. When the application attempts to resolve an absolute...", "detail_json": "/data/advisories/ZDI-10-169/advisory.json", "detail_path": "advisories/ZDI-10-169", "id": "ZDI-10-169", "kind": "published", "published_date": "2010-09-01", "status": "published", "title": "Novell Netware SSHD.NLM Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-169/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-674", "zdi_id": "ZDI-10-169" }, { "cve": "CVE-2010-1818", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-168/advisory.json", "detail_path": "advisories/ZDI-10-168", "id": "ZDI-10-168", "kind": "published", "published_date": "2010-08-31", "status": "published", "title": "Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-168/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-823", "zdi_id": "ZDI-10-168" }, { "cve": "CVE-2010-3000", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the...", "detail_json": "/data/advisories/ZDI-10-167/advisory.json", "detail_path": "advisories/ZDI-10-167", "id": "ZDI-10-167", "kind": "published", "published_date": "2010-08-26", "status": "published", "title": "RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-167/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-620", "zdi_id": "ZDI-10-167" }, { "cve": "CVE-2010-2996", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-166/advisory.json", "detail_path": "advisories/ZDI-10-166", "id": "ZDI-10-166", "kind": "published", "published_date": "2010-08-26", "status": "published", "title": "RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-166/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-472", "zdi_id": "ZDI-10-166" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Internet Security Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou...", "detail_json": "/data/advisories/ZDI-10-165/advisory.json", "detail_path": "advisories/ZDI-10-165", "id": "ZDI-10-165", "kind": "published", "published_date": "2010-08-25", "status": "published", "title": "Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-165/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-824", "zdi_id": "ZDI-10-165" }, { "cve": "CVE-2010-2876", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-10-164/advisory.json", "detail_path": "advisories/ZDI-10-164", "id": "ZDI-10-164", "kind": "published", "published_date": "2010-08-24", "status": "published", "title": "Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-164/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-864", "zdi_id": "ZDI-10-164" }, { "cve": "CVE-2010-2874", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-10-163/advisory.json", "detail_path": "advisories/ZDI-10-163", "id": "ZDI-10-163", "kind": "published", "published_date": "2010-08-24", "status": "published", "title": "Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-163/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-840", "zdi_id": "ZDI-10-163" }, { "cve": "CVE-2010-2873", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-10-162/advisory.json", "detail_path": "advisories/ZDI-10-162", "id": "ZDI-10-162", "kind": "published", "published_date": "2010-08-24", "status": "published", "title": "Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-162/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-836", "zdi_id": "ZDI-10-162" }, { "cve": "CVE-2010-2872", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-161/advisory.json", "detail_path": "advisories/ZDI-10-161", "id": "ZDI-10-161", "kind": "published", "published_date": "2010-08-24", "status": "published", "title": "Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-161/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-837", "zdi_id": "ZDI-10-161" }, { "cve": "CVE-2010-2871", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....", "detail_json": "/data/advisories/ZDI-10-160/advisory.json", "detail_path": "advisories/ZDI-10-160", "id": "ZDI-10-160", "kind": "published", "published_date": "2010-08-24", "status": "published", "title": "Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-160/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-841", "zdi_id": "ZDI-10-160" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specifi...", "detail_json": "/data/advisories/ZDI-10-159/advisory.json", "detail_path": "advisories/ZDI-10-159", "id": "ZDI-10-159", "kind": "published", "published_date": "2010-08-23", "status": "published", "title": "IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-159/", "vendor": "IBM, Autonomy", "vendor_url": null, "zdi_can": "ZDI-CAN-640", "zdi_id": "ZDI-10-159" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specifi...", "detail_json": "/data/advisories/ZDI-10-158/advisory.json", "detail_path": "advisories/ZDI-10-158", "id": "ZDI-10-158", "kind": "published", "published_date": "2010-08-23", "status": "published", "title": "IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-158/", "vendor": "IBM, Autonomy", "vendor_url": null, "zdi_can": "ZDI-CAN-639", "zdi_id": "ZDI-10-158" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specifi...", "detail_json": "/data/advisories/ZDI-10-157/advisory.json", "detail_path": "advisories/ZDI-10-157", "id": "ZDI-10-157", "kind": "published", "published_date": "2010-08-23", "status": "published", "title": "IBM Lotus Notes Autonomy KeyView Office Shape Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-157/", "vendor": "IBM, Autonomy", "vendor_url": null, "zdi_can": "ZDI-CAN-638", "zdi_id": "ZDI-10-157" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specifi...", "detail_json": "/data/advisories/ZDI-10-156/advisory.json", "detail_path": "advisories/ZDI-10-156", "id": "ZDI-10-156", "kind": "published", "published_date": "2010-08-23", "status": "published", "title": "IBM Lotus Notes Autonomy KeyView Word Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-156/", "vendor": "IBM, Autonomy", "vendor_url": null, "zdi_can": "ZDI-CAN-637", "zdi_id": "ZDI-10-156" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-10-155/advisory.json", "detail_path": "advisories/ZDI-10-155", "id": "ZDI-10-155", "kind": "published", "published_date": "2010-08-23", "status": "published", "title": "Cisco WebEx Player ARF String Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-155/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-627", "zdi_id": "ZDI-10-155" }, { "cve": "CVE-2010-1392", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the tar...", "detail_json": "/data/advisories/ZDI-10-154/advisory.json", "detail_path": "advisories/ZDI-10-154", "id": "ZDI-10-154", "kind": "published", "published_date": "2010-08-11", "status": "published", "title": "Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-154/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-791", "zdi_id": "ZDI-10-154" }, { "cve": "CVE-2010-1787", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-153/advisory.json", "detail_path": "advisories/ZDI-10-153", "id": "ZDI-10-153", "kind": "published", "published_date": "2010-08-11", "status": "published", "title": "Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-153/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-785", "zdi_id": "ZDI-10-153" }, { "cve": "CVE-2010-0049", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-152/advisory.json", "detail_path": "advisories/ZDI-10-152", "id": "ZDI-10-152", "kind": "published", "published_date": "2010-08-11", "status": "published", "title": "Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-152/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-703", "zdi_id": "ZDI-10-152" }, { "cve": "CVE-2010-1903", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-151/advisory.json", "detail_path": "advisories/ZDI-10-151", "id": "ZDI-10-151", "kind": "published", "published_date": "2010-08-11", "status": "published", "title": "Microsoft Office Word 2007 plcffldMom Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-151/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-740", "zdi_id": "ZDI-10-151" }, { "cve": "CVE-2010-1900", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists i...", "detail_json": "/data/advisories/ZDI-10-150/advisory.json", "detail_path": "advisories/ZDI-10-150", "id": "ZDI-10-150", "kind": "published", "published_date": "2010-08-11", "status": "published", "title": "Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-150/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-527", "zdi_id": "ZDI-10-150" }, { "cve": "CVE-2010-2188", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-10-149/advisory.json", "detail_path": "advisories/ZDI-10-149", "id": "ZDI-10-149", "kind": "published", "published_date": "2010-08-10", "status": "published", "title": "Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-149/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-875", "zdi_id": "ZDI-10-149" }, { "cve": "CVE-2010-2553", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-10-148/advisory.json", "detail_path": "advisories/ZDI-10-148", "id": "ZDI-10-148", "kind": "published", "published_date": "2010-08-10", "status": "published", "title": "Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-148/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-720", "zdi_id": "ZDI-10-148" }, { "cve": "CVE-2010-1882", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-10-147/advisory.json", "detail_path": "advisories/ZDI-10-147", "id": "ZDI-10-147", "kind": "published", "published_date": "2010-08-10", "status": "published", "title": "Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-147/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-698", "zdi_id": "ZDI-10-147" }, { "cve": "CVE-2010-0048", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-146/advisory.json", "detail_path": "advisories/ZDI-10-146", "id": "ZDI-10-146", "kind": "published", "published_date": "2010-08-09", "status": "published", "title": "Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-146/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-783", "zdi_id": "ZDI-10-146" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-10-145/advisory.json", "detail_path": "advisories/ZDI-10-145", "id": "ZDI-10-145", "kind": "published", "published_date": "2010-08-09", "status": "published", "title": "Novell ZENWorks Remote Management Agent Weak Authentication Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-145/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-750", "zdi_id": "ZDI-10-145" }, { "cve": "CVE-2010-1784", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-144/advisory.json", "detail_path": "advisories/ZDI-10-144", "id": "ZDI-10-144", "kind": "published", "published_date": "2010-08-09", "status": "published", "title": "Apple Webkit Rendering Counter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-144/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-784", "zdi_id": "ZDI-10-144" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Log Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within the fileDownload and reportPluginUpload Tomca...", "detail_json": "/data/advisories/ZDI-10-143/advisory.json", "detail_path": "advisories/ZDI-10-143", "id": "ZDI-10-143", "kind": "published", "published_date": "2010-08-09", "status": "published", "title": "Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-143/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-622", "zdi_id": "ZDI-10-143" }, { "cve": "CVE-2010-1785", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-142/advisory.json", "detail_path": "advisories/ZDI-10-142", "id": "ZDI-10-142", "kind": "published", "published_date": "2010-08-05", "status": "published", "title": "Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-142/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-782", "zdi_id": "ZDI-10-142" }, { "cve": "CVE-2010-1786", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-141/advisory.json", "detail_path": "advisories/ZDI-10-141", "id": "ZDI-10-141", "kind": "published", "published_date": "2010-08-05", "status": "published", "title": "Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-141/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-766", "zdi_id": "ZDI-10-141" }, { "cve": "CVE-2010-4315", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma...", "detail_json": "/data/advisories/ZDI-10-140/advisory.json", "detail_path": "advisories/ZDI-10-140", "id": "ZDI-10-140", "kind": "published", "published_date": "2010-08-05", "status": "published", "title": "Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-140/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-754", "zdi_id": "ZDI-10-140" }, { "cve": "CVE-2010-4314", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handlin...", "detail_json": "/data/advisories/ZDI-10-139/advisory.json", "detail_path": "advisories/ZDI-10-139", "id": "ZDI-10-139", "kind": "published", "published_date": "2010-08-05", "status": "published", "title": "Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-139/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-745", "zdi_id": "ZDI-10-139" }, { "cve": "CVE-2010-4320", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the '/opt/novell/iprint/bin/ipsmd' component this co...", "detail_json": "/data/advisories/ZDI-10-138/advisory.json", "detail_path": "advisories/ZDI-10-138", "id": "ZDI-10-138", "kind": "published", "published_date": "2010-08-05", "status": "published", "title": "Novell iPrint Server Queue Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-138/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-742", "zdi_id": "ZDI-10-138" }, { "cve": "CVE-2010-2703", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module...", "detail_json": "/data/advisories/ZDI-10-137/advisory.json", "detail_path": "advisories/ZDI-10-137", "id": "ZDI-10-137", "kind": "published", "published_date": "2010-07-21", "status": "published", "title": "Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-137/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-682", "zdi_id": "ZDI-10-137" }, { "cve": "CVE-2010-2773", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teami...", "detail_json": "/data/advisories/ZDI-10-136/advisory.json", "detail_path": "advisories/ZDI-10-136", "id": "ZDI-10-136", "kind": "published", "published_date": "2010-07-21", "status": "published", "title": "Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-136/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-777", "zdi_id": "ZDI-10-136" }, { "cve": "CVE-2010-2778, CVE-2010-2779", "cvss": 4.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages...", "detail_json": "/data/advisories/ZDI-10-135/advisory.json", "detail_path": "advisories/ZDI-10-135", "id": "ZDI-10-135", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-135/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-710", "zdi_id": "ZDI-10-135" }, { "cve": "CVE-2010-1208", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-134/advisory.json", "detail_path": "advisories/ZDI-10-134", "id": "ZDI-10-134", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-134/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-832", "zdi_id": "ZDI-10-134" }, { "cve": "CVE-2010-2752", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-133/advisory.json", "detail_path": "advisories/ZDI-10-133", "id": "ZDI-10-133", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Mozilla Firefox CSS font-face Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-133/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-831", "zdi_id": "ZDI-10-133" }, { "cve": "CVE-2010-1214", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-132/advisory.json", "detail_path": "advisories/ZDI-10-132", "id": "ZDI-10-132", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-132/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-821", "zdi_id": "ZDI-10-132" }, { "cve": "CVE-2010-2753", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-131/advisory.json", "detail_path": "advisories/ZDI-10-131", "id": "ZDI-10-131", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-131/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-755", "zdi_id": "ZDI-10-131" }, { "cve": "CVE-2010-1209", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-130/advisory.json", "detail_path": "advisories/ZDI-10-130", "id": "ZDI-10-130", "kind": "published", "published_date": "2010-07-20", "status": "published", "title": "Mozilla Firefox NodeIterator Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-130/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-712", "zdi_id": "ZDI-10-130" }, { "cve": "CVE-2010-2777", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. Wh...", "detail_json": "/data/advisories/ZDI-10-129/advisory.json", "detail_path": "advisories/ZDI-10-129", "id": "ZDI-10-129", "kind": "published", "published_date": "2010-07-16", "status": "published", "title": "Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-129/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-673", "zdi_id": "ZDI-10-129" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within SMTPDLL.dll (called by queuemgr.exe). When handli...", "detail_json": "/data/advisories/ZDI-10-128/advisory.json", "detail_path": "advisories/ZDI-10-128", "id": "ZDI-10-128", "kind": "published", "published_date": "2010-07-15", "status": "published", "title": "Ipswitch Imail Server Queuemgr Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-128/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-738", "zdi_id": "ZDI-10-128" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle message...", "detail_json": "/data/advisories/ZDI-10-127/advisory.json", "detail_path": "advisories/ZDI-10-127", "id": "ZDI-10-127", "kind": "published", "published_date": "2010-07-15", "status": "published", "title": "Ipswitch Imail Server Mailing List Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-127/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-737", "zdi_id": "ZDI-10-127" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer. Authentication is not required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to hand...", "detail_json": "/data/advisories/ZDI-10-126/advisory.json", "detail_path": "advisories/ZDI-10-126", "id": "ZDI-10-126", "kind": "published", "published_date": "2010-07-15", "status": "published", "title": "Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-126/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-736", "zdi_id": "ZDI-10-126" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TC...", "detail_json": "/data/advisories/ZDI-10-125/advisory.json", "detail_path": "advisories/ZDI-10-125", "id": "ZDI-10-125", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "IBM SolidDB solid.exe Handshake Request Username Field Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-125/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-676", "zdi_id": "ZDI-10-125" }, { "cve": "CVE-2010-0907", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameter...", "detail_json": "/data/advisories/ZDI-10-124/advisory.json", "detail_path": "advisories/ZDI-10-124", "id": "ZDI-10-124", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-124/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-653", "zdi_id": "ZDI-10-124" }, { "cve": "CVE-2010-0904", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variab...", "detail_json": "/data/advisories/ZDI-10-123/advisory.json", "detail_path": "advisories/ZDI-10-123", "id": "ZDI-10-123", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-123/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-626", "zdi_id": "ZDI-10-123" }, { "cve": "CVE-2010-0906", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth...", "detail_json": "/data/advisories/ZDI-10-122/advisory.json", "detail_path": "advisories/ZDI-10-122", "id": "ZDI-10-122", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-122/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-617", "zdi_id": "ZDI-10-122" }, { "cve": "CVE-2010-0906", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selecto...", "detail_json": "/data/advisories/ZDI-10-121/advisory.json", "detail_path": "advisories/ZDI-10-121", "id": "ZDI-10-121", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-121/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-616", "zdi_id": "ZDI-10-121" }, { "cve": "CVE-2010-0906", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.p...", "detail_json": "/data/advisories/ZDI-10-120/advisory.json", "detail_path": "advisories/ZDI-10-120", "id": "ZDI-10-120", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration objectname Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-120/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-585", "zdi_id": "ZDI-10-120" }, { "cve": "CVE-2010-0899", "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.p...", "detail_json": "/data/advisories/ZDI-10-119/advisory.json", "detail_path": "advisories/ZDI-10-119", "id": "ZDI-10-119", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration $other Variable Command Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-119/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-584", "zdi_id": "ZDI-10-119" }, { "cve": "CVE-2010-0904", "cvss": 9.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable...", "detail_json": "/data/advisories/ZDI-10-118/advisory.json", "detail_path": "advisories/ZDI-10-118", "id": "ZDI-10-118", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Oracle Secure Backup Administration uname Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-118/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-583", "zdi_id": "ZDI-10-118" }, { "cve": "CVE-2010-0814", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required in that a user must browse to a malicious website. The specific flaws exists in the instantiation of three speci...", "detail_json": "/data/advisories/ZDI-10-117/advisory.json", "detail_path": "advisories/ZDI-10-117", "id": "ZDI-10-117", "kind": "published", "published_date": "2010-07-13", "status": "published", "title": "Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-117/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-599", "zdi_id": "ZDI-10-117" }, { "cve": "CVE-2010-2202", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-10-116/advisory.json", "detail_path": "advisories/ZDI-10-116", "id": "ZDI-10-116", "kind": "published", "published_date": "2010-06-30", "status": "published", "title": "Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-116/", "vendor": "Adobe, Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-721", "zdi_id": "ZDI-10-116" }, { "cve": "CVE-2010-2160", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-10-115/advisory.json", "detail_path": "advisories/ZDI-10-115", "id": "ZDI-10-115", "kind": "published", "published_date": "2010-06-25", "status": "published", "title": "Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-115/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-511", "zdi_id": "ZDI-10-115" }, { "cve": "CVE-2010-2160", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious web page. The specific vulnerability exists within the parsing of an undocume...", "detail_json": "/data/advisories/ZDI-10-114/advisory.json", "detail_path": "advisories/ZDI-10-114", "id": "ZDI-10-114", "kind": "published", "published_date": "2010-06-25", "status": "published", "title": "Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-114/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-511", "zdi_id": "ZDI-10-114" }, { "cve": "CVE-2010-1199", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file...", "detail_json": "/data/advisories/ZDI-10-113/advisory.json", "detail_path": "advisories/ZDI-10-113", "id": "ZDI-10-113", "kind": "published", "published_date": "2010-06-23", "status": "published", "title": "Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-113/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-747", "zdi_id": "ZDI-10-113" }, { "cve": "CVE-2010-0284", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component o...", "detail_json": "/data/advisories/ZDI-10-112/advisory.json", "detail_path": "advisories/ZDI-10-112", "id": "ZDI-10-112", "kind": "published", "published_date": "2010-06-21", "status": "published", "title": "Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-112/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-635", "zdi_id": "ZDI-10-112" }, { "cve": "CVE-2010-2188", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe...", "detail_json": "/data/advisories/ZDI-10-111/advisory.json", "detail_path": "advisories/ZDI-10-111", "id": "ZDI-10-111", "kind": "published", "published_date": "2010-06-21", "status": "published", "title": "Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-111/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-805", "zdi_id": "ZDI-10-111" }, { "cve": "CVE-2010-2171", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded...", "detail_json": "/data/advisories/ZDI-10-110/advisory.json", "detail_path": "advisories/ZDI-10-110", "id": "ZDI-10-110", "kind": "published", "published_date": "2010-06-16", "status": "published", "title": "Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-110/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-636", "zdi_id": "ZDI-10-110" }, { "cve": "CVE-2010-2162", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-109/advisory.json", "detail_path": "advisories/ZDI-10-109", "id": "ZDI-10-109", "kind": "published", "published_date": "2010-06-16", "status": "published", "title": "Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-109/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-560", "zdi_id": "ZDI-10-109" }, { "cve": "CVE-2010-1964", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.e...", "detail_json": "/data/advisories/ZDI-10-108/advisory.json", "detail_path": "advisories/ZDI-10-108", "id": "ZDI-10-108", "kind": "published", "published_date": "2010-06-16", "status": "published", "title": "HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-108/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-683", "zdi_id": "ZDI-10-108" }, { "cve": null, "cvss": 7.7, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products. The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is store...", "detail_json": "/data/advisories/ZDI-10-107/advisory.json", "detail_path": "advisories/ZDI-10-107", "id": "ZDI-10-107", "kind": "published", "published_date": "2010-06-10", "status": "published", "title": "Multiple Sourcefire Products Static Web SSL Keys Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-107/", "vendor": "Sourcefire, Sourcefire, Sourcefire, Sourcefire", "vendor_url": null, "zdi_can": "ZDI-CAN-799", "zdi_id": "ZDI-10-107" }, { "cve": "CVE-2010-1961", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll mod...", "detail_json": "/data/advisories/ZDI-10-106/advisory.json", "detail_path": "advisories/ZDI-10-106", "id": "ZDI-10-106", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-106/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-685", "zdi_id": "ZDI-10-106" }, { "cve": "CVE-2010-1960", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.e...", "detail_json": "/data/advisories/ZDI-10-105/advisory.json", "detail_path": "advisories/ZDI-10-105", "id": "ZDI-10-105", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-105/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-684", "zdi_id": "ZDI-10-105" }, { "cve": "CVE-2010-0821", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-10-104/advisory.json", "detail_path": "advisories/ZDI-10-104", "id": "ZDI-10-104", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability", "updated_date": "2021-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-104/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-498", "zdi_id": "ZDI-10-104" }, { "cve": "CVE-2010-1253", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This particular vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required in that a target must visit a malicious page or open a malicious file. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-10-103/advisory.json", "detail_path": "advisories/ZDI-10-103", "id": "ZDI-10-103", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-103/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-666", "zdi_id": "ZDI-10-103" }, { "cve": "CVE-2010-1262", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CS...", "detail_json": "/data/advisories/ZDI-10-102/advisory.json", "detail_path": "advisories/ZDI-10-102", "id": "ZDI-10-102", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-102/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-763", "zdi_id": "ZDI-10-102" }, { "cve": "CVE-2010-1749", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-101/advisory.json", "detail_path": "advisories/ZDI-10-101", "id": "ZDI-10-101", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-101/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-764", "zdi_id": "ZDI-10-101" }, { "cve": "CVE-2010-1402", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-100/advisory.json", "detail_path": "advisories/ZDI-10-100", "id": "ZDI-10-100", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit ConditionEventListener Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-100/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-704", "zdi_id": "ZDI-10-100" }, { "cve": "CVE-2010-1403", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-099/advisory.json", "detail_path": "advisories/ZDI-10-099", "id": "ZDI-10-099", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-099/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-702", "zdi_id": "ZDI-10-099" }, { "cve": "CVE-2010-1401", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must visit a website or open a malicious document. The specific flaw exists within the way Webkit i...", "detail_json": "/data/advisories/ZDI-10-098/advisory.json", "detail_path": "advisories/ZDI-10-098", "id": "ZDI-10-098", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-098/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-689", "zdi_id": "ZDI-10-098" }, { "cve": "CVE-2010-1398", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into visiting a malicious website. The specific flaw exists within the way Webkit i...", "detail_json": "/data/advisories/ZDI-10-097/advisory.json", "detail_path": "advisories/ZDI-10-097", "id": "ZDI-10-097", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-097/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-686", "zdi_id": "ZDI-10-097" }, { "cve": "CVE-2010-1404", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-096/advisory.json", "detail_path": "advisories/ZDI-10-096", "id": "ZDI-10-096", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit Recursive Use Element Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-096/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-711", "zdi_id": "ZDI-10-096" }, { "cve": "CVE-2010-1397", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-10-095/advisory.json", "detail_path": "advisories/ZDI-10-095", "id": "ZDI-10-095", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-095/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-632", "zdi_id": "ZDI-10-095" }, { "cve": "CVE-2010-1399", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into viewing a website. The specific flaw exists within the way the library handles...", "detail_json": "/data/advisories/ZDI-10-094/advisory.json", "detail_path": "advisories/ZDI-10-094", "id": "ZDI-10-094", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-094/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-687", "zdi_id": "ZDI-10-094" }, { "cve": "CVE-2010-1770", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...", "detail_json": "/data/advisories/ZDI-10-093/advisory.json", "detail_path": "advisories/ZDI-10-093", "id": "ZDI-10-093", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-093/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-765", "zdi_id": "ZDI-10-093" }, { "cve": "CVE-2010-1396", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apples Webkit. User interaction is required in that the user must coerced into visiting a website or opening a malicious document. The specific flaw exists wit...", "detail_json": "/data/advisories/ZDI-10-092/advisory.json", "detail_path": "advisories/ZDI-10-092", "id": "ZDI-10-092", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-092/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-688", "zdi_id": "ZDI-10-092" }, { "cve": "CVE-2010-1119", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for d...", "detail_json": "/data/advisories/ZDI-10-091/advisory.json", "detail_path": "advisories/ZDI-10-091", "id": "ZDI-10-091", "kind": "published", "published_date": "2010-06-08", "status": "published", "title": "Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-091/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-762", "zdi_id": "ZDI-10-091" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Preboot Service (novell-pbserv.exe). This se...", "detail_json": "/data/advisories/ZDI-10-090/advisory.json", "detail_path": "advisories/ZDI-10-090", "id": "ZDI-10-090", "kind": "published", "published_date": "2010-06-01", "status": "published", "title": "Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-090/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-679", "zdi_id": "ZDI-10-090" }, { "cve": "CVE-2010-1292", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-089/advisory.json", "detail_path": "advisories/ZDI-10-089", "id": "ZDI-10-089", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-089/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-769", "zdi_id": "ZDI-10-089" }, { "cve": "CVE-2010-1283", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-10-088/advisory.json", "detail_path": "advisories/ZDI-10-088", "id": "ZDI-10-088", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "Adobe Shockwave Player 0xFFFFFF49 Record Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-088/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-723", "zdi_id": "ZDI-10-088" }, { "cve": "CVE-2010-1281", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required in that a target visit a malicious website. The specific flaw exists within the code responsible for parsing Dire...", "detail_json": "/data/advisories/ZDI-10-087/advisory.json", "detail_path": "advisories/ZDI-10-087", "id": "ZDI-10-087", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-087/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-675", "zdi_id": "ZDI-10-087" }, { "cve": "CVE-2010-1555", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is r...", "detail_json": "/data/advisories/ZDI-10-086/advisory.json", "detail_path": "advisories/ZDI-10-086", "id": "ZDI-10-086", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-086/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-575", "zdi_id": "ZDI-10-086" }, { "cve": "CVE-2010-1554", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is r...", "detail_json": "/data/advisories/ZDI-10-085/advisory.json", "detail_path": "advisories/ZDI-10-085", "id": "ZDI-10-085", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-085/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-574", "zdi_id": "ZDI-10-085" }, { "cve": "CVE-2010-1553", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is r...", "detail_json": "/data/advisories/ZDI-10-084/advisory.json", "detail_path": "advisories/ZDI-10-084", "id": "ZDI-10-084", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-084/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-573", "zdi_id": "ZDI-10-084" }, { "cve": "CVE-2010-1552", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad funct...", "detail_json": "/data/advisories/ZDI-10-083/advisory.json", "detail_path": "advisories/ZDI-10-083", "id": "ZDI-10-083", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-083/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-566", "zdi_id": "ZDI-10-083" }, { "cve": "CVE-2010-1551", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon....", "detail_json": "/data/advisories/ZDI-10-082/advisory.json", "detail_path": "advisories/ZDI-10-082", "id": "ZDI-10-082", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-082/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-564", "zdi_id": "ZDI-10-082" }, { "cve": "CVE-2010-1550", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This pr...", "detail_json": "/data/advisories/ZDI-10-081/advisory.json", "detail_path": "advisories/ZDI-10-081", "id": "ZDI-10-081", "kind": "published", "published_date": "2010-05-11", "status": "published", "title": "HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-081/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-563", "zdi_id": "ZDI-10-081" }, { "cve": "CVE-2010-1549", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to T...", "detail_json": "/data/advisories/ZDI-10-080/advisory.json", "detail_path": "advisories/ZDI-10-080", "id": "ZDI-10-080", "kind": "published", "published_date": "2010-05-06", "status": "published", "title": "HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-080/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-177", "zdi_id": "ZDI-10-080" }, { "cve": "CVE-2010-1317", "cvss": 8.3, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the adm...", "detail_json": "/data/advisories/ZDI-10-079/advisory.json", "detail_path": "advisories/ZDI-10-079", "id": "ZDI-10-079", "kind": "published", "published_date": "2010-04-28", "status": "published", "title": "Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-079/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-507", "zdi_id": "ZDI-10-079" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZENworks Server (zenserver.exe). This Tomcat...", "detail_json": "/data/advisories/ZDI-10-078/advisory.json", "detail_path": "advisories/ZDI-10-078", "id": "ZDI-10-078", "kind": "published", "published_date": "2010-04-23", "status": "published", "title": "Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-078/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-678", "zdi_id": "ZDI-10-078" }, { "cve": "CVE-2010-1278", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-10-077/advisory.json", "detail_path": "advisories/ZDI-10-077", "id": "ZDI-10-077", "kind": "published", "published_date": "2010-04-21", "status": "published", "title": "Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-077/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-615", "zdi_id": "ZDI-10-077" }, { "cve": "CVE-2010-1120", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine...", "detail_json": "/data/advisories/ZDI-10-076/advisory.json", "detail_path": "advisories/ZDI-10-076", "id": "ZDI-10-076", "kind": "published", "published_date": "2010-04-14", "status": "published", "title": "Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-076/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-760", "zdi_id": "ZDI-10-076" }, { "cve": "CVE-2010-0897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implemen...", "detail_json": "/data/advisories/ZDI-10-075/advisory.json", "detail_path": "advisories/ZDI-10-075", "id": "ZDI-10-075", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-075/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-609", "zdi_id": "ZDI-10-075" }, { "cve": "CVE-2010-0897", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's LDAP...", "detail_json": "/data/advisories/ZDI-10-074/advisory.json", "detail_path": "advisories/ZDI-10-074", "id": "ZDI-10-074", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-074/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-595", "zdi_id": "ZDI-10-074" }, { "cve": "CVE-2010-0897", "cvss": 7.8, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP...", "detail_json": "/data/advisories/ZDI-10-073/advisory.json", "detail_path": "advisories/ZDI-10-073", "id": "ZDI-10-073", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Sun Microsystems Directory Server DSML-over-HTTP Username Search Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-073/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-594", "zdi_id": "ZDI-10-073" }, { "cve": "CVE-2010-0589", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-10-072/advisory.json", "detail_path": "advisories/ZDI-10-072", "id": "ZDI-10-072", "kind": "published", "published_date": "2010-04-14", "status": "published", "title": "Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-072/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-438", "zdi_id": "ZDI-10-072" }, { "cve": "CVE-2010-0195", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The spec...", "detail_json": "/data/advisories/ZDI-10-071/advisory.json", "detail_path": "advisories/ZDI-10-071", "id": "ZDI-10-071", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-071/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-696", "zdi_id": "ZDI-10-071" }, { "cve": "CVE-2010-0268", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific fla...", "detail_json": "/data/advisories/ZDI-10-070/advisory.json", "detail_path": "advisories/ZDI-10-070", "id": "ZDI-10-070", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-070/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-619", "zdi_id": "ZDI-10-070" }, { "cve": "CVE-2010-0479", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible...", "detail_json": "/data/advisories/ZDI-10-069/advisory.json", "detail_path": "advisories/ZDI-10-069", "id": "ZDI-10-069", "kind": "published", "published_date": "2010-04-13", "status": "published", "title": "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-069/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-612", "zdi_id": "ZDI-10-069" }, { "cve": "CVE-2010-0062", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-10-068/advisory.json", "detail_path": "advisories/ZDI-10-068", "id": "ZDI-10-068", "kind": "published", "published_date": "2010-04-09", "status": "published", "title": "Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-068/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-692", "zdi_id": "ZDI-10-068" }, { "cve": "CVE-2010-0529", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-067/advisory.json", "detail_path": "advisories/ZDI-10-067", "id": "ZDI-10-067", "kind": "published", "published_date": "2010-04-06", "status": "published", "title": "Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-067/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-593", "zdi_id": "ZDI-10-067" }, { "cve": "CVE-2010-1223", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-10-066/advisory.json", "detail_path": "advisories/ZDI-10-066", "id": "ZDI-10-066", "kind": "published", "published_date": "2010-04-06", "status": "published", "title": "CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-066/", "vendor": "CA, CA", "vendor_url": null, "zdi_can": "ZDI-CAN-649", "zdi_id": "ZDI-10-066" }, { "cve": "CVE-2010-1223", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specifi...", "detail_json": "/data/advisories/ZDI-10-065/advisory.json", "detail_path": "advisories/ZDI-10-065", "id": "ZDI-10-065", "kind": "published", "published_date": "2010-04-06", "status": "published", "title": "CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-065/", "vendor": "CA, CA", "vendor_url": null, "zdi_can": "ZDI-CAN-648", "zdi_id": "ZDI-10-065" }, { "cve": "CVE-2010-1028", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-064/advisory.json", "detail_path": "advisories/ZDI-10-064", "id": "ZDI-10-064", "kind": "published", "published_date": "2010-04-06", "status": "published", "title": "Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-064/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-741", "zdi_id": "ZDI-10-064" }, { "cve": "CVE-2010-1121", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific...", "detail_json": "/data/advisories/ZDI-10-063/advisory.json", "detail_path": "advisories/ZDI-10-063", "id": "ZDI-10-063", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-063/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-761", "zdi_id": "ZDI-10-063" }, { "cve": "CVE-2010-0625", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malfo...", "detail_json": "/data/advisories/ZDI-10-062/advisory.json", "detail_path": "advisories/ZDI-10-062", "id": "ZDI-10-062", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-062/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-383", "zdi_id": "ZDI-10-062" }, { "cve": "CVE-2010-0838", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-10-061/advisory.json", "detail_path": "advisories/ZDI-10-061", "id": "ZDI-10-061", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-061/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-625", "zdi_id": "ZDI-10-061" }, { "cve": "CVE-2010-0842", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-060/advisory.json", "detail_path": "advisories/ZDI-10-060", "id": "ZDI-10-060", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-060/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-630", "zdi_id": "ZDI-10-060" }, { "cve": "CVE-2010-0846", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-059/advisory.json", "detail_path": "advisories/ZDI-10-059", "id": "ZDI-10-059", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-059/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-642", "zdi_id": "ZDI-10-059" }, { "cve": "CVE-2010-0505", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...", "detail_json": "/data/advisories/ZDI-10-058/advisory.json", "detail_path": "advisories/ZDI-10-058", "id": "ZDI-10-058", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-058/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-634", "zdi_id": "ZDI-10-058" }, { "cve": "CVE-2010-0849", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required in that a user must be coerced into executing a malicious java application via visiting a website. The specifi...", "detail_json": "/data/advisories/ZDI-10-057/advisory.json", "detail_path": "advisories/ZDI-10-057", "id": "ZDI-10-057", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-057/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-668", "zdi_id": "ZDI-10-057" }, { "cve": "CVE-2010-0840", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for ensuring proper privil...", "detail_json": "/data/advisories/ZDI-10-056/advisory.json", "detail_path": "advisories/ZDI-10-056", "id": "ZDI-10-056", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-056/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-623", "zdi_id": "ZDI-10-056" }, { "cve": "CVE-2010-0095", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to violate security policies on vulnerable installations of Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must run a malicious applet. The specific flaw allows malici...", "detail_json": "/data/advisories/ZDI-10-055/advisory.json", "detail_path": "advisories/ZDI-10-055", "id": "ZDI-10-055", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-055/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-603", "zdi_id": "ZDI-10-055" }, { "cve": "CVE-2010-0841", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-054/advisory.json", "detail_path": "advisories/ZDI-10-054", "id": "ZDI-10-054", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-054/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-641", "zdi_id": "ZDI-10-054" }, { "cve": "CVE-2010-0844", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-053/advisory.json", "detail_path": "advisories/ZDI-10-053", "id": "ZDI-10-053", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-053/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-631", "zdi_id": "ZDI-10-053" }, { "cve": "CVE-2010-0843", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-10-052/advisory.json", "detail_path": "advisories/ZDI-10-052", "id": "ZDI-10-052", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-052/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-629", "zdi_id": "ZDI-10-052" }, { "cve": "CVE-2010-0094", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious website. The specific fl...", "detail_json": "/data/advisories/ZDI-10-051/advisory.json", "detail_path": "advisories/ZDI-10-051", "id": "ZDI-10-051", "kind": "published", "published_date": "2010-04-05", "status": "published", "title": "Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-051/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-588", "zdi_id": "ZDI-10-051" }, { "cve": "CVE-2010-0175", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious documen...", "detail_json": "/data/advisories/ZDI-10-050/advisory.json", "detail_path": "advisories/ZDI-10-050", "id": "ZDI-10-050", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-050/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-669", "zdi_id": "ZDI-10-050" }, { "cve": "CVE-2010-0177", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that a user must be coerced to viewing a malicious document. The specific flaw e...", "detail_json": "/data/advisories/ZDI-10-049/advisory.json", "detail_path": "advisories/ZDI-10-049", "id": "ZDI-10-049", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-049/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-655", "zdi_id": "ZDI-10-049" }, { "cve": "CVE-2010-0176", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific f...", "detail_json": "/data/advisories/ZDI-10-048/advisory.json", "detail_path": "advisories/ZDI-10-048", "id": "ZDI-10-048", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-048/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-633", "zdi_id": "ZDI-10-048" }, { "cve": "CVE-2010-0164", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-047/advisory.json", "detail_path": "advisories/ZDI-10-047", "id": "ZDI-10-047", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-047/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-693", "zdi_id": "ZDI-10-047" }, { "cve": "CVE-2010-0160", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-10-046/advisory.json", "detail_path": "advisories/ZDI-10-046", "id": "ZDI-10-046", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-046/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-624", "zdi_id": "ZDI-10-046" }, { "cve": "CVE-2010-0526", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-045/advisory.json", "detail_path": "advisories/ZDI-10-045", "id": "ZDI-10-045", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-045/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-608", "zdi_id": "ZDI-10-045" }, { "cve": "CVE-2010-0520", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-044/advisory.json", "detail_path": "advisories/ZDI-10-044", "id": "ZDI-10-044", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-044/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-601", "zdi_id": "ZDI-10-044" }, { "cve": "CVE-2010-0519", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-043/advisory.json", "detail_path": "advisories/ZDI-10-043", "id": "ZDI-10-043", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-043/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-597", "zdi_id": "ZDI-10-043" }, { "cve": "CVE-2010-0528", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-042/advisory.json", "detail_path": "advisories/ZDI-10-042", "id": "ZDI-10-042", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-042/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-570", "zdi_id": "ZDI-10-042" }, { "cve": "CVE-2010-0059", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-041/advisory.json", "detail_path": "advisories/ZDI-10-041", "id": "ZDI-10-041", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-041/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-546", "zdi_id": "ZDI-10-041" }, { "cve": "CVE-2010-0516", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-040/advisory.json", "detail_path": "advisories/ZDI-10-040", "id": "ZDI-10-040", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-040/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-545", "zdi_id": "ZDI-10-040" }, { "cve": "CVE-2010-0497", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling...", "detail_json": "/data/advisories/ZDI-10-039/advisory.json", "detail_path": "advisories/ZDI-10-039", "id": "ZDI-10-039", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-039/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-537", "zdi_id": "ZDI-10-039" }, { "cve": "CVE-2010-0060", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-038/advisory.json", "detail_path": "advisories/ZDI-10-038", "id": "ZDI-10-038", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime QDMC/QDM2 Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-038/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-534", "zdi_id": "ZDI-10-038" }, { "cve": "CVE-2010-0517", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-037/advisory.json", "detail_path": "advisories/ZDI-10-037", "id": "ZDI-10-037", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-037/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-525", "zdi_id": "ZDI-10-037" }, { "cve": "CVE-2010-0062", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-10-036/advisory.json", "detail_path": "advisories/ZDI-10-036", "id": "ZDI-10-036", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-036/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-521", "zdi_id": "ZDI-10-036" }, { "cve": "CVE-2010-0526", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTim...", "detail_json": "/data/advisories/ZDI-10-035/advisory.json", "detail_path": "advisories/ZDI-10-035", "id": "ZDI-10-035", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Apple QuickTime genl Atom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-035/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-461", "zdi_id": "ZDI-10-035" }, { "cve": "CVE-2010-0805", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-10-034/advisory.json", "detail_path": "advisories/ZDI-10-034", "id": "ZDI-10-034", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-034/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-589", "zdi_id": "ZDI-10-034" }, { "cve": "CVE-2010-0492", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The issue is locate...", "detail_json": "/data/advisories/ZDI-10-033/advisory.json", "detail_path": "advisories/ZDI-10-033", "id": "ZDI-10-033", "kind": "published", "published_date": "2010-04-02", "status": "published", "title": "Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-033/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-548", "zdi_id": "ZDI-10-033" }, { "cve": "CVE-2010-1185", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP p...", "detail_json": "/data/advisories/ZDI-10-032/advisory.json", "detail_path": "advisories/ZDI-10-032", "id": "ZDI-10-032", "kind": "published", "published_date": "2010-03-16", "status": "published", "title": "SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-032/", "vendor": "SAP", "vendor_url": null, "zdi_can": "ZDI-CAN-610", "zdi_id": "ZDI-10-032" }, { "cve": "CVE-2010-0050", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists d...", "detail_json": "/data/advisories/ZDI-10-031/advisory.json", "detail_path": "advisories/ZDI-10-031", "id": "ZDI-10-031", "kind": "published", "published_date": "2010-03-16", "status": "published", "title": "Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-031/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-596", "zdi_id": "ZDI-10-031" }, { "cve": "CVE-2010-0053", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari and other WebKit based browsers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The sp...", "detail_json": "/data/advisories/ZDI-10-030/advisory.json", "detail_path": "advisories/ZDI-10-030", "id": "ZDI-10-030", "kind": "published", "published_date": "2010-03-16", "status": "published", "title": "Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-030/", "vendor": "Google, Apple, Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-578", "zdi_id": "ZDI-10-030" }, { "cve": "CVE-2010-0047", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the WebCor...", "detail_json": "/data/advisories/ZDI-10-029/advisory.json", "detail_path": "advisories/ZDI-10-029", "id": "ZDI-10-029", "kind": "published", "published_date": "2010-03-15", "status": "published", "title": "Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-029/", "vendor": "Google, Apple, Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-579", "zdi_id": "ZDI-10-029" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handl...", "detail_json": "/data/advisories/ZDI-10-028/advisory.json", "detail_path": "advisories/ZDI-10-028", "id": "ZDI-10-028", "kind": "published", "published_date": "2010-03-11", "status": "published", "title": "Skype URI Processing Arbitrary XML File Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-028/", "vendor": "Skype", "vendor_url": null, "zdi_can": "ZDI-CAN-516", "zdi_id": "ZDI-10-028" }, { "cve": null, "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-...", "detail_json": "/data/advisories/ZDI-10-027/advisory.json", "detail_path": "advisories/ZDI-10-027", "id": "ZDI-10-027", "kind": "published", "published_date": "2010-03-11", "status": "published", "title": "Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-027/", "vendor": "Skype", "vendor_url": null, "zdi_can": "ZDI-CAN-510", "zdi_id": "ZDI-10-027" }, { "cve": "CVE-2010-0447", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to...", "detail_json": "/data/advisories/ZDI-10-026/advisory.json", "detail_path": "advisories/ZDI-10-026", "id": "ZDI-10-026", "kind": "published", "published_date": "2010-03-09", "status": "published", "title": "Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-026/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-474", "zdi_id": "ZDI-10-026" }, { "cve": "CVE-2010-0263", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in t...", "detail_json": "/data/advisories/ZDI-10-025/advisory.json", "detail_path": "advisories/ZDI-10-025", "id": "ZDI-10-025", "kind": "published", "published_date": "2010-03-09", "status": "published", "title": "Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-025/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-499", "zdi_id": "ZDI-10-025" }, { "cve": "CVE-2010-0666", "cvss": 8.5, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed...", "detail_json": "/data/advisories/ZDI-10-024/advisory.json", "detail_path": "advisories/ZDI-10-024", "id": "ZDI-10-024", "kind": "published", "published_date": "2010-03-02", "status": "published", "title": "Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-024/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-440", "zdi_id": "ZDI-10-024" }, { "cve": "CVE-2009-2754", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server and EMC Legato Networker. User interaction is not required to exploit this vulnerability. The specific flaw exists within the RPC pro...", "detail_json": "/data/advisories/ZDI-10-023/advisory.json", "detail_path": "advisories/ZDI-10-023", "id": "ZDI-10-023", "kind": "published", "published_date": "2010-03-01", "status": "published", "title": "Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-023/", "vendor": "IBM, EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-298", "zdi_id": "ZDI-10-023" }, { "cve": "CVE-2009-2753", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server. User interaction is not required to exploit this vulnerability. The specific flaws exist within the RPC protocol parsing library, li...", "detail_json": "/data/advisories/ZDI-10-022/advisory.json", "detail_path": "advisories/ZDI-10-022", "id": "ZDI-10-022", "kind": "published", "published_date": "2010-03-01", "status": "published", "title": "IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-022/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-294", "zdi_id": "ZDI-10-022" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability. The specific flaws exists within the xsrvd process during the wide character c...", "detail_json": "/data/advisories/ZDI-10-021/advisory.json", "detail_path": "advisories/ZDI-10-021", "id": "ZDI-10-021", "kind": "published", "published_date": "2010-02-23", "status": "published", "title": "Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-021/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-607", "zdi_id": "ZDI-10-021" }, { "cve": "CVE-2010-0620", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of EMC HomeBase Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HomeBase SSL Service due to a failure to...", "detail_json": "/data/advisories/ZDI-10-020/advisory.json", "detail_path": "advisories/ZDI-10-020", "id": "ZDI-10-020", "kind": "published", "published_date": "2010-02-23", "status": "published", "title": "EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-020/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-644", "zdi_id": "ZDI-10-020" }, { "cve": "CVE-2009-3988", "cvss": 9.4, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific...", "detail_json": "/data/advisories/ZDI-10-019/advisory.json", "detail_path": "advisories/ZDI-10-019", "id": "ZDI-10-019", "kind": "published", "published_date": "2010-02-19", "status": "published", "title": "Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-019/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-535", "zdi_id": "ZDI-10-019" }, { "cve": null, "cvss": 9.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute remote code on vulnerable installations of IBM Cognos Server. Proper authentication is not required to exploit this vulnerability. The specific flaw exists due to a hidden manager-level account with a defa...", "detail_json": "/data/advisories/ZDI-10-018/advisory.json", "detail_path": "advisories/ZDI-10-018", "id": "ZDI-10-018", "kind": "published", "published_date": "2010-02-18", "status": "published", "title": "IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-018/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-670", "zdi_id": "ZDI-10-018" }, { "cve": "CVE-2010-0033", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious presentation. The speci...", "detail_json": "/data/advisories/ZDI-10-017/advisory.json", "detail_path": "advisories/ZDI-10-017", "id": "ZDI-10-017", "kind": "published", "published_date": "2010-02-09", "status": "published", "title": "Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-017/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-590", "zdi_id": "ZDI-10-017" }, { "cve": "CVE-2010-0027", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a spec...", "detail_json": "/data/advisories/ZDI-10-016/advisory.json", "detail_path": "advisories/ZDI-10-016", "id": "ZDI-10-016", "kind": "published", "published_date": "2010-02-09", "status": "published", "title": "Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-016/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-495", "zdi_id": "ZDI-10-016" }, { "cve": "CVE-2010-0250", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on applications that utilize DirectShow for rendering video on Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must be coerced into decompressing a...", "detail_json": "/data/advisories/ZDI-10-015/advisory.json", "detail_path": "advisories/ZDI-10-015", "id": "ZDI-10-015", "kind": "published", "published_date": "2010-02-09", "status": "published", "title": "Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-015/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-415", "zdi_id": "ZDI-10-015" }, { "cve": "CVE-2010-0248", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-10-014/advisory.json", "detail_path": "advisories/ZDI-10-014", "id": "ZDI-10-014", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-014/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-544", "zdi_id": "ZDI-10-014" }, { "cve": "CVE-2010-0245", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-10-013/advisory.json", "detail_path": "advisories/ZDI-10-013", "id": "ZDI-10-013", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-013/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-514", "zdi_id": "ZDI-10-013" }, { "cve": "CVE-2010-0246", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that an attacker must coerce a victim to visit a malicious page. The...", "detail_json": "/data/advisories/ZDI-10-012/advisory.json", "detail_path": "advisories/ZDI-10-012", "id": "ZDI-10-012", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-502", "zdi_id": "ZDI-10-012" }, { "cve": "CVE-2010-0244", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-10-011/advisory.json", "detail_path": "advisories/ZDI-10-011", "id": "ZDI-10-011", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-011/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-501", "zdi_id": "ZDI-10-011" }, { "cve": "CVE-2009-4246", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins....", "detail_json": "/data/advisories/ZDI-10-010/advisory.json", "detail_path": "advisories/ZDI-10-010", "id": "ZDI-10-010", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-010/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-421", "zdi_id": "ZDI-10-010" }, { "cve": "CVE-2009-0376", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-009/advisory.json", "detail_path": "advisories/ZDI-10-009", "id": "ZDI-10-009", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-009/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-318", "zdi_id": "ZDI-10-009" }, { "cve": "CVE-2009-4244", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsin...", "detail_json": "/data/advisories/ZDI-10-008/advisory.json", "detail_path": "advisories/ZDI-10-008", "id": "ZDI-10-008", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-008/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-317", "zdi_id": "ZDI-10-008" }, { "cve": "CVE-2009-4257", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The speci...", "detail_json": "/data/advisories/ZDI-10-007/advisory.json", "detail_path": "advisories/ZDI-10-007", "id": "ZDI-10-007", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-007/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-286", "zdi_id": "ZDI-10-007" }, { "cve": "CVE-2009-4242", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsin...", "detail_json": "/data/advisories/ZDI-10-006/advisory.json", "detail_path": "advisories/ZDI-10-006", "id": "ZDI-10-006", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-006/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-271", "zdi_id": "ZDI-10-006" }, { "cve": "CVE-2009-4241", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of files wi...", "detail_json": "/data/advisories/ZDI-10-005/advisory.json", "detail_path": "advisories/ZDI-10-005", "id": "ZDI-10-005", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability", "updated_date": "2021-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-005/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-252", "zdi_id": "ZDI-10-005" }, { "cve": "CVE-2010-0138", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CO...", "detail_json": "/data/advisories/ZDI-10-004/advisory.json", "detail_path": "advisories/ZDI-10-004", "id": "ZDI-10-004", "kind": "published", "published_date": "2010-01-21", "status": "published", "title": "Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-004/", "vendor": "Cisco", "vendor_url": null, "zdi_can": "ZDI-CAN-396", "zdi_id": "ZDI-10-004" }, { "cve": null, "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficient sanity checks on t...", "detail_json": "/data/advisories/ZDI-10-003/advisory.json", "detail_path": "advisories/ZDI-10-003", "id": "ZDI-10-003", "kind": "published", "published_date": "2010-01-12", "status": "published", "title": "Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-003/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-457", "zdi_id": "ZDI-10-003" }, { "cve": "CVE-2010-0072", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observ...", "detail_json": "/data/advisories/ZDI-10-002/advisory.json", "detail_path": "advisories/ZDI-10-002", "id": "ZDI-10-002", "kind": "published", "published_date": "2010-01-12", "status": "published", "title": "Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-002/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-471", "zdi_id": "ZDI-10-002" }, { "cve": "CVE-2009-4486", "cvss": 10.0, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/e...", "detail_json": "/data/advisories/ZDI-10-001/advisory.json", "detail_path": "advisories/ZDI-10-001", "id": "ZDI-10-001", "kind": "published", "published_date": "2010-01-07", "status": "published", "title": "Novell iManager eDirectory Plugin Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-10-001/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-439", "zdi_id": "ZDI-10-001" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to impersonate valid users in vulnerable installations of Novell ZENworks Desktop Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to an information leak when que...", "detail_json": "/data/advisories/ZDI-09-101/advisory.json", "detail_path": "advisories/ZDI-09-101", "id": "ZDI-09-101", "kind": "published", "published_date": "2009-11-30", "status": "published", "title": "Novell ZENworks Desktop Management Installation Service Remote Information Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-101/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-450", "zdi_id": "ZDI-09-101" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required to exploit this vulnerability. The specific flaw exists in the parsing of VARCHAR arguments to a number of stored procedure...", "detail_json": "/data/advisories/ZDI-09-100/advisory.json", "detail_path": "advisories/ZDI-09-100", "id": "ZDI-09-100", "kind": "published", "published_date": "2009-12-15", "status": "published", "title": "IBM DB2 Universal Database Multiple SQL Functions Remote Code Execution Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-100/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-488", "zdi_id": "ZDI-09-100" }, { "cve": "CVE-2007-2280", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Storage Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the backup client service...", "detail_json": "/data/advisories/ZDI-09-099/advisory.json", "detail_path": "advisories/ZDI-09-099", "id": "ZDI-09-099", "kind": "published", "published_date": "2009-12-17", "status": "published", "title": "Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-099/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-105", "zdi_id": "ZDI-09-099" }, { "cve": "CVE-2009-3027", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component...", "detail_json": "/data/advisories/ZDI-09-098/advisory.json", "detail_path": "advisories/ZDI-09-098", "id": "ZDI-09-098", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-098/", "vendor": "Symantec, Symantec, Symantec, Symantec, Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-456", "zdi_id": "ZDI-09-098" }, { "cve": "CVE-2009-3849", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.e...", "detail_json": "/data/advisories/ZDI-09-097/advisory.json", "detail_path": "advisories/ZDI-09-097", "id": "ZDI-09-097", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-097/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-523", "zdi_id": "ZDI-09-097" }, { "cve": "CVE-2009-3848", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.e...", "detail_json": "/data/advisories/ZDI-09-096/advisory.json", "detail_path": "advisories/ZDI-09-096", "id": "ZDI-09-096", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-096/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-522", "zdi_id": "ZDI-09-096" }, { "cve": "CVE-2009-3849", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmp.exe CGI e...", "detail_json": "/data/advisories/ZDI-09-095/advisory.json", "detail_path": "advisories/ZDI-09-095", "id": "ZDI-09-095", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-095/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-518", "zdi_id": "ZDI-09-095" }, { "cve": "CVE-2009-3845", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables dist...", "detail_json": "/data/advisories/ZDI-09-094/advisory.json", "detail_path": "advisories/ZDI-09-094", "id": "ZDI-09-094", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-094/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-453", "zdi_id": "ZDI-09-094" }, { "cve": "CVE-2009-3799", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file....", "detail_json": "/data/advisories/ZDI-09-093/advisory.json", "detail_path": "advisories/ZDI-09-093", "id": "ZDI-09-093", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-093/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-392", "zdi_id": "ZDI-09-093" }, { "cve": "CVE-2009-3794", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file....", "detail_json": "/data/advisories/ZDI-09-092/advisory.json", "detail_path": "advisories/ZDI-09-092", "id": "ZDI-09-092", "kind": "published", "published_date": "2009-12-09", "status": "published", "title": "Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-517", "zdi_id": "ZDI-09-092" }, { "cve": "CVE-2009-3844", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of HP Application Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the O...", "detail_json": "/data/advisories/ZDI-09-091/advisory.json", "detail_path": "advisories/ZDI-09-091", "id": "ZDI-09-091", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-091/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-503", "zdi_id": "ZDI-09-091" }, { "cve": "CVE-2009-4310", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-09-090/advisory.json", "detail_path": "advisories/ZDI-09-090", "id": "ZDI-09-090", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-090/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-432", "zdi_id": "ZDI-09-090" }, { "cve": "CVE-2009-4309", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-09-089/advisory.json", "detail_path": "advisories/ZDI-09-089", "id": "ZDI-09-089", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-089/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-314", "zdi_id": "ZDI-09-089" }, { "cve": "CVE-2009-3674", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw e...", "detail_json": "/data/advisories/ZDI-09-088/advisory.json", "detail_path": "advisories/ZDI-09-088", "id": "ZDI-09-088", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-088/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-547", "zdi_id": "ZDI-09-088" }, { "cve": "CVE-2009-3673", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specifi...", "detail_json": "/data/advisories/ZDI-09-087/advisory.json", "detail_path": "advisories/ZDI-09-087", "id": "ZDI-09-087", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-087/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-541", "zdi_id": "ZDI-09-087" }, { "cve": "CVE-2009-3671", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and pars...", "detail_json": "/data/advisories/ZDI-09-086/advisory.json", "detail_path": "advisories/ZDI-09-086", "id": "ZDI-09-086", "kind": "published", "published_date": "2009-12-08", "status": "published", "title": "Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-086/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-496", "zdi_id": "ZDI-09-086" }, { "cve": "CVE-2009-3843", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Operations Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a hidden account present with...", "detail_json": "/data/advisories/ZDI-09-085/advisory.json", "detail_path": "advisories/ZDI-09-085", "id": "ZDI-09-085", "kind": "published", "published_date": "2009-11-20", "status": "published", "title": "Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-085/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-618", "zdi_id": "ZDI-09-085" }, { "cve": "CVE-2009-0954", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-084/advisory.json", "detail_path": "advisories/ZDI-09-084", "id": "ZDI-09-084", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple Quicktime FIRE Codec Heap Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-084/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-481", "zdi_id": "ZDI-09-084" }, { "cve": "CVE-2009-3129", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-09-083/advisory.json", "detail_path": "advisories/ZDI-09-083", "id": "ZDI-09-083", "kind": "published", "published_date": "2009-11-10", "status": "published", "title": "Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-587", "zdi_id": "ZDI-09-083" }, { "cve": "CVE-2009-3127", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-09-082/advisory.json", "detail_path": "advisories/ZDI-09-082", "id": "ZDI-09-082", "kind": "published", "published_date": "2009-11-10", "status": "published", "title": "Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-082/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-567", "zdi_id": "ZDI-09-082" }, { "cve": "CVE-2009-2685", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when po...", "detail_json": "/data/advisories/ZDI-09-081/advisory.json", "detail_path": "advisories/ZDI-09-081", "id": "ZDI-09-081", "kind": "published", "published_date": "2009-11-05", "status": "published", "title": "Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-081/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-492", "zdi_id": "ZDI-09-081" }, { "cve": "CVE-2009-3874", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw ex...", "detail_json": "/data/advisories/ZDI-09-080/advisory.json", "detail_path": "advisories/ZDI-09-080", "id": "ZDI-09-080", "kind": "published", "published_date": "2009-11-04", "status": "published", "title": "Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-080/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-562", "zdi_id": "ZDI-09-080" }, { "cve": "CVE-2009-3871", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-09-079/advisory.json", "detail_path": "advisories/ZDI-09-079", "id": "ZDI-09-079", "kind": "published", "published_date": "2009-11-04", "status": "published", "title": "Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-079/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-551", "zdi_id": "ZDI-09-079" }, { "cve": "CVE-2009-3869", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exis...", "detail_json": "/data/advisories/ZDI-09-078/advisory.json", "detail_path": "advisories/ZDI-09-078", "id": "ZDI-09-078", "kind": "published", "published_date": "2009-11-04", "status": "published", "title": "Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-078/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-550", "zdi_id": "ZDI-09-078" }, { "cve": "CVE-2009-3866", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-09-077/advisory.json", "detail_path": "advisories/ZDI-09-077", "id": "ZDI-09-077", "kind": "published", "published_date": "2009-11-04", "status": "published", "title": "Sun Java Web Start Arbitrary Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-077/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-505", "zdi_id": "ZDI-09-077" }, { "cve": "CVE-2009-3867", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists in the pa...", "detail_json": "/data/advisories/ZDI-09-076/advisory.json", "detail_path": "advisories/ZDI-09-076", "id": "ZDI-09-076", "kind": "published", "published_date": "2009-11-04", "status": "published", "title": "Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-076/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-491", "zdi_id": "ZDI-09-076" }, { "cve": "CVE-2009-3862", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Nov...", "detail_json": "/data/advisories/ZDI-09-075/advisory.json", "detail_path": "advisories/ZDI-09-075", "id": "ZDI-09-075", "kind": "published", "published_date": "2009-11-02", "status": "published", "title": "Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-075/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-513", "zdi_id": "ZDI-09-075" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Documentum eRoom, OpenText Hummingbird and OpenText Search Server. Authentication is not required to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-09-074/advisory.json", "detail_path": "advisories/ZDI-09-074", "id": "ZDI-09-074", "kind": "published", "published_date": "2009-10-28", "status": "published", "title": "Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-074/", "vendor": "EMC, OpenText, OpenText", "vendor_url": null, "zdi_can": "ZDI-CAN-369", "zdi_id": "ZDI-09-074" }, { "cve": "CVE-2009-2985", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f...", "detail_json": "/data/advisories/ZDI-09-073/advisory.json", "detail_path": "advisories/ZDI-09-073", "id": "ZDI-09-073", "kind": "published", "published_date": "2009-10-13", "status": "published", "title": "Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-073/", "vendor": "Adobe, Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-479", "zdi_id": "ZDI-09-073" }, { "cve": "CVE-2009-2503", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in t...", "detail_json": "/data/advisories/ZDI-09-072/advisory.json", "detail_path": "advisories/ZDI-09-072", "id": "ZDI-09-072", "kind": "published", "published_date": "2009-10-13", "status": "published", "title": "Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-072/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-605", "zdi_id": "ZDI-09-072" }, { "cve": "CVE-2009-2531", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the parsing of CSS style...", "detail_json": "/data/advisories/ZDI-09-071/advisory.json", "detail_path": "advisories/ZDI-09-071", "id": "ZDI-09-071", "kind": "published", "published_date": "2009-10-13", "status": "published", "title": "Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-071/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-494", "zdi_id": "ZDI-09-071" }, { "cve": "CVE-2009-2530", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-070/advisory.json", "detail_path": "advisories/ZDI-09-070", "id": "ZDI-09-070", "kind": "published", "published_date": "2009-10-13", "status": "published", "title": "Microsoft Internet Explorer Event Object Type Double-Free Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-070/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-489", "zdi_id": "ZDI-09-070" }, { "cve": "CVE-2009-0555", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific fla...", "detail_json": "/data/advisories/ZDI-09-069/advisory.json", "detail_path": "advisories/ZDI-09-069", "id": "ZDI-09-069", "kind": "published", "published_date": "2009-10-13", "status": "published", "title": "Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-069/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-320", "zdi_id": "ZDI-09-069" }, { "cve": "CVE-2009-1120", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC RepliStor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DoRcvRpcCall RPC function exposed via the rep_...", "detail_json": "/data/advisories/ZDI-09-068/advisory.json", "detail_path": "advisories/ZDI-09-068", "id": "ZDI-09-068", "kind": "published", "published_date": "2009-04-07", "status": "published", "title": "EMC RepliStor Server Service DoASOCommand Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-068/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-452", "zdi_id": "ZDI-09-068" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NFS Portmapper daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CALLIT RP...", "detail_json": "/data/advisories/ZDI-09-067/advisory.json", "detail_path": "advisories/ZDI-09-067", "id": "ZDI-09-067", "kind": "published", "published_date": "2009-09-30", "status": "published", "title": "Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-067/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-497", "zdi_id": "ZDI-09-067" }, { "cve": "CVE-2009-3068", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by defa...", "detail_json": "/data/advisories/ZDI-09-066/advisory.json", "detail_path": "advisories/ZDI-09-066", "id": "ZDI-09-066", "kind": "published", "published_date": "2009-09-23", "status": "published", "title": "Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-066/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-504", "zdi_id": "ZDI-09-066" }, { "cve": "CVE-2009-3077", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the...", "detail_json": "/data/advisories/ZDI-09-065/advisory.json", "detail_path": "advisories/ZDI-09-065", "id": "ZDI-09-065", "kind": "published", "published_date": "2009-09-10", "status": "published", "title": "Mozilla Firefox TreeColumns Dangling Pointer Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-065/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-536", "zdi_id": "ZDI-09-065" }, { "cve": "CVE-2009-2798", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-064/advisory.json", "detail_path": "advisories/ZDI-09-064", "id": "ZDI-09-064", "kind": "published", "published_date": "2009-09-10", "status": "published", "title": "Apple QuickTime FlashPix Sector Size Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-064/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-524", "zdi_id": "ZDI-09-064" }, { "cve": "CVE-2009-2799", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-063/advisory.json", "detail_path": "advisories/ZDI-09-063", "id": "ZDI-09-063", "kind": "published", "published_date": "2009-09-10", "status": "published", "title": "Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-063/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-500", "zdi_id": "ZDI-09-063" }, { "cve": "CVE-2009-1920", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-062/advisory.json", "detail_path": "advisories/ZDI-09-062", "id": "ZDI-09-062", "kind": "published", "published_date": "2009-09-08", "status": "published", "title": "Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-062/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-482", "zdi_id": "ZDI-09-062" }, { "cve": "CVE-2009-1430", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-09-061/advisory.json", "detail_path": "advisories/ZDI-09-061", "id": "ZDI-09-061", "kind": "published", "published_date": "2009-04-28", "status": "published", "title": "Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-061/", "vendor": "Symantec, Symantec, Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-246", "zdi_id": "ZDI-09-061" }, { "cve": "CVE-2009-1429", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-09-060/advisory.json", "detail_path": "advisories/ZDI-09-060", "id": "ZDI-09-060", "kind": "published", "published_date": "2009-04-28", "status": "published", "title": "Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-060/", "vendor": "Symantec, Symantec, Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-174", "zdi_id": "ZDI-09-060" }, { "cve": "CVE-2009-1978", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability but an attacker must be authenticated. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-09-059/advisory.json", "detail_path": "advisories/ZDI-09-059", "id": "ZDI-09-059", "kind": "published", "published_date": "2009-08-18", "status": "published", "title": "Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-059/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-442", "zdi_id": "ZDI-09-059" }, { "cve": "CVE-2009-1977", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the a...", "detail_json": "/data/advisories/ZDI-09-058/advisory.json", "detail_path": "advisories/ZDI-09-058", "id": "ZDI-09-058", "kind": "published", "published_date": "2009-08-18", "status": "published", "title": "Oracle Secure Backup Administration Server Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-058/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-443", "zdi_id": "ZDI-09-058" }, { "cve": "CVE-2009-1133", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within mstscax.dll when parsing packets from...", "detail_json": "/data/advisories/ZDI-09-057/advisory.json", "detail_path": "advisories/ZDI-09-057", "id": "ZDI-09-057", "kind": "published", "published_date": "2009-08-11", "status": "published", "title": "Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-057/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-301", "zdi_id": "ZDI-09-057" }, { "cve": "CVE-2009-2496", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists in the...", "detail_json": "/data/advisories/ZDI-09-056/advisory.json", "detail_path": "advisories/ZDI-09-056", "id": "ZDI-09-056", "kind": "published", "published_date": "2009-08-11", "status": "published", "title": "Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-056/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-273", "zdi_id": "ZDI-09-056" }, { "cve": "CVE-2009-0562", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when loading and...", "detail_json": "/data/advisories/ZDI-09-055/advisory.json", "detail_path": "advisories/ZDI-09-055", "id": "ZDI-09-055", "kind": "published", "published_date": "2009-08-11", "status": "published", "title": "Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-055/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-186", "zdi_id": "ZDI-09-055" }, { "cve": "CVE-2009-1136", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the proce...", "detail_json": "/data/advisories/ZDI-09-054/advisory.json", "detail_path": "advisories/ZDI-09-054", "id": "ZDI-09-054", "kind": "published", "published_date": "2009-08-11", "status": "published", "title": "Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-054/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-175", "zdi_id": "ZDI-09-054" }, { "cve": "CVE-2009-1923", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WINS.exe process which provides name resol...", "detail_json": "/data/advisories/ZDI-09-053/advisory.json", "detail_path": "advisories/ZDI-09-053", "id": "ZDI-09-053", "kind": "published", "published_date": "2009-08-11", "status": "published", "title": "Microsoft Windows WINS Service Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-053/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-437", "zdi_id": "ZDI-09-053" }, { "cve": "CVE-2009-2026", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates Unicenter Software Delivery. Authentication is not required to exploit this vulnerability. The specific flaw resides in the dtscore.dll library. T...", "detail_json": "/data/advisories/ZDI-09-052/advisory.json", "detail_path": "advisories/ZDI-09-052", "id": "ZDI-09-052", "kind": "published", "published_date": "2009-08-07", "status": "published", "title": "CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-052/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-233", "zdi_id": "ZDI-09-052" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within the irccd.exe process which l...", "detail_json": "/data/advisories/ZDI-09-051/advisory.json", "detail_path": "advisories/ZDI-09-051", "id": "ZDI-09-051", "kind": "published", "published_date": "2009-08-07", "status": "published", "title": "EMC Replication Manager Client Control Service Remove Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-051/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-451", "zdi_id": "ZDI-09-051" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-09-050/advisory.json", "detail_path": "advisories/ZDI-09-050", "id": "ZDI-09-050", "kind": "published", "published_date": "2009-08-05", "status": "published", "title": "Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-050/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-460", "zdi_id": "ZDI-09-050" }, { "cve": "CVE-2009-2675", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists wit...", "detail_json": "/data/advisories/ZDI-09-049/advisory.json", "detail_path": "advisories/ZDI-09-049", "id": "ZDI-09-049", "kind": "published", "published_date": "2009-08-05", "status": "published", "title": "Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-049/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-475", "zdi_id": "ZDI-09-049" }, { "cve": "CVE-2009-1919", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-048/advisory.json", "detail_path": "advisories/ZDI-09-048", "id": "ZDI-09-048", "kind": "published", "published_date": "2009-08-05", "status": "published", "title": "Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-484", "zdi_id": "ZDI-09-048" }, { "cve": "CVE-2009-1918", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-047/advisory.json", "detail_path": "advisories/ZDI-09-047", "id": "ZDI-09-047", "kind": "published", "published_date": "2009-08-05", "status": "published", "title": "Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-483", "zdi_id": "ZDI-09-047" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Novell's Privileged User Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unifid.exe servi...", "detail_json": "/data/advisories/ZDI-09-046/advisory.json", "detail_path": "advisories/ZDI-09-046", "id": "ZDI-09-046", "kind": "published", "published_date": "2009-07-21", "status": "published", "title": "Novell Privileged User Manager Remote DLL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-046/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-493", "zdi_id": "ZDI-09-046" }, { "cve": "CVE-2009-1539", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within th...", "detail_json": "/data/advisories/ZDI-09-045/advisory.json", "detail_path": "advisories/ZDI-09-045", "id": "ZDI-09-045", "kind": "published", "published_date": "2009-07-14", "status": "published", "title": "Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-045/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-389", "zdi_id": "ZDI-09-045" }, { "cve": "CVE-2009-1860", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to loa...", "detail_json": "/data/advisories/ZDI-09-044/advisory.json", "detail_path": "advisories/ZDI-09-044", "id": "ZDI-09-044", "kind": "published", "published_date": "2009-06-24", "status": "published", "title": "Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-044/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-327", "zdi_id": "ZDI-09-044" }, { "cve": "CVE-2009-1719", "cvss": null, "cvss_vector": null, "description_snippet": "his vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Java HotSpot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the u...", "detail_json": "/data/advisories/ZDI-09-043/advisory.json", "detail_path": "advisories/ZDI-09-043", "id": "ZDI-09-043", "kind": "published", "published_date": "2009-06-16", "status": "published", "title": "Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-043/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-416", "zdi_id": "ZDI-09-043" }, { "cve": "CVE-2009-1855", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a mali...", "detail_json": "/data/advisories/ZDI-09-042/advisory.json", "detail_path": "advisories/ZDI-09-042", "id": "ZDI-09-042", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-042/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-433", "zdi_id": "ZDI-09-042" }, { "cve": "CVE-2009-1532", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exi...", "detail_json": "/data/advisories/ZDI-09-041/advisory.json", "detail_path": "advisories/ZDI-09-041", "id": "ZDI-09-041", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-041/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-463", "zdi_id": "ZDI-09-041" }, { "cve": "CVE-2009-1134", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of...", "detail_json": "/data/advisories/ZDI-09-040/advisory.json", "detail_path": "advisories/ZDI-09-040", "id": "ZDI-09-040", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-040/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-454", "zdi_id": "ZDI-09-040" }, { "cve": "CVE-2009-1531", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-039/advisory.json", "detail_path": "advisories/ZDI-09-039", "id": "ZDI-09-039", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-039/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-429", "zdi_id": "ZDI-09-039" }, { "cve": "CVE-2009-1530", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-038/advisory.json", "detail_path": "advisories/ZDI-09-038", "id": "ZDI-09-038", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-038/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-428", "zdi_id": "ZDI-09-038" }, { "cve": "CVE-2009-1528", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exi...", "detail_json": "/data/advisories/ZDI-09-037/advisory.json", "detail_path": "advisories/ZDI-09-037", "id": "ZDI-09-037", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-037/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-426", "zdi_id": "ZDI-09-037" }, { "cve": "CVE-2009-1529", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerabil...", "detail_json": "/data/advisories/ZDI-09-036/advisory.json", "detail_path": "advisories/ZDI-09-036", "id": "ZDI-09-036", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Internet Explorer setCapture Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-036/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-425", "zdi_id": "ZDI-09-036" }, { "cve": "CVE-2009-0563", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a m...", "detail_json": "/data/advisories/ZDI-09-035/advisory.json", "detail_path": "advisories/ZDI-09-035", "id": "ZDI-09-035", "kind": "published", "published_date": "2009-06-10", "status": "published", "title": "Microsoft Word Document Stack Based Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-035/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-365", "zdi_id": "ZDI-09-035" }, { "cve": "CVE-2009-1709", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbag...", "detail_json": "/data/advisories/ZDI-09-034/advisory.json", "detail_path": "advisories/ZDI-09-034", "id": "ZDI-09-034", "kind": "published", "published_date": "2009-06-08", "status": "published", "title": "Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-034/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-401", "zdi_id": "ZDI-09-034" }, { "cve": "CVE-2009-1701", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when t...", "detail_json": "/data/advisories/ZDI-09-033/advisory.json", "detail_path": "advisories/ZDI-09-033", "id": "ZDI-09-033", "kind": "published", "published_date": "2009-06-08", "status": "published", "title": "Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-033/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-430", "zdi_id": "ZDI-09-033" }, { "cve": "CVE-2009-1698", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handli...", "detail_json": "/data/advisories/ZDI-09-032/advisory.json", "detail_path": "advisories/ZDI-09-032", "id": "ZDI-09-032", "kind": "published", "published_date": "2009-06-08", "status": "published", "title": "Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-032/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-441", "zdi_id": "ZDI-09-032" }, { "cve": "CVE-2009-1376", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-09-031/advisory.json", "detail_path": "advisories/ZDI-09-031", "id": "ZDI-09-031", "kind": "published", "published_date": "2009-06-08", "status": "published", "title": "Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-031/", "vendor": "Adium, Pidgin", "vendor_url": null, "zdi_can": "ZDI-CAN-424", "zdi_id": "ZDI-09-031" }, { "cve": "CVE-2009-0010", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-030/advisory.json", "detail_path": "advisories/ZDI-09-030", "id": "ZDI-09-030", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-030/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-413", "zdi_id": "ZDI-09-030" }, { "cve": "CVE-2009-0957", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-029/advisory.json", "detail_path": "advisories/ZDI-09-029", "id": "ZDI-09-029", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-029/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-480", "zdi_id": "ZDI-09-029" }, { "cve": "CVE-2009-0954", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The...", "detail_json": "/data/advisories/ZDI-09-028/advisory.json", "detail_path": "advisories/ZDI-09-028", "id": "ZDI-09-028", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-028/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-414", "zdi_id": "ZDI-09-028" }, { "cve": "CVE-2009-0953", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-027/advisory.json", "detail_path": "advisories/ZDI-09-027", "id": "ZDI-09-027", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-027/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-412", "zdi_id": "ZDI-09-027" }, { "cve": "CVE-2009-0952", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-026/advisory.json", "detail_path": "advisories/ZDI-09-026", "id": "ZDI-09-026", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-026/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-469", "zdi_id": "ZDI-09-026" }, { "cve": "CVE-2009-0951", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The...", "detail_json": "/data/advisories/ZDI-09-025/advisory.json", "detail_path": "advisories/ZDI-09-025", "id": "ZDI-09-025", "kind": "published", "published_date": "2009-06-02", "status": "published", "title": "Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-025/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-402", "zdi_id": "ZDI-09-025" }, { "cve": "CVE-2009-1943", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Safenet Softremote IKE VPN service. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ireIke.exe service listen...", "detail_json": "/data/advisories/ZDI-09-024/advisory.json", "detail_path": "advisories/ZDI-09-024", "id": "ZDI-09-024", "kind": "published", "published_date": "2009-06-01", "status": "published", "title": "Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-024/", "vendor": "Safenet", "vendor_url": null, "zdi_can": "ZDI-CAN-399", "zdi_id": "ZDI-09-024" }, { "cve": "CVE-2009-0154", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...", "detail_json": "/data/advisories/ZDI-09-023/advisory.json", "detail_path": "advisories/ZDI-09-023", "id": "ZDI-09-023", "kind": "published", "published_date": "2009-05-13", "status": "published", "title": "Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-023/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-462", "zdi_id": "ZDI-09-023" }, { "cve": "CVE-2009-0945", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the pa...", "detail_json": "/data/advisories/ZDI-09-022/advisory.json", "detail_path": "advisories/ZDI-09-022", "id": "ZDI-09-022", "kind": "published", "published_date": "2009-05-13", "status": "published", "title": "Apple Safari Malformed SVGList Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-022/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-464", "zdi_id": "ZDI-09-022" }, { "cve": "CVE-2009-0010", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-021/advisory.json", "detail_path": "advisories/ZDI-09-021", "id": "ZDI-09-021", "kind": "published", "published_date": "2009-05-13", "status": "published", "title": "Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-021/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-470", "zdi_id": "ZDI-09-021" }, { "cve": "CVE-2009-1130", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office's PowerPoint. User interaction is required to exploit this vulnerability in that the target must open up a malicious file. The vulnerability e...", "detail_json": "/data/advisories/ZDI-09-020/advisory.json", "detail_path": "advisories/ZDI-09-020", "id": "ZDI-09-020", "kind": "published", "published_date": "2009-05-12", "status": "published", "title": "Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-020/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-355", "zdi_id": "ZDI-09-020" }, { "cve": "CVE-2009-0556", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. Exploitation requires that the attacker coerce the target into opening a malicious .PPT file. The specific flaw exists in the pars...", "detail_json": "/data/advisories/ZDI-09-019/advisory.json", "detail_path": "advisories/ZDI-09-019", "id": "ZDI-09-019", "kind": "published", "published_date": "2009-05-12", "status": "published", "title": "Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-019/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-299", "zdi_id": "ZDI-09-019" }, { "cve": "CVE-2009-1430", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-09-018/advisory.json", "detail_path": "advisories/ZDI-09-018", "id": "ZDI-09-018", "kind": "published", "published_date": "2009-04-28", "status": "published", "title": "Symantec Multiple Product Intel Alert Originator Service Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-018/", "vendor": "Symantec, Symantec, Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-226", "zdi_id": "ZDI-09-018" }, { "cve": "CVE-2009-0993", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Applications Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Oracle Process Manager and Notifi...", "detail_json": "/data/advisories/ZDI-09-017/advisory.json", "detail_path": "advisories/ZDI-09-017", "id": "ZDI-09-017", "kind": "published", "published_date": "2009-04-14", "status": "published", "title": "Oracle Applications Server 10g Format String Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-017/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-248", "zdi_id": "ZDI-09-017" }, { "cve": "CVE-2009-1350", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. The specific flaw exists within xtagent.exe during the hand...", "detail_json": "/data/advisories/ZDI-09-016/advisory.json", "detail_path": "advisories/ZDI-09-016", "id": "ZDI-09-016", "kind": "published", "published_date": "2009-04-06", "status": "published", "title": "Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-016/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-397", "zdi_id": "ZDI-09-016" }, { "cve": "CVE-2009-1044", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the XUL...", "detail_json": "/data/advisories/ZDI-09-015/advisory.json", "detail_path": "advisories/ZDI-09-015", "id": "ZDI-09-015", "kind": "published", "published_date": "2009-03-30", "status": "published", "title": "Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-015/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-465", "zdi_id": "ZDI-09-015" }, { "cve": "CVE-2009-0927", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-09-014/advisory.json", "detail_path": "advisories/ZDI-09-014", "id": "ZDI-09-014", "kind": "published", "published_date": "2009-03-24", "status": "published", "title": "Adobe Acrobat getIcon() Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-014/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-362", "zdi_id": "ZDI-09-014" }, { "cve": "CVE-2009-0775", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the...", "detail_json": "/data/advisories/ZDI-09-013/advisory.json", "detail_path": "advisories/ZDI-09-013", "id": "ZDI-09-013", "kind": "published", "published_date": "2009-03-05", "status": "published", "title": "Mozilla Firefox XUL Linked Clones Double Free Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-013/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-423", "zdi_id": "ZDI-09-013" }, { "cve": "CVE-2009-0076", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-012/advisory.json", "detail_path": "advisories/ZDI-09-012", "id": "ZDI-09-012", "kind": "published", "published_date": "2009-02-10", "status": "published", "title": "Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-012/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-400", "zdi_id": "ZDI-09-012" }, { "cve": "CVE-2009-0075", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-09-011/advisory.json", "detail_path": "advisories/ZDI-09-011", "id": "ZDI-09-011", "kind": "published", "published_date": "2009-02-10", "status": "published", "title": "Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-011/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-391", "zdi_id": "ZDI-09-011" }, { "cve": "CVE-2009-0410", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware Groupwise SMTP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of malformed RC...", "detail_json": "/data/advisories/ZDI-09-010/advisory.json", "detail_path": "advisories/ZDI-09-010", "id": "ZDI-09-010", "kind": "published", "published_date": "2009-02-02", "status": "published", "title": "Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-010/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-384", "zdi_id": "ZDI-09-010" }, { "cve": "CVE-2009-0311", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Backbone service (ftbackbone.exe)...", "detail_json": "/data/advisories/ZDI-09-009/advisory.json", "detail_path": "advisories/ZDI-09-009", "id": "ZDI-09-009", "kind": "published", "published_date": "2009-01-23", "status": "published", "title": "EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-009/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-364", "zdi_id": "ZDI-09-009" }, { "cve": "CVE-2009-0007", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the hand...", "detail_json": "/data/advisories/ZDI-09-008/advisory.json", "detail_path": "advisories/ZDI-09-008", "id": "ZDI-09-008", "kind": "published", "published_date": "2009-01-21", "status": "published", "title": "Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-008/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-352", "zdi_id": "ZDI-09-008" }, { "cve": "CVE-2009-0006", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the hand...", "detail_json": "/data/advisories/ZDI-09-007/advisory.json", "detail_path": "advisories/ZDI-09-007", "id": "ZDI-09-007", "kind": "published", "published_date": "2009-01-21", "status": "published", "title": "Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-007/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-344", "zdi_id": "ZDI-09-007" }, { "cve": "CVE-2009-0003", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-09-006/advisory.json", "detail_path": "advisories/ZDI-09-006", "id": "ZDI-09-006", "kind": "published", "published_date": "2009-01-21", "status": "published", "title": "Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-006/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-393", "zdi_id": "ZDI-09-006" }, { "cve": "CVE-2009-0002", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-09-005/advisory.json", "detail_path": "advisories/ZDI-09-005", "id": "ZDI-09-005", "kind": "published", "published_date": "2009-01-21", "status": "published", "title": "Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-005/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-382", "zdi_id": "ZDI-09-005" }, { "cve": "CVE-2008-5440", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle TimesTen. User interaction is not required to exploit this vulnerability. The specific flaw exists in the evtdump CGI module, which is used to write to...", "detail_json": "/data/advisories/ZDI-09-004/advisory.json", "detail_path": "advisories/ZDI-09-004", "id": "ZDI-09-004", "kind": "published", "published_date": "2009-01-14", "status": "published", "title": "Oracle TimesTen evtdump Remote Format String Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-004/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-300", "zdi_id": "ZDI-09-004" }, { "cve": "CVE-2008-5448", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine exec_qr() defined in the web sc...", "detail_json": "/data/advisories/ZDI-09-003/advisory.json", "detail_path": "advisories/ZDI-09-003", "id": "ZDI-09-003", "kind": "published", "published_date": "2009-01-14", "status": "published", "title": "Oracle Secure Backup exec_qr() Command Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-003/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-224", "zdi_id": "ZDI-09-003" }, { "cve": "CVE-2008-4835", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-09-002/advisory.json", "detail_path": "advisories/ZDI-09-002", "id": "ZDI-09-002", "kind": "published", "published_date": "2009-01-13", "status": "published", "title": "Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-002/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-379", "zdi_id": "ZDI-09-002" }, { "cve": "CVE-2008-4834", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The spe...", "detail_json": "/data/advisories/ZDI-09-001/advisory.json", "detail_path": "advisories/ZDI-09-001", "id": "ZDI-09-001", "kind": "published", "published_date": "2009-01-13", "status": "published", "title": "Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-09-001/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-354", "zdi_id": "ZDI-09-001" }, { "cve": "CVE-2008-4019", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-08-099/advisory.json", "detail_path": "advisories/ZDI-08-099", "id": "ZDI-08-099", "kind": "published", "published_date": "2008-10-14", "status": "published", "title": "Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-099/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-357", "zdi_id": "ZDI-08-099" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of any communication application utilizing the SIP Foundry API. This includes vendors such as AOL, Yahoo, Skype, Oracle, Nortel and more. Authentication is not re...", "detail_json": "/data/advisories/ZDI-08-098/advisory.json", "detail_path": "advisories/ZDI-08-098", "id": "ZDI-08-098", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "AOL AIM SIPFoundry sipXtapi RTP Processing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-098/", "vendor": "America Online", "vendor_url": null, "zdi_can": "ZDI-CAN-279", "zdi_id": "ZDI-08-098" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AOL AIM. Successful exploitation requires the victim to accept a Video Messaging session with the attacker. The specific flaw exists in the SIP protocol implem...", "detail_json": "/data/advisories/ZDI-08-097/advisory.json", "detail_path": "advisories/ZDI-08-097", "id": "ZDI-08-097", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "AOL AIM SIPFoundry sipXtapi RTCP Processing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-097/", "vendor": "America Online", "vendor_url": null, "zdi_can": "ZDI-CAN-251", "zdi_id": "ZDI-08-097" }, { "cve": "CVE-2008-3684", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent...", "detail_json": "/data/advisories/ZDI-08-096/advisory.json", "detail_path": "advisories/ZDI-08-096", "id": "ZDI-08-096", "kind": "published", "published_date": "2008-08-14", "status": "published", "title": "EMC ApplicationXtender Workflow Server Admin Agent Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-096/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-360", "zdi_id": "ZDI-08-096" }, { "cve": "CVE-2008-3685", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent...", "detail_json": "/data/advisories/ZDI-08-095/advisory.json", "detail_path": "advisories/ZDI-08-095", "id": "ZDI-08-095", "kind": "published", "published_date": "2008-08-14", "status": "published", "title": "EMC ApplicationXtender Workflow Server Admin Agent Arbitrary File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-095/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-358", "zdi_id": "ZDI-08-095" }, { "cve": "CVE-2008-5013", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Mozilla Firefox with Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists due to a failure to chec...", "detail_json": "/data/advisories/ZDI-08-094/advisory.json", "detail_path": "advisories/ZDI-08-094", "id": "ZDI-08-094", "kind": "published", "published_date": "2008-11-12", "status": "published", "title": "Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-094/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-259", "zdi_id": "ZDI-08-094" }, { "cve": "CVE-2008-5021", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when...", "detail_json": "/data/advisories/ZDI-08-093/advisory.json", "detail_path": "advisories/ZDI-08-093", "id": "ZDI-08-093", "kind": "published", "published_date": "2008-11-12", "status": "published", "title": "Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-093/", "vendor": "Mozilla Firefox, Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-390", "zdi_id": "ZDI-08-093" }, { "cve": "CVE-2007-6637", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject scripts across domains through vulnerable versions of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-08-092/advisory.json", "detail_path": "advisories/ZDI-08-092", "id": "ZDI-08-092", "kind": "published", "published_date": "2008-04-08", "status": "published", "title": "Adobe Flash Script Injection Cross Domain Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-092/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-268", "zdi_id": "ZDI-08-092" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists during NTLM negotiation. The fun...", "detail_json": "/data/advisories/ZDI-08-091/advisory.json", "detail_path": "advisories/ZDI-08-091", "id": "ZDI-08-091", "kind": "published", "published_date": "2008-12-16", "status": "published", "title": "RealNetworks Helix Server NTLM Authentication Malformed Base64 Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-091/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-380", "zdi_id": "ZDI-08-091" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists while processing malformed base64 encoded data from...", "detail_json": "/data/advisories/ZDI-08-090/advisory.json", "detail_path": "advisories/ZDI-08-090", "id": "ZDI-08-090", "kind": "published", "published_date": "2008-12-16", "status": "published", "title": "RealNetworks Helix Server DataConvertBuffer Heap Overflow Vulnerability", "updated_date": "2021-07-15", "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-090/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-333", "zdi_id": "ZDI-08-090" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific...", "detail_json": "/data/advisories/ZDI-08-089/advisory.json", "detail_path": "advisories/ZDI-08-089", "id": "ZDI-08-089", "kind": "published", "published_date": "2008-12-16", "status": "published", "title": "RealNetworks Helix DNA Server RTSP DESCRIBE Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-089/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-293", "zdi_id": "ZDI-08-089" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPS.ICXSUPWF.Displa...", "detail_json": "/data/advisories/ZDI-08-088/advisory.json", "detail_path": "advisories/ZDI-08-088", "id": "ZDI-08-088", "kind": "published", "published_date": "2008-12-16", "status": "published", "title": "Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-088/", "vendor": "Oracle", "vendor_url": null, "zdi_can": "ZDI-CAN-160", "zdi_id": "ZDI-08-088" }, { "cve": "CVE-2008-4259", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 7 on the Microsoft Vista operating system. User interaction is required to exploit this vulnerability in that the target must visit a mali...", "detail_json": "/data/advisories/ZDI-08-087/advisory.json", "detail_path": "advisories/ZDI-08-087", "id": "ZDI-08-087", "kind": "published", "published_date": "2008-12-09", "status": "published", "title": "Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-087/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-331", "zdi_id": "ZDI-08-087" }, { "cve": "CVE-2008-4837", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. Exploitation requires that the attacker coerce the target into opening a malicious .DOC file. The specific flaw exists when processing a...", "detail_json": "/data/advisories/ZDI-08-086/advisory.json", "detail_path": "advisories/ZDI-08-086", "id": "ZDI-08-086", "kind": "published", "published_date": "2008-12-09", "status": "published", "title": "Microsoft Office Word Document Table Property Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-086/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-377", "zdi_id": "ZDI-08-086" }, { "cve": "CVE-2008-4028", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word and Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...", "detail_json": "/data/advisories/ZDI-08-085/advisory.json", "detail_path": "advisories/ZDI-08-085", "id": "ZDI-08-085", "kind": "published", "published_date": "2008-12-09", "status": "published", "title": "Microsoft Office RTF Drawing Object Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-085/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-351", "zdi_id": "ZDI-08-085" }, { "cve": "CVE-2008-4027", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a...", "detail_json": "/data/advisories/ZDI-08-084/advisory.json", "detail_path": "advisories/ZDI-08-084", "id": "ZDI-08-084", "kind": "published", "published_date": "2008-12-09", "status": "published", "title": "Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-084/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-334", "zdi_id": "ZDI-08-084" }, { "cve": "CVE-2008-4255", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-08-083/advisory.json", "detail_path": "advisories/ZDI-08-083", "id": "ZDI-08-083", "kind": "published", "published_date": "2008-12-09", "status": "published", "title": "Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-083/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-387", "zdi_id": "ZDI-08-083" }, { "cve": "CVE-2008-5982", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC PatrolAgent. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a format string handling error during log message writi...", "detail_json": "/data/advisories/ZDI-08-082/advisory.json", "detail_path": "advisories/ZDI-08-082", "id": "ZDI-08-082", "kind": "published", "published_date": "2008-12-08", "status": "published", "title": "BMC PatrolAgent Version Logging Format String Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-082/", "vendor": "BMC Software", "vendor_url": null, "zdi_can": "ZDI-CAN-325", "zdi_id": "ZDI-08-082" }, { "cve": "CVE-2008-5339", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The first vulnerability r...", "detail_json": "/data/advisories/ZDI-08-081/advisory.json", "detail_path": "advisories/ZDI-08-081", "id": "ZDI-08-081", "kind": "published", "published_date": "2008-12-04", "status": "published", "title": "Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-081/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-363", "zdi_id": "ZDI-08-081" }, { "cve": "CVE-2008-5359", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within th...", "detail_json": "/data/advisories/ZDI-08-080/advisory.json", "detail_path": "advisories/ZDI-08-080", "id": "ZDI-08-080", "kind": "published", "published_date": "2008-12-04", "status": "published", "title": "Sun Java AWT Library Sandbox Violation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-080/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-319", "zdi_id": "ZDI-08-080" }, { "cve": "CVE-2008-5403", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian....", "detail_json": "/data/advisories/ZDI-08-079/advisory.json", "detail_path": "advisories/ZDI-08-079", "id": "ZDI-08-079", "kind": "published", "published_date": "2008-12-04", "status": "published", "title": "Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-079/", "vendor": "Cerulean Studios", "vendor_url": null, "zdi_can": "ZDI-CAN-410", "zdi_id": "ZDI-08-079" }, { "cve": "CVE-2008-5402", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code fo...", "detail_json": "/data/advisories/ZDI-08-078/advisory.json", "detail_path": "advisories/ZDI-08-078", "id": "ZDI-08-078", "kind": "published", "published_date": "2008-12-04", "status": "published", "title": "Trillian IMG SRC ID Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-078/", "vendor": "Trillian", "vendor_url": null, "zdi_can": "ZDI-CAN-409", "zdi_id": "ZDI-08-078" }, { "cve": "CVE-2008-5401", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trilli...", "detail_json": "/data/advisories/ZDI-08-077/advisory.json", "detail_path": "advisories/ZDI-08-077", "id": "ZDI-08-077", "kind": "published", "published_date": "2008-12-04", "status": "published", "title": "Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-077/", "vendor": "Cerulean Studios, Cerulean Studios", "vendor_url": null, "zdi_can": "ZDI-CAN-408", "zdi_id": "ZDI-08-077" }, { "cve": "CVE-2008-5420", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent...", "detail_json": "/data/advisories/ZDI-08-076/advisory.json", "detail_path": "advisories/ZDI-08-076", "id": "ZDI-08-076", "kind": "published", "published_date": "2008-11-20", "status": "published", "title": "EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-076/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-406", "zdi_id": "ZDI-08-076" }, { "cve": "CVE-2008-5419", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.e...", "detail_json": "/data/advisories/ZDI-08-075/advisory.json", "detail_path": "advisories/ZDI-08-075", "id": "ZDI-08-075", "kind": "published", "published_date": "2008-11-20", "status": "published", "title": "EMC Control Center SST_CTGTRANS Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-075/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-398", "zdi_id": "ZDI-08-075" }, { "cve": "CVE-2008-4813", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when processing malicious javascript contained in a...", "detail_json": "/data/advisories/ZDI-08-074/advisory.json", "detail_path": "advisories/ZDI-08-074", "id": "ZDI-08-074", "kind": "published", "published_date": "2008-11-04", "status": "published", "title": "Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-074/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-329", "zdi_id": "ZDI-08-074" }, { "cve": "CVE-2008-4813", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a mali...", "detail_json": "/data/advisories/ZDI-08-073/advisory.json", "detail_path": "advisories/ZDI-08-073", "id": "ZDI-08-073", "kind": "published", "published_date": "2008-11-04", "status": "published", "title": "Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-073/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-302", "zdi_id": "ZDI-08-073" }, { "cve": "CVE-2008-2992", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...", "detail_json": "/data/advisories/ZDI-08-072/advisory.json", "detail_path": "advisories/ZDI-08-072", "id": "ZDI-08-072", "kind": "published", "published_date": "2008-11-04", "status": "published", "title": "Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-072/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-283", "zdi_id": "ZDI-08-072" }, { "cve": "CVE-2008-4801", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express for Microsoft SQL. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Data Protection f...", "detail_json": "/data/advisories/ZDI-08-071/advisory.json", "detail_path": "advisories/ZDI-08-071", "id": "ZDI-08-071", "kind": "published", "published_date": "2008-10-30", "status": "published", "title": "IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-071/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-321", "zdi_id": "ZDI-08-071" }, { "cve": "CVE-2008-4918", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or...", "detail_json": "/data/advisories/ZDI-08-070/advisory.json", "detail_path": "advisories/ZDI-08-070", "id": "ZDI-08-070", "kind": "published", "published_date": "2008-10-30", "status": "published", "title": "SonicWALL Content-Filtering Universal Script Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-070/", "vendor": "SonicWALL", "vendor_url": null, "zdi_can": "ZDI-CAN-350", "zdi_id": "ZDI-08-070" }, { "cve": "CVE-2008-3475", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-08-069/advisory.json", "detail_path": "advisories/ZDI-08-069", "id": "ZDI-08-069", "kind": "published", "published_date": "2008-10-14", "status": "published", "title": "Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-069/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-353", "zdi_id": "ZDI-08-069" }, { "cve": "CVE-2008-3471", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the victim to open the malformed BIFF (.xls) document. The specific flaw exists within the parsing of the BI...", "detail_json": "/data/advisories/ZDI-08-068/advisory.json", "detail_path": "advisories/ZDI-08-068", "id": "ZDI-08-068", "kind": "published", "published_date": "2008-10-14", "status": "published", "title": "Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-068/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-345", "zdi_id": "ZDI-08-068" }, { "cve": "CVE-2008-3641", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate...", "detail_json": "/data/advisories/ZDI-08-067/advisory.json", "detail_path": "advisories/ZDI-08-067", "id": "ZDI-08-067", "kind": "published", "published_date": "2008-10-09", "status": "published", "title": "Apple CUPS HP-GL/2 Filter Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-067/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-367", "zdi_id": "ZDI-08-067" }, { "cve": "CVE-2008-4480", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for...", "detail_json": "/data/advisories/ZDI-08-066/advisory.json", "detail_path": "advisories/ZDI-08-066", "id": "ZDI-08-066", "kind": "published", "published_date": "2008-10-08", "status": "published", "title": "Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-066/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-335", "zdi_id": "ZDI-08-066" }, { "cve": "CVE-2008-4478", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for...", "detail_json": "/data/advisories/ZDI-08-065/advisory.json", "detail_path": "advisories/ZDI-08-065", "id": "ZDI-08-065", "kind": "published", "published_date": "2008-10-08", "status": "published", "title": "Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-065/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-336", "zdi_id": "ZDI-08-065" }, { "cve": "CVE-2008-4479", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The...", "detail_json": "/data/advisories/ZDI-08-064/advisory.json", "detail_path": "advisories/ZDI-08-064", "id": "ZDI-08-064", "kind": "published", "published_date": "2008-10-08", "status": "published", "title": "Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-064/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-313", "zdi_id": "ZDI-08-064" }, { "cve": "CVE-2008-4478", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The...", "detail_json": "/data/advisories/ZDI-08-063/advisory.json", "detail_path": "advisories/ZDI-08-063", "id": "ZDI-08-063", "kind": "published", "published_date": "2008-10-08", "status": "published", "title": "Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-063/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-312", "zdi_id": "ZDI-08-063" }, { "cve": "CVE-2008-3627", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-062/advisory.json", "detail_path": "advisories/ZDI-08-062", "id": "ZDI-08-062", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-062/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-339", "zdi_id": "ZDI-08-062" }, { "cve": "CVE-2008-3627", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-061/advisory.json", "detail_path": "advisories/ZDI-08-061", "id": "ZDI-08-061", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-061/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-309", "zdi_id": "ZDI-08-061" }, { "cve": "CVE-2008-3627", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-060/advisory.json", "detail_path": "advisories/ZDI-08-060", "id": "ZDI-08-060", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-060/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-304", "zdi_id": "ZDI-08-060" }, { "cve": "CVE-2008-3626", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-059/advisory.json", "detail_path": "advisories/ZDI-08-059", "id": "ZDI-08-059", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-059/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-328", "zdi_id": "ZDI-08-059" }, { "cve": "CVE-2008-3625", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-058/advisory.json", "detail_path": "advisories/ZDI-08-058", "id": "ZDI-08-058", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-058/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-356", "zdi_id": "ZDI-08-058" }, { "cve": "CVE-2008-3635", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-08-057/advisory.json", "detail_path": "advisories/ZDI-08-057", "id": "ZDI-08-057", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-057/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-376", "zdi_id": "ZDI-08-057" }, { "cve": "CVE-2008-3013", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The spec...", "detail_json": "/data/advisories/ZDI-08-056/advisory.json", "detail_path": "advisories/ZDI-08-056", "id": "ZDI-08-056", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-056/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-249", "zdi_id": "ZDI-08-056" }, { "cve": "CVE-2008-3015", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subs...", "detail_json": "/data/advisories/ZDI-08-055/advisory.json", "detail_path": "advisories/ZDI-08-055", "id": "ZDI-08-055", "kind": "published", "published_date": "2008-09-09", "status": "published", "title": "Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-055/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-211", "zdi_id": "ZDI-08-055" }, { "cve": "CVE-2008-2927", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw e...", "detail_json": "/data/advisories/ZDI-08-054/advisory.json", "detail_path": "advisories/ZDI-08-054", "id": "ZDI-08-054", "kind": "published", "published_date": "2008-08-28", "status": "published", "title": "Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-054/", "vendor": "Adium, Pidgin", "vendor_url": null, "zdi_can": "ZDI-CAN-338", "zdi_id": "ZDI-08-054" }, { "cve": "CVE-2008-3703", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. T...", "detail_json": "/data/advisories/ZDI-08-053/advisory.json", "detail_path": "advisories/ZDI-08-053", "id": "ZDI-08-053", "kind": "published", "published_date": "2008-08-14", "status": "published", "title": "Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-053/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-359", "zdi_id": "ZDI-08-053" }, { "cve": "CVE-2008-2952", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerE...", "detail_json": "/data/advisories/ZDI-08-052/advisory.json", "detail_path": "advisories/ZDI-08-052", "id": "ZDI-08-052", "kind": "published", "published_date": "2008-08-14", "status": "published", "title": "OpenLDAP BER Decoding Remote DoS Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-052/", "vendor": "OpenLDAP Foundation", "vendor_url": null, "zdi_can": "ZDI-CAN-347", "zdi_id": "ZDI-08-052" }, { "cve": "CVE-2008-2258", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-08-051/advisory.json", "detail_path": "advisories/ZDI-08-051", "id": "ZDI-08-051", "kind": "published", "published_date": "2008-08-12", "status": "published", "title": "Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-051/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-308", "zdi_id": "ZDI-08-051" }, { "cve": "CVE-2008-2257", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-08-050/advisory.json", "detail_path": "advisories/ZDI-08-050", "id": "ZDI-08-050", "kind": "published", "published_date": "2008-08-12", "status": "published", "title": "Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-050/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-322", "zdi_id": "ZDI-08-050" }, { "cve": "CVE-2008-3021", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling o...", "detail_json": "/data/advisories/ZDI-08-049/advisory.json", "detail_path": "advisories/ZDI-08-049", "id": "ZDI-08-049", "kind": "published", "published_date": "2008-08-12", "status": "published", "title": "Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-049/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-103", "zdi_id": "ZDI-08-049" }, { "cve": "CVE-2008-3006", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsi...", "detail_json": "/data/advisories/ZDI-08-048/advisory.json", "detail_path": "advisories/ZDI-08-048", "id": "ZDI-08-048", "kind": "published", "published_date": "2008-08-12", "status": "published", "title": "Microsoft Excel COUNTRY Record Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-307", "zdi_id": "ZDI-08-048" }, { "cve": "CVE-2008-1309", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the fol...", "detail_json": "/data/advisories/ZDI-08-047/advisory.json", "detail_path": "advisories/ZDI-08-047", "id": "ZDI-08-047", "kind": "published", "published_date": "2008-07-25", "status": "published", "title": "RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-047/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-270", "zdi_id": "ZDI-08-047" }, { "cve": "CVE-2008-3066", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-08-046/advisory.json", "detail_path": "advisories/ZDI-08-046", "id": "ZDI-08-046", "kind": "published", "published_date": "2008-07-25", "status": "published", "title": "RealNetworks RealPlayer Library File Deletion Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-046/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-231", "zdi_id": "ZDI-08-046" }, { "cve": "CVE-2008-2317", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbag...", "detail_json": "/data/advisories/ZDI-08-045/advisory.json", "detail_path": "advisories/ZDI-08-045", "id": "ZDI-08-045", "kind": "published", "published_date": "2008-07-25", "status": "published", "title": "Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-045/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-332", "zdi_id": "ZDI-08-045" }, { "cve": "CVE-2008-2785", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the bro...", "detail_json": "/data/advisories/ZDI-08-044/advisory.json", "detail_path": "advisories/ZDI-08-044", "id": "ZDI-08-044", "kind": "published", "published_date": "2008-07-17", "status": "published", "title": "Mozilla Firefox CSSValue Array Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-044/", "vendor": "Mozilla Firefox, Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-349", "zdi_id": "ZDI-08-044" }, { "cve": "CVE-2008-3111", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-08-043/advisory.json", "detail_path": "advisories/ZDI-08-043", "id": "ZDI-08-043", "kind": "published", "published_date": "2008-07-17", "status": "published", "title": "Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-043/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-287", "zdi_id": "ZDI-08-043" }, { "cve": "CVE-2008-3112", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-08-042/advisory.json", "detail_path": "advisories/ZDI-08-042", "id": "ZDI-08-042", "kind": "published", "published_date": "2008-07-17", "status": "published", "title": "Sun Java Web Start Sandbox Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-042/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-315", "zdi_id": "ZDI-08-042" }, { "cve": "CVE-2008-3159", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. F...", "detail_json": "/data/advisories/ZDI-08-041/advisory.json", "detail_path": "advisories/ZDI-08-041", "id": "ZDI-08-041", "kind": "published", "published_date": "2008-07-10", "status": "published", "title": "Novell eDirectory dhost Integer Overflow Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-041/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-276", "zdi_id": "ZDI-08-041" }, { "cve": "CVE-2008-1444", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spec...", "detail_json": "/data/advisories/ZDI-08-040/advisory.json", "detail_path": "advisories/ZDI-08-040", "id": "ZDI-08-040", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-040/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-281", "zdi_id": "ZDI-08-040" }, { "cve": "CVE-2008-1442", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific fl...", "detail_json": "/data/advisories/ZDI-08-039/advisory.json", "detail_path": "advisories/ZDI-08-039", "id": "ZDI-08-039", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "Microsoft Internet Explorer DOM Object substringData() Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-039/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-269", "zdi_id": "ZDI-08-039" }, { "cve": "CVE-2008-1585", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the hand...", "detail_json": "/data/advisories/ZDI-08-038/advisory.json", "detail_path": "advisories/ZDI-08-038", "id": "ZDI-08-038", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-038/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-326", "zdi_id": "ZDI-08-038" }, { "cve": "CVE-2008-1584", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-037/advisory.json", "detail_path": "advisories/ZDI-08-037", "id": "ZDI-08-037", "kind": "published", "published_date": "2008-06-10", "status": "published", "title": "Apple QuickTime Indeo Video Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-037/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-297", "zdi_id": "ZDI-08-037" }, { "cve": "CVE-2008-2541", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service...", "detail_json": "/data/advisories/ZDI-08-036/advisory.json", "detail_path": "advisories/ZDI-08-036", "id": "ZDI-08-036", "kind": "published", "published_date": "2008-06-04", "status": "published", "title": "CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-036/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-341", "zdi_id": "ZDI-08-036" }, { "cve": "CVE-2008-2541", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service...", "detail_json": "/data/advisories/ZDI-08-035/advisory.json", "detail_path": "advisories/ZDI-08-035", "id": "ZDI-08-035", "kind": "published", "published_date": "2008-06-04", "status": "published", "title": "CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-035/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-340", "zdi_id": "ZDI-08-035" }, { "cve": "CVE-2008-1661", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard StorageWorks Storage Mirroring. Authentication is not required to exploit this vulnerability. The specific flaw exists in the DoubleTake.exe pr...", "detail_json": "/data/advisories/ZDI-08-034/advisory.json", "detail_path": "advisories/ZDI-08-034", "id": "ZDI-08-034", "kind": "published", "published_date": "2008-06-04", "status": "published", "title": "Hewlett-Packard StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-034/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-185", "zdi_id": "ZDI-08-034" }, { "cve": "CVE-2008-2548", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS. The specific...", "detail_json": "/data/advisories/ZDI-08-033/advisory.json", "detail_path": "advisories/ZDI-08-033", "id": "ZDI-08-033", "kind": "published", "published_date": "2008-05-27", "status": "published", "title": "Motorola RAZR JPG Processing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-033/", "vendor": "Motorola", "vendor_url": null, "zdi_can": "ZDI-CAN-222", "zdi_id": "ZDI-08-033" }, { "cve": "CVE-2007-0071", "cvss": null, "cvss_vector": null, "description_snippet": "TippingPoint Note: This issue was originally disclosed on April 8, 2008 as ZDI-08-022 but due to an error on our behalf the original advisory was clobbered and is now being re-released as ZDI-08-032. This vulnerability allows attackers to execute arbitrary co...", "detail_json": "/data/advisories/ZDI-08-032/advisory.json", "detail_path": "advisories/ZDI-08-032", "id": "ZDI-08-032", "kind": "published", "published_date": "2008-05-22", "status": "published", "title": "Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-032/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-280", "zdi_id": "ZDI-08-032" }, { "cve": "CVE-2008-2409", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the header parsing code for the ms...", "detail_json": "/data/advisories/ZDI-08-031/advisory.json", "detail_path": "advisories/ZDI-08-031", "id": "ZDI-08-031", "kind": "published", "published_date": "2008-05-21", "status": "published", "title": "Trillian MSN MIME Header Stack-Based Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-031/", "vendor": "Cerulean Studios", "vendor_url": null, "zdi_can": "ZDI-CAN-323", "zdi_id": "ZDI-08-031" }, { "cve": "CVE-2008-2408", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within XML parsing in talk.dll. When proc...", "detail_json": "/data/advisories/ZDI-08-030/advisory.json", "detail_path": "advisories/ZDI-08-030", "id": "ZDI-08-030", "kind": "published", "published_date": "2008-05-21", "status": "published", "title": "Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-030/", "vendor": "Cerulean Studios", "vendor_url": null, "zdi_can": "ZDI-CAN-311", "zdi_id": "ZDI-08-030" }, { "cve": "CVE-2008-2407", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trillian. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaws exists during the...", "detail_json": "/data/advisories/ZDI-08-029/advisory.json", "detail_path": "advisories/ZDI-08-029", "id": "ZDI-08-029", "kind": "published", "published_date": "2008-05-21", "status": "published", "title": "Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-029/", "vendor": "Cerulean Studios", "vendor_url": null, "zdi_can": "ZDI-CAN-275", "zdi_id": "ZDI-08-029" }, { "cve": "CVE-2008-2499", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Servic...", "detail_json": "/data/advisories/ZDI-08-028/advisory.json", "detail_path": "advisories/ZDI-08-028", "id": "ZDI-08-028", "kind": "published", "published_date": "2008-05-21", "status": "published", "title": "IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-028/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-247", "zdi_id": "ZDI-08-028" }, { "cve": "CVE-2008-2241", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during...", "detail_json": "/data/advisories/ZDI-08-027/advisory.json", "detail_path": "advisories/ZDI-08-027", "id": "ZDI-08-027", "kind": "published", "published_date": "2008-05-19", "status": "published", "title": "CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-027/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-088", "zdi_id": "ZDI-08-027" }, { "cve": "CVE-2008-2242", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allws attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in th...", "detail_json": "/data/advisories/ZDI-08-026/advisory.json", "detail_path": "advisories/ZDI-08-026", "id": "ZDI-08-026", "kind": "published", "published_date": "2008-05-19", "status": "published", "title": "CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-026/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-063", "zdi_id": "ZDI-08-026" }, { "cve": "CVE-2008-2291", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulne...", "detail_json": "/data/advisories/ZDI-08-025/advisory.json", "detail_path": "advisories/ZDI-08-025", "id": "ZDI-08-025", "kind": "published", "published_date": "2008-05-15", "status": "published", "title": "Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-025/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-291", "zdi_id": "ZDI-08-025" }, { "cve": "CVE-2008-2286", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listeni...", "detail_json": "/data/advisories/ZDI-08-024/advisory.json", "detail_path": "advisories/ZDI-08-024", "id": "ZDI-08-024", "kind": "published", "published_date": "2008-05-15", "status": "published", "title": "Symantec Altiris Deployment Solution SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-024/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-290", "zdi_id": "ZDI-08-024" }, { "cve": "CVE-2008-1091", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a...", "detail_json": "/data/advisories/ZDI-08-023/advisory.json", "detail_path": "advisories/ZDI-08-023", "id": "ZDI-08-023", "kind": "published", "published_date": "2008-05-13", "status": "published", "title": "Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-023/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-284", "zdi_id": "ZDI-08-023" }, { "cve": "CVE-2008-1026", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regula...", "detail_json": "/data/advisories/ZDI-08-022/advisory.json", "detail_path": "advisories/ZDI-08-022", "id": "ZDI-08-022", "kind": "published", "published_date": "2008-04-16", "status": "published", "title": "Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-022/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-303", "zdi_id": "ZDI-08-022" }, { "cve": "CVE-2007-6019", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Flash player attempts to access embe...", "detail_json": "/data/advisories/ZDI-08-021/advisory.json", "detail_path": "advisories/ZDI-08-021", "id": "ZDI-08-021", "kind": "published", "published_date": "2008-04-08", "status": "published", "title": "Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-021/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-277", "zdi_id": "ZDI-08-021" }, { "cve": "CVE-2008-1083", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the pa...", "detail_json": "/data/advisories/ZDI-08-020/advisory.json", "detail_path": "advisories/ZDI-08-020", "id": "ZDI-08-020", "kind": "published", "published_date": "2008-04-08", "status": "published", "title": "Microsoft GDI WMF Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-020/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-295", "zdi_id": "ZDI-08-020" }, { "cve": "CVE-2008-1022", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the pars...", "detail_json": "/data/advisories/ZDI-08-019/advisory.json", "detail_path": "advisories/ZDI-08-019", "id": "ZDI-08-019", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-019/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-272", "zdi_id": "ZDI-08-019" }, { "cve": "CVE-2008-1021", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-018/advisory.json", "detail_path": "advisories/ZDI-08-018", "id": "ZDI-08-018", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple QuickTime Run Length Encoding Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-018/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-296", "zdi_id": "ZDI-08-018" }, { "cve": "CVE-2008-1020", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-017/advisory.json", "detail_path": "advisories/ZDI-08-017", "id": "ZDI-08-017", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple QuickTime Kodak Encoding Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-017/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-289", "zdi_id": "ZDI-08-017" }, { "cve": "CVE-2008-1018", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the par...", "detail_json": "/data/advisories/ZDI-08-016/advisory.json", "detail_path": "advisories/ZDI-08-016", "id": "ZDI-08-016", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-016/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-285", "zdi_id": "ZDI-08-016" }, { "cve": "CVE-2008-1017", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...", "detail_json": "/data/advisories/ZDI-08-015/advisory.json", "detail_path": "advisories/ZDI-08-015", "id": "ZDI-08-015", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple QuickTime Clipping Region Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-015/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-292", "zdi_id": "ZDI-08-015" }, { "cve": "CVE-2008-1019", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quic...", "detail_json": "/data/advisories/ZDI-08-014/advisory.json", "detail_path": "advisories/ZDI-08-014", "id": "ZDI-08-014", "kind": "published", "published_date": "2008-04-03", "status": "published", "title": "Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-014/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-267", "zdi_id": "ZDI-08-014" }, { "cve": "CVE-2008-0924", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP...", "detail_json": "/data/advisories/ZDI-08-013/advisory.json", "detail_path": "advisories/ZDI-08-013", "id": "ZDI-08-013", "kind": "published", "published_date": "2008-03-26", "status": "published", "title": "Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-013/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-214", "zdi_id": "ZDI-08-013" }, { "cve": "CVE-2008-0727", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vuln...", "detail_json": "/data/advisories/ZDI-08-012/advisory.json", "detail_path": "advisories/ZDI-08-012", "id": "ZDI-08-012", "kind": "published", "published_date": "2008-03-13", "status": "published", "title": "IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-012/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-255", "zdi_id": "ZDI-08-012" }, { "cve": "CVE-2008-0727", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is required in that an attacker must...", "detail_json": "/data/advisories/ZDI-08-011/advisory.json", "detail_path": "advisories/ZDI-08-011", "id": "ZDI-08-011", "kind": "published", "published_date": "2008-03-13", "status": "published", "title": "IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-011/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-254", "zdi_id": "ZDI-08-011" }, { "cve": "CVE-2008-1188", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-08-010/advisory.json", "detail_path": "advisories/ZDI-08-010", "id": "ZDI-08-010", "kind": "published", "published_date": "2008-03-12", "status": "published", "title": "Java Web Start encoding Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-010/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-235", "zdi_id": "ZDI-08-010" }, { "cve": "CVE-2008-1188", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-08-009/advisory.json", "detail_path": "advisories/ZDI-08-009", "id": "ZDI-08-009", "kind": "published", "published_date": "2008-03-12", "status": "published", "title": "Java Web Start tempbuff Stack Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-009/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-234", "zdi_id": "ZDI-08-009" }, { "cve": "CVE-2008-0113", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of...", "detail_json": "/data/advisories/ZDI-08-008/advisory.json", "detail_path": "advisories/ZDI-08-008", "id": "ZDI-08-008", "kind": "published", "published_date": "2008-03-11", "status": "published", "title": "Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-008/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-195", "zdi_id": "ZDI-08-008" }, { "cve": "CVE-2008-0638", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec VERITAS Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Administrator service, vxsvc.exe,...", "detail_json": "/data/advisories/ZDI-08-007/advisory.json", "detail_path": "advisories/ZDI-08-007", "id": "ZDI-08-007", "kind": "published", "published_date": "2008-02-20", "status": "published", "title": "Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-007/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-227", "zdi_id": "ZDI-08-007" }, { "cve": "CVE-2008-0077", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-08-006/advisory.json", "detail_path": "advisories/ZDI-08-006", "id": "ZDI-08-006", "kind": "published", "published_date": "2008-02-12", "status": "published", "title": "Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-006/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-243", "zdi_id": "ZDI-08-006" }, { "cve": "CVE-2008-0639", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsi...", "detail_json": "/data/advisories/ZDI-08-005/advisory.json", "detail_path": "advisories/ZDI-08-005", "id": "ZDI-08-005", "kind": "published", "published_date": "2008-02-11", "status": "published", "title": "Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-005/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-266", "zdi_id": "ZDI-08-005" }, { "cve": "CVE-2008-0726", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a mali...", "detail_json": "/data/advisories/ZDI-08-004/advisory.json", "detail_path": "advisories/ZDI-08-004", "id": "ZDI-08-004", "kind": "published", "published_date": "2008-02-11", "status": "published", "title": "Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-004/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-262", "zdi_id": "ZDI-08-004" }, { "cve": "CVE-2008-0457", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the FileUpload class ru...", "detail_json": "/data/advisories/ZDI-08-003/advisory.json", "detail_path": "advisories/ZDI-08-003", "id": "ZDI-08-003", "kind": "published", "published_date": "2008-02-06", "status": "published", "title": "Symantec Backup Exec Remote File Upload Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-003/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-253", "zdi_id": "ZDI-08-003" }, { "cve": "CVE-2008-0356", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Independent Management Architecture service...", "detail_json": "/data/advisories/ZDI-08-002/advisory.json", "detail_path": "advisories/ZDI-08-002", "id": "ZDI-08-002", "kind": "published", "published_date": "2008-01-17", "status": "published", "title": "Citrix Metaframe Presentation Server IMA Service Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-002/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-212", "zdi_id": "ZDI-08-002" }, { "cve": "CVE-2008-0247", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service,...", "detail_json": "/data/advisories/ZDI-08-001/advisory.json", "detail_path": "advisories/ZDI-08-001", "id": "ZDI-08-001", "kind": "published", "published_date": "2008-01-14", "status": "published", "title": "IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-08-001/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-196", "zdi_id": "ZDI-08-001" }, { "cve": null, "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of TippingPoint IPS and Juniper ScreenOS. Authentication is required to exploit this vulnerability. The specific flaw exists in the web-based administrative console of t...", "detail_json": "/data/advisories/ZDI-07-080/advisory.json", "detail_path": "advisories/ZDI-07-080", "id": "ZDI-07-080", "kind": "published", "published_date": "2010-01-27", "status": "published", "title": "Multiple Vendor Web Console Privilege Escalation Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-080/", "vendor": "3Com TippingPoint, Juniper", "vendor_url": null, "zdi_can": "ZDI-CAN-173", "zdi_id": "ZDI-07-080" }, { "cve": "CVE-2007-6195", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard HP-UX operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function sw_rpc_agent...", "detail_json": "/data/advisories/ZDI-07-079/advisory.json", "detail_path": "advisories/ZDI-07-079", "id": "ZDI-07-079", "kind": "published", "published_date": "2007-12-17", "status": "published", "title": "Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-079/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-201", "zdi_id": "ZDI-07-079" }, { "cve": "CVE-2007-6281", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of St. Bernard Open File Manager. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Open File Manager service, ofmnt.exe, wh...", "detail_json": "/data/advisories/ZDI-07-078/advisory.json", "detail_path": "advisories/ZDI-07-078", "id": "ZDI-07-078", "kind": "published", "published_date": "2007-12-17", "status": "published", "title": "St. Bernard Open File Manager Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-078/", "vendor": "St. Bernard", "vendor_url": null, "zdi_can": "ZDI-CAN-225", "zdi_id": "ZDI-07-078" }, { "cve": "CVE-2007-6507", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the SpntSvc.exe daemon, bound by default on...", "detail_json": "/data/advisories/ZDI-07-077/advisory.json", "detail_path": "advisories/ZDI-07-077", "id": "ZDI-07-077", "kind": "published", "published_date": "2007-12-17", "status": "published", "title": "Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-077/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-157", "zdi_id": "ZDI-07-077" }, { "cve": "CVE-2007-3039", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC i...", "detail_json": "/data/advisories/ZDI-07-076/advisory.json", "detail_path": "advisories/ZDI-07-076", "id": "ZDI-07-076", "kind": "published", "published_date": "2007-12-11", "status": "published", "title": "Microsoft Windows Message Queuing Service Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-076/", "vendor": "Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-178", "zdi_id": "ZDI-07-076" }, { "cve": "CVE-2007-5344", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-07-075/advisory.json", "detail_path": "advisories/ZDI-07-075", "id": "ZDI-07-075", "kind": "published", "published_date": "2007-12-11", "status": "published", "title": "Microsoft Internet Explorer Element Tags Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-075/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-230", "zdi_id": "ZDI-07-075" }, { "cve": "CVE-2007-3903", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to imprope...", "detail_json": "/data/advisories/ZDI-07-074/advisory.json", "detail_path": "advisories/ZDI-07-074", "id": "ZDI-07-074", "kind": "published", "published_date": "2007-12-11", "status": "published", "title": "Microsoft Internet Explorer Node Manipulation Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-074/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-189", "zdi_id": "ZDI-07-074" }, { "cve": "CVE-2007-3902", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-07-073/advisory.json", "detail_path": "advisories/ZDI-07-073", "id": "ZDI-07-073", "kind": "published", "published_date": "2007-12-11", "status": "published", "title": "Microsoft Internet Explorer setExpression Code Execution Vulnerability", "updated_date": "2020-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-073/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-229", "zdi_id": "ZDI-07-073" }, { "cve": "CVE-2007-6302", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP p...", "detail_json": "/data/advisories/ZDI-07-072/advisory.json", "detail_path": "advisories/ZDI-07-072", "id": "ZDI-07-072", "kind": "published", "published_date": "2007-12-10", "status": "published", "title": "Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-072/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-162", "zdi_id": "ZDI-07-072" }, { "cve": "CVE-2007-6204", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within t...", "detail_json": "/data/advisories/ZDI-07-071/advisory.json", "detail_path": "advisories/ZDI-07-071", "id": "ZDI-07-071", "kind": "published", "published_date": "2007-12-06", "status": "published", "title": "Hewlett-Packard OpenView Network Node Manager Multiple CGI Buffer Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-071/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-111", "zdi_id": "ZDI-07-071" }, { "cve": "CVE-2007-5989", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the 'skype4co...", "detail_json": "/data/advisories/ZDI-07-070/advisory.json", "detail_path": "advisories/ZDI-07-070", "id": "ZDI-07-070", "kind": "published", "published_date": "2007-12-06", "status": "published", "title": "Skype URI Handler Remote Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-070/", "vendor": "Skype", "vendor_url": null, "zdi_can": "ZDI-CAN-236", "zdi_id": "ZDI-07-070" }, { "cve": "CVE-2007-5328", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to arbitrarily access and modify the file system and registry of vulnerable installations of Computer Associates BrightStor ARCserve Backup. Authentication is not required to exploit this vulnerability. The specific flaws e...", "detail_json": "/data/advisories/ZDI-07-069/advisory.json", "detail_path": "advisories/ZDI-07-069", "id": "ZDI-07-069", "kind": "published", "published_date": "2007-11-26", "status": "published", "title": "CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-069/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-143", "zdi_id": "ZDI-07-069" }, { "cve": "CVE-2007-4672", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in th...", "detail_json": "/data/advisories/ZDI-07-068/advisory.json", "detail_path": "advisories/ZDI-07-068", "id": "ZDI-07-068", "kind": "published", "published_date": "2007-11-05", "status": "published", "title": "Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-068/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-242", "zdi_id": "ZDI-07-068" }, { "cve": "CVE-2007-4676", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-07-067/advisory.json", "detail_path": "advisories/ZDI-07-067", "id": "ZDI-07-067", "kind": "published", "published_date": "2007-11-05", "status": "published", "title": "Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-067/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-241", "zdi_id": "ZDI-07-067" }, { "cve": "CVE-2007-4676", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-07-066/advisory.json", "detail_path": "advisories/ZDI-07-066", "id": "ZDI-07-066", "kind": "published", "published_date": "2007-11-05", "status": "published", "title": "Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-066/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-240", "zdi_id": "ZDI-07-066" }, { "cve": "CVE-2007-4677", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the pars...", "detail_json": "/data/advisories/ZDI-07-065/advisory.json", "detail_path": "advisories/ZDI-07-065", "id": "ZDI-07-065", "kind": "published", "published_date": "2007-11-05", "status": "published", "title": "Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-065/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-239", "zdi_id": "ZDI-07-065" }, { "cve": "CVE-2007-5767", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell software which utilize the Novell Client Trust. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Novell Cli...", "detail_json": "/data/advisories/ZDI-07-064/advisory.json", "detail_path": "advisories/ZDI-07-064", "id": "ZDI-07-064", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "Novell Client Trust Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-064/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-199", "zdi_id": "ZDI-07-064" }, { "cve": "CVE-2007-2264", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of...", "detail_json": "/data/advisories/ZDI-07-063/advisory.json", "detail_path": "advisories/ZDI-07-063", "id": "ZDI-07-063", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "RealPlayer RA Field Size File Processing Heap Overflow Vulnerability", "updated_date": "2023-09-20", "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-063/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-150", "zdi_id": "ZDI-07-063" }, { "cve": "CVE-2007-4599", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of cor...", "detail_json": "/data/advisories/ZDI-07-062/advisory.json", "detail_path": "advisories/ZDI-07-062", "id": "ZDI-07-062", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "RealNetworks RealPlayer PLS File Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-062/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-148", "zdi_id": "ZDI-07-062" }, { "cve": "CVE-2007-2263", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...", "detail_json": "/data/advisories/ZDI-07-061/advisory.json", "detail_path": "advisories/ZDI-07-061", "id": "ZDI-07-061", "kind": "published", "published_date": "2007-11-02", "status": "published", "title": "RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-061/", "vendor": "RealNetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-141", "zdi_id": "ZDI-07-061" }, { "cve": "CVE-2007-5413", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...", "detail_json": "/data/advisories/ZDI-07-060/advisory.json", "detail_path": "advisories/ZDI-07-060", "id": "ZDI-07-060", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "Hewlett-Packard OpenView Radia Integration Server File System Exposure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-060/", "vendor": "Hewlett-Packard", "vendor_url": null, "zdi_can": "ZDI-CAN-134", "zdi_id": "ZDI-07-060" }, { "cve": "CVE-2007-5909", "cvss": null, "cvss_vector": null, "description_snippet": "Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the a...", "detail_json": "/data/advisories/ZDI-07-059/advisory.json", "detail_path": "advisories/ZDI-07-059", "id": "ZDI-07-059", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "Verity KeyView SDK Multiple File Format Parsing Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-059/", "vendor": "IBM, Verity", "vendor_url": null, "zdi_can": "ZDI-CAN-047", "zdi_id": "ZDI-07-059" }, { "cve": "CVE-2007-5766", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the okxLOV.jsp page in the Administration cons...", "detail_json": "/data/advisories/ZDI-07-058/advisory.json", "detail_path": "advisories/ZDI-07-058", "id": "ZDI-07-058", "kind": "published", "published_date": "2007-10-31", "status": "published", "title": "Oracle E-Business Suite SQL Injection Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-058/", "vendor": "Oracle / PeopleSoft", "vendor_url": null, "zdi_can": "ZDI-CAN-159", "zdi_id": "ZDI-07-058" }, { "cve": "CVE-2007-4992", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which bin...", "detail_json": "/data/advisories/ZDI-07-057/advisory.json", "detail_path": "advisories/ZDI-07-057", "id": "ZDI-07-057", "kind": "published", "published_date": "2007-10-10", "status": "published", "title": "Firebird process_packet() Remote Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-057/", "vendor": "Firebird", "vendor_url": null, "zdi_can": "ZDI-CAN-237", "zdi_id": "ZDI-07-057" }, { "cve": "CVE-2007-2582", "cvss": null, "cvss_vector": null, "description_snippet": "The most severe of these vulnerabilities allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2 Universal Database. Authentication is not required to exploit these vulnerabilities. The first flaw exists in the DB2JDS service...", "detail_json": "/data/advisories/ZDI-07-056/advisory.json", "detail_path": "advisories/ZDI-07-056", "id": "ZDI-07-056", "kind": "published", "published_date": "2007-10-10", "status": "published", "title": "IBM DB2 DB2JDS Multiple Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-056/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-125", "zdi_id": "ZDI-07-056" }, { "cve": "CVE-2007-2228", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.d...", "detail_json": "/data/advisories/ZDI-07-055/advisory.json", "detail_path": "advisories/ZDI-07-055", "id": "ZDI-07-055", "kind": "published", "published_date": "2007-10-10", "status": "published", "title": "Microsoft Windows DCERPC Authentication Denial of Service Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-055/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-164", "zdi_id": "ZDI-07-055" }, { "cve": "CVE-2007-4880", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by d...", "detail_json": "/data/advisories/ZDI-07-054/advisory.json", "detail_path": "advisories/ZDI-07-054", "id": "ZDI-07-054", "kind": "published", "published_date": "2007-09-24", "status": "published", "title": "IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-054/", "vendor": "IBM, IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-188", "zdi_id": "ZDI-07-054" }, { "cve": "CVE-2007-4991", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. Authentication is not required to exploit this vulnerability. This specific flaw exists when an empty packet is sent to...", "detail_json": "/data/advisories/ZDI-07-053/advisory.json", "detail_path": "advisories/ZDI-07-053", "id": "ZDI-07-053", "kind": "published", "published_date": "2007-09-20", "status": "published", "title": "Microsoft ISA Server SOCKS4 Proxy Connection Leakage Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-053/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-018", "zdi_id": "ZDI-07-053" }, { "cve": "CVE-2007-3999", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauth_gss_validate() function. By sending a large...", "detail_json": "/data/advisories/ZDI-07-052/advisory.json", "detail_path": "advisories/ZDI-07-052", "id": "ZDI-07-052", "kind": "published", "published_date": "2007-09-12", "status": "published", "title": "Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-052/", "vendor": "MIT", "vendor_url": null, "zdi_can": "ZDI-CAN-208", "zdi_id": "ZDI-07-052" }, { "cve": "CVE-2007-4731", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange() exported by...", "detail_json": "/data/advisories/ZDI-07-051/advisory.json", "detail_path": "advisories/ZDI-07-051", "id": "ZDI-07-051", "kind": "published", "published_date": "2007-09-07", "status": "published", "title": "Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-051/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-217", "zdi_id": "ZDI-07-051" }, { "cve": "CVE-2007-4218", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw is exposed through the RPC interface bound on TCP po...", "detail_json": "/data/advisories/ZDI-07-050/advisory.json", "detail_path": "advisories/ZDI-07-050", "id": "ZDI-07-050", "kind": "published", "published_date": "2007-09-07", "status": "published", "title": "Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-050/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-215", "zdi_id": "ZDI-07-050" }, { "cve": "CVE-2007-3618", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The...", "detail_json": "/data/advisories/ZDI-07-049/advisory.json", "detail_path": "advisories/ZDI-07-049", "id": "ZDI-07-049", "kind": "published", "published_date": "2007-08-20", "status": "published", "title": "EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-049/", "vendor": "EMC", "vendor_url": null, "zdi_can": "ZDI-CAN-170", "zdi_id": "ZDI-07-049" }, { "cve": "CVE-2007-2223", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists...", "detail_json": "/data/advisories/ZDI-07-048/advisory.json", "detail_path": "advisories/ZDI-07-048", "id": "ZDI-07-048", "kind": "published", "published_date": "2007-08-14", "status": "published", "title": "Microsoft Internet Explorer substringData Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-096", "zdi_id": "ZDI-07-048" }, { "cve": "CVE-2007-3035", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-07-047/advisory.json", "detail_path": "advisories/ZDI-07-047", "id": "ZDI-07-047", "kind": "published", "published_date": "2007-08-14", "status": "published", "title": "Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-047/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-198", "zdi_id": "ZDI-07-047" }, { "cve": "CVE-2007-3037", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Th...", "detail_json": "/data/advisories/ZDI-07-046/advisory.json", "detail_path": "advisories/ZDI-07-046", "id": "ZDI-07-046", "kind": "published", "published_date": "2007-08-14", "status": "published", "title": "Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-046/", "vendor": "Microsoft, Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-182", "zdi_id": "ZDI-07-046" }, { "cve": "CVE-2007-2954", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsi...", "detail_json": "/data/advisories/ZDI-07-045/advisory.json", "detail_path": "advisories/ZDI-07-045", "id": "ZDI-07-045", "kind": "published", "published_date": "2007-08-06", "status": "published", "title": "Novell Client NWSPOOL.DLL Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-045/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-146", "zdi_id": "ZDI-07-045" }, { "cve": "CVE-2007-3911", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. The specific flaw exists both within the scheduler client...", "detail_json": "/data/advisories/ZDI-07-044/advisory.json", "detail_path": "advisories/ZDI-07-044", "id": "ZDI-07-044", "kind": "published", "published_date": "2007-07-25", "status": "published", "title": "BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-044/", "vendor": "BakBone", "vendor_url": null, "zdi_can": "ZDI-CAN-147", "zdi_id": "ZDI-07-044" }, { "cve": "CVE-2007-2795", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing...", "detail_json": "/data/advisories/ZDI-07-043/advisory.json", "detail_path": "advisories/ZDI-07-043", "id": "ZDI-07-043", "kind": "published", "published_date": "2007-07-19", "status": "published", "title": "Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-043/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-179", "zdi_id": "ZDI-07-043" }, { "cve": "CVE-2007-2795", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability. The specific flaw resides in IMailsec.dll while attempting to authenticat...", "detail_json": "/data/advisories/ZDI-07-042/advisory.json", "detail_path": "advisories/ZDI-07-042", "id": "ZDI-07-042", "kind": "published", "published_date": "2007-07-19", "status": "published", "title": "Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-042/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-166", "zdi_id": "ZDI-07-042" }, { "cve": "CVE-2007-3026", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panda AdminSecure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AdminSecure agent which binds by default to...", "detail_json": "/data/advisories/ZDI-07-041/advisory.json", "detail_path": "advisories/ZDI-07-041", "id": "ZDI-07-041", "kind": "published", "published_date": "2007-07-20", "status": "published", "title": "Panda Software AdminSecure Agent Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-041/", "vendor": "Panda Software", "vendor_url": null, "zdi_can": "ZDI-CAN-127", "zdi_id": "ZDI-07-041" }, { "cve": "CVE-2007-0447", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning...", "detail_json": "/data/advisories/ZDI-07-040/advisory.json", "detail_path": "advisories/ZDI-07-040", "id": "ZDI-07-040", "kind": "published", "published_date": "2007-07-12", "status": "published", "title": "Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-040/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-124", "zdi_id": "ZDI-07-040" }, { "cve": "CVE-2007-3699", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_...", "detail_json": "/data/advisories/ZDI-07-039/advisory.json", "detail_path": "advisories/ZDI-07-039", "id": "ZDI-07-039", "kind": "published", "published_date": "2007-07-12", "status": "published", "title": "Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-039/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-097", "zdi_id": "ZDI-07-039" }, { "cve": "CVE-2007-1751", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically expos...", "detail_json": "/data/advisories/ZDI-07-038/advisory.json", "detail_path": "advisories/ZDI-07-038", "id": "ZDI-07-038", "kind": "published", "published_date": "2007-06-12", "status": "published", "title": "Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-038/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-168", "zdi_id": "ZDI-07-038" }, { "cve": "CVE-2007-3027", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in ro...", "detail_json": "/data/advisories/ZDI-07-037/advisory.json", "detail_path": "advisories/ZDI-07-037", "id": "ZDI-07-037", "kind": "published", "published_date": "2007-06-12", "status": "published", "title": "Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-037/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-119", "zdi_id": "ZDI-07-037" }, { "cve": "CVE-2007-2796", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option i...", "detail_json": "/data/advisories/ZDI-07-036/advisory.json", "detail_path": "advisories/ZDI-07-036", "id": "ZDI-07-036", "kind": "published", "published_date": "2007-06-11", "status": "published", "title": "Arris Cadant C3 CMTS Remote DoS Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-036/", "vendor": "Arris", "vendor_url": null, "zdi_can": "ZDI-CAN-149", "zdi_id": "ZDI-07-036" }, { "cve": "CVE-2007-2864", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined \"coffFiles\" field in .CAB archives. Large values...", "detail_json": "/data/advisories/ZDI-07-035/advisory.json", "detail_path": "advisories/ZDI-07-035", "id": "ZDI-07-035", "kind": "published", "published_date": "2007-06-05", "status": "published", "title": "CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-035/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-154", "zdi_id": "ZDI-07-035" }, { "cve": "CVE-2007-2863", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete...", "detail_json": "/data/advisories/ZDI-07-034/advisory.json", "detail_path": "advisories/ZDI-07-034", "id": "ZDI-07-034", "kind": "published", "published_date": "2007-06-05", "status": "published", "title": "CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-034/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-123", "zdi_id": "ZDI-07-034" }, { "cve": "CVE-2007-2446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing...", "detail_json": "/data/advisories/ZDI-07-033/advisory.json", "detail_path": "advisories/ZDI-07-033", "id": "ZDI-07-033", "kind": "published", "published_date": "2007-07-11", "status": "published", "title": "Samba lsa_io_trans_names Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-033/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-197", "zdi_id": "ZDI-07-033" }, { "cve": "CVE-2007-2446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the SRVSVC RPC interface. When parsi...", "detail_json": "/data/advisories/ZDI-07-032/advisory.json", "detail_path": "advisories/ZDI-07-032", "id": "ZDI-07-032", "kind": "published", "published_date": "2007-07-11", "status": "published", "title": "Samba sec_io_acl Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-032/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-194", "zdi_id": "ZDI-07-032" }, { "cve": "CVE-2007-2446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the SPOOLSS RPC interface. When pars...", "detail_json": "/data/advisories/ZDI-07-031/advisory.json", "detail_path": "advisories/ZDI-07-031", "id": "ZDI-07-031", "kind": "published", "published_date": "2007-07-11", "status": "published", "title": "Samba smb_io_notify_option_type_data Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-031/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-193", "zdi_id": "ZDI-07-031" }, { "cve": "CVE-2007-2446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the DFS RPC interface. When parsing...", "detail_json": "/data/advisories/ZDI-07-030/advisory.json", "detail_path": "advisories/ZDI-07-030", "id": "ZDI-07-030", "kind": "published", "published_date": "2007-07-11", "status": "published", "title": "Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-030/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-192", "zdi_id": "ZDI-07-030" }, { "cve": "CVE-2007-2446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing...", "detail_json": "/data/advisories/ZDI-07-029/advisory.json", "detail_path": "advisories/ZDI-07-029", "id": "ZDI-07-029", "kind": "published", "published_date": "2007-07-11", "status": "published", "title": "Samba lsa_io_privilege_set Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-029/", "vendor": "Samba", "vendor_url": null, "zdi_can": "ZDI-CAN-191", "zdi_id": "ZDI-07-029" }, { "cve": "CVE-2007-2522", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates AntiVirus Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the authentication function of the i...", "detail_json": "/data/advisories/ZDI-07-028/advisory.json", "detail_path": "advisories/ZDI-07-028", "id": "ZDI-07-028", "kind": "published", "published_date": "2007-05-10", "status": "published", "title": "CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-028/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-104", "zdi_id": "ZDI-07-028" }, { "cve": "CVE-2007-0944", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exist...", "detail_json": "/data/advisories/ZDI-07-027/advisory.json", "detail_path": "advisories/ZDI-07-027", "id": "ZDI-07-027", "kind": "published", "published_date": "2007-05-08", "status": "published", "title": "Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-098", "zdi_id": "ZDI-07-027" }, { "cve": "CVE-2007-0215", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsi...", "detail_json": "/data/advisories/ZDI-07-026/advisory.json", "detail_path": "advisories/ZDI-07-026", "id": "ZDI-07-026", "kind": "published", "published_date": "2007-05-08", "status": "published", "title": "Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-026/", "vendor": "Microsoft, Microsoft, Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-131", "zdi_id": "ZDI-07-026" }, { "cve": "CVE-2007-2508", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP p...", "detail_json": "/data/advisories/ZDI-07-025/advisory.json", "detail_path": "advisories/ZDI-07-025", "id": "ZDI-07-025", "kind": "published", "published_date": "2007-05-07", "status": "published", "title": "Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-025/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-156", "zdi_id": "ZDI-07-025" }, { "cve": "CVE-2007-2508", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default...", "detail_json": "/data/advisories/ZDI-07-024/advisory.json", "detail_path": "advisories/ZDI-07-024", "id": "ZDI-07-024", "kind": "published", "published_date": "2007-05-07", "status": "published", "title": "Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-024/", "vendor": "Trend Micro", "vendor_url": null, "zdi_can": "ZDI-CAN-155", "zdi_id": "ZDI-07-024" }, { "cve": "CVE-2007-2175", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists within the...", "detail_json": "/data/advisories/ZDI-07-023/advisory.json", "detail_path": "advisories/ZDI-07-023", "id": "ZDI-07-023", "kind": "published", "published_date": "2007-05-01", "status": "published", "title": "Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-023/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-190", "zdi_id": "ZDI-07-023" }, { "cve": "CVE-2007-2139", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the SUN RPC service...", "detail_json": "/data/advisories/ZDI-07-022/advisory.json", "detail_path": "advisories/ZDI-07-022", "id": "ZDI-07-022", "kind": "published", "published_date": "2007-04-24", "status": "published", "title": "CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-022/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-171", "zdi_id": "ZDI-07-022" }, { "cve": "CVE-2007-0443", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of GraceNote's CDDBControl ActiveX Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw...", "detail_json": "/data/advisories/ZDI-07-021/advisory.json", "detail_path": "advisories/ZDI-07-021", "id": "ZDI-07-021", "kind": "published", "published_date": "2007-04-19", "status": "published", "title": "GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-021/", "vendor": "GraceNote", "vendor_url": null, "zdi_can": "ZDI-CAN-087", "zdi_id": "ZDI-07-021" }, { "cve": "CVE-2007-1972", "cvss": null, "cvss_vector": null, "description_snippet": "These vulnerabilities allows attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181...", "detail_json": "/data/advisories/ZDI-07-020/advisory.json", "detail_path": "advisories/ZDI-07-020", "id": "ZDI-07-020", "kind": "published", "published_date": "2007-04-18", "status": "published", "title": "BMC Performance Manager SNMP Command Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-020/", "vendor": "BMC Software", "vendor_url": null, "zdi_can": "ZDI-CAN-153", "zdi_id": "ZDI-07-020" }, { "cve": "CVE-2007-2136", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe...", "detail_json": "/data/advisories/ZDI-07-019/advisory.json", "detail_path": "advisories/ZDI-07-019", "id": "ZDI-07-019", "kind": "published", "published_date": "2007-04-18", "status": "published", "title": "BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-019/", "vendor": "BMC Software", "vendor_url": null, "zdi_can": "ZDI-CAN-151", "zdi_id": "ZDI-07-019" }, { "cve": "CVE-2007-2137", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Ser...", "detail_json": "/data/advisories/ZDI-07-018/advisory.json", "detail_path": "advisories/ZDI-07-018", "id": "ZDI-07-018", "kind": "published", "published_date": "2007-04-17", "status": "published", "title": "IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-018/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-069", "zdi_id": "ZDI-07-018" }, { "cve": "CVE-2007-2135", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the...", "detail_json": "/data/advisories/ZDI-07-017/advisory.json", "detail_path": "advisories/ZDI-07-017", "id": "ZDI-07-017", "kind": "published", "published_date": "2007-04-18", "status": "published", "title": "Oracle E-Business Suite Arbitrary Document Download Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-017/", "vendor": "Oracle / PeopleSoft", "vendor_url": null, "zdi_can": "ZDI-CAN-132", "zdi_id": "ZDI-07-017" }, { "cve": "CVE-2007-2170", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NOD...", "detail_json": "/data/advisories/ZDI-07-016/advisory.json", "detail_path": "advisories/ZDI-07-016", "id": "ZDI-07-016", "kind": "published", "published_date": "2007-04-17", "status": "published", "title": "Oracle E-Business Suite Arbitrary Node Deletion Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-016/", "vendor": "Oracle / PeopleSoft", "vendor_url": null, "zdi_can": "ZDI-CAN-136", "zdi_id": "ZDI-07-016" }, { "cve": "CVE-2007-2171", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default...", "detail_json": "/data/advisories/ZDI-07-015/advisory.json", "detail_path": "advisories/ZDI-07-015", "id": "ZDI-07-015", "kind": "published", "published_date": "2007-04-18", "status": "published", "title": "Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-015/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-181", "zdi_id": "ZDI-07-015" }, { "cve": "CVE-2007-1112", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaws exist...", "detail_json": "/data/advisories/ZDI-07-014/advisory.json", "detail_path": "advisories/ZDI-07-014", "id": "ZDI-07-014", "kind": "published", "published_date": "2007-04-05", "status": "published", "title": "Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-014/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-138", "zdi_id": "ZDI-07-014" }, { "cve": "CVE-2007-0445", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engine's handling o...", "detail_json": "/data/advisories/ZDI-07-013/advisory.json", "detail_path": "advisories/ZDI-07-013", "id": "ZDI-07-013", "kind": "published", "published_date": "2007-04-05", "status": "published", "title": "Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-013/", "vendor": "Kaspersky", "vendor_url": null, "zdi_can": "ZDI-CAN-113", "zdi_id": "ZDI-07-013" }, { "cve": "CVE-2007-1680", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Yahoo Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the...", "detail_json": "/data/advisories/ZDI-07-012/advisory.json", "detail_path": "advisories/ZDI-07-012", "id": "ZDI-07-012", "kind": "published", "published_date": "2007-04-03", "status": "published", "title": "Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-012/", "vendor": "Yahoo!", "vendor_url": null, "zdi_can": "ZDI-CAN-110", "zdi_id": "ZDI-07-012" }, { "cve": "CVE-2007-1675", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nim...", "detail_json": "/data/advisories/ZDI-07-011/advisory.json", "detail_path": "advisories/ZDI-07-011", "id": "ZDI-07-011", "kind": "published", "published_date": "2007-03-28", "status": "published", "title": "IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-011/", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-060", "zdi_id": "ZDI-07-011" }, { "cve": "CVE-2007-0714", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...", "detail_json": "/data/advisories/ZDI-07-010/advisory.json", "detail_path": "advisories/ZDI-07-010", "id": "ZDI-07-010", "kind": "published", "published_date": "2007-03-07", "status": "published", "title": "Apple Quicktime UDTA Parsing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-010/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-093", "zdi_id": "ZDI-07-010" }, { "cve": "CVE-2007-1350", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port...", "detail_json": "/data/advisories/ZDI-07-009/advisory.json", "detail_path": "advisories/ZDI-07-009", "id": "ZDI-07-009", "kind": "published", "published_date": "2007-03-07", "status": "published", "title": "Novell Netmail WebAdmin Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-009/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-133", "zdi_id": "ZDI-07-009" }, { "cve": "CVE-2007-0774", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the mod_jk...", "detail_json": "/data/advisories/ZDI-07-008/advisory.json", "detail_path": "advisories/ZDI-07-008", "id": "ZDI-07-008", "kind": "published", "published_date": "2007-03-02", "status": "published", "title": "Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-008/", "vendor": "Apache", "vendor_url": null, "zdi_can": "ZDI-CAN-152", "zdi_id": "ZDI-07-008" }, { "cve": "CVE-2007-0446", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Mercury LoadRunner Agent, Mercury Performance Center Agent and Mercury Monitor over Firewall. Authentication is not required to exploit this vu...", "detail_json": "/data/advisories/ZDI-07-007/advisory.json", "detail_path": "advisories/ZDI-07-007", "id": "ZDI-07-007", "kind": "published", "published_date": "2007-02-08", "status": "published", "title": "Hewlett-Packard Mercury LoadRunner Agent Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-007/", "vendor": "Mercury, Mercury, Mercury", "vendor_url": null, "zdi_can": "ZDI-CAN-112", "zdi_id": "ZDI-07-007" }, { "cve": "CVE-2007-0444", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability. The speci...", "detail_json": "/data/advisories/ZDI-07-006/advisory.json", "detail_path": "advisories/ZDI-07-006", "id": "ZDI-07-006", "kind": "published", "published_date": "2007-01-24", "status": "published", "title": "Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-006/", "vendor": "Citrix, Citrix, Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-101", "zdi_id": "ZDI-07-006" }, { "cve": "CVE-2007-0243", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java Virtual Machine (JVM). User interaction is required to exploit this vulnerability in that the target must visit a malicious website. The specifi...", "detail_json": "/data/advisories/ZDI-07-005/advisory.json", "detail_path": "advisories/ZDI-07-005", "id": "ZDI-07-005", "kind": "published", "published_date": "2007-01-16", "status": "published", "title": "Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-005/", "vendor": "Sun Microsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-054", "zdi_id": "ZDI-07-005" }, { "cve": "CVE-2007-0169", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Tape Engine RPC servic...", "detail_json": "/data/advisories/ZDI-07-004/advisory.json", "detail_path": "advisories/ZDI-07-004", "id": "ZDI-07-004", "kind": "published", "published_date": "2007-01-11", "status": "published", "title": "CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-004/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-130", "zdi_id": "ZDI-07-004" }, { "cve": "CVE-2007-0169", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaws exists in the Message Engine RPC se...", "detail_json": "/data/advisories/ZDI-07-003/advisory.json", "detail_path": "advisories/ZDI-07-003", "id": "ZDI-07-003", "kind": "published", "published_date": "2007-01-11", "status": "published", "title": "CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-003/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-129", "zdi_id": "ZDI-07-003" }, { "cve": "CVE-2007-0168", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the handling of RPC reques...", "detail_json": "/data/advisories/ZDI-07-002/advisory.json", "detail_path": "advisories/ZDI-07-002", "id": "ZDI-07-002", "kind": "published", "published_date": "2007-01-11", "status": "published", "title": "CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-002/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-118", "zdi_id": "ZDI-07-002" }, { "cve": "CVE-2006-6336", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Eudora WorldMail. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of successive delimiters within the Mail M...", "detail_json": "/data/advisories/ZDI-07-001/advisory.json", "detail_path": "advisories/ZDI-07-001", "id": "ZDI-07-001", "kind": "published", "published_date": "2007-01-05", "status": "published", "title": "QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-07-001/", "vendor": "QUALCOMM", "vendor_url": null, "zdi_can": "ZDI-CAN-073", "zdi_id": "ZDI-07-001" }, { "cve": "CVE-2006-6425", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP...", "detail_json": "/data/advisories/ZDI-06-054/advisory.json", "detail_path": "advisories/ZDI-06-054", "id": "ZDI-06-054", "kind": "published", "published_date": "2006-12-22", "status": "published", "title": "Novell NetMail IMAP APPEND Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-054/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-086", "zdi_id": "ZDI-06-054" }, { "cve": "CVE-2006-6424", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not su...", "detail_json": "/data/advisories/ZDI-06-053/advisory.json", "detail_path": "advisories/ZDI-06-053", "id": "ZDI-06-053", "kind": "published", "published_date": "2006-12-22", "status": "published", "title": "Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-053/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-085", "zdi_id": "ZDI-06-053" }, { "cve": "CVE-2006-6424", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in NetMail's impleme...", "detail_json": "/data/advisories/ZDI-06-052/advisory.json", "detail_path": "advisories/ZDI-06-052", "id": "ZDI-06-052", "kind": "published", "published_date": "2006-12-22", "status": "published", "title": "Novell NetMail NMAP STOR Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-052/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-082", "zdi_id": "ZDI-06-052" }, { "cve": "CVE-2006-6504", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the bro...", "detail_json": "/data/advisories/ZDI-06-051/advisory.json", "detail_path": "advisories/ZDI-06-051", "id": "ZDI-06-051", "kind": "published", "published_date": "2006-12-19", "status": "published", "title": "Mozilla Firefox SVG Processing Remote Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-051/", "vendor": "Mozilla Firefox, Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-126", "zdi_id": "ZDI-06-051" }, { "cve": "CVE-2006-5822", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long C...", "detail_json": "/data/advisories/ZDI-06-050/advisory.json", "detail_path": "advisories/ZDI-06-050", "id": "ZDI-06-050", "kind": "published", "published_date": "2006-12-13", "status": "published", "title": "Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-050/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-071", "zdi_id": "ZDI-06-050" }, { "cve": "CVE-2006-6222", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long r...", "detail_json": "/data/advisories/ZDI-06-049/advisory.json", "detail_path": "advisories/ZDI-06-049", "id": "ZDI-06-049", "kind": "published", "published_date": "2006-12-13", "status": "published", "title": "Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-049/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-070", "zdi_id": "ZDI-06-049" }, { "cve": "CVE-2006-5581", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exi...", "detail_json": "/data/advisories/ZDI-06-048/advisory.json", "detail_path": "advisories/ZDI-06-048", "id": "ZDI-06-048", "kind": "published", "published_date": "2006-12-12", "status": "published", "title": "Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-048/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-072", "zdi_id": "ZDI-06-048" }, { "cve": "CVE-2006-4704", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft WM...", "detail_json": "/data/advisories/ZDI-06-047/advisory.json", "detail_path": "advisories/ZDI-06-047", "id": "ZDI-06-047", "kind": "published", "published_date": "2006-12-12", "status": "published", "title": "Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-047/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-068", "zdi_id": "ZDI-06-047" }, { "cve": "CVE-2006-6335", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus. The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow...", "detail_json": "/data/advisories/ZDI-06-046/advisory.json", "detail_path": "advisories/ZDI-06-046", "id": "ZDI-06-046", "kind": "published", "published_date": "2006-12-12", "status": "published", "title": "Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-046/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-091", "zdi_id": "ZDI-06-046" }, { "cve": "CVE-2006-6335", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus. The specific flaw exists in the parsing of CPIO archives. When a long non-null terminated filename is processed by veex.dll, a stack overflo...", "detail_json": "/data/advisories/ZDI-06-045/advisory.json", "detail_path": "advisories/ZDI-06-045", "id": "ZDI-06-045", "kind": "published", "published_date": "2006-12-12", "status": "published", "title": "Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-045/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-090", "zdi_id": "ZDI-06-045" }, { "cve": "CVE-2006-5856", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific...", "detail_json": "/data/advisories/ZDI-06-044/advisory.json", "detail_path": "advisories/ZDI-06-044", "id": "ZDI-06-044", "kind": "published", "published_date": "2006-12-06", "status": "published", "title": "Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-044/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-042", "zdi_id": "ZDI-06-044" }, { "cve": "CVE-2006-5854", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by...", "detail_json": "/data/advisories/ZDI-06-043/advisory.json", "detail_path": "advisories/ZDI-06-043", "id": "ZDI-06-043", "kind": "published", "published_date": "2006-11-29", "status": "published", "title": "Novell Netware Client Print Provider Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-043/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-100", "zdi_id": "ZDI-06-043" }, { "cve": "CVE-2006-5819", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script us...", "detail_json": "/data/advisories/ZDI-06-042/advisory.json", "detail_path": "advisories/ZDI-06-042", "id": "ZDI-06-042", "kind": "published", "published_date": "2006-11-15", "status": "published", "title": "Verity Ultraseek Request Proxying Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-042/", "vendor": "Verity", "vendor_url": null, "zdi_can": "ZDI-CAN-039", "zdi_id": "ZDI-06-042" }, { "cve": "CVE-2006-4687", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exi...", "detail_json": "/data/advisories/ZDI-06-041/advisory.json", "detail_path": "advisories/ZDI-06-041", "id": "ZDI-06-041", "kind": "published", "published_date": "2006-11-14", "status": "published", "title": "Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-041/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-080", "zdi_id": "ZDI-06-041" }, { "cve": "CVE-2006-5198", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within...", "detail_json": "/data/advisories/ZDI-06-040/advisory.json", "detail_path": "advisories/ZDI-06-040", "id": "ZDI-06-040", "kind": "published", "published_date": "2006-11-14", "status": "published", "title": "WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-040/", "vendor": "WinZip Computing", "vendor_url": null, "zdi_can": "ZDI-CAN-077", "zdi_id": "ZDI-06-040" }, { "cve": "CVE-2006-5487", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scann...", "detail_json": "/data/advisories/ZDI-06-039/advisory.json", "detail_path": "advisories/ZDI-06-039", "id": "ZDI-06-039", "kind": "published", "published_date": "2006-11-10", "status": "published", "title": "Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-039/", "vendor": "NetIQ", "vendor_url": null, "zdi_can": "ZDI-CAN-003", "zdi_id": "ZDI-06-039" }, { "cve": "CVE-2006-5821", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData...", "detail_json": "/data/advisories/ZDI-06-038/advisory.json", "detail_path": "advisories/ZDI-06-038", "id": "ZDI-06-038", "kind": "published", "published_date": "2006-11-09", "status": "published", "title": "Citrix MetaFrame IMA Management Module Remote Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-038/", "vendor": "Citrix", "vendor_url": null, "zdi_can": "ZDI-CAN-062", "zdi_id": "ZDI-06-038" }, { "cve": "CVE-2006-5650", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager Activ...", "detail_json": "/data/advisories/ZDI-06-037/advisory.json", "detail_path": "advisories/ZDI-06-037", "id": "ZDI-06-037", "kind": "published", "published_date": "2006-11-06", "status": "published", "title": "America Online ICQ ActiveX Control Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-037/", "vendor": "America Online", "vendor_url": null, "zdi_can": "ZDI-CAN-102", "zdi_id": "ZDI-06-037" }, { "cve": "CVE-2006-5478", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Exploitation does not require authentication. The specific flaw exists within the user authentication component of Novell Netmail. The routine...", "detail_json": "/data/advisories/ZDI-06-036/advisory.json", "detail_path": "advisories/ZDI-06-036", "id": "ZDI-06-036", "kind": "published", "published_date": "2006-10-31", "status": "published", "title": "Novell Netmail User Authentication Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-036/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-076", "zdi_id": "ZDI-06-036" }, { "cve": "CVE-2006-5478", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpstk.dll library within the dhost.exe w...", "detail_json": "/data/advisories/ZDI-06-035/advisory.json", "detail_path": "advisories/ZDI-06-035", "id": "ZDI-06-035", "kind": "published", "published_date": "2006-10-26", "status": "published", "title": "Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-035/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-081", "zdi_id": "ZDI-06-035" }, { "cve": "CVE-2006-3650", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists during the processing of...", "detail_json": "/data/advisories/ZDI-06-034/advisory.json", "detail_path": "advisories/ZDI-06-034", "id": "ZDI-06-034", "kind": "published", "published_date": "2006-10-10", "status": "published", "title": "Microsoft Word Malformed Chart Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-034/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-061", "zdi_id": "ZDI-06-034" }, { "cve": "CVE-2006-2387", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists within the parsin...", "detail_json": "/data/advisories/ZDI-06-033/advisory.json", "detail_path": "advisories/ZDI-06-033", "id": "ZDI-06-033", "kind": "published", "published_date": "2006-10-10", "status": "published", "title": "Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-033/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-059", "zdi_id": "ZDI-06-033" }, { "cve": "CVE-2006-3435", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .PPT file. The specific flaw exists during the parsing of a...", "detail_json": "/data/advisories/ZDI-06-032/advisory.json", "detail_path": "advisories/ZDI-06-032", "id": "ZDI-06-032", "kind": "published", "published_date": "2006-10-10", "status": "published", "title": "Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-032/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-065", "zdi_id": "ZDI-06-032" }, { "cve": "CVE-2006-5143", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exp...", "detail_json": "/data/advisories/ZDI-06-031/advisory.json", "detail_path": "advisories/ZDI-06-031", "id": "ZDI-06-031", "kind": "published", "published_date": "2006-10-05", "status": "published", "title": "CA Multiple Product Message Engine RPC Server Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-031/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-046", "zdi_id": "ZDI-06-031" }, { "cve": "CVE-2006-5143", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exp...", "detail_json": "/data/advisories/ZDI-06-030/advisory.json", "detail_path": "advisories/ZDI-06-030", "id": "ZDI-06-030", "kind": "published", "published_date": "2006-10-05", "status": "published", "title": "CA BrightStor ARCserve Discovery Service Remote Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-030/", "vendor": "Computer Associates", "vendor_url": null, "zdi_can": "ZDI-CAN-041", "zdi_id": "ZDI-06-030" }, { "cve": "CVE-2006-5000", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WS_FTP Server. Anonymous access or authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking...", "detail_json": "/data/advisories/ZDI-06-029/advisory.json", "detail_path": "advisories/ZDI-06-029", "id": "ZDI-06-029", "kind": "published", "published_date": "2006-09-26", "status": "published", "title": "Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-029/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-078", "zdi_id": "ZDI-06-029" }, { "cve": "CVE-2006-4379", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite and IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP daemon. A lack o...", "detail_json": "/data/advisories/ZDI-06-028/advisory.json", "detail_path": "advisories/ZDI-06-028", "id": "ZDI-06-028", "kind": "published", "published_date": "2006-09-08", "status": "published", "title": "Ipswitch Collaboration Suite SMTP Server Stack Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-028/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-067", "zdi_id": "ZDI-06-028" }, { "cve": "CVE-2006-3450", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exi...", "detail_json": "/data/advisories/ZDI-06-027/advisory.json", "detail_path": "advisories/ZDI-06-027", "id": "ZDI-06-027", "kind": "published", "published_date": "2006-08-08", "status": "published", "title": "Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-027/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-066", "zdi_id": "ZDI-06-027" }, { "cve": "CVE-2006-3451", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due t...", "detail_json": "/data/advisories/ZDI-06-026/advisory.json", "detail_path": "advisories/ZDI-06-026", "id": "ZDI-06-026", "kind": "published", "published_date": "2006-08-08", "status": "published", "title": "Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-026/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-058", "zdi_id": "ZDI-06-026" }, { "cve": "CVE-2006-3677", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists when assig...", "detail_json": "/data/advisories/ZDI-06-025/advisory.json", "detail_path": "advisories/ZDI-06-025", "id": "ZDI-06-025", "kind": "published", "published_date": "2006-07-26", "status": "published", "title": "Mozilla Firefox Javascript navigator Object Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-025/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-055", "zdi_id": "ZDI-06-025" }, { "cve": "CVE-2006-3838", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within EnterpriseSecurityAnaly...", "detail_json": "/data/advisories/ZDI-06-024/advisory.json", "detail_path": "advisories/ZDI-06-024", "id": "ZDI-06-024", "kind": "published", "published_date": "2006-07-25", "status": "published", "title": "eIQnetworks Enterprise Security Analyzer License Manager Buffer Overflow", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-024/", "vendor": "eIQnetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-052", "zdi_id": "ZDI-06-024" }, { "cve": "CVE-2006-3838", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Syslog daemon, sysl...", "detail_json": "/data/advisories/ZDI-06-023/advisory.json", "detail_path": "advisories/ZDI-06-023", "id": "ZDI-06-023", "kind": "published", "published_date": "2006-07-25", "status": "published", "title": "eIQnetworks Enterprise Security Analyzer Syslog TCP Server Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-023/", "vendor": "eIQnetworks", "vendor_url": null, "zdi_can": "ZDI-CAN-053", "zdi_id": "ZDI-06-023" }, { "cve": "CVE-2006-2388", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the rebuilding...", "detail_json": "/data/advisories/ZDI-06-022/advisory.json", "detail_path": "advisories/ZDI-06-022", "id": "ZDI-06-022", "kind": "published", "published_date": "2006-07-11", "status": "published", "title": "Microsoft Office Excel File Rebuilding Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-022/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-045", "zdi_id": "ZDI-06-022" }, { "cve": "CVE-2006-3423", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the WebEx Downloader Plug-in. Successful exploitation requires that the target user browse to a malicious web page. The specific flaws exists due to the lack of input...", "detail_json": "/data/advisories/ZDI-06-021/advisory.json", "detail_path": "advisories/ZDI-06-021", "id": "ZDI-06-021", "kind": "published", "published_date": "2006-07-06", "status": "published", "title": "WebEx Downloader Plug-in Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-021/", "vendor": "WebEx Communications Inc.", "vendor_url": null, "zdi_can": "ZDI-CAN-034", "zdi_id": "ZDI-06-021" }, { "cve": "CVE-2006-1467", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list file. The specific flaw exists during the processing of m...", "detail_json": "/data/advisories/ZDI-06-020/advisory.json", "detail_path": "advisories/ZDI-06-020", "id": "ZDI-06-020", "kind": "published", "published_date": "2006-06-29", "status": "published", "title": "Apple iTunes AAC File Parsing Integer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-020/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-043", "zdi_id": "ZDI-06-020" }, { "cve": "CVE-2006-3134", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on systems that have some versions of the GraceNote CDDBControl ActiveX object installed. There is a buffer overflow in an ActiveXObject registered by several products that use the Gracenote...", "detail_json": "/data/advisories/ZDI-06-019/advisory.json", "detail_path": "advisories/ZDI-06-019", "id": "ZDI-06-019", "kind": "published", "published_date": "2006-06-27", "status": "published", "title": "GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-019/", "vendor": "GraceNote", "vendor_url": null, "zdi_can": "ZDI-CAN-040", "zdi_id": "ZDI-06-019" }, { "cve": "CVE-2006-2383", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft Ac...", "detail_json": "/data/advisories/ZDI-06-018/advisory.json", "detail_path": "advisories/ZDI-06-018", "id": "ZDI-06-018", "kind": "published", "published_date": "2006-06-13", "status": "published", "title": "Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-018/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-044", "zdi_id": "ZDI-06-018" }, { "cve": "CVE-2006-2382", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. Exploitaton does not require JavaScript, Jav...", "detail_json": "/data/advisories/ZDI-06-017/advisory.json", "detail_path": "advisories/ZDI-06-017", "id": "ZDI-06-017", "kind": "published", "published_date": "2006-06-13", "status": "published", "title": "Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-017/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-012", "zdi_id": "ZDI-06-017" }, { "cve": "CVE-2006-2496", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP inte...", "detail_json": "/data/advisories/ZDI-06-016/advisory.json", "detail_path": "advisories/ZDI-06-016", "id": "ZDI-06-016", "kind": "published", "published_date": "2006-06-13", "status": "published", "title": "Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-016/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-027", "zdi_id": "ZDI-06-016" }, { "cve": "CVE-2006-1463", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player. The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy lo...", "detail_json": "/data/advisories/ZDI-06-015/advisory.json", "detail_path": "advisories/ZDI-06-015", "id": "ZDI-06-015", "kind": "published", "published_date": "2006-05-11", "status": "published", "title": "Apple QuickTime H.264 Parsing Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-015/", "vendor": "Apple", "vendor_url": null, "zdi_can": "ZDI-CAN-033", "zdi_id": "ZDI-06-015" }, { "cve": "CVE-2006-2273", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Verisign i-Nav ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific...", "detail_json": "/data/advisories/ZDI-06-014/advisory.json", "detail_path": "advisories/ZDI-06-014", "id": "ZDI-06-014", "kind": "published", "published_date": "2006-05-10", "status": "published", "title": "Verisign I-Nav ActiveX Control Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-014/", "vendor": "Verisign", "vendor_url": null, "zdi_can": "ZDI-CAN-030", "zdi_id": "ZDI-06-014" }, { "cve": "CVE-2006-0993", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers. The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to...", "detail_json": "/data/advisories/ZDI-06-013/advisory.json", "detail_path": "advisories/ZDI-06-013", "id": "ZDI-06-013", "kind": "published", "published_date": "2006-05-09", "status": "published", "title": "TippingPoint SMS Server Authentication Bypass Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-013/", "vendor": "3Com TippingPoint", "vendor_url": null, "zdi_can": "ZDI-CAN-017", "zdi_id": "ZDI-06-013" }, { "cve": "CVE-2006-0994", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos AntiVirus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unpacking of Microsoft Cabinet files that c...", "detail_json": "/data/advisories/ZDI-06-012/advisory.json", "detail_path": "advisories/ZDI-06-012", "id": "ZDI-06-012", "kind": "published", "published_date": "2006-05-08", "status": "published", "title": "Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-012/", "vendor": "Sophos", "vendor_url": null, "zdi_can": "ZDI-CAN-032", "zdi_id": "ZDI-06-012" }, { "cve": "CVE-2006-0748", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-06-011/advisory.json", "detail_path": "advisories/ZDI-06-011", "id": "ZDI-06-011", "kind": "published", "published_date": "2006-04-25", "status": "published", "title": "Mozilla Firefox Table Rebuilding Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-011/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-026", "zdi_id": "ZDI-06-011" }, { "cve": "CVE-2006-1730", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-06-010/advisory.json", "detail_path": "advisories/ZDI-06-010", "id": "ZDI-06-010", "kind": "published", "published_date": "2006-04-17", "status": "published", "title": "Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-010/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-015", "zdi_id": "ZDI-06-010" }, { "cve": "CVE-2006-0749", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...", "detail_json": "/data/advisories/ZDI-06-009/advisory.json", "detail_path": "advisories/ZDI-06-009", "id": "ZDI-06-009", "kind": "published", "published_date": "2006-04-17", "status": "published", "title": "Mozilla Firefox Tag Parsing Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-009/", "vendor": "Mozilla Firefox", "vendor_url": null, "zdi_can": "ZDI-CAN-008", "zdi_id": "ZDI-06-009" }, { "cve": "CVE-2006-0992", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Novell Messaging Agent, a web server...", "detail_json": "/data/advisories/ZDI-06-008/advisory.json", "detail_path": "advisories/ZDI-06-008", "id": "ZDI-06-008", "kind": "published", "published_date": "2006-04-13", "status": "published", "title": "Novell GroupWise Messenger Accept-Language Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-008/", "vendor": "Novell", "vendor_url": null, "zdi_can": "ZDI-CAN-028", "zdi_id": "ZDI-06-008" }, { "cve": "CVE-2006-0014", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows A...", "detail_json": "/data/advisories/ZDI-06-007/advisory.json", "detail_path": "advisories/ZDI-06-007", "id": "ZDI-06-007", "kind": "published", "published_date": "2006-04-11", "status": "published", "title": "Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-007/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-002", "zdi_id": "ZDI-06-007" }, { "cve": "CVE-2006-0990", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetBackup Database Manager service (...", "detail_json": "/data/advisories/ZDI-06-006/advisory.json", "detail_path": "advisories/ZDI-06-006", "id": "ZDI-06-006", "kind": "published", "published_date": "2006-03-27", "status": "published", "title": "Symantec VERITAS NetBackup Database Manager Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-006/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-016", "zdi_id": "ZDI-06-006" }, { "cve": "CVE-2006-0989", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within the volume manager daemon (vmd.exe) due...", "detail_json": "/data/advisories/ZDI-06-005/advisory.json", "detail_path": "advisories/ZDI-06-005", "id": "ZDI-06-005", "kind": "published", "published_date": "2006-03-27", "status": "published", "title": "Symantec VERITAS NetBackup Volume Manager Buffer Overflow Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-005/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-010", "zdi_id": "ZDI-06-005" }, { "cve": "CVE-2006-0028", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of...", "detail_json": "/data/advisories/ZDI-06-004/advisory.json", "detail_path": "advisories/ZDI-06-004", "id": "ZDI-06-004", "kind": "published", "published_date": "2006-03-14", "status": "published", "title": "Microsoft Excel File Format Parsing Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-004/", "vendor": "Microsoft", "vendor_url": null, "zdi_can": "ZDI-CAN-024", "zdi_id": "ZDI-06-004" }, { "cve": "CVE-2005-3526", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds chec...", "detail_json": "/data/advisories/ZDI-06-003/advisory.json", "detail_path": "advisories/ZDI-06-003", "id": "ZDI-06-003", "kind": "published", "published_date": "2006-03-13", "status": "published", "title": "Ipswitch Collaboration Suite Code Execution Vulnerability", "updated_date": "2020-04-17", "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-003/", "vendor": "Ipswitch", "vendor_url": null, "zdi_can": "ZDI-CAN-009", "zdi_id": "ZDI-06-003" }, { "cve": "CVE-2005-3525", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Macromedia Shockwave. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 166...", "detail_json": "/data/advisories/ZDI-06-002/advisory.json", "detail_path": "advisories/ZDI-06-002", "id": "ZDI-06-002", "kind": "published", "published_date": "2006-02-23", "status": "published", "title": "Adobe Macromedia ShockWave Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-002/", "vendor": "Adobe", "vendor_url": null, "zdi_can": "ZDI-CAN-007", "zdi_id": "ZDI-06-002" }, { "cve": "CVE-2006-0162", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable...", "detail_json": "/data/advisories/ZDI-06-001/advisory.json", "detail_path": "advisories/ZDI-06-001", "id": "ZDI-06-001", "kind": "published", "published_date": "2006-01-12", "status": "published", "title": "Clam AntiVirus UPX Unpacking Code Execution Vulnerability", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-06-001/", "vendor": "Clam AntiVirus", "vendor_url": null, "zdi_can": "ZDI-CAN-011", "zdi_id": "ZDI-06-001" }, { "cve": "CVE-2005-2715", "cvss": null, "cvss_vector": null, "description_snippet": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of form...", "detail_json": "/data/advisories/ZDI-05-001/advisory.json", "detail_path": "advisories/ZDI-05-001", "id": "ZDI-05-001", "kind": "published", "published_date": "2005-10-12", "status": "published", "title": "VERITAS NetBackup Remote Code Execution", "updated_date": null, "url": "https://www.zerodayinitiative.com/advisories/ZDI-05-001/", "vendor": "Symantec", "vendor_url": null, "zdi_can": "ZDI-CAN-001", "zdi_id": "ZDI-05-001" }, { "cvss": 6.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "deadline": "2026-08-28", "discoverer": "Nitesh Surana (niteshsurana.com) of TrendAI Research", "id": "ZDI-CAN-30796", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Docker", "vendor_url": "https://www.docker.com/", "zdi_can": "ZDI-CAN-30796" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-29987", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29987" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-30387", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-30387" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-30755", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30755" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-30696", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30696" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-29170", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-29170" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-29169", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-29169" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-30689", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-30689" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-08-28", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-29216", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-29216" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-29168", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-29168" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-28", "discoverer": "Anonymous", "id": "ZDI-CAN-30661", "kind": "upcoming", "reported_date": "2026-04-30", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30661" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "Sean de Regge", "id": "ZDI-CAN-29268", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "Luxion", "vendor_url": "https://www.luxion.com/", "zdi_can": "ZDI-CAN-29268" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]", "id": "ZDI-CAN-29373", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "KDE", "vendor_url": "https://kde.org/", "zdi_can": "ZDI-CAN-29373" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "@pacbypass", "id": "ZDI-CAN-29459", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29459" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "Sajeeb Lohani", "id": "ZDI-CAN-29611", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29611" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "Sajeeb Lohani", "id": "ZDI-CAN-29612", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29612" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "@pacbypass", "id": "ZDI-CAN-29493", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29493" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "Anonymous", "id": "ZDI-CAN-29400", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29400" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-27", "discoverer": "@pacbypass", "id": "ZDI-CAN-29944", "kind": "upcoming", "reported_date": "2026-04-29", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29944" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-21", "discoverer": "Anonymous", "id": "ZDI-CAN-29143", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29143" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-08-21", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-28744", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-28744" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-08-21", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-28743", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-28743" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-21", "discoverer": "Dre Cura (@dre_cura) of TrendAI Research", "id": "ZDI-CAN-30459", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "Flowise", "vendor_url": "https://flowiseai.com/", "zdi_can": "ZDI-CAN-30459" }, { "cvss": 8.5, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "deadline": "2026-08-21", "discoverer": "Apex Security Research", "id": "ZDI-CAN-30450", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "LiteLLM", "vendor_url": "https://www.litellm.ai/", "zdi_can": "ZDI-CAN-30450" }, { "cvss": 3.7, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "deadline": "2026-08-21", "discoverer": "Sajeeb Lohani", "id": "ZDI-CAN-30089", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "Apache", "vendor_url": "https://www.apache.org/", "zdi_can": "ZDI-CAN-30089" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-21", "discoverer": "truff", "id": "ZDI-CAN-29452", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "LibreOffice", "vendor_url": "https://www.libreoffice.org/about-us/security/", "zdi_can": "ZDI-CAN-29452" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-08-21", "discoverer": "truff", "id": "ZDI-CAN-29454", "kind": "upcoming", "reported_date": "2026-04-23", "status": "upcoming", "vendor": "LibreOffice", "vendor_url": "https://www.libreoffice.org/about-us/security/", "zdi_can": "ZDI-CAN-29454" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30191", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30191" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Dre Cura (@dre_cura) of TrendAI Research", "id": "ZDI-CAN-30461", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "Flowise", "vendor_url": "https://flowiseai.com/", "zdi_can": "ZDI-CAN-30461" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30187", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30187" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30144", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30144" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30142", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30142" }, { "cvss": 7.1, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "deadline": "2026-08-20", "discoverer": "Steven Yu of TrendAI Research", "id": "ZDI-CAN-30584", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "PAX Technology", "vendor_url": "https://www.paxtechnology.com", "zdi_can": "ZDI-CAN-30584" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Swagat Kumar Mishra(https://www.linkedin.com/in/swagatkumar/)", "id": "ZDI-CAN-30134", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "Unraid", "vendor_url": "https://unraid.net/", "zdi_can": "ZDI-CAN-30134" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "YJK(@YJK0805) of ZUSO ART", "id": "ZDI-CAN-30352", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-30352" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Dre Cura (@dre_cura) of TrendAI Research", "id": "ZDI-CAN-30458", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "Flowise", "vendor_url": "https://flowiseai.com/", "zdi_can": "ZDI-CAN-30458" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Swagat Kumar Mishra(https://www.linkedin.com/in/swagatkumar/)", "id": "ZDI-CAN-30116", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "Unraid", "vendor_url": "https://unraid.net/", "zdi_can": "ZDI-CAN-30116" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Steven Yu of TrendAI Research", "id": "ZDI-CAN-30583", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "PAX Technology", "vendor_url": "https://www.paxtechnology.com", "zdi_can": "ZDI-CAN-30583" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Juefei Pu (@drivertomtt) and Frank Wu (@FrankOverF1ow)", "id": "ZDI-CAN-29316", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-29316" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30192", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30192" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Steven Yu of TrendAI Research", "id": "ZDI-CAN-30585", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "PAX Technology", "vendor_url": "https://www.paxtechnology.com", "zdi_can": "ZDI-CAN-30585" }, { "cvss": 8.4, "cvss_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Anonymous", "id": "ZDI-CAN-30186", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30186" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-20", "discoverer": "Zent", "id": "ZDI-CAN-30203", "kind": "upcoming", "reported_date": "2026-04-22", "status": "upcoming", "vendor": "llama.cpp", "vendor_url": "https://github.com/ggerganov/llama.cpp", "zdi_can": "ZDI-CAN-30203" }, { "cvss": 6.5, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-08-19", "discoverer": "Anonymous", "id": "ZDI-CAN-30141", "kind": "upcoming", "reported_date": "2026-04-21", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-30141" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30136", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30136" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30159", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30159" }, { "cvss": 9.9, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Mahmoud Bettouch", "id": "ZDI-CAN-30086", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "Wazuh", "vendor_url": "https://wazuh.com/", "zdi_can": "ZDI-CAN-30086" }, { "cvss": 6.4, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "deadline": "2026-08-15", "discoverer": "Brandon Niemczyk of TrendAI Research", "id": "ZDI-CAN-29853", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "rocket.chat", "vendor_url": "https://www.rocket.chat/", "zdi_can": "ZDI-CAN-29853" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "zKltch", "id": "ZDI-CAN-29904", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "libwebsockets", "vendor_url": "https://libwebsockets.org/", "zdi_can": "ZDI-CAN-29904" }, { "cvss": 5.5, "cvss_vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L", "deadline": "2026-08-15", "discoverer": "Maher Azzouzi", "id": "ZDI-CAN-30085", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "Wazuh", "vendor_url": "https://wazuh.com/", "zdi_can": "ZDI-CAN-30085" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30160", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30160" }, { "cvss": 5.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30165", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30165" }, { "cvss": 5.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30168", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30168" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30161", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30161" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30164", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30164" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-30163", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-30163" }, { "cvss": 7.1, "cvss_vector": "AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Lucas Leong (@_wmliang_) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30389", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-30389" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29402", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29402" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29405", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29405" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29404", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29404" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29394", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29394" }, { "cvss": 7.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Xiaobye(@xiaobye_tw) of DEVCORE Research Team", "id": "ZDI-CAN-29271", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "Oracle", "vendor_url": "https://www.oracle.com", "zdi_can": "ZDI-CAN-29271" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29398", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29398" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29401", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29401" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29396", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29396" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29399", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29399" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29397", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29397" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29406", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29406" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29395", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29395" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]", "id": "ZDI-CAN-29289", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29289" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-29403", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-29403" }, { "cvss": 8.8, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-15", "discoverer": "Maher Azzouzi", "id": "ZDI-CAN-29887", "kind": "upcoming", "reported_date": "2026-04-17", "status": "upcoming", "vendor": "Redis", "vendor_url": "https://redis.io/", "zdi_can": "ZDI-CAN-29887" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30311", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30311" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30312", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30312" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30248", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30248" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "deadline": "2026-08-14", "discoverer": "TrendAI Zero Day Initiative", "id": "ZDI-CAN-30378", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "OpenSSL", "vendor_url": null, "zdi_can": "ZDI-CAN-30378" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30246", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30246" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "YJK(@YJK0805) of ZUSO ART", "id": "ZDI-CAN-30353", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-30353" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30270", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30270" }, { "cvss": 6.5, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-08-14", "discoverer": "Piotr Ptaszek and Mateusz W\u00f3jcik", "id": "ZDI-CAN-27763", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Phoenix Contact", "vendor_url": "https://www.phoenixcontact.com", "zdi_can": "ZDI-CAN-27763" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Andy Niu of TrendAI Research", "id": "ZDI-CAN-30390", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-30390" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-08-14", "discoverer": "Anonymous", "id": "ZDI-CAN-30310", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Foxit", "vendor_url": "https://www.foxitsoftware.com/", "zdi_can": "ZDI-CAN-30310" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Brian Mariani from DigitalCanion SA", "id": "ZDI-CAN-29029", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "SonicWall", "vendor_url": null, "zdi_can": "ZDI-CAN-29029" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Xavier DANEST", "id": "ZDI-CAN-29830", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29830" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Brian Mariani from DigitalCanion SA", "id": "ZDI-CAN-29024", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "SonicWall", "vendor_url": null, "zdi_can": "ZDI-CAN-29024" }, { "cvss": 8.8, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30460", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "WatchGuard", "vendor_url": "https://www.watchguard.com/", "zdi_can": "ZDI-CAN-30460" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Brian Mariani from DigitalCanion SA", "id": "ZDI-CAN-29025", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "SonicWall", "vendor_url": null, "zdi_can": "ZDI-CAN-29025" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-08-14", "discoverer": "Aditya Bakshi", "id": "ZDI-CAN-29133", "kind": "upcoming", "reported_date": "2026-04-16", "status": "upcoming", "vendor": "Texas Instruments", "vendor_url": "https://www.ti.com/", "zdi_can": "ZDI-CAN-29133" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Syed Ibrahim Ahmed of TrendAI Research", "id": "ZDI-CAN-30438", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "Progress Software", "vendor_url": "https://www.progress.com/", "zdi_can": "ZDI-CAN-30438" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Jacky Yang of TrendAI Research and Syed Ibrahim Ahmed of TrendAI Research", "id": "ZDI-CAN-30439", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "Progress Software", "vendor_url": "https://www.progress.com/", "zdi_can": "ZDI-CAN-30439" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Syed Ibrahim Ahmed of TrendAI Research", "id": "ZDI-CAN-30437", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "Progress Software", "vendor_url": "https://www.progress.com/", "zdi_can": "ZDI-CAN-30437" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "s3zer0", "id": "ZDI-CAN-29916", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "libarchive", "vendor_url": "https://libarchive.org/", "zdi_can": "ZDI-CAN-29916" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Seiji Sakurai (@HeapSmasher)", "id": "ZDI-CAN-30321", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-30321" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Brandon Evans of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30428", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "Pixar Animation Studio", "vendor_url": null, "zdi_can": "ZDI-CAN-30428" }, { "cvss": 6.4, "cvss_vector": "AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Maher Azzouzi", "id": "ZDI-CAN-30062", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "Wazuh", "vendor_url": "https://wazuh.com/", "zdi_can": "ZDI-CAN-30062" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Xander Mackenzie | @thetrueartist", "id": "ZDI-CAN-30173", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "WatchGuard", "vendor_url": "https://www.watchguard.com/", "zdi_can": "ZDI-CAN-30173" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Seiji Sakurai (@HeapSmasher)", "id": "ZDI-CAN-30322", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-30322" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Seiji Sakurai (@HeapSmasher)", "id": "ZDI-CAN-30323", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-30323" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Ben Koo (@kiddo_pwn)", "id": "ZDI-CAN-30298", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30298" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Ben Koo (@kiddo_pwn)", "id": "ZDI-CAN-30302", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30302" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30410", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30410" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Ben Koo (@kiddo_pwn)", "id": "ZDI-CAN-30300", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30300" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Ben Koo (@kiddo_pwn)", "id": "ZDI-CAN-30301", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30301" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-13", "discoverer": "Ben Koo (@kiddo_pwn)", "id": "ZDI-CAN-30295", "kind": "upcoming", "reported_date": "2026-04-15", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-30295" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30393", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Academy Software Foundation", "vendor_url": "https://github.com/AcademySoftwareFoundation/openexr/security", "zdi_can": "ZDI-CAN-30393" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "deadline": "2026-08-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29924", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29924" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30395", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Academy Software Foundation", "vendor_url": "https://github.com/AcademySoftwareFoundation/openexr/security", "zdi_can": "ZDI-CAN-30395" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Do Quoc Anh (@anhdq201) from mbbank.com.vn", "id": "ZDI-CAN-28603", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Heimdall Data", "vendor_url": "https://www.heimdalldata.com/", "zdi_can": "ZDI-CAN-28603" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30397", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Academy Software Foundation", "vendor_url": "https://github.com/AcademySoftwareFoundation/openexr/security", "zdi_can": "ZDI-CAN-30397" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Muhammad Fadilullah Dzaki", "id": "ZDI-CAN-28693", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-28693" }, { "cvss": 6.8, "cvss_vector": "AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-12", "discoverer": "Piotr Ptaszek and Mateusz W\u00f3jcik", "id": "ZDI-CAN-27762", "kind": "upcoming", "reported_date": "2026-04-14", "status": "upcoming", "vendor": "Phoenix Contact", "vendor_url": "https://www.phoenixcontact.com", "zdi_can": "ZDI-CAN-27762" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-07", "discoverer": "rgod", "id": "ZDI-CAN-29335", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29335" }, { "cvss": 3.1, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "deadline": "2026-08-07", "discoverer": "TrendAI Zero Day Initiative", "id": "ZDI-CAN-30385", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "OpenSSL", "vendor_url": null, "zdi_can": "ZDI-CAN-30385" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-07", "discoverer": "rgod", "id": "ZDI-CAN-29340", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29340" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-07", "discoverer": "DongHyeon Hwang (kind_killerwhale)", "id": "ZDI-CAN-30375", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-30375" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-07", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30380", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-30380" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-07", "discoverer": "Anonymous", "id": "ZDI-CAN-28694", "kind": "upcoming", "reported_date": "2026-04-09", "status": "upcoming", "vendor": "AVG", "vendor_url": null, "zdi_can": "ZDI-CAN-28694" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29543", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "Oracle", "vendor_url": "https://www.oracle.com", "zdi_can": "ZDI-CAN-29543" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "rgod", "id": "ZDI-CAN-29333", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29333" }, { "cvss": 7.1, "cvss_vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L", "deadline": "2026-08-06", "discoverer": "Nicholas Zubrisky (@NZubrisky) of TrendAI Research", "id": "ZDI-CAN-30364", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-30364" }, { "cvss": 7.1, "cvss_vector": "AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "p0her", "id": "ZDI-CAN-29429", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "BlueZ", "vendor_url": "http://www.bluez.org/", "zdi_can": "ZDI-CAN-29429" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "David Bors (@davidxbors), Catalin Iovita (@cataliniovita)", "id": "ZDI-CAN-29259", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "MaterialX", "vendor_url": "https://materialx.org/", "zdi_can": "ZDI-CAN-29259" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "rgod", "id": "ZDI-CAN-29338", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29338" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29542", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "Oracle", "vendor_url": "https://www.oracle.com", "zdi_can": "ZDI-CAN-29542" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-08-06", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29541", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "Oracle", "vendor_url": "https://www.oracle.com", "zdi_can": "ZDI-CAN-29541" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "deadline": "2026-08-06", "discoverer": "FuzzOps of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30379", "kind": "upcoming", "reported_date": "2026-04-08", "status": "upcoming", "vendor": "OpenSSL", "vendor_url": null, "zdi_can": "ZDI-CAN-30379" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-05", "discoverer": "Shukrulloh Raximov", "id": "ZDI-CAN-29165", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Koha", "vendor_url": "https://koha-community.org/", "zdi_can": "ZDI-CAN-29165" }, { "cvss": 4.0, "cvss_vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "deadline": "2026-08-05", "discoverer": "nedlir", "id": "ZDI-CAN-29318", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Fabric.js", "vendor_url": "https://fabricjs.com/", "zdi_can": "ZDI-CAN-29318" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-08-05", "discoverer": "hamdi", "id": "ZDI-CAN-29327", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Backblaze", "vendor_url": "https://www.backblaze.com/", "zdi_can": "ZDI-CAN-29327" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-08-05", "discoverer": "hamdi", "id": "ZDI-CAN-29324", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Backblaze", "vendor_url": "https://www.backblaze.com/", "zdi_can": "ZDI-CAN-29324" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-08-05", "discoverer": "hamdi", "id": "ZDI-CAN-29326", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Backblaze", "vendor_url": "https://www.backblaze.com/", "zdi_can": "ZDI-CAN-29326" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-08-05", "discoverer": "hamdi", "id": "ZDI-CAN-29330", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Backblaze", "vendor_url": "https://www.backblaze.com/", "zdi_can": "ZDI-CAN-29330" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-08-05", "discoverer": "Swagat Kumar Mishra", "id": "ZDI-CAN-28208", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Allegra", "vendor_url": "https://www.trackplus.com/en/", "zdi_can": "ZDI-CAN-28208" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-08-05", "discoverer": "hamdi", "id": "ZDI-CAN-29328", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Backblaze", "vendor_url": "https://www.backblaze.com/", "zdi_can": "ZDI-CAN-29328" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-08-05", "discoverer": "Vladislav Berghici of TrendAI Research", "id": "ZDI-CAN-30351", "kind": "upcoming", "reported_date": "2026-04-07", "status": "upcoming", "vendor": "Splunk", "vendor_url": null, "zdi_can": "ZDI-CAN-30351" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-31", "discoverer": "Brandon Evans", "id": "ZDI-CAN-29886", "kind": "upcoming", "reported_date": "2026-04-02", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29886" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "DongHyeon Hwang (kind_killerwhale)", "id": "ZDI-CAN-29653", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29653" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "mad31k", "id": "ZDI-CAN-30003", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-30003" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29483", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29483" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-30002", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-30002" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30288", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "Samsung", "vendor_url": "https://www.samsung.com", "zdi_can": "ZDI-CAN-30288" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-30179", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-30179" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "mad31k", "id": "ZDI-CAN-30052", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-30052" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-30180", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-30180" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-30", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-30215", "kind": "upcoming", "reported_date": "2026-04-01", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-30215" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30346", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "BlackBerry", "vendor_url": null, "zdi_can": "ZDI-CAN-30346" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "kimiya", "id": "ZDI-CAN-28149", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28149" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "rgod", "id": "ZDI-CAN-29337", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29337" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "Natnael Samson (@NattiSamson)", "id": "ZDI-CAN-29536", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "pdfforge", "vendor_url": "https://www.pdfforge.org/", "zdi_can": "ZDI-CAN-29536" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "rgod", "id": "ZDI-CAN-29336", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29336" }, { "cvss": 5.9, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-07-29", "discoverer": "PeikaiLi", "id": "ZDI-CAN-29120", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "GNU", "vendor_url": "https://www.gnu.org/home.en.html", "zdi_can": "ZDI-CAN-29120" }, { "cvss": 5.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "deadline": "2026-07-29", "discoverer": "Nelson William Gamazo Sanchez of TrendAI Research", "id": "ZDI-CAN-30175", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-30175" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "Dvir Gozlan", "id": "ZDI-CAN-29370", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "Oracle", "vendor_url": "https://www.oracle.com", "zdi_can": "ZDI-CAN-29370" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "Anonymous", "id": "ZDI-CAN-28898", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-28898" }, { "cvss": 5.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "deadline": "2026-07-29", "discoverer": "Nelson William Gamazo Sanchez of TrendAI Research", "id": "ZDI-CAN-30176", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-30176" }, { "cvss": 5.6, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "deadline": "2026-07-29", "discoverer": "Zeze and Sharkkcode with TeamT5", "id": "ZDI-CAN-28718", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28718" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-29", "discoverer": "Xander Mackenzie | @thetrueartist", "id": "ZDI-CAN-29496", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "dnsmasq", "vendor_url": "https://thekelleys.org.uk/dnsmasq/doc.html", "zdi_can": "ZDI-CAN-29496" }, { "cvss": 6.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "deadline": "2026-07-29", "discoverer": "Nitesh Surana (niteshsurana.com) of TrendAI Research", "id": "ZDI-CAN-30243", "kind": "upcoming", "reported_date": "2026-03-31", "status": "upcoming", "vendor": "Google", "vendor_url": "https://www.google.com/", "zdi_can": "ZDI-CAN-30243" }, { "cvss": 8.5, "cvss_vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "DongHyeon Hwang (kind_killerwhale)", "id": "ZDI-CAN-29790", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-29790" }, { "cvss": 6.4, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "deadline": "2026-07-28", "discoverer": "Javohir Abduxalilov (JavaSec.uz)", "id": "ZDI-CAN-29838", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "LiteLLM", "vendor_url": "https://www.litellm.ai/", "zdi_can": "ZDI-CAN-29838" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]", "id": "ZDI-CAN-29522", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "libgme", "vendor_url": "https://github.com/libgme/game-music-emu", "zdi_can": "ZDI-CAN-29522" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29939", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29939" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Jeremy Brown", "id": "ZDI-CAN-29299", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "OpenPrinting", "vendor_url": "http://www.openprinting.org/", "zdi_can": "ZDI-CAN-29299" }, { "cvss": 7.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "GangMin Kim", "id": "ZDI-CAN-29413", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-29413" }, { "cvss": 7.4, "cvss_vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "DongHyeon Hwang (kind_killerwhale)", "id": "ZDI-CAN-29663", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "oFono", "vendor_url": "https://git.kernel.org/pub/scm/network/ofono/ofono.git", "zdi_can": "ZDI-CAN-29663" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29940", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29940" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Anonymous", "id": "ZDI-CAN-29896", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29896" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-29409", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29409" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Seiji Sakurai (@HeapSmasher)", "id": "ZDI-CAN-29828", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29828" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29941", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29941" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29942", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29942" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-07-28", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-29477", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29477" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-07-28", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-29433", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29433" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-28", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-30015", "kind": "upcoming", "reported_date": "2026-03-30", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-30015" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-25", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-29910", "kind": "upcoming", "reported_date": "2026-03-27", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29910" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-25", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-29793", "kind": "upcoming", "reported_date": "2026-03-27", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29793" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-30207", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Telegram", "vendor_url": null, "zdi_can": "ZDI-CAN-30207" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29464", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29464" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29544", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29544" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29591", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29591" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29548", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29548" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29499", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29499" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29547", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29547" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29497", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29497" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29545", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29545" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29217", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29217" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29621", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29621" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29626", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29626" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29593", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29593" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29623", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29623" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29590", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29590" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29589", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29589" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29596", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29596" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29631", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29631" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29595", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29595" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29628", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29628" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29234", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29234" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29622", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29622" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29629", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29629" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29625", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29625" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29594", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29594" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29633", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29633" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29592", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29592" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29619", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29619" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29620", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29620" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29445", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29445" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29233", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29233" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Anonymous", "id": "ZDI-CAN-29107", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29107" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29449", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29449" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29446", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29446" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29443", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29443" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29630", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29630" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Anonymous", "id": "ZDI-CAN-29186", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29186" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29365", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29365" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29448", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29448" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29218", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29218" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29442", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29442" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29447", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29447" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29367", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29367" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29441", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29441" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29387", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29387" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29366", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29366" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29444", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29444" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29440", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29440" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29439", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29439" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29434", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29434" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29438", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29438" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29463", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29463" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29436", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29436" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29617", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29617" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29437", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29437" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29500", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29500" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29435", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29435" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-24", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29546", "kind": "upcoming", "reported_date": "2026-03-26", "status": "upcoming", "vendor": "Meta", "vendor_url": "https://www.meta.com/", "zdi_can": "ZDI-CAN-29546" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29521", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29521" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "Anonymous", "id": "ZDI-CAN-29513", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-29513" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "rgod", "id": "ZDI-CAN-29334", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29334" }, { "cvss": 5.9, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-07-23", "discoverer": "Nicholas Zubrisky (@NZubrisky) of TrendAI Research", "id": "ZDI-CAN-30097", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "WatchGuard", "vendor_url": "https://www.watchguard.com/", "zdi_can": "ZDI-CAN-30097" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "Mat Powell of TrendAI Zero Day Initiative & Nitesh Surana (niteshsurana.com) of TrendAI Research", "id": "ZDI-CAN-30098", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "vLLM", "vendor_url": "https://github.com/vllm-project", "zdi_can": "ZDI-CAN-30098" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "Gu YongZeng (@0x0dee)", "id": "ZDI-CAN-28776", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "ASUS", "vendor_url": "https://www.asus.com/", "zdi_can": "ZDI-CAN-28776" }, { "cvss": 5.4, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "deadline": "2026-07-23", "discoverer": "David Fiser & Alfredo Oliveira of TrendAI Research", "id": "ZDI-CAN-29196", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "Dify", "vendor_url": "https://dify.ai/", "zdi_can": "ZDI-CAN-29196" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-23", "discoverer": "Brandon Evans of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29867", "kind": "upcoming", "reported_date": "2026-03-25", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29867" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-22", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-29794", "kind": "upcoming", "reported_date": "2026-03-24", "status": "upcoming", "vendor": "TrendAI", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29794" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-22", "discoverer": "Jason McFadyen of TrendAI Security Research", "id": "ZDI-CAN-30081", "kind": "upcoming", "reported_date": "2026-03-24", "status": "upcoming", "vendor": "Fortinet", "vendor_url": null, "zdi_can": "ZDI-CAN-30081" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-18", "discoverer": "Anonymous", "id": "ZDI-CAN-28666", "kind": "upcoming", "reported_date": "2026-03-20", "status": "upcoming", "vendor": "G DATA", "vendor_url": "https://www.gdatasoftware.com/", "zdi_can": "ZDI-CAN-28666" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-18", "discoverer": "Andy Niu of TrendAI Research", "id": "ZDI-CAN-29637", "kind": "upcoming", "reported_date": "2026-03-20", "status": "upcoming", "vendor": "Arista", "vendor_url": "https://arista.com/", "zdi_can": "ZDI-CAN-29637" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-11", "discoverer": "Anonymous", "id": "ZDI-CAN-28703", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "Bitdefender", "vendor_url": null, "zdi_can": "ZDI-CAN-28703" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28505", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28505" }, { "cvss": 5.5, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28502", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28502" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28578", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28578" }, { "cvss": 5.5, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28503", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28503" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-11", "discoverer": "Brandon Evans of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29588", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29588" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28590", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28590" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-11", "discoverer": "Ahmed Y. Elmogy", "id": "ZDI-CAN-28579", "kind": "upcoming", "reported_date": "2026-03-13", "status": "upcoming", "vendor": "ATEN", "vendor_url": "https://www.aten.com/us/en/", "zdi_can": "ZDI-CAN-28579" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-09", "discoverer": "kimiya", "id": "ZDI-CAN-28242", "kind": "upcoming", "reported_date": "2026-03-11", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28242" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "deadline": "2026-07-09", "discoverer": "ASMIT DAM", "id": "ZDI-CAN-29200", "kind": "upcoming", "reported_date": "2026-03-11", "status": "upcoming", "vendor": "Samba", "vendor_url": "https://www.samba.org/", "zdi_can": "ZDI-CAN-29200" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-09", "discoverer": "kimiya", "id": "ZDI-CAN-28243", "kind": "upcoming", "reported_date": "2026-03-11", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28243" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-09", "discoverer": "rgod", "id": "ZDI-CAN-29332", "kind": "upcoming", "reported_date": "2026-03-11", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29332" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-09", "discoverer": "rgod", "id": "ZDI-CAN-29331", "kind": "upcoming", "reported_date": "2026-03-11", "status": "upcoming", "vendor": "OriginLab", "vendor_url": "https://www.originlab.com/", "zdi_can": "ZDI-CAN-29331" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "deadline": "2026-07-08", "discoverer": "Anonymous", "id": "ZDI-CAN-28662", "kind": "upcoming", "reported_date": "2026-03-10", "status": "upcoming", "vendor": "G DATA", "vendor_url": "https://www.gdatasoftware.com/", "zdi_can": "ZDI-CAN-28662" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-07", "discoverer": "zerozeroxz", "id": "ZDI-CAN-28935", "kind": "upcoming", "reported_date": "2026-03-09", "status": "upcoming", "vendor": "MSI", "vendor_url": "https://msi.com", "zdi_can": "ZDI-CAN-28935" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-04", "discoverer": "0daystolive (Sorcery Ltd)", "id": "ZDI-CAN-28201", "kind": "upcoming", "reported_date": "2026-03-06", "status": "upcoming", "vendor": "Adminer", "vendor_url": "https://www.adminer.org/", "zdi_can": "ZDI-CAN-28201" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-04", "discoverer": "Tyler Zars", "id": "ZDI-CAN-29144", "kind": "upcoming", "reported_date": "2026-03-06", "status": "upcoming", "vendor": "verl", "vendor_url": "https://github.com/volcengine/verl", "zdi_can": "ZDI-CAN-29144" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-04", "discoverer": "Jeremy Brown", "id": "ZDI-CAN-29287", "kind": "upcoming", "reported_date": "2026-03-06", "status": "upcoming", "vendor": "NGINX", "vendor_url": "https://www.nginx.com", "zdi_can": "ZDI-CAN-29287" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-03", "discoverer": "wac and Kookhwan Lee", "id": "ZDI-CAN-28879", "kind": "upcoming", "reported_date": "2026-03-05", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-28879" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-07-03", "discoverer": "Anonymous", "id": "ZDI-CAN-28695", "kind": "upcoming", "reported_date": "2026-03-05", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-28695" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Anonymous", "id": "ZDI-CAN-29104", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29104" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Anonymous", "id": "ZDI-CAN-29101", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29101" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Anonymous", "id": "ZDI-CAN-29465", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29465" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Anonymous", "id": "ZDI-CAN-29103", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29103" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29257", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29257" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Bongeun Koo (@kiddo_pwn)", "id": "ZDI-CAN-29258", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29258" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Anonymous", "id": "ZDI-CAN-29102", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29102" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-07-02", "discoverer": "Gu YongZeng (@0x0dee)", "id": "ZDI-CAN-28489", "kind": "upcoming", "reported_date": "2026-03-04", "status": "upcoming", "vendor": "ASUS", "vendor_url": "https://www.asus.com/", "zdi_can": "ZDI-CAN-28489" }, { "cvss": 7.6, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "deadline": "2026-07-01", "discoverer": "kaijieguigui", "id": "ZDI-CAN-29320", "kind": "upcoming", "reported_date": "2026-03-03", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-29320" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-07-01", "discoverer": "Peikai Li", "id": "ZDI-CAN-29119", "kind": "upcoming", "reported_date": "2026-03-03", "status": "upcoming", "vendor": "GNU", "vendor_url": "https://www.gnu.org/home.en.html", "zdi_can": "ZDI-CAN-29119" }, { "cvss": 4.7, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-06-30", "discoverer": "hamdi", "id": "ZDI-CAN-29262", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29262" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-30", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-29177", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-29177" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-30", "discoverer": "Zeeshan Shaikh (@bugzzzhunter)", "id": "ZDI-CAN-28792", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-28792" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-06-30", "discoverer": "Jonathan Lein of TrendAI Research", "id": "ZDI-CAN-29223", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-29223" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-06-30", "discoverer": "Nicola Stauffer", "id": "ZDI-CAN-28769", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-28769" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-30", "discoverer": "rgod", "id": "ZDI-CAN-28876", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "AzeoTech", "vendor_url": "https://www.azeotech.com/j/", "zdi_can": "ZDI-CAN-28876" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-30", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28831", "kind": "upcoming", "reported_date": "2026-03-02", "status": "upcoming", "vendor": "AzeoTech", "vendor_url": "https://www.azeotech.com/j/", "zdi_can": "ZDI-CAN-28831" }, { "cvss": 7.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-06-26", "discoverer": "GangMin Kim", "id": "ZDI-CAN-29132", "kind": "upcoming", "reported_date": "2026-02-26", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-29132" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-26", "discoverer": "Dre Cura (@dre_cura) and Nicholas Zubrisky (@NZubrisky) of TrendAI Research", "id": "ZDI-CAN-29411", "kind": "upcoming", "reported_date": "2026-02-26", "status": "upcoming", "vendor": "Flowise", "vendor_url": "https://flowiseai.com/", "zdi_can": "ZDI-CAN-29411" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-25", "discoverer": "khongtrang", "id": "ZDI-CAN-28886", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "Parallels", "vendor_url": "https://www.parallels.com/", "zdi_can": "ZDI-CAN-28886" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-06-25", "discoverer": "Nitesh Surana (niteshsurana.com) of TrendAI Research", "id": "ZDI-CAN-29308", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "Docker", "vendor_url": "https://www.docker.com/", "zdi_can": "ZDI-CAN-29308" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-25", "discoverer": "khongtrang", "id": "ZDI-CAN-28885", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "Parallels", "vendor_url": "https://www.parallels.com/", "zdi_can": "ZDI-CAN-28885" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-25", "discoverer": "khongtrang", "id": "ZDI-CAN-29220", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "Parallels", "vendor_url": "https://www.parallels.com/", "zdi_can": "ZDI-CAN-29220" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-25", "discoverer": "Anonymous", "id": "ZDI-CAN-27906", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "AOMEI", "vendor_url": "https://www.aomeitech.com/", "zdi_can": "ZDI-CAN-27906" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-06-25", "discoverer": "Bobby Gould (@bobbygould5) of Trend Zero Day Initiative", "id": "ZDI-CAN-28568", "kind": "upcoming", "reported_date": "2026-02-25", "status": "upcoming", "vendor": "AOMEI", "vendor_url": "https://www.aomeitech.com/", "zdi_can": "ZDI-CAN-28568" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-24", "discoverer": "Anonymous", "id": "ZDI-CAN-29081", "kind": "upcoming", "reported_date": "2026-02-24", "status": "upcoming", "vendor": "Meta", "vendor_url": null, "zdi_can": "ZDI-CAN-29081" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-24", "discoverer": "Nicholas Zubrisky (@NZubrisky) of TrendAI Research", "id": "ZDI-CAN-29410", "kind": "upcoming", "reported_date": "2026-02-24", "status": "upcoming", "vendor": "Flowise", "vendor_url": "https://flowiseai.com/", "zdi_can": "ZDI-CAN-29410" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-24", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-29178", "kind": "upcoming", "reported_date": "2026-02-24", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-29178" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-23", "discoverer": "Michael Argany of TrendAI Research", "id": "ZDI-CAN-29249", "kind": "upcoming", "reported_date": "2026-02-23", "status": "upcoming", "vendor": "Progress Software", "vendor_url": "https://www.progress.com/", "zdi_can": "ZDI-CAN-29249" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-23", "discoverer": "Michael Argany of TrendAI Research", "id": "ZDI-CAN-29222", "kind": "upcoming", "reported_date": "2026-02-23", "status": "upcoming", "vendor": "Progress Software", "vendor_url": "https://www.progress.com/", "zdi_can": "ZDI-CAN-29222" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-20", "discoverer": "Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative", "id": "ZDI-CAN-29225", "kind": "upcoming", "reported_date": "2026-02-20", "status": "upcoming", "vendor": "n8n", "vendor_url": "https://n8n.io/", "zdi_can": "ZDI-CAN-29225" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-20", "discoverer": "Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative", "id": "ZDI-CAN-29226", "kind": "upcoming", "reported_date": "2026-02-20", "status": "upcoming", "vendor": "n8n", "vendor_url": "https://n8n.io/", "zdi_can": "ZDI-CAN-29226" }, { "cvss": 9.3, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "deadline": "2026-06-20", "discoverer": "Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29369", "kind": "upcoming", "reported_date": "2026-02-20", "status": "upcoming", "vendor": "Hong Kong University Data Intelligence Lab", "vendor_url": "https://github.com/HKUDS", "zdi_can": "ZDI-CAN-29369" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-06-20", "discoverer": "Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29368", "kind": "upcoming", "reported_date": "2026-02-20", "status": "upcoming", "vendor": "Hong Kong University Data Intelligence Lab", "vendor_url": "https://github.com/HKUDS", "zdi_can": "ZDI-CAN-29368" }, { "cvss": 3.3, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "deadline": "2026-06-19", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29240", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29240" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-19", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29252", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29252" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-19", "discoverer": "Jan-Niklas Sohn", "id": "ZDI-CAN-28736", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-28736" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-19", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29159", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "aeon", "vendor_url": "https://www.aeon-toolkit.org/en/stable/", "zdi_can": "ZDI-CAN-29159" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-19", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29160", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "aeon", "vendor_url": "https://www.aeon-toolkit.org/en/stable/", "zdi_can": "ZDI-CAN-29160" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-19", "discoverer": "Mat Powell of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29219", "kind": "upcoming", "reported_date": "2026-02-19", "status": "upcoming", "vendor": "pdfforge", "vendor_url": "https://www.pdfforge.org/", "zdi_can": "ZDI-CAN-29219" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "deadline": "2026-06-17", "discoverer": "Jan-Niklas Sohn", "id": "ZDI-CAN-28679", "kind": "upcoming", "reported_date": "2026-02-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-28679" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-17", "discoverer": "Jan-Niklas Sohn", "id": "ZDI-CAN-28706", "kind": "upcoming", "reported_date": "2026-02-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-28706" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-17", "discoverer": "Anonymous", "id": "ZDI-CAN-28749", "kind": "upcoming", "reported_date": "2026-02-17", "status": "upcoming", "vendor": "aeon", "vendor_url": "https://www.aeon-toolkit.org/en/stable/", "zdi_can": "ZDI-CAN-28749" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "deadline": "2026-06-17", "discoverer": "Jan-Niklas Sohn", "id": "ZDI-CAN-28737", "kind": "upcoming", "reported_date": "2026-02-17", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-28737" }, { "cvss": 8.2, "cvss_vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "p0ch1ta and sh4dy", "id": "ZDI-CAN-28821", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-28821" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "soiax", "id": "ZDI-CAN-28916", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "pdfforge", "vendor_url": "https://www.pdfforge.org/", "zdi_can": "ZDI-CAN-28916" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Anonymous", "id": "ZDI-CAN-28680", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Gen Digital", "vendor_url": "https://www.gendigital.com/us/en/", "zdi_can": "ZDI-CAN-28680" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29208", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29208" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-27990", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Databricks", "vendor_url": "https://www.databricks.com/", "zdi_can": "ZDI-CAN-27990" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29204", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29204" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29203", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29203" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29199", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29199" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29205", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29205" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29209", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29209" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29206", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29206" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29207", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29207" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Jonathan Lein of TrendAI Research", "id": "ZDI-CAN-29197", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29197" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29239", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29239" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29198", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29198" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29246", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-29246" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29251", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "Heimdall Data", "vendor_url": "https://www.heimdalldata.com/", "zdi_can": "ZDI-CAN-29251" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Anonymous", "id": "ZDI-CAN-28663", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "G DATA", "vendor_url": "https://www.gdatasoftware.com/", "zdi_can": "ZDI-CAN-28663" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29214", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "DeepSpeed", "vendor_url": "https://www.deepspeed.ai/", "zdi_can": "ZDI-CAN-29214" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-12", "discoverer": "Anonymous", "id": "ZDI-CAN-28665", "kind": "upcoming", "reported_date": "2026-02-12", "status": "upcoming", "vendor": "G DATA", "vendor_url": "https://www.gdatasoftware.com/", "zdi_can": "ZDI-CAN-28665" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Anonymous", "id": "ZDI-CAN-28785", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28785" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Anonymous", "id": "ZDI-CAN-28752", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28752" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Anonymous", "id": "ZDI-CAN-28771", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28771" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Anonymous", "id": "ZDI-CAN-28905", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28905" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Anonymous", "id": "ZDI-CAN-28906", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28906" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-06", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28757", "kind": "upcoming", "reported_date": "2026-02-06", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28757" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28091", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "DeepSpeed", "vendor_url": "https://www.deepspeed.ai/", "zdi_can": "ZDI-CAN-28091" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28889", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "Intel", "vendor_url": null, "zdi_can": "ZDI-CAN-28889" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-27986", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "Hugging Face", "vendor_url": "https://huggingface.co/", "zdi_can": "ZDI-CAN-27986" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-27987", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "Hugging Face", "vendor_url": "https://huggingface.co/", "zdi_can": "ZDI-CAN-27987" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Tyler Zars", "id": "ZDI-CAN-28677", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-28677" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28090", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-28090" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Bobby Gould (@bobbygould5) and Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29171", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "npm", "vendor_url": "https://www.npmjs.com/", "zdi_can": "ZDI-CAN-29171" }, { "cvss": 8.2, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "deadline": "2026-06-05", "discoverer": "Muhammad Fadilullah Dzaki", "id": "ZDI-CAN-28192", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "MLflow", "vendor_url": "https://mlflow.org/", "zdi_can": "ZDI-CAN-28192" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Bobby Gould (@bobbygould5) and Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29187", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "npm", "vendor_url": "https://www.npmjs.com/", "zdi_can": "ZDI-CAN-29187" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28092", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "verl", "vendor_url": "https://github.com/volcengine/verl", "zdi_can": "ZDI-CAN-28092" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-05", "discoverer": "Xingyu Wang", "id": "ZDI-CAN-27466", "kind": "upcoming", "reported_date": "2026-02-05", "status": "upcoming", "vendor": "verl", "vendor_url": "https://github.com/volcengine/verl", "zdi_can": "ZDI-CAN-27466" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-03", "discoverer": "Mark Vincent Yason (markyason.github.io)", "id": "ZDI-CAN-28816", "kind": "upcoming", "reported_date": "2026-02-03", "status": "upcoming", "vendor": "Adobe", "vendor_url": "https://www.adobe.com", "zdi_can": "ZDI-CAN-28816" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-06-03", "discoverer": "Hossein Lotfi (@hosselot) of TrendAI Zero Day Initiative", "id": "ZDI-CAN-29162", "kind": "upcoming", "reported_date": "2026-02-03", "status": "upcoming", "vendor": "Apple", "vendor_url": "https://www.apple.com", "zdi_can": "ZDI-CAN-29162" }, { "cvss": 7.7, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "deadline": "2026-05-30", "discoverer": "Brandon Evans of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28734", "kind": "upcoming", "reported_date": "2026-01-30", "status": "upcoming", "vendor": "Medplum", "vendor_url": "https://www.medplum.com/", "zdi_can": "ZDI-CAN-28734" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-05-30", "discoverer": "Brandon Evans of TrendAI Zero Day Initiative", "id": "ZDI-CAN-28733", "kind": "upcoming", "reported_date": "2026-01-30", "status": "upcoming", "vendor": "Medplum", "vendor_url": "https://www.medplum.com/", "zdi_can": "ZDI-CAN-28733" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-05-27", "discoverer": "soiax", "id": "ZDI-CAN-28673", "kind": "upcoming", "reported_date": "2026-01-27", "status": "upcoming", "vendor": "pdfforge", "vendor_url": "https://www.pdfforge.org/", "zdi_can": "ZDI-CAN-28673" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-22", "discoverer": "kimiya", "id": "ZDI-CAN-27843", "kind": "upcoming", "reported_date": "2026-01-22", "status": "upcoming", "vendor": "Delta Electronics", "vendor_url": "https://www.deltaww.com/", "zdi_can": "ZDI-CAN-27843" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-05-22", "discoverer": "welpsigh", "id": "ZDI-CAN-28834", "kind": "upcoming", "reported_date": "2026-01-22", "status": "upcoming", "vendor": "Netdata", "vendor_url": "https://www.netdata.cloud/", "zdi_can": "ZDI-CAN-28834" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-05-22", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28675", "kind": "upcoming", "reported_date": "2026-01-22", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28675" }, { "cvss": 6.7, "cvss_vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "deadline": "2026-05-13", "discoverer": "Lucas Leong (@_wmliang_) of Trend Zero Day Initiative", "id": "ZDI-CAN-28892", "kind": "upcoming", "reported_date": "2026-01-13", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-28892" }, { "cvss": 4.4, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "deadline": "2026-05-12", "discoverer": "Marcin Wiazowski", "id": "ZDI-CAN-28605", "kind": "upcoming", "reported_date": "2026-01-12", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-28605" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-05-09", "discoverer": "Brandon Evans of Trend Zero Day Initiative", "id": "ZDI-CAN-28710", "kind": "upcoming", "reported_date": "2026-01-09", "status": "upcoming", "vendor": "FontForge", "vendor_url": "https://fontforge.org/", "zdi_can": "ZDI-CAN-28710" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-05-08", "discoverer": "Anonymous", "id": "ZDI-CAN-28559", "kind": "upcoming", "reported_date": "2026-01-08", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-28559" }, { "cvss": 5.5, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "deadline": "2026-05-08", "discoverer": "Jonathan Lein of Trend Research", "id": "ZDI-CAN-28724", "kind": "upcoming", "reported_date": "2026-01-08", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-28724" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-05-08", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27921", "kind": "upcoming", "reported_date": "2026-01-08", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27921" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-05-06", "discoverer": "Javohir Abduxalilov", "id": "ZDI-CAN-28649", "kind": "upcoming", "reported_date": "2026-01-06", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-28649" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-30", "discoverer": "Legoclones", "id": "ZDI-CAN-28536", "kind": "upcoming", "reported_date": "2025-12-31", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-28536" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-23", "discoverer": "Anonymous", "id": "ZDI-CAN-28656", "kind": "upcoming", "reported_date": "2025-12-24", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28656" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-23", "discoverer": "Anonymous", "id": "ZDI-CAN-28657", "kind": "upcoming", "reported_date": "2025-12-24", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28657" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-23", "discoverer": "Anonymous", "id": "ZDI-CAN-28646", "kind": "upcoming", "reported_date": "2025-12-24", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28646" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-22", "discoverer": "mad31k", "id": "ZDI-CAN-28205", "kind": "upcoming", "reported_date": "2025-12-23", "status": "upcoming", "vendor": "Microsoft", "vendor_url": "https://www.microsoft.com", "zdi_can": "ZDI-CAN-28205" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-22", "discoverer": "Xingyu Wang", "id": "ZDI-CAN-27465", "kind": "upcoming", "reported_date": "2025-12-23", "status": "upcoming", "vendor": "Oumi", "vendor_url": "https://oumi.ai/", "zdi_can": "ZDI-CAN-27465" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-17", "discoverer": "Jonathan Lein of Trend Research", "id": "ZDI-CAN-28709", "kind": "upcoming", "reported_date": "2025-12-18", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-28709" }, { "cvss": 4.9, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-04-17", "discoverer": "Jonathan Lein of Trend Research", "id": "ZDI-CAN-28708", "kind": "upcoming", "reported_date": "2025-12-18", "status": "upcoming", "vendor": "Cisco", "vendor_url": "https://www.cisco.com", "zdi_can": "ZDI-CAN-28708" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-17", "discoverer": "Alfredo Oliveira and David Fiser of Trend Research", "id": "ZDI-CAN-28624", "kind": "upcoming", "reported_date": "2025-12-18", "status": "upcoming", "vendor": "LiteLLM", "vendor_url": "https://www.litellm.ai/", "zdi_can": "ZDI-CAN-28624" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-17", "discoverer": "kimiya", "id": "ZDI-CAN-28115", "kind": "upcoming", "reported_date": "2025-12-18", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28115" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-17", "discoverer": "Jan-Niklas Sohn", "id": "ZDI-CAN-28593", "kind": "upcoming", "reported_date": "2025-12-18", "status": "upcoming", "vendor": "X.Org", "vendor_url": "https://www.x.org/", "zdi_can": "ZDI-CAN-28593" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-15", "discoverer": "Kusol Watchara-Apanukorn", "id": "ZDI-CAN-28556", "kind": "upcoming", "reported_date": "2025-12-16", "status": "upcoming", "vendor": "Signal", "vendor_url": "https://signal.org/", "zdi_can": "ZDI-CAN-28556" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-15", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28587", "kind": "upcoming", "reported_date": "2025-12-16", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28587" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-11", "discoverer": "Muhammad Fadilullah Dzaki", "id": "ZDI-CAN-28055", "kind": "upcoming", "reported_date": "2025-12-12", "status": "upcoming", "vendor": "Hugging Face", "vendor_url": "https://huggingface.co/", "zdi_can": "ZDI-CAN-28055" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-10", "discoverer": "Alfredo Oliveira and David Fiser of Trend Research", "id": "ZDI-CAN-28550", "kind": "upcoming", "reported_date": "2025-12-11", "status": "upcoming", "vendor": "mcp-kubernetes-server", "vendor_url": "https://github.com/feiskyer/mcp-kubernetes-server", "zdi_can": "ZDI-CAN-28550" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-08", "discoverer": "kimiya", "id": "ZDI-CAN-28113", "kind": "upcoming", "reported_date": "2025-12-09", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28113" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-08", "discoverer": "kimiya", "id": "ZDI-CAN-28114", "kind": "upcoming", "reported_date": "2025-12-09", "status": "upcoming", "vendor": "Bosch Rexroth", "vendor_url": "https://www.boschrexroth.com/en/us/", "zdi_can": "ZDI-CAN-28114" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-03", "discoverer": "gcali (@_gcali)", "id": "ZDI-CAN-28486", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "QNAP", "vendor_url": null, "zdi_can": "ZDI-CAN-28486" }, { "cvss": 6.0, "cvss_vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "deadline": "2026-04-03", "discoverer": "Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team", "id": "ZDI-CAN-28534", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-28534" }, { "cvss": 3.1, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "deadline": "2026-04-03", "discoverer": "gcali (_gcali)", "id": "ZDI-CAN-28553", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-28553" }, { "cvss": 8.8, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-04-03", "discoverer": "gcali (_gcali)", "id": "ZDI-CAN-28554", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-28554" }, { "cvss": 4.3, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "deadline": "2026-04-03", "discoverer": "gcali (_gcali)", "id": "ZDI-CAN-28485", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Synology", "vendor_url": null, "zdi_can": "ZDI-CAN-28485" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-03", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28447", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28447" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-04-03", "discoverer": "Francis Provencher {PRL}", "id": "ZDI-CAN-28517", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Krita", "vendor_url": "https://krita.org/en/about/krita-foundation/", "zdi_can": "ZDI-CAN-28517" }, { "cvss": 6.0, "cvss_vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "deadline": "2026-04-03", "discoverer": "Lucas Leong (@_wmliang_) of Trend Zero Day Initiative", "id": "ZDI-CAN-28594", "kind": "upcoming", "reported_date": "2025-12-04", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-28594" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-03-27", "discoverer": "soiax", "id": "ZDI-CAN-28570", "kind": "upcoming", "reported_date": "2025-11-27", "status": "upcoming", "vendor": "pdfforge", "vendor_url": "https://www.pdfforge.org/", "zdi_can": "ZDI-CAN-28570" }, { "cvss": 4.9, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-03-25", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-28617", "kind": "upcoming", "reported_date": "2025-11-25", "status": "upcoming", "vendor": "Ivanti", "vendor_url": "https://www.ivanti.com/", "zdi_can": "ZDI-CAN-28617" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-03-20", "discoverer": "Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28388", "kind": "upcoming", "reported_date": "2025-11-20", "status": "upcoming", "vendor": "MindsDB", "vendor_url": "https://mindsdb.com/", "zdi_can": "ZDI-CAN-28388" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-03-19", "discoverer": "Xiaobye(@xiaobye_tw) of DEVCORE Research Team", "id": "ZDI-CAN-27628", "kind": "upcoming", "reported_date": "2025-11-19", "status": "upcoming", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-27628" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-03-11", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28172", "kind": "upcoming", "reported_date": "2025-11-11", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28172" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-03-11", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-28173", "kind": "upcoming", "reported_date": "2025-11-11", "status": "upcoming", "vendor": "Ashlar-Vellum", "vendor_url": "https://ashlar.com/", "zdi_can": "ZDI-CAN-28173" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-03-05", "discoverer": "Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28382", "kind": "upcoming", "reported_date": "2025-11-05", "status": "upcoming", "vendor": "ByteDance", "vendor_url": null, "zdi_can": "ZDI-CAN-28382" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27884", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27884" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Anonymous", "id": "ZDI-CAN-27582", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27582" }, { "cvss": 7.7, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "deadline": "2026-02-26", "discoverer": "Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28216", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Airbyte", "vendor_url": "https://airbyte.com/", "zdi_can": "ZDI-CAN-28216" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-28061", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28061" }, { "cvss": 7.7, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "deadline": "2026-02-26", "discoverer": "Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28215", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Airbyte", "vendor_url": "https://airbyte.com/", "zdi_can": "ZDI-CAN-28215" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28387", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "CrewAI", "vendor_url": "https://www.crewai.com/", "zdi_can": "ZDI-CAN-28387" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27896", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27896" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27959", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27959" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-28118", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28118" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-28089", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28089" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-26", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-28077", "kind": "upcoming", "reported_date": "2025-10-29", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28077" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-02-12", "discoverer": "Xiaobye(@xiaobye_tw) of DEVCORE Research Team", "id": "ZDI-CAN-27578", "kind": "upcoming", "reported_date": "2025-10-15", "status": "upcoming", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-27578" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-06", "discoverer": "\\xea\\xb9\\x80\\xeb\\xaa\\x85\\xea\\xb7\\x9c", "id": "ZDI-CAN-27673", "kind": "upcoming", "reported_date": "2025-10-09", "status": "upcoming", "vendor": "Fuji Electric", "vendor_url": "https://www.fujielectric.com", "zdi_can": "ZDI-CAN-27673" }, { "cvss": 5.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "deadline": "2026-02-06", "discoverer": "\\xea\\xb9\\x80\\xeb\\xaa\\x85\\xea\\xb7\\x9c", "id": "ZDI-CAN-27744", "kind": "upcoming", "reported_date": "2025-10-09", "status": "upcoming", "vendor": "Fuji Electric", "vendor_url": "https://www.fujielectric.com", "zdi_can": "ZDI-CAN-27744" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-05", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27868", "kind": "upcoming", "reported_date": "2025-10-08", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27868" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-05", "discoverer": "Xavier DANEST - Decathlon", "id": "ZDI-CAN-27999", "kind": "upcoming", "reported_date": "2025-10-08", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27999" }, { "cvss": 4.6, "cvss_vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "deadline": "2026-02-05", "discoverer": "Bobby Gould (@bobbygould5) of Trend Zero Day Initiative", "id": "ZDI-CAN-28236", "kind": "upcoming", "reported_date": "2025-10-08", "status": "upcoming", "vendor": "Allegra", "vendor_url": "https://www.trackplus.com/en/", "zdi_can": "ZDI-CAN-28236" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-02-04", "discoverer": "Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28254", "kind": "upcoming", "reported_date": "2025-10-07", "status": "upcoming", "vendor": "All Hands", "vendor_url": "https://www.all-hands.dev/", "zdi_can": "ZDI-CAN-28254" }, { "cvss": 5.3, "cvss_vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2026-01-31", "discoverer": "Xavier DANEST - Decathlon", "id": "ZDI-CAN-28222", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28222" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-01-31", "discoverer": "Bobby Gould (@bobbygould5) of Trend Zero Day Initiative", "id": "ZDI-CAN-28202", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-28202" }, { "cvss": 6.1, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "deadline": "2026-01-31", "discoverer": "Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai", "id": "ZDI-CAN-27556", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "BusyBox", "vendor_url": "https://busybox.net", "zdi_can": "ZDI-CAN-27556" }, { "cvss": 5.0, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "deadline": "2026-01-31", "discoverer": "Tyler Zars", "id": "ZDI-CAN-28221", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "EmbedThis", "vendor_url": "https://www.embedthis.com/", "zdi_can": "ZDI-CAN-28221" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-31", "discoverer": "Tyler Zars", "id": "ZDI-CAN-27329", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "EmbedThis", "vendor_url": "https://www.embedthis.com/", "zdi_can": "ZDI-CAN-27329" }, { "cvss": 7.2, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-31", "discoverer": "Xavier DANEST - Decathlon", "id": "ZDI-CAN-28122", "kind": "upcoming", "reported_date": "2025-10-03", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28122" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "Michael DePlante (@izobashi) of Trend Zero Day Initiative", "id": "ZDI-CAN-28096", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Lightning AI", "vendor_url": "https://lightning.ai/", "zdi_can": "ZDI-CAN-28096" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27632", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27632" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27630", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27630" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27626", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27626" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27809", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27809" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27648", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27648" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27666", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27666" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27631", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27631" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27633", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27633" }, { "cvss": 8.8, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-22", "discoverer": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044", "id": "ZDI-CAN-27625", "kind": "upcoming", "reported_date": "2025-09-24", "status": "upcoming", "vendor": "Quest", "vendor_url": null, "zdi_can": "ZDI-CAN-27625" }, { "cvss": 9.9, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2026-01-15", "discoverer": "Hugo LECLERCQ", "id": "ZDI-CAN-28148", "kind": "upcoming", "reported_date": "2025-09-17", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-28148" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-09", "discoverer": "Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative", "id": "ZDI-CAN-28102", "kind": "upcoming", "reported_date": "2025-09-11", "status": "upcoming", "vendor": "Super Magic", "vendor_url": "https://www.letsmagic.ai/", "zdi_can": "ZDI-CAN-28102" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-09", "discoverer": "\uae40\uba85\uaddc", "id": "ZDI-CAN-27670", "kind": "upcoming", "reported_date": "2025-09-11", "status": "upcoming", "vendor": "Fuji Electric", "vendor_url": "https://www.fujielectric.com", "zdi_can": "ZDI-CAN-27670" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-09", "discoverer": "Lays (@_L4ys) of TRAPA Security", "id": "ZDI-CAN-27982", "kind": "upcoming", "reported_date": "2025-09-11", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27982" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2026-01-08", "discoverer": "\uae40\uba85\uaddc", "id": "ZDI-CAN-27671", "kind": "upcoming", "reported_date": "2025-09-10", "status": "upcoming", "vendor": "Fuji Electric", "vendor_url": "https://www.fujielectric.com", "zdi_can": "ZDI-CAN-27671" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-12-31", "discoverer": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]", "id": "ZDI-CAN-27792", "kind": "upcoming", "reported_date": "2025-09-02", "status": "upcoming", "vendor": "GIMP", "vendor_url": "https://www.gimp.org/", "zdi_can": "ZDI-CAN-27792" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-12-19", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-27389", "kind": "upcoming", "reported_date": "2025-08-21", "status": "upcoming", "vendor": "Siemens", "vendor_url": "https://www.siemens.com/", "zdi_can": "ZDI-CAN-27389" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-12-10", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-27349", "kind": "upcoming", "reported_date": "2025-08-12", "status": "upcoming", "vendor": "Siemens", "vendor_url": "https://www.siemens.com/", "zdi_can": "ZDI-CAN-27349" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "deadline": "2025-11-28", "discoverer": "Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai", "id": "ZDI-CAN-27555", "kind": "upcoming", "reported_date": "2025-07-31", "status": "upcoming", "vendor": "BusyBox", "vendor_url": "https://busybox.net", "zdi_can": "ZDI-CAN-27555" }, { "cvss": 2.4, "cvss_vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "deadline": "2025-11-26", "discoverer": "Jay Turla of VicOne", "id": "ZDI-CAN-27757", "kind": "upcoming", "reported_date": "2025-07-29", "status": "upcoming", "vendor": "Toyota", "vendor_url": null, "zdi_can": "ZDI-CAN-27757" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-11-19", "discoverer": "Filip Dragovic (@filip_dragovic)", "id": "ZDI-CAN-27629", "kind": "upcoming", "reported_date": "2025-07-22", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-27629" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-11-15", "discoverer": "Peter Girnus (@gothburz) of Trend Research", "id": "ZDI-CAN-27679", "kind": "upcoming", "reported_date": "2025-07-18", "status": "upcoming", "vendor": "OceanBase", "vendor_url": "https://github.com/davidzhangbj/agent", "zdi_can": "ZDI-CAN-27679" }, { "cvss": 9.8, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-11-15", "discoverer": "Alfredo Oliveira and David Fiser of Trend Research", "id": "ZDI-CAN-27635", "kind": "upcoming", "reported_date": "2025-07-18", "status": "upcoming", "vendor": "Bytebase", "vendor_url": "https://www.bytebase.com/", "zdi_can": "ZDI-CAN-27635" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-11-05", "discoverer": "PHP Hooligans / Midnight Blue", "id": "ZDI-CAN-25884", "kind": "upcoming", "reported_date": "2025-07-08", "status": "upcoming", "vendor": "Lorex", "vendor_url": "https://www.lorex.com/", "zdi_can": "ZDI-CAN-25884" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2025-10-15", "discoverer": "Maher Azzouzi", "id": "ZDI-CAN-27262", "kind": "upcoming", "reported_date": "2025-06-17", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-27262" }, { "cvss": 8.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2025-10-08", "discoverer": "p33zy", "id": "ZDI-CAN-24013", "kind": "upcoming", "reported_date": "2025-06-10", "status": "upcoming", "vendor": "NetBSD", "vendor_url": "https://www.netbsd.org/support/security/", "zdi_can": "ZDI-CAN-24013" }, { "cvss": 6.5, "cvss_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "deadline": "2025-10-01", "discoverer": "Alfredo Oliveira of Trend Research", "id": "ZDI-CAN-27169", "kind": "upcoming", "reported_date": "2025-06-03", "status": "upcoming", "vendor": "LiteLLM", "vendor_url": "https://www.litellm.ai/", "zdi_can": "ZDI-CAN-27169" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "deadline": "2025-10-01", "discoverer": "Ho Xuan Ninh (@izx) + Tri Dang (Sea Security)", "id": "ZDI-CAN-27248", "kind": "upcoming", "reported_date": "2025-06-03", "status": "upcoming", "vendor": "NVIDIA", "vendor_url": "https://www.nvidia.com/en-us/", "zdi_can": "ZDI-CAN-27248" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-10-01", "discoverer": "Xavier DANEST - Decathlon", "id": "ZDI-CAN-26661", "kind": "upcoming", "reported_date": "2025-06-03", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-26661" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-09-26", "discoverer": "Sharkkcode and Zeze with TeamT5", "id": "ZDI-CAN-27004", "kind": "upcoming", "reported_date": "2025-05-29", "status": "upcoming", "vendor": "Glarysoft", "vendor_url": "https://www.glarysoft.com/", "zdi_can": "ZDI-CAN-27004" }, { "cvss": 7.5, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "deadline": "2025-09-25", "discoverer": "Nicholas Zubrisky (@NZubrisky) of Trend Research", "id": "ZDI-CAN-27277", "kind": "upcoming", "reported_date": "2025-05-28", "status": "upcoming", "vendor": "Ollama", "vendor_url": "https://ollama.com/", "zdi_can": "ZDI-CAN-27277" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-09-03", "discoverer": "PHP Hooligans / Midnight Blue", "id": "ZDI-CAN-26851", "kind": "upcoming", "reported_date": "2025-05-06", "status": "upcoming", "vendor": "Lorex", "vendor_url": "https://www.lorex.com/", "zdi_can": "ZDI-CAN-26851" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-08-30", "discoverer": "Rocco Calvi (@TecR0c) with TecSecurity", "id": "ZDI-CAN-27055", "kind": "upcoming", "reported_date": "2025-05-02", "status": "upcoming", "vendor": "Rockwell Automation", "vendor_url": "https://www.rockwellautomation.com", "zdi_can": "ZDI-CAN-27055" }, { "cvss": 5.7, "cvss_vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "deadline": "2025-08-08", "discoverer": "Alfredo Oliveira and David Fiser of Trend Research", "id": "ZDI-CAN-26839", "kind": "upcoming", "reported_date": "2025-04-10", "status": "upcoming", "vendor": "LiteLLM", "vendor_url": "https://www.litellm.ai/", "zdi_can": "ZDI-CAN-26839" }, { "cvss": 2.8, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "deadline": "2025-07-31", "discoverer": "ReDress", "id": "ZDI-CAN-26621", "kind": "upcoming", "reported_date": "2025-04-02", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-26621" }, { "cvss": 4.7, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "deadline": "2025-07-28", "discoverer": "Giuliano Sanfins from SiDi (0x_alibabas)", "id": "ZDI-CAN-26645", "kind": "upcoming", "reported_date": "2025-03-30", "status": "upcoming", "vendor": "AnyDesk", "vendor_url": "https://anydesk.com", "zdi_can": "ZDI-CAN-26645" }, { "cvss": 4.7, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "deadline": "2025-07-23", "discoverer": "Giuliano Sanfins from SiDi", "id": "ZDI-CAN-26591", "kind": "upcoming", "reported_date": "2025-03-25", "status": "upcoming", "vendor": "AnyDesk", "vendor_url": "https://anydesk.com", "zdi_can": "ZDI-CAN-26591" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "deadline": "2025-07-09", "discoverer": "Pumpkin (@u1f383) from DEVCORE Research Team", "id": "ZDI-CAN-26601", "kind": "upcoming", "reported_date": "2025-03-11", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-26601" }, { "cvss": 8.8, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-07-04", "discoverer": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)", "id": "ZDI-CAN-26359", "kind": "upcoming", "reported_date": "2025-03-06", "status": "upcoming", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-26359" }, { "cvss": 8.0, "cvss_vector": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-07-02", "discoverer": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)", "id": "ZDI-CAN-26334", "kind": "upcoming", "reported_date": "2025-03-04", "status": "upcoming", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-26334" }, { "cvss": 6.3, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "deadline": "2025-06-18", "discoverer": "Anonymous", "id": "ZDI-CAN-25642", "kind": "upcoming", "reported_date": "2025-02-18", "status": "upcoming", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25642" }, { "cvss": 8.0, "cvss_vector": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-06-18", "discoverer": "Anonymous", "id": "ZDI-CAN-25643", "kind": "upcoming", "reported_date": "2025-02-18", "status": "upcoming", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25643" }, { "cvss": 6.3, "cvss_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "deadline": "2025-05-30", "discoverer": "Alain Rodel, Daniel Kilimnik, Kolja Grassmann (Neodyme AG)", "id": "ZDI-CAN-26036", "kind": "upcoming", "reported_date": "2025-01-30", "status": "upcoming", "vendor": "Lexmark", "vendor_url": null, "zdi_can": "ZDI-CAN-26036" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-05-14", "discoverer": "Anonymous", "id": "ZDI-CAN-25375", "kind": "upcoming", "reported_date": "2025-01-14", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-25375" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-05-08", "discoverer": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", "id": "ZDI-CAN-26008", "kind": "upcoming", "reported_date": "2025-01-08", "status": "upcoming", "vendor": "IPython", "vendor_url": "https://ipython.org/project.html", "zdi_can": "ZDI-CAN-26008" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-05-08", "discoverer": "Anonymous", "id": "ZDI-CAN-25831", "kind": "upcoming", "reported_date": "2025-01-08", "status": "upcoming", "vendor": "MSYS2", "vendor_url": "https://www.msys2.org/", "zdi_can": "ZDI-CAN-25831" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-05-08", "discoverer": "Anonymous", "id": "ZDI-CAN-25941", "kind": "upcoming", "reported_date": "2025-01-08", "status": "upcoming", "vendor": "IPython", "vendor_url": "https://ipython.org/project.html", "zdi_can": "ZDI-CAN-25941" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-04-10", "discoverer": "Anonymous", "id": "ZDI-CAN-25629", "kind": "upcoming", "reported_date": "2024-12-11", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-25629" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-04-01", "discoverer": "Anonymous", "id": "ZDI-CAN-24330", "kind": "upcoming", "reported_date": "2024-12-02", "status": "upcoming", "vendor": "IBM", "vendor_url": null, "zdi_can": "ZDI-CAN-24330" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-03-15", "discoverer": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)", "id": "ZDI-CAN-25637", "kind": "upcoming", "reported_date": "2024-11-15", "status": "upcoming", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25637" }, { "cvss": 7.5, "cvss_vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-03-15", "discoverer": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)", "id": "ZDI-CAN-25636", "kind": "upcoming", "reported_date": "2024-11-15", "status": "upcoming", "vendor": "iXsystems", "vendor_url": null, "zdi_can": "ZDI-CAN-25636" }, { "cvss": 8.1, "cvss_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-03-15", "discoverer": "@ExLuck99", "id": "ZDI-CAN-25552", "kind": "upcoming", "reported_date": "2024-11-15", "status": "upcoming", "vendor": "Ubiquiti Networks", "vendor_url": null, "zdi_can": "ZDI-CAN-25552" }, { "cvss": 7.3, "cvss_vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "deadline": "2025-03-14", "discoverer": "Anonymous", "id": "ZDI-CAN-25377", "kind": "upcoming", "reported_date": "2024-11-14", "status": "upcoming", "vendor": "Python Packaging Authority", "vendor_url": "https://www.pypa.io/en/latest/", "zdi_can": "ZDI-CAN-25377" }, { "cvss": 7.8, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2025-03-01", "discoverer": "Amol Dosanjh of Trend Micro", "id": "ZDI-CAN-25689", "kind": "upcoming", "reported_date": "2024-11-01", "status": "upcoming", "vendor": "Wacom", "vendor_url": "https://www.wacom.com/", "zdi_can": "ZDI-CAN-25689" }, { "cvss": 5.3, "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "deadline": "2025-01-23", "discoverer": "Alfredo de Oliveira - Trend Micro Nebula Team", "id": "ZDI-CAN-25256", "kind": "upcoming", "reported_date": "2024-09-25", "status": "upcoming", "vendor": "Prometheus", "vendor_url": "https://prometheus.io/", "zdi_can": "ZDI-CAN-25256" }, { "cvss": 5.3, "cvss_vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "deadline": "2025-01-03", "discoverer": "Poh Jia Hao of STAR Labs SG Pte. Ltd.", "id": "ZDI-CAN-24933", "kind": "upcoming", "reported_date": "2024-09-05", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-24933" }, { "cvss": 7.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "deadline": "2025-01-01", "discoverer": "dangdang777", "id": "ZDI-CAN-25086", "kind": "upcoming", "reported_date": "2024-09-03", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-25086" }, { "cvss": 7.0, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "deadline": "2024-12-12", "discoverer": "Anonymous", "id": "ZDI-CAN-24928", "kind": "upcoming", "reported_date": "2024-08-14", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-24928" }, { "cvss": 4.7, "cvss_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "deadline": "2024-12-12", "discoverer": "Anonymous", "id": "ZDI-CAN-24929", "kind": "upcoming", "reported_date": "2024-08-14", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-24929" }, { "cvss": 2.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "deadline": "2024-10-10", "discoverer": "Cyrille Chatras", "id": "ZDI-CAN-23963", "kind": "upcoming", "reported_date": "2024-06-12", "status": "upcoming", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-23963" }, { "cvss": 2.5, "cvss_vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "deadline": "2024-10-10", "discoverer": "Cyrille Chatras", "id": "ZDI-CAN-24080", "kind": "upcoming", "reported_date": "2024-06-12", "status": "upcoming", "vendor": "QEMU", "vendor_url": null, "zdi_can": "ZDI-CAN-24080" }, { "cvss": 6.5, "cvss_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "deadline": "2024-08-29", "discoverer": "fffvr", "id": "ZDI-CAN-23947", "kind": "upcoming", "reported_date": "2024-05-01", "status": "upcoming", "vendor": "Linux", "vendor_url": "https://www.linux.org/", "zdi_can": "ZDI-CAN-23947" }, { "cvss": 5.5, "cvss_vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "deadline": "2024-08-15", "discoverer": "Anonymous", "id": "ZDI-CAN-23324", "kind": "upcoming", "reported_date": "2024-04-17", "status": "upcoming", "vendor": "Trend Micro", "vendor_url": "https://www.trendmicro.com", "zdi_can": "ZDI-CAN-23324" } ]